From b2a7fc3bc9e14094df5a9113f08a0638a2ca4c91 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 11:07:10 +0500
Subject: [PATCH 001/396] Link to deployment of PKI page

As suggested by user that content is missing in the document, I have linked the page with the deployment of PKI certificate.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6360
---
 .../hello-for-business/hello-hybrid-key-trust-prereqs.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 5a7e9bb20a..898d43aaaa 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -76,7 +76,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
 * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
 * The domain controller certificate must be installed in the local computer's certificate store.
 
- 
+See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:

From efe389ee3bf4f59a53bd47737fa6e2fc6c2ff778 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 14:45:26 +0500
Subject: [PATCH 002/396] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-trust-prereqs.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 898d43aaaa..1772e4de58 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
 * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
 * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.  
 * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
-* The domain controller certificate must be installed in the local computer's certificate store.
+* The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
 
 See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
 

From d46766bceefc57e2f3024b2ba5237f36b127dc10 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 13 Jul 2020 14:45:51 +0500
Subject: [PATCH 003/396] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-trust-prereqs.md         | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 1772e4de58..d595c23de0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -76,7 +76,6 @@ The minimum required Enterprise certificate authority that can be used with Wind
 * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
 * The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
 
-See [Step-by-step example deployment of the PKI certificates](https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates).
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:

From 8efa046a314e4ba3cb053801f1771fdb1ebb2c23 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 30 Jul 2020 08:15:55 +0500
Subject: [PATCH 004/396] Added certificate deployment

Updated certificate deployment for WHFB as suggested by @mapalko.
---
 .../hello-for-business/hello-hybrid-key-trust-prereqs.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index d595c23de0..1ef40f8957 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
 * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
 * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.  
 * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
-* The domain controller certificate must be installed in the local computer's certificate store. See [Step-by-step example deployment of the PKI certificates for Configuration Manager: Windows Server 2008 certification authority](https://docs.microsoft.com/mem/configmgr/core/plan-design/network/example-deployment-of-pki-certificates) for details.
+* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki) for details.
 
 
 > [!IMPORTANT]

From 7b738c749ef6904d5120a5e674826fbb1a7a3dd2 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 11 Dec 2020 17:44:34 +0500
Subject: [PATCH 005/396] Command Update

There was an issue with the command arguments. Made adjustments in the command.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8721
---
 .../threat-protection/microsoft-defender-atp/linux-resources.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index 3b12f36855..7a265a8e8c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -97,7 +97,7 @@ The following table lists commands for some of the most common scenarios. Run `m
 |Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled|disabled]`                        |
 |Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
 |Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode [enabled|disabled]`                         |
+|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode --value [enabled|disabled]`                 |
 |Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add|remove] --name [extension]`            |
 |Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add|remove] --path [path-to-file]`              |
 |Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add|remove] --path [path-to-directory]`       |

From 0afc459ed3c77cf47406db586ee904dd5746d1eb Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 11 Dec 2020 16:08:04 +0100
Subject: [PATCH 006/396] Use escape character before meta characters (pipe)

Had to suggest this additional change, seeing that the vertical pipe divider characters (logic 'or' in parameter examples) becomes interpreted as cell dividers by GitHub Flavored MarkDown.

- Add the backslash escape character in front of all pipe characters used as logic 'or' between parameter choices.
- Remove redundant (and unneeded) excessive backtick characters from inline encapsulations, only 1 (not 3) is needed.
---
 .../microsoft-defender-atp/linux-resources.md | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index 7a265a8e8c..969ca9675a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -75,9 +75,9 @@ There are several ways to uninstall Defender for Endpoint for Linux. If you are
 
 ### Manual uninstallation
 
-- ```sudo yum remove mdatp``` for RHEL and variants(CentOS and Oracle Linux).
-- ```sudo zypper remove mdatp``` for SLES and variants.
-- ```sudo apt-get purge mdatp``` for Ubuntu and Debian systems.
+- `sudo yum remove mdatp` for RHEL and variants(CentOS and Oracle Linux).
+- `sudo zypper remove mdatp` for SLES and variants.
+- `sudo apt-get purge mdatp` for Ubuntu and Debian systems.
 
 ## Configure from the command line
 
@@ -93,15 +93,15 @@ The following table lists commands for some of the most common scenarios. Run `m
 
 |Group                 |Scenario                                                |Command                                                                |
 |----------------------|--------------------------------------------------------|-----------------------------------------------------------------------|
-|Configuration         |Turn on/off real-time protection                        |`mdatp config real-time-protection --value [enabled|disabled]`         |
-|Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled|disabled]`                        |
-|Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
-|Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode --value [enabled|disabled]`                 |
-|Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add|remove] --name [extension]`            |
-|Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add|remove] --path [path-to-file]`              |
-|Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add|remove] --path [path-to-directory]`       |
-|Configuration         |Add/remove an antivirus exclusion for a process         |`mdatp exclusion process [add|remove] --path [path-to-process]`<br/>`mdatp exclusion process [add|remove] --name [process-name]`   |
+|Configuration         |Turn on/off real-time protection                        |`mdatp config real-time-protection --value [enabled\|disabled]`        |
+|Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled\|disabled]`                       |
+|Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled\|disabled]`            |
+|Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled\|disabled]`   |
+|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode --value [enabled\|disabled]`                |
+|Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add\|remove] --name [extension]`           |
+|Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add\|remove] --path [path-to-file]`             |
+|Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add\|remove] --path [path-to-directory]`      |
+|Configuration         |Add/remove an antivirus exclusion for a process         |`mdatp exclusion process [add\|remove] --path [path-to-process]`<br/>`mdatp exclusion process [add\|remove] --name [process-name]` |
 |Configuration         |List all antivirus exclusions                           |`mdatp exclusion list`                                                 |
 |Configuration         |Add a threat name to the allowed list                   |`mdatp threat allowed add --name [threat-name]`                        |
 |Configuration         |Remove a threat name from the allowed list              |`mdatp threat allowed remove --name [threat-name]`                     |
@@ -109,7 +109,7 @@ The following table lists commands for some of the most common scenarios. Run `m
 |Configuration         |Turn on PUA protection                                  |`mdatp threat policy set --type potentially_unwanted_application --action block` |
 |Configuration         |Turn off PUA protection                                 |`mdatp threat policy set --type potentially_unwanted_application --action off` |
 |Configuration         |Turn on audit mode for PUA protection                   |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
-|Diagnostics           |Change the log level                                    |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
+|Diagnostics           |Change the log level                                    |`mdatp log level set --level verbose [error\|warning\|info\|verbose]`  |
 |Diagnostics           |Generate diagnostic logs                                |`mdatp diagnostic create`                                              |
 |Health                |Check the product's health                              |`mdatp health`                                                         |
 |Protection            |Scan a path                                             |`mdatp scan custom --path [path]`                                      |
@@ -152,6 +152,6 @@ In the Defender for Endpoint portal, you'll see two categories of information:
 - Logged on users do not appear in the Microsoft Defender Security Center portal.
 - In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
 
-    ```bash
+   ```bash
    sudo SUSEConnect --status-text
-    ```
+   ```

From fa7ff33a3ae22711e9040bfc9958ce7299d727f3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 14:54:58 -0800
Subject: [PATCH 007/396] Create defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
new file mode 100644
index 0000000000..6ea027c1ee
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -0,0 +1,33 @@
+---
+title: Address false positives/negatives in Microsoft Defender for Endpoint
+description: Learn how to handle false positives or false negatives in Microsoft Defender for Endpoint.
+keywords: alert, exclusion, defender atp, false positive, false negative
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.technology: windows
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.date: 12/15/2020
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: conceptual
+ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree
+ms.custom: AIR
+---
+
+# Address false positives/negatives in Microsoft Defender for Endpoint
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to**
+
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
+

From 6ce84f2c4dbacc71486731a580b322af7bd12486 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 14:57:19 -0800
Subject: [PATCH 008/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 6ea027c1ee..b3098ec0dd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -20,7 +20,7 @@ ms.collection:
 - m365initiative-defender-endpoint 
 ms.topic: conceptual
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree
-ms.custom: AIR
+ms.custom: FPFN
 ---
 
 # Address false positives/negatives in Microsoft Defender for Endpoint
@@ -31,3 +31,5 @@ ms.custom: AIR
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
+Did Microsoft Defender for Endpoint identify an artifact as malicious, even though it wasn't? Are files or processes that are not a threat being stopped in their tracks by Defender for Endpoint? Or, did Defender for Endpoint miss something? Use this article as a guide for addressing false positives or false negatives in Defender for Endpoint.
+

From fda53f2bd94c7d4e2691922fad5982a7c5b08a0e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 15:10:19 -0800
Subject: [PATCH 009/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index b3098ec0dd..72ede58c51 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,3 +33,6 @@ ms.custom: FPFN
 
 Did Microsoft Defender for Endpoint identify an artifact as malicious, even though it wasn't? Are files or processes that are not a threat being stopped in their tracks by Defender for Endpoint? Or, did Defender for Endpoint miss something? Use this article as a guide for addressing false positives or false negatives in Defender for Endpoint.
 
+| Step | Description |
+|:---|:---|
+| 1. Identify a false positive/negative |   |
\ No newline at end of file

From 131da8346ac47dac17b151b7ed07ff7c81cfd056 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 15:56:57 -0800
Subject: [PATCH 010/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 72ede58c51..7a8b28a303 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -35,4 +35,25 @@ Did Microsoft Defender for Endpoint identify an artifact as malicious, even thou
 
 | Step | Description |
 |:---|:---|
-| 1. Identify a false positive/negative |   |
\ No newline at end of file
+| 1. Identify a false positive/negative |   |
+| 2. Review/define exclusions for Defender for Endpoint  |  |
+| 3. Review/define indicators for Defender for Endpoint |  |
+| 4. Classify a false positive/negative in Defender for Endpoint |  |
+| 5. Submit a file for analysis |  |
+| 6. Confirm your software uses EV code signing  |  |
+
+## Identify a false positive/negative
+
+*How do we know something is a false positive or negative? What do we want customers to look for?*
+
+## Review or define exclusions
+
+*Exclusions are defined for AutoIR and for MDAV, yes?*
+
+## Review or define indicators
+
+## Classify a false positive or false negative
+
+## Submit a file for analysis
+
+## Confirm your software uses EV code signing
\ No newline at end of file

From ae764c12b4d5421861690c50422d036e3e37cc7b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 16:02:50 -0800
Subject: [PATCH 011/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 7a8b28a303..40bb2b65ea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -35,12 +35,12 @@ Did Microsoft Defender for Endpoint identify an artifact as malicious, even thou
 
 | Step | Description |
 |:---|:---|
-| 1. Identify a false positive/negative |   |
-| 2. Review/define exclusions for Defender for Endpoint  |  |
-| 3. Review/define indicators for Defender for Endpoint |  |
-| 4. Classify a false positive/negative in Defender for Endpoint |  |
-| 5. Submit a file for analysis |  |
-| 6. Confirm your software uses EV code signing  |  |
+| 1. [Identify a false positive/negative](#identify-a-false-positivenegative) |   |
+| 2. [Review/define exclusions for Defender for Endpoint](#review-or-define-exclusions)  |  |
+| 3. [Review/define indicators for Defender for Endpoint](#review-or-define-indicators) |  |
+| 4. [Classify a false positive/negative in Defender for Endpoint](#classify-a-false-positive-or-false-negative) |  |
+| 5. [Submit a file for analysis](#submit-a-file-for-analysis) |  |
+| 6. [Confirm your software uses EV code signing](#confirm-your-software-uses-ev-code-signing)  |  |
 
 ## Identify a false positive/negative
 
@@ -52,8 +52,16 @@ Did Microsoft Defender for Endpoint identify an artifact as malicious, even thou
 
 ## Review or define indicators
 
+*Allow indicators for false positives; block indicators for false negatives.  https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators*
+
 ## Classify a false positive or false negative
 
+*Need to figure out where/how this is done*
+
 ## Submit a file for analysis
 
-## Confirm your software uses EV code signing
\ No newline at end of file
+*https://www.microsoft.com/wdsi/filesubmission/*
+
+## Confirm your software uses EV code signing
+
+*Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
\ No newline at end of file

From fe4c83039bc4c7431f25a5f3f975109743b011ce Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 15 Dec 2020 16:08:27 -0800
Subject: [PATCH 012/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 40bb2b65ea..2d4e5efdb5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -35,7 +35,7 @@ Did Microsoft Defender for Endpoint identify an artifact as malicious, even thou
 
 | Step | Description |
 |:---|:---|
-| 1. [Identify a false positive/negative](#identify-a-false-positivenegative) |   |
+| 1. [Identify a false positive/negative](#identify-a-false-positivenegative) | A false positive is something that was detected and identified as malicious, when in fact it does not pose a threat. <br/>A false negative is something that was not detected as a threat even though it is, in fact, malicious. <br/>Both false positives and false negatives can be problematic for your organization.    |
 | 2. [Review/define exclusions for Defender for Endpoint](#review-or-define-exclusions)  |  |
 | 3. [Review/define indicators for Defender for Endpoint](#review-or-define-indicators) |  |
 | 4. [Classify a false positive/negative in Defender for Endpoint](#classify-a-false-positive-or-false-negative) |  |

From 443c53cbfd1a94240e6568ae4dfe09e5be9299b6 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <v-lsaldanha@microsoft.com>
Date: Wed, 16 Dec 2020 23:21:11 +0530
Subject: [PATCH 013/396] updated-4620497

updated
---
 windows/security/threat-protection/index.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 88ac6667fb..f9594c5218 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -19,6 +19,9 @@ ms.topic: conceptual
 # Threat Protection
 [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
 > [!TIP]
 > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/). 
 

From 4172c1f5d6b0ae822486c230b648ea4fd36ceb49 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 14:51:40 -0800
Subject: [PATCH 014/396] Create
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
new file mode 100644
index 0000000000..e0b732c7ad
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -0,0 +1,32 @@
+---
+title: Best practices with attack surface reduction rules
+description: Prevent issues from arising with your attack surface reduction rules by following these best practices
+keywords: Microsoft Defender ATP, attack surface reduction, best practices
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp
+ms.reviewer: jcedola
+audience: ITPro 
+ms.topic: article 
+ms.prod: w10 
+ms.localizationpriority: medium
+ms.custom: 
+- asr
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+---
+
+# Best practices with attack surface reduction rules
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+**Applies to:**
+
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+*ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports)*
+

From 3525787146823116248e423e6fd9ba753f6ad8f1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 14:53:34 -0800
Subject: [PATCH 015/396] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 79487e7cc2..862dcdb459 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -82,6 +82,7 @@
 
 #### [Attack surface reduction controls]()
 ##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
+##### [Best practices with attack surface reduction rules](microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md)
 ##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
 ##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
 ##### [View attack surface reduction events](microsoft-defender-atp/event-views.md)

From e90667baf92ce836c62737bae1f493757e4df046 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 16:00:23 -0800
Subject: [PATCH 016/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 27 ++++++++++++++++---
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index e0b732c7ad..cc67b6f89e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Best practices with attack surface reduction rules
+title: Tips and best practices for attack surface reduction rules
 description: Prevent issues from arising with your attack surface reduction rules by following these best practices
 keywords: Microsoft Defender ATP, attack surface reduction, best practices
 search.product: eADQiWindows 10XVcnh
@@ -19,14 +19,33 @@ ms.collection:
 - m365initiative-defender-endpoint 
 ---
 
-# Best practices with attack surface reduction rules
+# Tips and best practices for attack surface reduction rules
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-*ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports)*
+<!--ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports) and 8.	Policy conflict (details about what happens with conflicting policies, what happens when settings from different policies are merged)
+-->
+
+Whether you're about to enable or have already deployed attack surface reduction rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+
+## Use a phased approach
+
+Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. This approach enables you to see how attack surface reduction rules work in your environment and gives you flexibility in applying exclusions. You can do this with dynamic membership rules.
+
+<!--Siddarth, we need to find the info about how to set up dynamic membership rules and add a procedure here.-->
+
+## Use code signing for applications
+
+## Get the Power BI report template
+
+
+https://github.com/microsoft/MDATP-PowerBI-Templates
+
+## Avoid policy conflicts
+
+## See the demystifying blogs
 

From 9337b5f030d22f55a15554d42a658d2e890cfe65 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 16:14:27 -0800
Subject: [PATCH 017/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md       | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index cc67b6f89e..79644b2380 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -40,12 +40,15 @@ Before you roll out attack surface reduction rules in your organization, select
 
 ## Use code signing for applications
 
+As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization. 
+
 ## Get the Power BI report template
 
-
-https://github.com/microsoft/MDATP-PowerBI-Templates
+<!--The Power BI report templates are here: https://github.com/microsoft/MDATP-PowerBI-Templates-->
 
 ## Avoid policy conflicts
 
+
+
 ## See the demystifying blogs
 

From bf788b9b594dc9cf544f85ecd184fbdab696e2a9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 16:39:52 -0800
Subject: [PATCH 018/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md       | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 79644b2380..de07f909f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -52,3 +52,10 @@ As a best practice, use code signing for all the applications and scripts that y
 
 ## See the demystifying blogs
 
+
+|Blog  |Description  |
+|---------|---------|
+|[Demystifying attack surface reduction rules - Part 1: Why and What](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420)     | Get a quick overview of the Why and the What through eight questions and answers.          |
+|[Demystifying attack surface reduction rules - Part 2: How](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565)     | See how to configure attack surface reduction rules, how exclusions work, and how to define exclusions.         |
+|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968)     |         |
+|Row4     |         |

From a3a05f747e7eddaac23fde5a5c91141bffc75827 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 17:03:48 -0800
Subject: [PATCH 019/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md        | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index de07f909f2..7f28d0e038 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -52,10 +52,12 @@ As a best practice, use code signing for all the applications and scripts that y
 
 ## See the demystifying blogs
 
+The following table lists several blog posts that you might find helpful. All of these blogs are hosted on the [Microsoft Tech Community site](https://techcommunity.microsoft.com), under [Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog).
 
 |Blog  |Description  |
 |---------|---------|
 |[Demystifying attack surface reduction rules - Part 1: Why and What](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420)     | Get a quick overview of the Why and the What through eight questions and answers.          |
 |[Demystifying attack surface reduction rules - Part 2: How](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565)     | See how to configure attack surface reduction rules, how exclusions work, and how to define exclusions.         |
-|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968)     |         |
-|Row4     |         |
+|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968)     | Learn how to view reports and information about attack surface reduction rules and their status, and how to troubleshoot issues with rule impact and operations.         |
+|[Demystifying attack surface reduction rules - Part 4: Migrating](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-4/ba-p/1384425)     | If you're currently using a non-Microsoft host intrusion prevention system (HIPS) and are evaluating or migrating to attack surface reduction capabilities in Microsoft Defender for Endpoint, see this blog. You'll see how custom rules you were using with your HIPS solution can map to attack surface reduction rules in Microsoft Defender for Endpoint.         |
+

From dc962d76e76215e9ada5ee762adb98e44d446061 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 17:13:05 -0800
Subject: [PATCH 020/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md          | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 7f28d0e038..487e9cd874 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -42,6 +42,10 @@ Before you roll out attack surface reduction rules in your organization, select
 
 As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization. 
 
+## View reports in the Microsoft 365 security center
+
+In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**.
+
 ## Get the Power BI report template
 
 <!--The Power BI report templates are here: https://github.com/microsoft/MDATP-PowerBI-Templates-->

From f7ebe8a8e67172c8aab6e29c8128f9827c37a4be Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 17:30:59 -0800
Subject: [PATCH 021/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...best-practices-attack-surface-reduction-rules.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 487e9cd874..caf7149e05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -44,7 +44,7 @@ As a best practice, use code signing for all the applications and scripts that y
 
 ## View reports in the Microsoft 365 security center
 
-In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**.
+In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
 
 ## Get the Power BI report template
 
@@ -52,6 +52,17 @@ In the Microsoft 365 security center ([https://security.microsoft.com](https://s
 
 ## Avoid policy conflicts
 
+If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
+
+Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:   
+- Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:  
+    - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
+    - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
+    - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+- Settings that do not have conflicts are added to a superset of policy for the device.
+- When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
+- Only the configurations for conflicting settings are held back.
+
 
 
 ## See the demystifying blogs

From 0d4c2d4fe938e21f6e1baead860009915e010d70 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 29 Dec 2020 17:36:15 -0800
Subject: [PATCH 022/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md          | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index caf7149e05..96874697de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -55,12 +55,16 @@ In the Microsoft 365 security center ([https://security.microsoft.com](https://s
 If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
 
 Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:   
+
 - Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:  
     - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
     - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
     - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+
 - Settings that do not have conflicts are added to a superset of policy for the device.
+
 - When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
+
 - Only the configurations for conflicting settings are held back.
 
 

From bd894640228c1881af47bea09afb255d39ae2d63 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 14:57:24 +0500
Subject: [PATCH 023/396] Update custom-detection-rules.md

---
 .../microsoft-defender-atp/custom-detection-rules.md         | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 17e23e40fc..28be4b6c48 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -113,6 +113,7 @@ These actions are applied to devices in the `DeviceId` column of the query resul
 - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
 - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
 - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
+- **Restrict app execution**—sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
 
 ### Actions on files
 
@@ -121,6 +122,10 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
 - **Allow/Block**—automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule.
 - **Quarantine file**—deletes the file from its current location and places a copy in quarantine
 
+### Actions on users
+
+- **Mark user as compromised**-sets the users risk level to "high" in Azure Active Directory, triggering corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+
 ## 5. Set the rule scope.
 
 Set the scope to specify which devices are covered by the rule:

From 081961b496ff51e25eff440724928b094748f69a Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 15:42:28 +0500
Subject: [PATCH 024/396] Update
 windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/custom-detection-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 28be4b6c48..44bf12dcfa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -124,7 +124,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
 
 ### Actions on users
 
-- **Mark user as compromised**-sets the users risk level to "high" in Azure Active Directory, triggering corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+- **Mark user as compromised**-sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
 
 ## 5. Set the rule scope.
 

From 0726ac2d7abc646cf1b35d670b58c31bf8067502 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 21:01:02 +0500
Subject: [PATCH 025/396] Update
 windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/custom-detection-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 44bf12dcfa..3c1cbc5713 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -113,7 +113,7 @@ These actions are applied to devices in the `DeviceId` column of the query resul
 - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
 - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
 - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
-- **Restrict app execution**—sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
+- **Restrict app execution**—sets restrictions on the device to allow only files that are signed with a Microsoft-issued certificate to run. [Learn more about restricting app execution](respond-machine-alerts.md#restrict-app-execution)
 
 ### Actions on files
 

From 092e658109778d11de46a3450a469a27bba24811 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 21:01:08 +0500
Subject: [PATCH 026/396] Update
 windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/custom-detection-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 3c1cbc5713..89b5a47aa8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -124,7 +124,7 @@ These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1`
 
 ### Actions on users
 
-- **Mark user as compromised**-sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
+- **Mark user as compromised**—sets the user's risk level to "high" in Azure Active Directory, triggering the corresponding [identity protection policies](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection#risk-levels).
 
 ## 5. Set the rule scope.
 

From b384eba9eb2b195a196a6cb8a9422e6fbc7a70e6 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Thu, 31 Dec 2020 19:16:42 +0530
Subject: [PATCH 027/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 48 +++++++++++++++++--
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 96874697de..80da8794b6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -42,21 +42,61 @@ Before you roll out attack surface reduction rules in your organization, select
 
 As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization. 
 
-## View reports in the Microsoft 365 security center
+## View reports from various sources in Microsoft
+
+### From the Microsoft 365 security center**
 
 In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
 
+To retrieve and view the reports generated in ([https://security.microsoft.com](https://security.microsoft.com)), ensure that the device for which you seek a report is onboarded on to Microsoft Defender ATP.
+
+### By Microsoft Defender ATP advanced hunting** 
+
+Advanced hunting is a query-based threat-hunting tool of Microsoft Defender ATP. This tool generates reports based on the findings of the threat-hunting process.
+
+The **advanced hunting** tool enables the users to audit the **Of-the-last-30-days** data collected from various devices by Microsoft Defender ATP Endpoint Detection and Response (EDR). It facilitates proactive logging of any suspicious indicators and entities in the events that you explore. This tool provides flexibility in accessing data (without any restriction in category of data to be accessed). This flexibility enables the user to detect known threats and spot new threats.
+
+The reports for the ASR rules' events are generated by querying the **DeviceEvents** table.
+
+**Template of DeviceEvents table**
+
+DeviceEvents
+| where Timestamp > ago (30d)
+| where ActionType startswith "Asr" 
+| summarize EventCount=count () by ActionType
+
+### By Microsoft Defender ATP machine timeline
+
+Machine timeline is another report-generating source in Microsoft Defender ATP, but with a narrower scope.
+
+Reports relating to ASR rule events can be generated for the preceding-6-months period on a specific endpoint or device. 
+
+**Summarized procedure to generate report**
+
+1. Log in to **Microsoft Defender Security Center** and navigate to the **Machines** tab.
+2. Choose a machine for which you want to view the reports of its ASR rule-related events.
+3. Click **Timeline** and choose the time range for which the report is to display data.
+
+
 ## Get the Power BI report template
 
 <!--The Power BI report templates are here: https://github.com/microsoft/MDATP-PowerBI-Templates-->
 
 ## Avoid policy conflicts
 
-If a conflicting policy is applied via Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM will take precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
+If a conflicting policy has emerged as a result of a policy being applied from Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM takes precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
 
-Attack surface reduction rules for MEM managed devices now support new behavior for merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either profile would be deployed. Attack surface reduction rule merge behavior is as follows:   
+Attack surface reduction (ASR) rules for MEM-managed devices now support a new behavior for merger of settings from different policies, to create a superset of policies for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either of the profiles would be deployed. ASR rule merge behavior is as follows: 
 
-- Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:  
+Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-managed devices support a new behavior in terms of merger of the settings of policies. This behavior is described below:
+
+- If two or more policies have multiple settings configured in each of them, the settings without a conflict are merged into the superset of the policies they are mapped to.
+- If two or more policies encounter a conflict over a single setting from the various settings they are configured with,  only that single setting with a conflict is held back from being merged into the superset of the policies. 
+- The bundle of settings as a whole are not held back from being merged into the superset because of the single conflict-affected setting.
+- The policy as a whole is not flagged as **being in conflict** because of one of its settings being conflict affected.
+  
+
+- ASR rules from the following profiles are evaluated for each device the rules apply to:  
     - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
     - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
     - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.

From ed4b33cf41a447b10d6cd0136f31f6826aec43b8 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Thu, 31 Dec 2020 19:33:23 +0530
Subject: [PATCH 028/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 80da8794b6..0a09d31840 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -44,13 +44,13 @@ As a best practice, use code signing for all the applications and scripts that y
 
 ## View reports from various sources in Microsoft
 
-### From the Microsoft 365 security center**
+### From the Microsoft 365 security center
 
 In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
 
 To retrieve and view the reports generated in ([https://security.microsoft.com](https://security.microsoft.com)), ensure that the device for which you seek a report is onboarded on to Microsoft Defender ATP.
 
-### By Microsoft Defender ATP advanced hunting** 
+### By Microsoft Defender ATP advanced hunting
 
 Advanced hunting is a query-based threat-hunting tool of Microsoft Defender ATP. This tool generates reports based on the findings of the threat-hunting process.
 
@@ -65,6 +65,13 @@ DeviceEvents
 | where ActionType startswith "Asr" 
 | summarize EventCount=count () by ActionType
 
+**Procedure**
+
+1. Navigate to **Advanced hunting** module in the **Microsoft Defender Security Center** portal.
+2. Click **Query**.
+3. Click **+ New** to create a new query.
+4. Click **Run query**. The report based on the query parameters (specified in the **Template of DeviceEvents table** section) is generated.
+
 ### By Microsoft Defender ATP machine timeline
 
 Machine timeline is another report-generating source in Microsoft Defender ATP, but with a narrower scope.

From c4e05bee82eba5736e53e971e2433929df88ec2c Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 13:03:43 +0500
Subject: [PATCH 029/396] Procedural Changes

An unnecessary step was added in the procedure and has been removed.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8408
---
 .../mac-jamfpro-policies.md                   | 38 +++++++++----------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index 5faeec9c8d..f1017e4215 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -750,18 +750,14 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
 
     ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png)
 
-4. Navigate to **Advanced Computer Searches**.
-    
-    ![A screenshot of a social media post Description automatically generated](images/95313facfdd5e1ea361981e0a2478fec.png)
-
-5. Select **Computer Management**. 
+4. Select your computer and click the gear icon on the top, select **Computer Management**
 
     ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png)
 
-6. In **Packages**, select **+ New**. 
+5. In **Packages**, select **+ New**. 
     ![A picture containing bird Description automatically generated](images/57aa4d21e2ccc65466bf284701d4e961.png)
 
-7. In **New Package** Enter the following details:
+6. In **New Package** Enter the following details:
 
     **General tab**
     - Display Name: Leave it blank for now. Because it will be reset when you choose your pkg.
@@ -774,15 +770,17 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
     
     ![A screenshot of a computer screen Description automatically generated](images/1aa5aaa0a387f4e16ce55b66facc77d1.png)
 
-8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
+7. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
+    **Manifest File** is not required. Microsoft Defender Advanced Threat Protection works without Manifest File.
+    
     **Options tab**<br> Keep default values.
 
     **Limitations tab**<br> Keep default values.
     
      ![Image of configuration settings](images/56dac54634d13b2d3948ab50e8d3ef21.png)
    
-9. Select **Save**. The package is uploaded to Jamf Pro. 
+8. Select **Save**. The package is uploaded to Jamf Pro. 
 
    ![Image of configuration settings](images/33f1ecdc7d4872555418bbc3efe4b7a3.png)
 
@@ -790,45 +788,45 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
    
    ![Image of configuration settings](images/1626d138e6309c6e87bfaab64f5ccf7b.png)
 
-10. Navigate to the **Policies** page.
+9. Navigate to the **Policies** page.
 
     ![Image of configuration settings](images/f878f8efa5ebc92d069f4b8f79f62c7f.png)
 
-11. Select **+ New** to create a new policy.
+10. Select **+ New** to create a new policy.
 
     ![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png)
 
 
-12. In **General** Enter the following details:
+11. In **General** Enter the following details:
 
     - Display name: MDATP Onboarding Contoso 200329 v100.86.92 or later
 
     ![Image of configuration settings](images/625ba6d19e8597f05e4907298a454d28.png)
 
-13. Select **Recurring Check-in**. 
+12. Select **Recurring Check-in**. 
     
     ![Image of configuration settings](images/68bdbc5754dfc80aa1a024dde0fce7b0.png)
 
   
-14. Select **Save**. 
+13. Select **Save**. 
  
-15. Select **Packages > Configure**.
+14. Select **Packages > Configure**.
  
     ![Image of configuration settings](images/8fb4cc03721e1efb4a15867d5241ebfb.png)
 
-16. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
+15. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
     ![Image of configuration settings](images/526b83fbdbb31265b3d0c1e5fbbdc33a.png)
 
-17. Select **Save**.
+16. Select **Save**.
 
     ![Image of configuration settings](images/9d6e5386e652e00715ff348af72671c6.png)
 
-18. Select the **Scope** tab.  
+17. Select the **Scope** tab.  
 
     ![Image of configuration settings](images/8d80fe378a31143db9be0bacf7ddc5a3.png)
 
-19. Select the target computers.
+18. Select the target computers.
 
     ![Image of configuration settings](images/6eda18a64a660fa149575454e54e7156.png)
 
@@ -844,7 +842,7 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
     
     ![Image of configuration settings](images/c9f85bba3e96d627fe00fc5a8363b83a.png)
 
-20. Select **Done**. 
+19. Select **Done**. 
 
     ![Image of configuration settings](images/99679a7835b0d27d0a222bc3fdaf7f3b.png)
 

From 8c4268ea229155638b6cb9a201fcaa9985a3a8ed Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 13:33:46 +0500
Subject: [PATCH 030/396] Addition of a right

A right was missing from the list. Added the basic info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8551
---
 .../security-policy-settings/user-rights-assignment.md          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index 03d0a20cf4..6074db6073 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -69,6 +69,7 @@ The following table links to each security policy setting and provides the const
 | [Manage auditing and security log](manage-auditing-and-security-log.md)| SeSecurityPrivilege| 
 | [Modify an object label](modify-an-object-label.md) | SeRelabelPrivilege| 
 | [Modify firmware environment values](modify-firmware-environment-values.md)| SeSystemEnvironmentPrivilege| 
+| [Obtain an impersonation token for another user in the same session]) | SeDelegateSessionUserImpersonatePrivilege|
 | [Perform volume maintenance tasks](perform-volume-maintenance-tasks.md) | SeManageVolumePrivilege| 
 | [Profile single process](profile-single-process.md) | SeProfileSingleProcessPrivilege| 
 | [Profile system performance](profile-system-performance.md) | SeSystemProfilePrivilege| 
@@ -78,6 +79,7 @@ The following table links to each security policy setting and provides the const
 | [Shut down the system](shut-down-the-system.md) | SeShutdownPrivilege| 
 | [Synchronize directory service data](synchronize-directory-service-data.md)| SeSyncAgentPrivilege| 
 | [Take ownership of files or other objects](take-ownership-of-files-or-other-objects.md) | SeTakeOwnershipPrivilege| 
+
  
 ## Related topics
 

From 4b6d132328c9cf139c94f23508f34b880e329f34 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Mon, 4 Jan 2021 18:37:55 +0530
Subject: [PATCH 031/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 34 ++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 0a09d31840..19653b1a5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -30,13 +30,40 @@ ms.collection:
 <!--ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports) and 8.	Policy conflict (details about what happens with conflicting policies, what happens when settings from different policies are merged)
 -->
 
-Whether you're about to enable or have already deployed attack surface reduction rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+The instructions to deploy attack surface reduction (ASR) rules in the most optimal way are available in [Demystifying attack surface reduction rules - Part 2](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565).
 
+It is highly recommended to test the ASR rules on a sample-like smaller set of devices. For information on the reasons for this recommendation and on how to deploy the ASR rules on a smaller set of devices, see **Use a phased approach** section, below, in this article.
+
+ > [!NOTE]
+> Whether you're about to enable or have already deployed ASR rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
+
+**Results of applying ASR rules**
+
+- The process of applying ASR rules on devices provides scope to query for reports. These queries can be implemented in the form of templates.
+
+<!--Denise, could you clarify as to whether the ASR PowerBI template is anything to do with the templates used to generate/retrieve reports as specified in Blog-3? In other words, does the link to PowerBI template have relevance in this section and context?
+-->
+
+- Once applying ASR rules to devices leads to querying for reports, there are a few sources from which reports can be queried. One of such sources is the [Microsoft 365 security center](https://security.microsoft.com)
+ 
+<!-- Denise, could we discuss as to why only the **Microsoft 365 security center** source is being cited here; Just for better understanding, I am putting forward this query
+-->
+- 
 ## Use a phased approach
 
-Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. This approach enables you to see how attack surface reduction rules work in your environment and gives you flexibility in applying exclusions. You can do this with dynamic membership rules.
+Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. 
 
-<!--Siddarth, we need to find the info about how to set up dynamic membership rules and add a procedure here.-->
+The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
+
+- **Better prospects for display of ASR rules impact** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
+- **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of **applicable-not applicable**  devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
+
+> [!IMPORTANT]
+> You can implement the process of applying ASR rules to a smaller device set by utilizing dynamic membership rules.
+
+**How to configure dynamic membership rules**
+
+<!--Denise, we might need Jody's help in acquiring inputs for this procedural section  of setting up dynamic membership rules.-->
 
 ## Use code signing for applications
 
@@ -115,7 +142,6 @@ Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-manage
 - Only the configurations for conflicting settings are held back.
 
 
-
 ## See the demystifying blogs
 
 The following table lists several blog posts that you might find helpful. All of these blogs are hosted on the [Microsoft Tech Community site](https://techcommunity.microsoft.com), under [Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog).

From 053da0a6581a34a3d11ed9fe2f0c921bc4725ab5 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 09:09:40 -0700
Subject: [PATCH 032/396] Update
 windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/mac-jamfpro-policies.md             | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index f1017e4215..961a958e6f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -750,7 +750,7 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
 
     ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png)
 
-4. Select your computer and click the gear icon on the top, select **Computer Management**
+4. Select your computer and click the gear icon at the top, then select **Computer Management**.
 
     ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png)
 
@@ -851,4 +851,3 @@ Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint
 
 
 
-

From 7682c17362d6802ae7a7019d280feb3a5263afd1 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 09:22:32 -0700
Subject: [PATCH 033/396] Update
 windows/security/threat-protection/security-policy-settings/user-rights-assignment.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security-policy-settings/user-rights-assignment.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index 6074db6073..656b0c378b 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -69,7 +69,7 @@ The following table links to each security policy setting and provides the const
 | [Manage auditing and security log](manage-auditing-and-security-log.md)| SeSecurityPrivilege| 
 | [Modify an object label](modify-an-object-label.md) | SeRelabelPrivilege| 
 | [Modify firmware environment values](modify-firmware-environment-values.md)| SeSystemEnvironmentPrivilege| 
-| [Obtain an impersonation token for another user in the same session]) | SeDelegateSessionUserImpersonatePrivilege|
+| [Obtain an impersonation token for another user in the same session](impersonate-a-client-after-authentication.md) | SeDelegateSessionUserImpersonatePrivilege|
 | [Perform volume maintenance tasks](perform-volume-maintenance-tasks.md) | SeManageVolumePrivilege| 
 | [Profile single process](profile-single-process.md) | SeProfileSingleProcessPrivilege| 
 | [Profile system performance](profile-system-performance.md) | SeSystemProfilePrivilege| 

From 11d5cadf01f2d447f0f36f18552fe5cb5207b532 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Tue, 5 Jan 2021 01:20:58 +0100
Subject: [PATCH 034/396] Update filesystem-csp.md

Based on the implied confusion in issue ticket #8387 (**FileSystem CSP examples**), I noticed that the 2 **Note** lines in this document do not adhere to the MS standard of using colored Note blobs. This PR aims to rectify that issue, hoping that this may clarify the following:

> FileSystem CSP is only supported in Windows 10 Mobile.

Thanks to @joinimran for mentioning this fact and making me aware of this issue.

Changes proposed:
- update/upgrade 2 **Note** lines to use standard Microsoft Note blob formatting
- encapsulate filename `winnt.h` in MD back ticks to display as monospaced font

Whitespace changes:
- Remove 10 empty lines at the end of the document
- reduce double blank lines to single (3 occurrences)
- remove all redundant end-of-line blank spaces
- bullet point lists: reduce triple consecutive blank space to single

Closes #8387
---
 .../client-management/mdm/filesystem-csp.md   | 64 ++++++++-----------
 1 file changed, 25 insertions(+), 39 deletions(-)

diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 9bad3fe712..39061b8c6d 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -14,41 +14,38 @@ ms.date: 06/26/2017
 
 # FileSystem CSP
 
-
 The FileSystem configuration service provider is used to query, add, modify, and delete files, file directories, and file attributes on the mobile device. It can retrieve information about or manage files in ROM, files in persistent store and files on any removable storage card that is present in the device. It works for files that are hidden from the user as well as those that are visible to the user.
 
-> **Note**  FileSystem CSP is only supported in Windows 10 Mobile.
-> 
-> 
-> 
-> **Note**   This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
+> [!NOTE]
+> FileSystem CSP is only supported in Windows 10 Mobile.
 
- 
+> [!NOTE]
+> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_OEM capabilities to be accessed from a network configuration application.
 
 The following diagram shows the FileSystem configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider.
 
 ![filesystem csp (dm)](images/provisioning-csp-filesystem-dm.png)
 
-<a href="" id="filesystem"></a>**FileSystem**  
+<a href="" id="filesystem"></a>**FileSystem**
 Required. Defines the root of the file system management object. It functions as the root directory for file system queries.
 
 Recursive queries or deletes are not supported for this element. Add commands will add a new file or directory under the root path.
 
 The following properties are supported for the root node:
 
--   `Name`: The root node name. The Get command is the only supported command.
+- `Name`: The root node name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file, which is com.microsoft/windowsmobile/1.1/FileSystemMO. The Get command is the only supported command.
+- `Type`: The MIME type of the file, which is com.microsoft/windowsmobile/1.1/FileSystemMO. The Get command is the only supported command.
 
--   `Format`: The format, which is `node`. The Get command is the only supported command.
+- `Format`: The format, which is `node`. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: Not supported.
+- `Size`: Not supported.
 
--   `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
 
-<a href="" id="file-directory"></a>***file directory***  
+<a href="" id="file-directory"></a>***file directory***
 Optional. Returns the name of a directory in the device file system. Any *file directory* element can contain directories and files as child elements.
 
 The Get command returns the name of the file directory. The Get command with `?List=Struct` will recursively return all child element names (including sub-directory names). The Get command with `?list=StructData` query is not supported and returns a 406 error code.
@@ -61,19 +58,19 @@ The Delete command is used to delete all files and subfolders under this *file d
 
 The following properties are supported for file directories:
 
--   `Name`: The file directory name. The Get command is the only supported command.
+- `Name`: The file directory name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file, which an empty string for directories that are not the root node. The Get command is the only supported command.
+- `Type`: The MIME type of the file, which an empty string for directories that are not the root node. The Get command is the only supported command.
 
--   `Format`: The format, which is `node`. The Get command is the only supported command.
+- `Format`: The format, which is `node`. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file directory was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: Not supported.
+- `Size`: Not supported.
 
--   `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file directory attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file `winnt.h`. This supports the Get command and the Replace command.
 
-<a href="" id="file-name"></a>***file name***  
+<a href="" id="file-name"></a>***file name***
 Optional. Return a file in binary format. If the file is too large for the configuration service to return, it returns error code 413 (Request entity too large) instead.
 
 The Delete command deletes the file.
@@ -86,29 +83,18 @@ The Get command is not supported on a *file name* element, only on the propertie
 
 The following properties are supported for files:
 
--   `Name`: The file name. The Get command is the only supported command.
+- `Name`: The file name. The Get command is the only supported command.
 
--   `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
+- `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
 
--   `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over wbxml. The Get command is the only supported command.
+- `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over wbxml. The Get command is the only supported command.
 
--   `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
+- `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 
--   `Size`: The unencoded file content size in bytes. The Get command is the only supported command.
+- `Size`: The unencoded file content size in bytes. The Get command is the only supported command.
 
--   `msft:SystemAttributes`: A custom property that contains file attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
+- `msft:SystemAttributes`: A custom property that contains file attributes. This value is an integer bit mask that corresponds to the FILE\_ATTRIBUTE values and flags defined in the header file winnt.h. This supports the Get command and the Replace command.
 
 ## Related topics
 
-
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-

From dc6a1422ef530c0659824db0176aeafda206d904 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Tue, 5 Jan 2021 17:29:55 +0530
Subject: [PATCH 035/396] Update controlled-folders.md

---
 .../microsoft-defender-atp/controlled-folders.md                 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index d01c44566e..c8e81166ac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -65,6 +65,7 @@ Windows system folders are protected by default, along with several other folder
 - `c:\Users\<username>\Pictures`
 - `c:\Users\Public\Pictures`
 - `c:\Users\Public\Videos`
+- `c:\Users\<username>\Videos`
 - `c:\Users\<username>\Music`
 - `c:\Users\Public\Music`
 - `c:\Users\<username>\Favorites`

From d8afba6ecda828c656854bf29d1f5a1e6baf91fc Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Tue, 5 Jan 2021 19:14:10 +0530
Subject: [PATCH 036/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 19653b1a5a..0a7fe26efc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -48,7 +48,28 @@ It is highly recommended to test the ASR rules on a sample-like smaller set of d
  
 <!-- Denise, could we discuss as to why only the **Microsoft 365 security center** source is being cited here; Just for better understanding, I am putting forward this query
 -->
-- 
+
+**Applicable to rules' states**
+
+This section describes the best practices with regard to the states which any ASR rule can be set to, irrespective of the method used to configure or deploy the ASR rule.
+
+Prior to describing the best pratices for the ASR rules' states, it is important to know the states which an ASR rule can be set to:
+
+- **Not configured**: This is the state in which the ASR rule has been disabled. The code for this state is 0.
+- **Block**: This is the state in which the ASR rule is enabled. YThe code for this state is 1.
+- **Audit**: This is the state in which the ASR rule is evaluated about its impactive behavior toward the organization or environment in which it is deployed.
+
+**Recommendation**
+
+The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best pratice are:
+
+1. **Access to logs and reviews**: When an ASR rule is set to **audit** mode, you can get access to the logs and reviews pertaining to it. These logs and reviews are data that helps you to analyze the impact of the ASR rule.
+2. **Rule-related decision**: The analysis findings guided by the logs and reviews help you take a decision whether to deploy or exclude the ASR rule or not. For information on ASR rule exclusion see
+<!--To cite here the topic that describes guidance provided for the process of implementing ASR rules' exclusions-->
+<!--To cite here the topic that describes guidance provided for the process of deploying or configuring ASR rules-->
+
+<!--Denise, if we can seek information about the common built-in features across all the 5 configuration mechanisms, we can specify the best practice regarding which is the best configuration mechanism to use to deploy the ASR rules-->
+
 ## Use a phased approach
 
 Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. 

From 0234660baf0f9855f3eacd73ee2d02232433747e Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika <v-smandalika@microsoft.com>
Date: Tue, 5 Jan 2021 19:52:34 +0530
Subject: [PATCH 037/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 0a7fe26efc..ea1d8dbfb2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -154,7 +154,7 @@ Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-manage
 - ASR rules from the following profiles are evaluated for each device the rules apply to:  
     - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
     - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
-    - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Attack Surface Reduction Rules.
+    - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Profiles >  Profile Name > Properties > Configuration settings > Attack Surface Reduction Rules
 
 - Settings that do not have conflicts are added to a superset of policy for the device.
 

From cd12eb005a60ba0d937d257dcb450b3eae560049 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Thu, 7 Jan 2021 20:54:26 +0100
Subject: [PATCH 038/396] Missing verb "is" in line 36

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/filesystem-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 39061b8c6d..9a50b99317 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -60,7 +60,7 @@ The following properties are supported for file directories:
 
 - `Name`: The file directory name. The Get command is the only supported command.
 
-- `Type`: The MIME type of the file, which an empty string for directories that are not the root node. The Get command is the only supported command.
+- `Type`: The MIME type of the file, which is an empty string for directories that are not the root node. The Get command is the only supported command.
 
 - `Format`: The format, which is `node`. The Get command is the only supported command.
 

From 655e9bd4d318470d7eba59d6c605c8d0449e5574 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Thu, 7 Jan 2021 20:55:07 +0100
Subject: [PATCH 039/396] Missing capitalization for WBXML in line 90

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/client-management/mdm/filesystem-csp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/filesystem-csp.md b/windows/client-management/mdm/filesystem-csp.md
index 9a50b99317..12547591ba 100644
--- a/windows/client-management/mdm/filesystem-csp.md
+++ b/windows/client-management/mdm/filesystem-csp.md
@@ -87,7 +87,7 @@ The following properties are supported for files:
 
 - `Type`: The MIME type of the file. This value is always set to the generic MIME type: `application/octet-stream`. The Get command is the only supported command.
 
-- `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over wbxml. The Get command is the only supported command.
+- `Format`: The format, which is b64 encoded for binary data is sent over XML, and bin format for binary data sent over WBXML. The Get command is the only supported command.
 
 - `TStamp`: A standard OMA property that indicates the last time the file was changed. The value is represented by a string containing a UTC based, ISO 8601 basic format, complete representation of a date and time value, e.g. 20010711T163817Z means July 11, 2001 at 16 hours, 38 minutes and 17 seconds. The Get command is the only supported command.
 

From 4e744a03176f3b387f71d98005fe7bd3d25f7319 Mon Sep 17 00:00:00 2001
From: Benny Shilpa <v-bshilpa@microsoft.com>
Date: Fri, 8 Jan 2021 12:48:00 +0530
Subject: [PATCH 040/396] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 72385ecf92..d251f87b7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -117,7 +117,7 @@ Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def
 |Method  |What to do  |
 |---------|---------|
 |Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
-|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
+|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
 
 > [!NOTE]
 > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

From 8910a420b285c848ad75714291673b1f4493b864 Mon Sep 17 00:00:00 2001
From: Benny Shilpa <v-bshilpa@microsoft.com>
Date: Fri, 8 Jan 2021 12:58:17 +0530
Subject: [PATCH 041/396] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 432aed7160..8b4ea42244 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -142,7 +142,7 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
 |Method  |What to do  |
 |---------|---------|
 |Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
-|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
+|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.|
 
 > [!NOTE]
 > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

From abc9f48f50788ec2ffa57a803e9f745ba3ceb7fe Mon Sep 17 00:00:00 2001
From: Benny Shilpa <v-bshilpa@microsoft.com>
Date: Fri, 8 Jan 2021 13:02:40 +0530
Subject: [PATCH 042/396] Update switch-to-microsoft-defender-setup.md

---
 .../switch-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index c1ad46027c..cce6dd54eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -138,7 +138,7 @@ Microsoft Defender Antivirus can run alongside your existing endpoint protection
 |Method  |What to do  |
 |---------|---------|
 |Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
-|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
+|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus) cmdlet. <br/><br/>3. In the list of results, look for either **AMRunningMode: Passive Mode** or **AMRunningMode: SxS Passive Mode**.          |
 
 > [!NOTE]
 > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.

From b6e9b39ce408c7638c5c91cd60a4e7be45102886 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Tue, 12 Jan 2021 00:26:51 +0100
Subject: [PATCH 043/396] Update distribute-offline-apps.md

From issue ticket #8942 (**Broken link - Distribute offline apps**):

> Hi all.
>
> In Distribute offline apps (https://docs.microsoft.com/en-us/microsoft-store/distribute-offline-apps) the link Manage apps from Microsoft Store for Business with Microsoft Intune that points to [docs.microsoft.com/en-us/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune](https://docs.microsoft.com/en-us/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune) rports error 404. Probably the destination has changed URL. I believe that it should point to the doc How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune - [docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business](https://docs.microsoft.com/en-us/mem/intune/apps/windows-store-for-business).
>
> Can you double check this and fix it please?

Thanks to @joaonltome for noticing and reporting this broken link and also suggesting a likely solution.

Changes proposed:
- Replace the broken link /microsoft-store/distribute-offline-apps with the working page link /mem/intune/apps/windows-store-for-business .
- Change the paragraph title "To download an offline-licensed app" from **bold** formatting to a H3 heading, as well as including the HTML anchor in that heading.
  (This heading level might possibly need to be a H4 heading size to remain the same size as its current **bold**-only format.)

Whitespace changes:
- Remove 13 redundant blank lines at the end of the document page.
- By removing these 13 blank lines, we also remove that redundant empty command copy box (created by indents).
- Reduce 12 occurrences of 3 blank spaces after bullet point list indicators to 1 space.
- Reduce 6 occurrences of double blank space after numbered list indicators to 1 space.
- Add missing colon in **Applies to:** .

Closes #8942
---
 store-for-business/distribute-offline-apps.md | 56 +++++++------------
 1 file changed, 21 insertions(+), 35 deletions(-)

diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index 33b58da4ab..e3dbdb3592 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Distribute offline apps
 
 
-**Applies to**
+**Applies to:**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
 
 Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
 
@@ -29,23 +29,23 @@ Offline licensing is a new licensing option for Windows 10 with Microsoft Store
 
 Offline-licensed apps offer an alternative to online apps, and provide additional deployment options. Some reasons to use offline-licensed apps:
 
--   **You don't have access to Microsoft Store services** - If your employees don't have access to the internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
+- **You don't have access to Microsoft Store services** - If your employees don't have access to the internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
 
--   **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
+- **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
 
--   **Your employees do not have Azure Active Directory (AD) accounts** - Azure AD accounts are required for employees that install apps assigned to them from Microsoft Store or that claim apps from a private store.
+- **Your employees do not have Azure Active Directory (AD) accounts** - Azure AD accounts are required for employees that install apps assigned to them from Microsoft Store or that claim apps from a private store.
 
 ## Distribution options for offline-licensed apps
 
 You can't distribute offline-licensed apps directly from Microsoft Store. Once you download the items for the offline-licensed app, you have options for distributing the apps:
 
--   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
+- **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft Windows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 
--   **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
+- **Create provisioning package**. You can use Windows Imaging and Configuration Designer (ICD) to create a provisioning package for your offline app. Once you have the package, there are options to [apply the provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package). For more information, see [Provisioning Packages for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages).
 
--   **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
+- **Mobile device management provider or management server.** You can use a mobile device management (MDM) provider or management server to distribute offline apps. For more information, see these topics:
     - [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
-    - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)<br>
+    - [Manage apps from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/windows-store-for-business)<br>
 
 For third-party MDM providers or management servers, check your product documentation.
 
@@ -53,23 +53,22 @@ For third-party MDM providers or management servers, check your product document
 
 There are several items to download or create for offline-licensed apps. The app package and app license are required; app metadata and app frameworks are optional. This section includes more info on each item, and tells you how to download an offline-licensed app.
 
--   **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata.
+- **App metadata** - App metadata is optional. The metadata includes app details, links to icons, product id, localized product ids, and other items. Devs who plan to use an app as part of another app or tool, might want the app metadata.
 
--   **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
+- **App package** - App packages are required for distributing offline apps. There are app packages for different combinations of app platform and device architecture. You'll need to know what device architectures you have in your organization to know if there are app packages to support your devices.
 
--   **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
+- **App license** - App licenses are required for distributing offline apps. Use encoded licenses when you distribute offline-licensed apps using a management tool or ICD. Use unencoded licenses when you distribute offline-licensed apps using DISM.
 
--   **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
+- **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
 
-<a href="" id="download-offline-licensed-app"></a>
-**To download an offline-licensed app**
+### <a href="" id="download-offline-licensed-app"></a> To download an offline-licensed app
 
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**.
-3.  Click **Settings**.
-4.  Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
-5.  Click **Manage**. You now have access to download the appx bundle package metadata and license file.
-6.  Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
+1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
+2. Click **Manage**.
+3. Click **Settings**.
+4. Click **Shop**. Search for the **Shopping experience** section, change the License type to **Offline**, and click  **Get the app**, which will add the app to your inventory.
+5. Click **Manage**. You now have access to download the appx bundle package metadata and license file.
+6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
 
     - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional.
     - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required.
@@ -78,16 +77,3 @@ There are several items to download or create for offline-licensed apps. The app
 
 > [!NOTE]
 > You need the framework to support your app package, but if you already have a copy, you don't need to download it again. Frameworks are backward compatible.
-
-
-
-     
-
- 
-
- 
-
-
-
-
-

From 799286b74cfbace1cfb86634890c20b8268d0def Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Tue, 12 Jan 2021 01:01:35 +0100
Subject: [PATCH 044/396] Revert HTML anchor link heading format

- change "To download an offline-licensed app" heading format back to **bold**
- remove the line separation (NewLine/Line break) to enable the anchor link again
---
 store-for-business/distribute-offline-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index e3dbdb3592..c22a4358d7 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -61,7 +61,7 @@ There are several items to download or create for offline-licensed apps. The app
 
 - **App frameworks** - App frameworks are optional. If you already have the required framework, you don't need to download another copy. The Store for Business will select the app framework needed for the app platform and architecture that you selected.
 
-### <a href="" id="download-offline-licensed-app"></a> To download an offline-licensed app
+<a href="" id="download-offline-licensed-app"></a>**To download an offline-licensed app**
 
 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click **Manage**.

From 500fd2c72ee5fa5d5ce00dbe699dabac111a77e3 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 12 Jan 2021 10:50:21 +0500
Subject: [PATCH 045/396] Update use-vamt-in-windows-powershell.md

---
 .../volume-activation/use-vamt-in-windows-powershell.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 7389bcd273..0fcb1ad99c 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -57,7 +57,7 @@ get-help get-VamtProduct -all
 ```
 
 **Warning**  
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278).
+The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/vamt).
 
 **To view VAMT PowerShell Help sections**
 

From eb8843f637a817ceb46c8c58d9eb75c116ab8655 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 12 Jan 2021 11:59:56 +0500
Subject: [PATCH 046/396] Update hello-planning-guide.md

---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 265aa7219d..fc57328704 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account (additional costs needed for multi-factor authentication).
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes Azure AD Multi-Factor Authentication license (like Microsoft 365), or use third-party Multi-Factor Authentication provider.
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From 7c7a13348fa00a44133e085964b25260ba80d04e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 12 Jan 2021 14:37:28 +0500
Subject: [PATCH 047/396] Update
 windows/security/identity-protection/hello-for-business/hello-planning-guide.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index fc57328704..d99d54226f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes Azure AD Multi-Factor Authentication license (like Microsoft 365), or use third-party Multi-Factor Authentication provider.
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes an Azure AD Multi-Factor Authentication license (like Microsoft 365) or to use a third-party Multi-Factor Authentication provider.
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From 92c77fa38c443d7c33dd647ba2700ebbc85e1921 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Tue, 12 Jan 2021 19:33:47 +0100
Subject: [PATCH 048/396] correct casing for "the internet" to 'the Internet'

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 store-for-business/distribute-offline-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index c22a4358d7..8a5ead4fe6 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -29,7 +29,7 @@ Offline licensing is a new licensing option for Windows 10 with Microsoft Store
 
 Offline-licensed apps offer an alternative to online apps, and provide additional deployment options. Some reasons to use offline-licensed apps:
 
-- **You don't have access to Microsoft Store services** - If your employees don't have access to the internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
+- **You don't have access to Microsoft Store services** - If your employees don't have access to the Internet and Microsoft Store services, downloading offline-licensed apps and deploying them with imaging is an alternative to online-licensed apps.
 
 - **You use imaging to manage devices in your organization** - Offline-licensed apps can be added to images and deployed with Deployment Image Servicing and Management (DISM), or Windows Imaging and Configuration Designer (ICD).
 

From 7ced57c6927538be4219721a78fa1d09b0eb879a Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 13 Jan 2021 07:23:37 +0500
Subject: [PATCH 049/396] Update hello-planning-guide.md

---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index d99d54226f..ba1692b00e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet.  You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to have another subscription that includes an Azure AD Multi-Factor Authentication license (like Microsoft 365) or to use a third-party Multi-Factor Authentication provider.
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to use a third-party Multi-Factor Authentication provider.
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From bcd0ea8622f7858720b7f9d28bf8f718567be1d6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:49:14 -0800
Subject: [PATCH 050/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 33 ++++++++++++-------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 2d4e5efdb5..c43654ba5e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 12/15/2020
+ms.date: 01/15/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -31,20 +31,29 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-Did Microsoft Defender for Endpoint identify an artifact as malicious, even though it wasn't? Are files or processes that are not a threat being stopped in their tracks by Defender for Endpoint? Or, did Defender for Endpoint miss something? Use this article as a guide for addressing false positives or false negatives in Defender for Endpoint.
+In Microsoft Defender for Endpoint, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. If you’re seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
 
-| Step | Description |
-|:---|:---|
-| 1. [Identify a false positive/negative](#identify-a-false-positivenegative) | A false positive is something that was detected and identified as malicious, when in fact it does not pose a threat. <br/>A false negative is something that was not detected as a threat even though it is, in fact, malicious. <br/>Both false positives and false negatives can be problematic for your organization.    |
-| 2. [Review/define exclusions for Defender for Endpoint](#review-or-define-exclusions)  |  |
-| 3. [Review/define indicators for Defender for Endpoint](#review-or-define-indicators) |  |
-| 4. [Classify a false positive/negative in Defender for Endpoint](#classify-a-false-positive-or-false-negative) |  |
-| 5. [Submit a file for analysis](#submit-a-file-for-analysis) |  |
-| 6. [Confirm your software uses EV code signing](#confirm-your-software-uses-ev-code-signing)  |  |
+Review your threat protection settings
+Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
-## Identify a false positive/negative
+- Cloud-delivered protection
+- Remediation for potentially unwanted apps (PUA)
+
+### Cloud-delivered protection
+
+Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
+
+See [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
+
+### Remediation for potentially unwanted applications (PUA)
+
+Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation.
+ 
+Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If this is happening, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
+
+> [!TIP]
+> To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
-*How do we know something is a false positive or negative? What do we want customers to look for?*
 
 ## Review or define exclusions
 

From a41ed13796f6238a069151684485c15296665174 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:50:25 -0800
Subject: [PATCH 051/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index c43654ba5e..7e2224fc74 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -54,6 +54,16 @@ Depending on the apps your organization is using, you might be getting false pos
 > [!TIP]
 > To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
+#### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
+
+1.	Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2.	Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+3.	Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
+4.	On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
+5.	Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
+6.	Choose **Review + save**, and then choose **Save**.
+
+
 
 ## Review or define exclusions
 

From 0509296bac40162a4aefbfe21aecf284507843ac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:50:48 -0800
Subject: [PATCH 052/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 7e2224fc74..703de9a4ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -56,12 +56,12 @@ Depending on the apps your organization is using, you might be getting false pos
 
 #### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
 
-1.	Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2.	Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
-3.	Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
-4.	On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
-5.	Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
-6.	Choose **Review + save**, and then choose **Save**.
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+3. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
+4. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
+5. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
+6. Choose **Review + save**, and then choose **Save**.
 
 
 

From 1c60d9b448e225a8707e85cbc1d7c0292741de68 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:52:02 -0800
Subject: [PATCH 053/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 703de9a4ef..4fc988374f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -57,12 +57,23 @@ Depending on the apps your organization is using, you might be getting false pos
 #### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-pua-protection-for-a-new-configuration-profile)).
 3. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
 4. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
 5. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
 6. Choose **Review + save**, and then choose **Save**.
 
+#### Use Microsoft Endpoint Manager to set PUA protection for a new configuration profile
+
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Devices** > **Configuration profiles** > **+ Create profile**.
+3. For the **Platform**, choose **Windows 10 and later**, and for **Profile**, select **Device restrictions**.
+4. On the **Basics** tab, specify a name and description for your policy. Then choose **Next**.
+5. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
+6. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn PUA protection off, but by using audit mode, you will be able to see detections.)
+7. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
+8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
+9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
 
 ## Review or define exclusions

From 47a5ddb4b59892d07f31a4ef6dc08737e27e7a14 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:54:35 -0800
Subject: [PATCH 054/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md   | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4fc988374f..d120882e6a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -76,9 +76,17 @@ Depending on the apps your organization is using, you might be getting false pos
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
 
-## Review or define exclusions
+## Review or define exclusions for Microsoft Defender for Endpoint
+
+An exclusion is an entity that you specify as an exception to remediation. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
+
+To define exclusions across Microsoft Defender for Endpoint, you must perform at least two kinds of tasks:
+
+- Define exclusions for Microsoft Defender Antivirus (you do this by editing an existing antivirus policy or by creating a new policy)
+- Create “allow” indicators for Microsoft Defender for Endpoint ()
+
+You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), attack surface reduction (ASR) rules, and controlled folder access. Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use custom indicators.
 
-*Exclusions are defined for AutoIR and for MDAV, yes?*
 
 ## Review or define indicators
 

From ba8ffab39c6b33c5d8b74f831c6adb308218a1fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:55:40 -0800
Subject: [PATCH 055/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d120882e6a..4cfd1708d9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -85,7 +85,7 @@ To define exclusions across Microsoft Defender for Endpoint, you must perform at
 - Define exclusions for Microsoft Defender Antivirus (you do this by editing an existing antivirus policy or by creating a new policy)
 - Create “allow” indicators for Microsoft Defender for Endpoint ()
 
-You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), attack surface reduction (ASR) rules, and controlled folder access. Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use custom indicators.
+You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use custom indicators.
 
 
 ## Review or define indicators

From f1e6f6f4ff42ca4086b58915cf99051c152af1e2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 12:56:39 -0800
Subject: [PATCH 056/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4cfd1708d9..61db33647d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -75,17 +75,15 @@ Depending on the apps your organization is using, you might be getting false pos
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
-
 ## Review or define exclusions for Microsoft Defender for Endpoint
 
 An exclusion is an entity that you specify as an exception to remediation. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
 To define exclusions across Microsoft Defender for Endpoint, you must perform at least two kinds of tasks:
-
 - Define exclusions for Microsoft Defender Antivirus (you do this by editing an existing antivirus policy or by creating a new policy)
 - Create “allow” indicators for Microsoft Defender for Endpoint ()
 
-You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use custom indicators.
+You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
 
 
 ## Review or define indicators

From 04e2d46c5b0994aefda58e659b99e89164de1dad Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 13:06:18 -0800
Subject: [PATCH 057/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 61db33647d..f9216bbfe8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -85,6 +85,33 @@ To define exclusions across Microsoft Defender for Endpoint, you must perform at
 
 You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
 
+### Exclusions for Microsoft Defender Antivirus
+
+In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions.
+
+> [!TIP]
+> Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
+
+#### Use Microsoft Endpoint Manager to manage antivirus exclusions for existing policies
+
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+3. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
+4. Expand **Microsoft Defender Antivirus Exclusions** and then specify your exclusions.
+5. Choose **Review + save**, and then choose **Save**.
+
+#### Use Microsoft Endpoint Manager to create an antivirus policy with exclusions
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
+3. Select a platform (such as Windows 10 and later, macOS, or Windows 10 and Windows Server).
+4. For **Profile**, select **Microsoft Defender Antivirus exclusions**, and then choose **Create**.
+5. Specify a name and description for the profile, and then choose **Next**.
+6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.
+7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags]( Use role-based access control (RBAC) and scope tags for distributed IT in Intune | Microsoft Docs).)
+8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
+9. On the **Review + create** tab, review the settings, and then choose **Create**.
+
+
 
 ## Review or define indicators
 

From 3d1407fd3a22033c4ba167208dc03f379cc85de2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 13:06:54 -0800
Subject: [PATCH 058/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f9216bbfe8..4fd508750d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -90,7 +90,7 @@ You must perform both kinds of tasks because Microsoft Defender Antivirus exclus
 In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions.
 
 > [!TIP]
-> Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
+> Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
 
 #### Use Microsoft Endpoint Manager to manage antivirus exclusions for existing policies
 
@@ -101,6 +101,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 5. Choose **Review + save**, and then choose **Save**.
 
 #### Use Microsoft Endpoint Manager to create an antivirus policy with exclusions
+
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
 3. Select a platform (such as Windows 10 and later, macOS, or Windows 10 and Windows Server).

From 3c5d2a3d2429851c32762559e667f20c91f60cc7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 13:09:06 -0800
Subject: [PATCH 059/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4fd508750d..b43e1e658d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -95,7 +95,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 #### Use Microsoft Endpoint Manager to manage antivirus exclusions for existing policies
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-create-an-antivirus-policy-with-exclusions)).
 3. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
 4. Expand **Microsoft Defender Antivirus Exclusions** and then specify your exclusions.
 5. Choose **Review + save**, and then choose **Save**.
@@ -108,7 +108,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 4. For **Profile**, select **Microsoft Defender Antivirus exclusions**, and then choose **Create**.
 5. Specify a name and description for the profile, and then choose **Next**.
 6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.
-7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags]( Use role-based access control (RBAC) and scope tags for distributed IT in Intune | Microsoft Docs).)
+7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.
 

From 480e2a5a36204a7a1aa754c651f18631efbc55e7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 13:10:06 -0800
Subject: [PATCH 060/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index b43e1e658d..41af0bb20a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -112,8 +112,6 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.
 
-
-
 ## Review or define indicators
 
 *Allow indicators for false positives; block indicators for false negatives.  https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators*

From 514985aeb75c4975f24cb75ae6bc930a61ee32fc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 14:02:08 -0800
Subject: [PATCH 061/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md  | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 41af0bb20a..684eb83488 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,7 +33,8 @@ ms.custom: FPFN
 
 In Microsoft Defender for Endpoint, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. If you’re seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
 
-Review your threat protection settings
+## Review your threat protection settings
+
 Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
 - Cloud-delivered protection
@@ -112,13 +113,17 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.
 
-## Review or define indicators
+### Indicators for Microsoft Defender for Endpoint
 
 *Allow indicators for false positives; block indicators for false negatives.  https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators*
 
-## Classify a false positive or false negative
+To specify files, IP addresses, URLs, domains, and certificates as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. "Allow" indicators prevent the following capabilities of Microsoft Defender for Endpoint from taking action on entities:
+
+- [Next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
+- [Endpoint detection and response](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Automated investigation & remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+
 
-*Need to figure out where/how this is done*
 
 ## Submit a file for analysis
 

From 7312853d028e81efbab426af3f5c28d1240c8d34 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 13 Jan 2021 14:02:28 -0800
Subject: [PATCH 062/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 684eb83488..ae042deaee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -53,7 +53,7 @@ Potentially unwanted applications (PUA) are a category of software that can caus
 Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If this is happening, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
 
 > [!TIP]
-> To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
+> To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
 #### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
 
@@ -119,9 +119,9 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 To specify files, IP addresses, URLs, domains, and certificates as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. "Allow" indicators prevent the following capabilities of Microsoft Defender for Endpoint from taking action on entities:
 
-- [Next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
-- [Endpoint detection and response](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
-- [Automated investigation & remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
+- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
 
 

From 7c5956b1042be489edae1df096f4ac0d1171fdee Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Wed, 13 Jan 2021 18:40:39 -0800
Subject: [PATCH 063/396] new article

---
 windows/security/threat-protection/TOC.md     |  1 +
 ...igure-vulnerability-email-notifications.md | 93 +++++++++++++++++++
 2 files changed, 94 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 0af4c22a60..ae036e54a1 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -478,6 +478,7 @@
 #### [General]()
 ##### [Verify data storage location and  update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
+##### [Configure vulnerability notifications](microsoft-defender-atp/configure-vulnerability-email-notifications.md)
 ##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
 
 #### [Permissions]()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
new file mode 100644
index 0000000000..ba7b6f4bd7
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
@@ -0,0 +1,93 @@
+---
+title: Configure vulnerability email notifications in Microsoft Defender for Endpoint
+description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria.
+keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Configure vulnerability email notifications in Microsoft Defender for Endpoint
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
+
+Configure Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. This feature enables you to identify a group of individuals who will immediately be informed and can act on the notifications based on the event. The vulnerability information comes from Defender for Endpoint's [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) capability.
+
+> [!NOTE]
+> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. [Learn more about permission options](user-roles.md)
+
+The notification rules allow you to set the vulnerability events that trigger notifications, and add or remove email notification recipients. New recipients get notified about vulnerabilities after they are added.
+
+If you're using role-based access control (RBAC), recipients will only receive notifications based on the device groups that were configured in the notification rule.
+Users with the proper permission can only create, edit, or delete notifications that are limited to their device group management scope. Only users assigned to the Global administrator role can manage notification rules that are configured for all device groups.
+
+The email notification includes basic information about the vulnerability event. There are also links to filtered views in the threat and vulnerability management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can do further investigation.
+
+## Create rules for alert notifications
+
+Create a notification rule to send an email when there are certain exploit or vulnerability events, such as a new public exploit. For each rule, multiple event types can be selected.
+
+1. In the navigation pane, go to **Settings** > **Email notifications** > **Vulnerabilities**.
+
+2. Select **Add notification rule**.
+
+3. Name the email notification rule and include a description.
+
+4. Check **Notification enabled** to activate the notification. Select **Next**
+
+5. Fill in the notification settings. Then select **Next**
+
+    - Choose device groups to get notifications for.
+    - Choose the vulnerability event(s) that you want to be notified about when they affect your organization.
+        - Options: new vulnerability found (including severity threshold), new public exploit, exploit added to an exploit kit, exploit was verified.
+    - Include organization name if you want the organization name in the email
+
+6. Enter the recipient email address then select **Add**. You can add multiple email addresses.
+
+7. Review the settings for the new email notification rule and select **Create rule** when you're ready to create it.
+
+## Edit a notification rule
+
+1. Select the notification rule you'd like to edit.
+
+2. Select the **Edit rule** button next to the pencil icon in the flyout. Make sure you have permission to edit or delete the rule.
+
+## Delete notification rule
+
+1. Select the notification rule you'd like to delete.
+
+2. Select the **Delete** button next to the trash can icon in the flyout. Make sure you have permission to edit or delete the rule.
+
+## Troubleshoot email notifications for alerts
+
+This section lists various issues that you may encounter when using email notifications for alerts.
+
+**Problem:** Intended recipients report they are not getting the notifications.
+
+**Solution:** Make sure that the notifications are not blocked by email filters:
+
+1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
+2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
+3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications.
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Weaknesses](tvm-weaknesses.md)
+- [Event timeline](threat-and-vuln-mgt-event-timeline.md)

From 851c458c5ff99dd87e853f72c128eef189c27e89 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Wed, 13 Jan 2021 19:00:10 -0800
Subject: [PATCH 064/396] new tip

---
 .../threat-and-vuln-mgt-event-timeline.md                 | 3 +++
 .../microsoft-defender-atp/tvm-security-recommendation.md | 3 +++
 .../microsoft-defender-atp/tvm-weaknesses.md              | 8 ++------
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index 32cb4825cb..571585c5e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -32,6 +32,9 @@ Event timeline is a risk news feed that helps you interpret how risk is introduc
 
 Event timeline also tells the story of your [exposure score](tvm-exposure-score.md) and [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) so you can determine the cause of large changes. Events can impact your devices or your score for devices. Reduce you exposure by addressing what needs to be remediated based on the prioritized [security recommendations](tvm-security-recommendation.md).
 
+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)
+
 ## Navigate to the Event timeline page
 
 There are also three entry points from the [threat and vulnerability management dashboard](tvm-dashboard-insights.md):
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 1a7f20a55c..87e6e68dfe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -33,6 +33,9 @@ Cybersecurity weaknesses identified in your organization are mapped to actionabl
 
 Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
 
+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)
+
 ## How it works
 
 Each device in the organization is scored based on three important factors to help customers to focus on the right things at the right time.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index e9ead66986..71ba98489d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -35,12 +35,8 @@ The **Weaknesses** page lists the software vulnerabilities your devices are expo
 >[!NOTE]
 >If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by threat and vulnerability management.
 
->[!IMPORTANT]
->To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
->- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
->- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
->- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
->- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)
 
 ## Navigate to the Weaknesses page
 

From b83175dcb1eafe83648d424b07efa4bc40665622 Mon Sep 17 00:00:00 2001
From: msft-cjeich <cj.eichholz@microsoft.com>
Date: Thu, 14 Jan 2021 12:17:20 -0800
Subject: [PATCH 065/396] Update web-content-filtering.md

Text update to account for changes to our data provider.
Also - 15 min for policy sync is incorrect.  SLA should be 2hrs.
Include other 3rd party browsers which NP supports.  This is a server-side change which requires no client side changes.
---
 .../microsoft-defender-atp/web-content-filtering.md  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index d8daf9644c..b6d259a0f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -32,7 +32,7 @@ Web content filtering is part of [Web protection](web-protection-overview.md) ca
 
 Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource.
 
-Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome and Firefox). For more information about browser support, see the prerequisites section.
+Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave and Opera). For more information about browser support, see the prerequisites section.
 
 Summarizing the benefits:
 
@@ -42,7 +42,7 @@ Summarizing the benefits:
 
 ## User experience
 
-The blocking experience for Chrome/Firefox is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. 
+The blocking experience for 3rd party supported browsers is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. 
 
 For a more user-friendly in-browser experience, consider using Microsoft Edge.
 
@@ -54,11 +54,11 @@ Before trying out this feature, make sure you have the following requirements:
 - Access to Microsoft Defender Security Center portal
 - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
 
-If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device.
+If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device.  Chrome, Firefox, Brave and Opera are currently 3rd party browsers in which the feature is enabled. 
 
 ## Data handling
 
-We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
+We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers.
 
 ## Turn on web content filtering
 
@@ -78,7 +78,7 @@ To add a new policy:
 2. Specify a name.
 3. Select the categories to block. Use the expand icon to fully expand each parent category and select specific web content categories.
 4. Specify the policy scope. Select the device groups to specify where to apply the policy. Only devices in the selected device groups will be prevented from accessing websites in the selected categories.
-5. Review the summary and save the policy. The policy may take up to 15 minutes to apply to your selected devices.
+5. Review the summary and save the policy. The policy refresh may take up to 2 hours to apply to your selected devices.
 
 Tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
 
@@ -138,7 +138,7 @@ Use the time range filter at the top left of the page to select a time period. Y
 
 ### Limitations and known issues in this preview
 
-- Only Microsoft Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across Chrome/Firefox.
+- Only Microsoft Edge is supported if your device's OS configuration is Server (cmd > Systeminfo > OS Configuration). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported 3rd party browsers.
 
 - Unassigned devices will have incorrect data shown within the report. In the Report details > Device groups pivot, you may see a row with a blank Device Group field. This group contains your unassigned devices before they get put into your specified group. The report for this row may not contain an accurate count of devices or access counts.
 

From 44c4fbf6396ca58b9b8ac058e1a73fe8902b9e9f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 13:42:27 -0800
Subject: [PATCH 066/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ae042deaee..ffdbda504e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -80,11 +80,13 @@ Depending on the apps your organization is using, you might be getting false pos
 
 An exclusion is an entity that you specify as an exception to remediation. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
-To define exclusions across Microsoft Defender for Endpoint, you must perform at least two kinds of tasks:
-- Define exclusions for Microsoft Defender Antivirus (you do this by editing an existing antivirus policy or by creating a new policy)
-- Create “allow” indicators for Microsoft Defender for Endpoint ()
+To define exclusions across Microsoft Defender for Endpoint, you perform these two tasks:
+- Define exclusions for Microsoft Defender Antivirus
+- Create “allow” indicators for Microsoft Defender for Endpoint
 
-You must perform both kinds of tasks because Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
+Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indcators for Microsoft Defender for Endpoint.
+
+The procedures in this section describe how to define exclusions and indicators.
 
 ### Exclusions for Microsoft Defender Antivirus
 

From 2a62143a863c9cac8d8a0ed1092bcd69b5bee3c9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 13:43:08 -0800
Subject: [PATCH 067/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ffdbda504e..e6f69698aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -90,7 +90,7 @@ The procedures in this section describe how to define exclusions and indicators.
 
 ### Exclusions for Microsoft Defender Antivirus
 
-In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions.
+In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions; however, you can use other methods, such as Group Policy as well.
 
 > [!TIP]
 > Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).

From b02a689fcabe64b16fef1247e8ccc188bf8654b6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 13:51:31 -0800
Subject: [PATCH 068/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index e6f69698aa..06cebc920f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -117,9 +117,9 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 ### Indicators for Microsoft Defender for Endpoint
 
-*Allow indicators for false positives; block indicators for false negatives.  https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators*
+Indicators enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
 
-To specify files, IP addresses, URLs, domains, and certificates as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. "Allow" indicators prevent the following capabilities of Microsoft Defender for Endpoint from taking action on entities:
+To specify entities, such as files, IP addresses, URLs, domains, and certificates as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)

From 49b4a9cf0bf746ff8518710c2898c518af0caf3a Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Thu, 14 Jan 2021 13:57:38 -0800
Subject: [PATCH 069/396] updated details

---
 .../configure-vulnerability-email-notifications.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
index ba7b6f4bd7..5c24aa1ae7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
@@ -1,6 +1,6 @@
 ---
 title: Configure vulnerability email notifications in Microsoft Defender for Endpoint
-description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria.
+description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events.
 keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -36,7 +36,7 @@ The notification rules allow you to set the vulnerability events that trigger no
 If you're using role-based access control (RBAC), recipients will only receive notifications based on the device groups that were configured in the notification rule.
 Users with the proper permission can only create, edit, or delete notifications that are limited to their device group management scope. Only users assigned to the Global administrator role can manage notification rules that are configured for all device groups.
 
-The email notification includes basic information about the vulnerability event. There are also links to filtered views in the threat and vulnerability management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can do further investigation.
+The email notification includes basic information about the vulnerability event. There are also links to filtered views in the threat and vulnerability management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can further investigate. For example, you could get a list of all exposed devices or get additional details about the vulnerability.
 
 ## Create rules for alert notifications
 

From 558c597ae5ad9918710b3508881b980bc409a785 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Thu, 14 Jan 2021 14:11:31 -0800
Subject: [PATCH 070/396] new support

---
 .../microsoft-defender-atp/tvm-supported-os.md              | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index d466083c34..3b2d975822 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -37,9 +37,9 @@ Before you begin, ensure that you meet the following operating system or platfor
 Operating system | Security assessment support
 :---|:---
 Windows 7 | Operating System (OS) vulnerabilities
-Windows 8.1 | Not supported
-Windows 10 1607-1703 | Operating System (OS) vulnerabilities
-Windows 10 1709+ |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows 8.1 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment |
+Windows 10, versions 1607-1703 | Operating System (OS) vulnerabilities
+Windows 10, version 1709 or later |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 Windows Server 2008 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 Windows Server 2012 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment

From 8dcc9193719eca758c78c4a28af7ed1b7508ebff Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 14:13:59 -0800
Subject: [PATCH 071/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md         | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 06cebc920f..7b10b4055e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -119,13 +119,18 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 Indicators enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
 
-To specify entities, such as files, IP addresses, URLs, domains, and certificates as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
+To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
+You can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
 
+- [Learn more about indicators](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
+- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
+- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
+- [Create an indicator for an application certificate](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
 
 ## Submit a file for analysis
 

From 686d53ec8af732d9193d252fbcdd800446163efa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 14:21:59 -0800
Subject: [PATCH 072/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 7b10b4055e..870ce280d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -132,6 +132,9 @@ You can create indicators for files, IP addresses, URLs, domains, and certificat
 - [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
 - [Create an indicator for an application certificate](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
 
+> [!TIP]
+> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information.
+
 ## Submit a file for analysis
 
 *https://www.microsoft.com/wdsi/filesubmission/*

From e371bbcd198bee71ae509467d145686035ea23f8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 15:21:53 -0800
Subject: [PATCH 073/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 870ce280d6..21a9dffad4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -119,21 +119,30 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 Indicators enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
+To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-You can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
+Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
 
-- [Learn more about indicators](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
-- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
-- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
-- [Create an indicator for an application certificate](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
+- [Learn more about indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
+- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
+- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
+- [Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
 
 > [!TIP]
-> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information.
+> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the information, including prerequisites, 
+
+## Classify a false positive or false negative
+
+### Suppress alerts for a false positive
+
+To suppress an alert, you create an alert suppression rule. 
+
+1. Go to the Microsoft Defender Security Center ()
+
 
 ## Submit a file for analysis
 

From 593e88abae3a0d4d650d43d98d09f6e9d9d2fdb5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 15:32:05 -0800
Subject: [PATCH 074/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 21a9dffad4..ee2d488676 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -137,12 +137,17 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 ## Classify a false positive or false negative
 
-### Suppress alerts for a false positive
+### Classify an alert as a false positive
 
-To suppress an alert, you create an alert suppression rule. 
+Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue. 
 
-1. Go to the Microsoft Defender Security Center ()
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. Select **Alerts queue**, and then select an alert that is a false positive.
+3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
+4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
 
+> [!TIP]
+> For more details about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
 
 ## Submit a file for analysis
 

From b4a2125bc097ea67e3ba0aa56316323feb1c81a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 11:38:36 -0800
Subject: [PATCH 075/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ee2d488676..5f0e8172e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -137,6 +137,12 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 ## Classify a false positive or false negative
 
+As alerts are triggered, if you see something that was detected as malicious or suspicious that should not be, you can suppress alerts for that entity and classify alerts as false positives. Managing your alerts and classifying false positives helps to train your threat protection solution. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
+
+### Suppress an alert
+
+
+
 ### Classify an alert as a false positive
 
 Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue. 

From 33bdd42057de9d1c7d326fedfbf3c1ed59ab24f2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 11:43:57 -0800
Subject: [PATCH 076/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5f0e8172e9..2a143eeeca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In Microsoft Defender for Endpoint, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. If you’re seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
+In the area of endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. If you’re using Microsoft Defender for Endpoint, and you're seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
 
 ## Review your threat protection settings
 

From 03455cece21ba363366bd6962c0a8b62a5251de8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 11:53:37 -0800
Subject: [PATCH 077/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 2a143eeeca..5e214daece 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,11 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In the area of endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. If you’re using Microsoft Defender for Endpoint, and you're seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
+In the area of endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. The process of addressing false positives/negatives can include:
+- Reviewing your threat protection settings and making adjustments where needed
+- 
+
+If you’re using Microsoft Defender for Endpoint, and you're seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
 
 ## Review your threat protection settings
 

From 5eddcebd712edab6b9dd9822886e3e4571db2c3d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:06:56 -0800
Subject: [PATCH 078/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5e214daece..7e8b9fe917 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,11 +31,14 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In the area of endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. The process of addressing false positives/negatives can include:
-- Reviewing your threat protection settings and making adjustments where needed
-- 
+In endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. The process of addressing false positives/negatives can include:
+- [Reviewing your threat protection settings and making adjustments where needed](#review-your-threat-protection-settings);
+- [Defining exclusions, such as for antivirus and other endpoint protection features](#review-or-define-exclusions-for-microsoft-defender-for-endpoint);
+- [Classifying false positives in your endpoint protection solution](#classify-a-false-positive-or-false-negative);
+- [Submitting files for further analysis](#submit-a-file-for-analysis); and
+- [Verifying that the applications your organization is using are properly signed](#confirm-your-software-uses-ev-code-signing).
 
-If you’re using Microsoft Defender for Endpoint, and you're seeing false positives or negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
+If you’re using Microsoft Defender for Endpoint, and you're seeing false positives/negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
 
 ## Review your threat protection settings
 

From 19182cc41478da89fd15c381c01a4c9f80ff1cdd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:15:08 -0800
Subject: [PATCH 079/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 7e8b9fe917..a77c24e5c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -38,7 +38,7 @@ In endpoint protection, a false positive is an entity, such as a file or process
 - [Submitting files for further analysis](#submit-a-file-for-analysis); and
 - [Verifying that the applications your organization is using are properly signed](#confirm-your-software-uses-ev-code-signing).
 
-If you’re using Microsoft Defender for Endpoint, and you're seeing false positives/negatives in your Microsoft Defender Security Center, use this article as a guide to take action. 
+If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 
 ## Review your threat protection settings
 
@@ -168,4 +168,6 @@ Your security team can classify an alert as a false positive in the Microsoft De
 
 ## Confirm your software uses EV code signing
 
-*Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
\ No newline at end of file
+*Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
+
+## Still need help?
\ No newline at end of file

From b76685aa6938c547cafd7b397aa2e606759fc87d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:22:20 -0800
Subject: [PATCH 080/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index a77c24e5c2..1881a1f688 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -42,7 +42,7 @@ If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/w
 
 ## Review your threat protection settings
 
-Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
+Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
 - Cloud-delivered protection
 - Remediation for potentially unwanted apps (PUA)
@@ -85,13 +85,13 @@ Depending on the apps your organization is using, you might be getting false pos
 
 ## Review or define exclusions for Microsoft Defender for Endpoint
 
-An exclusion is an entity that you specify as an exception to remediation. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
+An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
-To define exclusions across Microsoft Defender for Endpoint, you perform these two tasks:
+To define exclusions across Microsoft Defender for Endpoint, perform the following tasks:
 - Define exclusions for Microsoft Defender Antivirus
 - Create “allow” indicators for Microsoft Defender for Endpoint
 
-Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR), [attack surface reduction (ASR) rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indcators for Microsoft Defender for Endpoint.
+Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indcators for Microsoft Defender for Endpoint.
 
 The procedures in this section describe how to define exclusions and indicators.
 

From 04ec92cf634ec8ddfb09c0ba1692039b10f1ff4a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:41:26 -0800
Subject: [PATCH 081/396] Update defender-endpoint-false-positives-negatives.md

---
 ...defender-endpoint-false-positives-negatives.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 1881a1f688..8db2bfbd67 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -51,7 +51,20 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the
 
 Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
 
-See [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
+We recommend using Microsoft Endpoint Manager to edit your cloud-delivered protection settings.
+
+#### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings
+
+1.	Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2.	Choose Endpoint security > Antivirus and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+3.	Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
+4.	Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
+5.	Choose **Review + save**, and then **Save**.
+
+
+
+> [!TIP]
+> To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
 
 ### Remediation for potentially unwanted applications (PUA)
 

From 05b7341aee7a6b1c2d39f90f5eebe8fc9adc5f9c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:42:15 -0800
Subject: [PATCH 082/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8db2bfbd67..1a74f33fa5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -56,12 +56,12 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings
 
 1.	Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2.	Choose Endpoint security > Antivirus and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to the next procedure).
+2.	Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-antivirus-policy)).
 3.	Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
 4.	Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
 5.	Choose **Review + save**, and then **Save**.
 
-
+#### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
 
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)

From cdd241e8d99345b9797dfc7a4175c2b2b0236976 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:49:22 -0800
Subject: [PATCH 083/396] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 4fd85c48d2..d64cf954ff 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -508,6 +508,8 @@
 #### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
 #### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
 
+### [Address false positives/negatives in Microsoft Defender for Endpoint](microsoft-defender-atp/defender-endpoint-false-positives-negatives.md)
+
 ### [Use audit mode](microsoft-defender-atp/audit-windows-defender.md)
 
 ## Reference

From cdde314ed51395c2fc9aee94d6fcdbff2fbedbb2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 12:49:34 -0800
Subject: [PATCH 084/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 1a74f33fa5..22e7b90793 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -63,6 +63,8 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 
 #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
 
+
+
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
 

From 68ea7ac163b7f95c072adcbad71e11f583111b3e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 13:28:26 -0800
Subject: [PATCH 085/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 22e7b90793..1ef9284ac9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -44,8 +44,8 @@ If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/w
 
 Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
-- Cloud-delivered protection
-- Remediation for potentially unwanted apps (PUA)
+- [Cloud-delivered protection](#cloud-delivered-protection)
+- [Remediation for potentially unwanted apps](#remediation-for-potentially-unwanted-applications-pua) (PUA)
 
 ### Cloud-delivered protection
 
@@ -55,11 +55,11 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 
 #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings
 
-1.	Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2.	Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-antivirus-policy)).
-3.	Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
-4.	Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
-5.	Choose **Review + save**, and then **Save**.
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-antivirus-policy)).
+3. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
+4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
+5. Choose **Review + save**, and then **Save**.
 
 #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
 

From 9422afe00f6e835c8fbc33b7259acc60f144d893 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 13:43:24 -0800
Subject: [PATCH 086/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md           | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 1ef9284ac9..cfe7df33b6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -38,7 +38,7 @@ In endpoint protection, a false positive is an entity, such as a file or process
 - [Submitting files for further analysis](#submit-a-file-for-analysis); and
 - [Verifying that the applications your organization is using are properly signed](#confirm-your-software-uses-ev-code-signing).
 
-If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
+If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 
 ## Review your threat protection settings
 
@@ -63,7 +63,8 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 
 #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
 
-
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus** and then select an existing policy.
 
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)

From a25292e549f421e316dc663adfa53259a74c9e1a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 13:59:55 -0800
Subject: [PATCH 087/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index cfe7df33b6..c0b9058440 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -64,7 +64,14 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus** and then select an existing policy.
+2. Choose **Endpoint security** > **Antivirus** > **+ Create policy**.
+3. For **Platform**, select an option, and then for **Profile**, select **Antivirus** or **Microsoft Defender Antivirus** (the specific option depends on what you selected for **Platform**.) Then choose **Create**.
+4. On the **Basics** tab, specify a name and description for the policy. Then choose **Next**.
+5. On the **Configuration settings** tab, expand **Cloud protection**, and specify the following settings:
+   - Set **Turn on cloud-delivered protection** to **Yes**.
+   - Set **Cloud-delivered protection level** to **Not configured**. (This level provides a strong level of protection by default while reducing the chances of getting false positives.)
+6. On the **Scope tags** tab,  
+
 
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
@@ -135,7 +142,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 5. Specify a name and description for the profile, and then choose **Next**.
 6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.
 7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
-8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
+8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.
 
 ### Indicators for Microsoft Defender for Endpoint

From 07713c98772ee3af4565a1b149553e519daf4dd1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:02:25 -0800
Subject: [PATCH 088/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index c0b9058440..41a001d354 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -51,6 +51,9 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the
 
 Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
 
+> [!TIP]
+> To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
+
 We recommend using Microsoft Endpoint Manager to edit your cloud-delivered protection settings.
 
 #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings
@@ -70,11 +73,12 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 5. On the **Configuration settings** tab, expand **Cloud protection**, and specify the following settings:
    - Set **Turn on cloud-delivered protection** to **Yes**.
    - Set **Cloud-delivered protection level** to **Not configured**. (This level provides a strong level of protection by default while reducing the chances of getting false positives.)
-6. On the **Scope tags** tab,  
+6. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
+8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
+9. On the **Review + create** tab, review the settings, and then choose **Create**.  
+
 
 
-> [!TIP]
-> To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
 
 ### Remediation for potentially unwanted applications (PUA)
 

From 70896026c3c8aede5837401ed9e3ef30efdd2c84 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:08:28 -0800
Subject: [PATCH 089/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md           | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 41a001d354..60b333fb5f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -77,9 +77,6 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.  
 
-
-
-
 ### Remediation for potentially unwanted applications (PUA)
 
 Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation.
@@ -175,6 +172,8 @@ As alerts are triggered, if you see something that was detected as malicious or
 
 ### Suppress an alert
 
+You can suppress an alert in the Microsoft Defender Security Center.
+
 
 
 ### Classify an alert as a false positive

From c89b09bdf3e1c53a30105dd41db70db9dfc2d9d2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:13:56 -0800
Subject: [PATCH 090/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 60b333fb5f..b9a77466b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -103,7 +103,7 @@ Depending on the apps your organization is using, you might be getting false pos
 4. On the **Basics** tab, specify a name and description for your policy. Then choose **Next**.
 5. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
 6. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn PUA protection off, but by using audit mode, you will be able to see detections.)
-7. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](Assign device profiles in Microsoft Intune - Azure | Microsoft Docs).)
+7. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 

From 04b09667e6a2174745db3d5891431b0466f6844a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:22:26 -0800
Subject: [PATCH 091/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index b9a77466b5..1ea52853e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -42,7 +42,7 @@ If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/w
 
 ## Review your threat protection settings
 
-Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine tune settings for various features and capabilities. If you’re getting a lot of false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
+Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
 - [Cloud-delivered protection](#cloud-delivered-protection)
 - [Remediation for potentially unwanted apps](#remediation-for-potentially-unwanted-applications-pua) (PUA)
@@ -73,7 +73,7 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 5. On the **Configuration settings** tab, expand **Cloud protection**, and specify the following settings:
    - Set **Turn on cloud-delivered protection** to **Yes**.
    - Set **Cloud-delivered protection level** to **Not configured**. (This level provides a strong level of protection by default while reducing the chances of getting false positives.)
-6. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
+6. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.  
 
@@ -138,7 +138,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
-3. Select a platform (such as Windows 10 and later, macOS, or Windows 10 and Windows Server).
+3. Select a platform (such as **Windows 10 and later**, **macOS**, or **Windows 10 and Windows Server**).
 4. For **Profile**, select **Microsoft Defender Antivirus exclusions**, and then choose **Create**.
 5. Specify a name and description for the profile, and then choose **Next**.
 6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.

From e3b8b22f857727ef5deb18bd5f8ad38e72aaa5c8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:23:04 -0800
Subject: [PATCH 092/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 1ea52853e9..4e7efcd55a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -102,7 +102,7 @@ Depending on the apps your organization is using, you might be getting false pos
 3. For the **Platform**, choose **Windows 10 and later**, and for **Profile**, select **Device restrictions**.
 4. On the **Basics** tab, specify a name and description for your policy. Then choose **Next**.
 5. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
-6. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn PUA protection off, but by using audit mode, you will be able to see detections.)
+6. Set **Detect potentially unwanted applications** to **Audit**, and then choose **Next**. (You can turn off PUA protection, but by using audit mode, you will be able to see detections.)
 7. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
@@ -115,7 +115,7 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi
 - Define exclusions for Microsoft Defender Antivirus
 - Create “allow” indicators for Microsoft Defender for Endpoint
 
-Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indcators for Microsoft Defender for Endpoint.
+Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
 
 The procedures in this section describe how to define exclusions and indicators.
 
@@ -186,7 +186,7 @@ Your security team can classify an alert as a false positive in the Microsoft De
 4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
 
 > [!TIP]
-> For more details about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
+> For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
 
 ## Submit a file for analysis
 

From a0d3c8e46811e7101948011a7789634861d87425 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:33:09 -0800
Subject: [PATCH 093/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4e7efcd55a..e022ecd644 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -156,7 +156,7 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
+Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
 
 - [Learn more about indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
 - [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)

From 85f16c130ea0dc4a512631922c48d838936c6249 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:34:27 -0800
Subject: [PATCH 094/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index e022ecd644..e6352c7739 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or process, that was detected and identified as malicious, when, in fact, the entity does not pose a threat. A false negative is an entity that was not detected as a threat even though it is, in fact, malicious. The process of addressing false positives/negatives can include:
+In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity is not actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
 - [Reviewing your threat protection settings and making adjustments where needed](#review-your-threat-protection-settings);
 - [Defining exclusions, such as for antivirus and other endpoint protection features](#review-or-define-exclusions-for-microsoft-defender-for-endpoint);
 - [Classifying false positives in your endpoint protection solution](#classify-a-false-positive-or-false-negative);

From 829d15f748361815e2953a10f2b33726c5a13c5b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:36:34 -0800
Subject: [PATCH 095/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index e6352c7739..d1a1651c05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity is not actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
+In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
 - [Reviewing your threat protection settings and making adjustments where needed](#review-your-threat-protection-settings);
 - [Defining exclusions, such as for antivirus and other endpoint protection features](#review-or-define-exclusions-for-microsoft-defender-for-endpoint);
 - [Classifying false positives in your endpoint protection solution](#classify-a-false-positive-or-false-negative);

From 13ea23be0e54cf823514a89cb1e7aae5e518520b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:37:49 -0800
Subject: [PATCH 096/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d1a1651c05..692b8001f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -54,9 +54,9 @@ Check your cloud-delivered protection level for Microsoft Defender Antivirus. By
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
 
-We recommend using Microsoft Endpoint Manager to edit your cloud-delivered protection settings.
+We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivered protection settings.
 
-#### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings
+#### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings (for existing policies)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-antivirus-policy)).
@@ -64,7 +64,7 @@ We recommend using Microsoft Endpoint Manager to edit your cloud-delivered prote
 4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
 5. Choose **Review + save**, and then **Save**.
 
-#### Use Microsoft Endpoint Manager to set cloud-delivered protection settings for a new antivirus policy
+#### Use Microsoft Endpoint Manager to set cloud-delivered protection settings (for a new policy)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** > **+ Create policy**.

From d1f235b8097193002b28a4845aca1a6684d95a19 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:39:35 -0800
Subject: [PATCH 097/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 692b8001f3..79bd50bdb6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -77,16 +77,18 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere
 8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
 9. On the **Review + create** tab, review the settings, and then choose **Create**.  
 
-### Remediation for potentially unwanted applications (PUA)
+### Remediation for potentially unwanted applications
 
 Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation.
  
 Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If this is happening, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
 
+We recommend using Microsoft Endpoint Manager to edit or set PUA protection settings. 
+
 > [!TIP]
 > To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
-#### Use Microsoft Endpoint Manager to edit PUA protection for existing configuration profiles
+#### Use Microsoft Endpoint Manager to edit PUA protection (for existing configuration profiles)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-pua-protection-for-a-new-configuration-profile)).
@@ -95,7 +97,7 @@ Depending on the apps your organization is using, you might be getting false pos
 5. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)
 6. Choose **Review + save**, and then choose **Save**.
 
-#### Use Microsoft Endpoint Manager to set PUA protection for a new configuration profile
+#### Use Microsoft Endpoint Manager to set PUA protection (for a new configuration profile)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Devices** > **Configuration profiles** > **+ Create profile**.

From f4e06d3edda8d7e7463982471adf3c7d6758f10c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 14:43:30 -0800
Subject: [PATCH 098/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 79bd50bdb6..945fa7046e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -59,7 +59,7 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere
 #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings (for existing policies)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-antivirus-policy)).
+2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-policy)).
 3. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
 4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
 5. Choose **Review + save**, and then **Save**.
@@ -91,7 +91,7 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 #### Use Microsoft Endpoint Manager to edit PUA protection (for existing configuration profiles)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-pua-protection-for-a-new-configuration-profile)).
+2. Choose **Devices** > **Configuration profiles**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-pua-protection-for-a-new-configuration-profile).)
 3. Under **Manage**, choose **Properties**, and then, next to **Configuration settings**, choose **Edit**.
 4. On the **Configuration settings** tab, scroll down and expand **Microsoft Defender Antivirus**.
 5. Set **Detect potentially unwanted applications** to **Audit**. (You can turn it off, but by using audit mode, you will be able to see detections.)

From 491246ff122991f20713e366ac4ec1f680b9c3fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:06:40 -0800
Subject: [PATCH 099/396] Update defender-endpoint-false-positives-negatives.md

---
 ...fender-endpoint-false-positives-negatives.md | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 945fa7046e..5bdb3bdb43 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -114,8 +114,8 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
 To define exclusions across Microsoft Defender for Endpoint, perform the following tasks:
-- Define exclusions for Microsoft Defender Antivirus
-- Create “allow” indicators for Microsoft Defender for Endpoint
+- [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
+- [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint)
 
 Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
 
@@ -128,15 +128,15 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 > [!TIP]
 > Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
 
-#### Use Microsoft Endpoint Manager to manage antivirus exclusions for existing policies
+#### Use Microsoft Endpoint Manager to manage antivirus exclusions (for existing policies)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-create-an-antivirus-policy-with-exclusions)).
+2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-create-a-new-antivirus-policy-with-exclusions)).
 3. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
 4. Expand **Microsoft Defender Antivirus Exclusions** and then specify your exclusions.
 5. Choose **Review + save**, and then choose **Save**.
 
-#### Use Microsoft Endpoint Manager to create an antivirus policy with exclusions
+#### Use Microsoft Endpoint Manager to create a new antivirus policy with exclusions
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
@@ -150,7 +150,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 ### Indicators for Microsoft Defender for Endpoint
 
-Indicators enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
+[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
 
 To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
 
@@ -176,7 +176,10 @@ As alerts are triggered, if you see something that was detected as malicious or
 
 You can suppress an alert in the Microsoft Defender Security Center.
 
-
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. In the navigation pane, select **Alerts queue**. 
+3. Select an alert that you want to suppress to open its **Details** pane.
+4. 
 
 ### Classify an alert as a false positive
 

From 212169b3961958a332cc25fb70c2bcd29574198e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:14:08 -0800
Subject: [PATCH 100/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5bdb3bdb43..573573fee3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -179,7 +179,11 @@ You can suppress an alert in the Microsoft Defender Security Center.
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2. In the navigation pane, select **Alerts queue**. 
 3. Select an alert that you want to suppress to open its **Details** pane.
-4. 
+4. In the **Details** pane, choose the ellipsis (`...`), and then choose **Create a suppression rule**.
+5. Specify all the settings for your suppression rule, and then choose **Save**. 
+
+> [!TIP]
+> Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule).
 
 ### Classify an alert as a false positive
 

From 9e0135d6f6a59131cb024d703f52e3a92b8f46bb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:25:45 -0800
Subject: [PATCH 101/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md       | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 573573fee3..eb27f493c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -195,11 +195,16 @@ Your security team can classify an alert as a false positive in the Microsoft De
 4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
 
 > [!TIP]
-> For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
+> - For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
+> - If your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 
 
 ## Submit a file for analysis
 
-*https://www.microsoft.com/wdsi/filesubmission/*
+You can submit files, such as false positives or false negatives, to Microsoft for analysis. Microsoft security researchers analyze all submissions. 
+
+1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
+
+2. Visit the Microsoft Security Intelligence submission site at [https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission), and submit your file(s).
 
 ## Confirm your software uses EV code signing
 

From 6492201cda1c123429423f82730c684011c90521 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:34:23 -0800
Subject: [PATCH 102/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index eb27f493c0..d6efaf4c7c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -208,6 +208,8 @@ You can submit files, such as false positives or false negatives, to Microsoft f
 
 ## Confirm your software uses EV code signing
 
+As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity.
+
 *Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
 
 ## Still need help?
\ No newline at end of file

From 0d77afe588ae2158bf2495fc44e7e9a10c0ba20f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:36:11 -0800
Subject: [PATCH 103/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d6efaf4c7c..9894246277 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -200,7 +200,7 @@ Your security team can classify an alert as a false positive in the Microsoft De
 
 ## Submit a file for analysis
 
-You can submit files, such as false positives or false negatives, to Microsoft for analysis. Microsoft security researchers analyze all submissions. 
+You can submit files, such as false positives or false negatives, to Microsoft for analysis. Microsoft security researchers analyze all submissions. After you sign in at the submission site, you can track your submissions.
 
 1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
 

From 6e94b9e5ea0af085ae814ffae0b05de0f714418e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:41:02 -0800
Subject: [PATCH 104/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9894246277..566483d5ad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -208,7 +208,7 @@ You can submit files, such as false positives or false negatives, to Microsoft f
 
 ## Confirm your software uses EV code signing
 
-As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity.
+As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity. The reputation of digital certificates also plays a role in whether software is considered suspicious or not a threat. By using a reputable certificate, developers can reduce the chances of their software being detected as malware.
 
 *Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
 

From 1f7a3c6aed3a8baddd7a7949e51c9779f114e90a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:45:25 -0800
Subject: [PATCH 105/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 566483d5ad..8ccb2a1464 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -208,7 +208,7 @@ You can submit files, such as false positives or false negatives, to Microsoft f
 
 ## Confirm your software uses EV code signing
 
-As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity. The reputation of digital certificates also plays a role in whether software is considered suspicious or not a threat. By using a reputable certificate, developers can reduce the chances of their software being detected as malware.
+As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity. The reputation of digital certificates also plays a role in whether software is considered suspicious or not a threat. By using a reputable certificate, developers can reduce the chances of their software being detected as malware. Extended validation (EV) code signing is a more advanced version of digital certificates and requires a more rigorous vetting and authentication process.
 
 *Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
 

From 8e578d849a19ec35472d887e21d229914248975a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 15:49:01 -0800
Subject: [PATCH 106/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md           | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8ccb2a1464..5fd958105a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -210,6 +210,9 @@ You can submit files, such as false positives or false negatives, to Microsoft f
 
 As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity. The reputation of digital certificates also plays a role in whether software is considered suspicious or not a threat. By using a reputable certificate, developers can reduce the chances of their software being detected as malware. Extended validation (EV) code signing is a more advanced version of digital certificates and requires a more rigorous vetting and authentication process.
 
-*Some info is available here: https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate*
+Want to learn more? See the following resources:
+
+- [Microsoft Security Blog: Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives/)
+- [Get a code signing certificate](https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate)
 
 ## Still need help?
\ No newline at end of file

From 1850364615dcad85b73c3acc1695fe72e86a6711 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 16:01:55 -0800
Subject: [PATCH 107/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5fd958105a..20d9296951 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -215,4 +215,10 @@ Want to learn more? See the following resources:
 - [Microsoft Security Blog: Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives/)
 - [Get a code signing certificate](https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate)
 
-## Still need help?
\ No newline at end of file
+## Still need help?
+
+If you still need help after working through all the steps in this article, your best bet is to contact technical support.
+
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. In the upper right corner, select the question mark (**?**), and then select **Microsoft support**.
+3. In the Support Assistant window, describe your issue, and then send your message. From there, you can open a service request.  
\ No newline at end of file

From 55266f36a6982d43f1fb1942165eb0d78873efae Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 16:03:50 -0800
Subject: [PATCH 108/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 20d9296951..c0cf213302 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
+In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
 - [Reviewing your threat protection settings and making adjustments where needed](#review-your-threat-protection-settings);
 - [Defining exclusions, such as for antivirus and other endpoint protection features](#review-or-define-exclusions-for-microsoft-defender-for-endpoint);
 - [Classifying false positives in your endpoint protection solution](#classify-a-false-positive-or-false-negative);

From ce22afb841af4e3c5fbd31bf252c12c22eb5ecb4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 16:04:36 -0800
Subject: [PATCH 109/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index c0cf213302..372f40c539 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -204,7 +204,7 @@ You can submit files, such as false positives or false negatives, to Microsoft f
 
 1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
 
-2. Visit the Microsoft Security Intelligence submission site at [https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission), and submit your file(s).
+2. Visit the Microsoft Security Intelligence submission ([https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission)), and submit your file(s).
 
 ## Confirm your software uses EV code signing
 

From ec9a88a0a568529121b2be66ff5c32abd81c305b Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Fri, 15 Jan 2021 20:04:54 -0800
Subject: [PATCH 110/396] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index ab42d2eb12..042ec80a0c 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -159,6 +159,28 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 5. Reboot the device.
 
+### Why doesn't the container not fully load when Device Control Policies are enabled?
+The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. 
+
+Policy: Allow installation of devices that match any of these device IDs 
+•	SCSI\DiskMsft____Virtual_Disk____ 
+•	{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba 
+•	VMS_VSF 
+•	root\Vpcivsp 
+•	root\VMBus 
+•	vms_mp 
+•	VMS_VSP 
+•	ROOT\VKRNLINTVSP 
+•	ROOT\VID 
+•	root\storvsp 
+•	vms_vsmp 
+•	VMS_PP 
+
+Policy: Allow installation of devices using drivers that match these device setup classes 
+•	{71a27cdd-812a-11d0-bec7-08002be2092f}
+
+
+
 ## See also
 
-[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
\ No newline at end of file
+[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)

From 5893f5768835f358ad7dae1824a2cbaa12a1975c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 17 Jan 2021 14:42:06 +0500
Subject: [PATCH 111/396] Update
 windows/security/identity-protection/hello-for-business/hello-planning-guide.md

Co-authored-by: mapalko <mapalko@microsoft.com>
---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index ba1692b00e..8570ec4a63 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory account. In this case, you need to use a third-party Multi-Factor Authentication provider.
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multifactor Authentication through the use of security defaults. Some Azure AD Multifactor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing)
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From 97136cf8c9ec2eba91ce0020b387d55baaeb0532 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 17 Jan 2021 14:47:53 +0500
Subject: [PATCH 112/396] Update hello-planning-guide.md

---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 8570ec4a63..449642dfe7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multifactor Authentication through the use of security defaults. Some Azure AD Multifactor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing)
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing)
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From 97f1d8c92876ceb5ec0f1bad282bdcdcec89971f Mon Sep 17 00:00:00 2001
From: Ananta Gupta <anagupt@microsoft.com>
Date: Mon, 18 Jan 2021 10:21:26 +0530
Subject: [PATCH 113/396] Minor update in puppet documentation

---
 .../microsoft-defender-atp/linux-install-with-puppet.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
index 46100ac983..457f22019b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@@ -157,7 +157,7 @@ $version = undef
             }
 
             file { '/etc/opt/microsoft/mdatp/mdatp_onboard.json':
-                source  => 'puppet:///modules/mdatp/mdatp_onboard.json',
+                source  => 'puppet:///modules/install_mdatp/mdatp_onboard.json',
                 owner   => root,
                 group   => root,
                 mode    => '0600',

From 898d1005ef168322558437b967c02905287c6e12 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Mon, 18 Jan 2021 14:50:05 +0200
Subject: [PATCH 114/396] add information about Endpoint Manager

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8906
---
 .../enable-exploit-protection.md                  | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 91a6dc887a..2e681ebc9a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -125,6 +125,21 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab
 
 Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
 
+## Microsoft Endpoint Manager
+
+1. In Microsoft Endpoint Manager, click **Endpoint Security** > **Attack surface reduction** 
+
+2. Click **Create Policy**, select **Platform** and under **Profile** choose **Exploit Protection**. Click **Create**.
+
+3. Enter a name and a description and click **Next**.
+
+4. Click **Select XML File** and browse to the location of the exploit protection XML file, select it, and click **Next**.
+
+5. Configure **Scope tags** and **Assignments** if necessary. 
+
+6. Under **Review + create**, review the configuration and click **Create** if everything is ok.
+
+
 ## Microsoft Endpoint Configuration Manager
 
 1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.

From e7491730ab4ee920cd8c6f29d27754a4d9edf369 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Mon, 18 Jan 2021 11:11:10 -0800
Subject: [PATCH 115/396] Update
 windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-application-guard/faq-md-app-guard.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 042ec80a0c..aa8e4b49ee 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -159,7 +159,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 5. Reboot the device.
 
-### Why doesn't the container not fully load when Device Control Policies are enabled?
+### Why doesn't the container fully load when device control policies are enabled?
 The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. 
 
 Policy: Allow installation of devices that match any of these device IDs 

From ab2e1f5f7b6e84b0349ffe9d3009cb714d8f045c Mon Sep 17 00:00:00 2001
From: Ananta Gupta <anagupt@microsoft.com>
Date: Tue, 19 Jan 2021 14:15:14 +0530
Subject: [PATCH 116/396] Minor change in linux preferences document

---
 .../microsoft-defender-atp/linux-preferences.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
index 2ec4ae0d08..9de10e2397 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@@ -200,7 +200,7 @@ Type of threat for which the behavior is configured.
 Action to take when coming across a threat of the type specified in the preceding section. Can be:
 
 - **Audit**: The device is not protected against this type of threat, but an entry about the threat is logged.
-- **Block**: The device is protected against this type of threat and you are notified in the user interface and the security console.
+- **Block**: The device is protected against this type of threat and you are notified in the security console.
 - **Off**: The device is not protected against this type of threat and nothing is logged.
 
 |||

From dc9cff975c793b19001079ad603529c9daac4b0a Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Tue, 19 Jan 2021 11:22:40 +0200
Subject: [PATCH 117/396] Update
 windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/enable-exploit-protection.md   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 2e681ebc9a..a3dacf2086 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -127,13 +127,13 @@ Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
 
 ## Microsoft Endpoint Manager
 
-1. In Microsoft Endpoint Manager, click **Endpoint Security** > **Attack surface reduction** 
+1. In Microsoft Endpoint Manager, click **Endpoint Security** > **Attack surface reduction**. 
 
-2. Click **Create Policy**, select **Platform** and under **Profile** choose **Exploit Protection**. Click **Create**.
+2. Click **Create Policy**, select **Platform**, and under **Profile** choose **Exploit Protection**. Click **Create**.
 
-3. Enter a name and a description and click **Next**.
+3. Enter a name and a description, and click **Next**.
 
-4. Click **Select XML File** and browse to the location of the exploit protection XML file, select it, and click **Next**.
+4. Click **Select XML File** and browse to the location of the exploit protection XML file, then select it and click **Next**.
 
 5. Configure **Scope tags** and **Assignments** if necessary. 
 

From a000c63a559273bb537cab48c9b29396640984a0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 19 Jan 2021 11:32:59 -0800
Subject: [PATCH 118/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 372f40c539..7b7d214f5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/15/2021
+ms.date: 01/19/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -52,7 +52,7 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the
 Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
 
 > [!TIP]
-> To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus)
+> To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus).
 
 We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivered protection settings.
 

From 590d25d31b798511becfa79d2b5a3d675cfbfc90 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 19 Jan 2021 12:07:38 -0800
Subject: [PATCH 119/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 7b7d214f5c..ec326b2612 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -150,7 +150,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 ### Indicators for Microsoft Defender for Endpoint
 
-[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain IP addresses or URLs.
+[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
 To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
 

From 273dd4589a029b55cba7ce0795732b721f4c50fc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 19 Jan 2021 12:09:11 -0800
Subject: [PATCH 120/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ec326b2612..aa6c823ab6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -152,7 +152,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators. Such "allow" indicators apply to the following capabilities in Microsoft Defender for Endpoint:
+To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)

From a8f869749b47abae45adbce4b57ea2a267b3c570 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 12:18:20 +0200
Subject: [PATCH 121/396] Update attack-surface-reduction.md

Added note to avoid customer questions and support cases on ASR running in passive mode (which can't work)
---
 .../microsoft-defender-atp/attack-surface-reduction.md           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index c0c77ae782..8d36dbefc9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,6 +63,7 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
+- Microsoft Defender antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From 4e31151f7502a9e6014ffbf244b6c9d9d915e1be Mon Sep 17 00:00:00 2001
From: Sunayana Singh <57405155+sunasing@users.noreply.github.com>
Date: Wed, 20 Jan 2021 15:53:13 +0530
Subject: [PATCH 122/396] Minor change

---
 .../threat-protection/microsoft-defender-atp/ios-privacy.md   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
index 361ee24da1..bc3acd8fcc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
@@ -41,9 +41,7 @@ Here is a list of the types of data being collected:
 
 ### Web page or Network information 
 
-- Connection information only when a malicious connection or web page is detected. 
-
-- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
+- Domain name of the website only when a malicious connection or web page is detected. 
 
 ### Device and account information 
 

From a5401ac9b5dd57fc5035d576a6932cf5be74c753 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 14:42:24 +0200
Subject: [PATCH 123/396] Update attack-surface-reduction.md

Removed en-us to not break localization
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 8d36dbefc9..49da59cd29 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,7 +63,7 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-- Microsoft Defender antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+- Microsoft Defender antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From ee27514dbf3fc1cd9c4503cda2356959f8a774b9 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 14:48:31 +0200
Subject: [PATCH 124/396] Update attack-surface-reduction.md

changed to Antivirus with capital A
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 49da59cd29..bd4aac0ddc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,7 +63,7 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-- Microsoft Defender antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+- Microsoft Defender Antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From 75cafe24fec496d12d4e8caf0bb986df565d1a0f Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 14:53:56 +0200
Subject: [PATCH 125/396] Update attack-surface-reduction.md

minor change to note to make it more logical as we are describing 'supported on devices running the following versions of Windows'
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index bd4aac0ddc..02d23be40a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,7 +63,7 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-- Microsoft Defender Antivirus with Real-time protection running in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From ad1767c4ef0e5ab96d9d1f71b5e242cc673041b3 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 14:54:54 +0200
Subject: [PATCH 126/396] Update attack-surface-reduction.md

missing -
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 02d23be40a..70e2fcf02b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,7 +63,7 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+- Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From 2ec659de3431aa0f79af1eefcf05905205f6fe74 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 15:04:34 +0200
Subject: [PATCH 127/396] Update attack-surface-reduction.md

remove '-' and lowered one line to avoid coloring in purple
---
 .../microsoft-defender-atp/attack-surface-reduction.md         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 70e2fcf02b..1378e9274d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -63,7 +63,8 @@ Warn mode helps your organization have attack surface reduction rules in place w
 Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
-- Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+ 
+Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From 2614a6dcebeef0d92a5c8245e4b797048e11cc14 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 20 Jan 2021 18:33:17 +0500
Subject: [PATCH 128/396] Update
 windows/security/identity-protection/hello-for-business/hello-planning-guide.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 449642dfe7..0c252830e7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing)
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing).
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From 576057ec5bce89bcafe9d656d7ba013088bbf163 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 20 Jan 2021 18:36:10 +0500
Subject: [PATCH 129/396] Update hello-planning-guide.md

---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 0c252830e7..cb3a0081f2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -332,7 +332,7 @@ Windows Hello for Business does not require an Azure AD premium subscription.  H
 
 If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet.
 
-If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the free Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing).
+If box **1a** on your planning worksheet reads **hybrid** and box **1b** reads **key trust**, write **No** in box **6c** on your planning worksheet. You can deploy Windows Hello for Business using the Azure Active Directory free tier. All Azure Active Directory free accounts can use Azure AD Multi-Factor Authentication through the use of security defaults. Some Azure AD Multi-Factor Authentication features require a license. For more details, see [Features and licenses for Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-licensing).
 
 If box **5b** on your planning worksheet reads **AD FS RA**, write **Yes** in box **6c** on your planning worksheet.  Enrolling a certificate using the AD FS registration authority requires devices to authenticate to the AD FS server, which requires device write-back, an Azure AD Premium feature.
 

From ac57c10f4fbc62cc000c46bfd6ad9a4e5e28ec5a Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 20:06:19 +0200
Subject: [PATCH 130/396] Update
 windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 1378e9274d..febb1d419b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -64,7 +64,7 @@ Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
  
-Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state) 
+Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
 - Minimum platform release requirement: `4.18.2008.9`  

From 0728cd56c66fca2f393a26fca18a1cfc27ef6fc7 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 20 Jan 2021 20:06:39 +0200
Subject: [PATCH 131/396] Update
 windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index febb1d419b..52f0a3ddf6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -66,7 +66,7 @@ Warn mode is supported on devices running the following versions of Windows:
  
 Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
 
-In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed   
+In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed.
 - Minimum platform release requirement: `4.18.2008.9`  
 - Minimum engine release requirement: `1.1.17400.5`
 

From c466bf04c640455788b97a07d5a031617adb1a85 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 10:47:46 -0800
Subject: [PATCH 132/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index aa6c823ab6..473172524a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -166,7 +166,15 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 - [Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
 
 > [!TIP]
-> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the information, including prerequisites, 
+> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
+
+| Indicator type | Prerequisites | Notes  |
+|----|----|---|
+|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Your organization is using Microsoft Defender Antivirus with cloud-based protection enabled. <p>Your antimalware client version is must be 4.18.1901.x or later. <p>Your devices are must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 | Make sure the [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted signed files, in some cases, may have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
+
+
+
+
 
 ## Classify a false positive or false negative
 

From 5eb90ebe273a332b300d734c429c492da1382cb3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 10:51:21 -0800
Subject: [PATCH 133/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 473172524a..b8a979b127 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -171,6 +171,12 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 | Indicator type | Prerequisites | Notes  |
 |----|----|---|
 |Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Your organization is using Microsoft Defender Antivirus with cloud-based protection enabled. <p>Your antimalware client version is must be 4.18.1901.x or later. <p>Your devices are must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 | Make sure the [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted signed files, in some cases, may have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
+| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
+
+
+
+
+
 
 
 

From e8f163965b5dbb0b5d731d0be21fe66ffd47d26e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 10:58:24 -0800
Subject: [PATCH 134/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index b8a979b127..8122abd1da 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -170,8 +170,12 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 | Indicator type | Prerequisites | Notes  |
 |----|----|---|
-|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Your organization is using Microsoft Defender Antivirus with cloud-based protection enabled. <p>Your antimalware client version is must be 4.18.1901.x or later. <p>Your devices are must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 | Make sure the [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted signed files, in some cases, may have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
+|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version  must be 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
 | IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
+| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | 
+
+
+
 
 
 

From 66c7569f3377716bba0b8e5e9afad6a8308ddb6c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 10:59:26 -0800
Subject: [PATCH 135/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8122abd1da..f5ce4cceed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -172,7 +172,8 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 |----|----|---|
 |Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version  must be 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
 | IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
-| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | 
+| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
+
 
 
 

From 08442412663eeb9785fb3a9a1d189c1f0b2dd354 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 10:59:58 -0800
Subject: [PATCH 136/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md  | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f5ce4cceed..5d51a6f36d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -174,19 +174,6 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 | IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
 | Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
 
-
-
-
-
-
-
-
-
-
-
-
-
-
 ## Classify a false positive or false negative
 
 As alerts are triggered, if you see something that was detected as malicious or suspicious that should not be, you can suppress alerts for that entity and classify alerts as false positives. Managing your alerts and classifying false positives helps to train your threat protection solution. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.

From 6941245d72b580c81b69e8a5879427d40d81225d Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Wed, 20 Jan 2021 12:11:11 -0800
Subject: [PATCH 137/396] Update
 windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../faq-md-app-guard.md                       | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index aa8e4b49ee..1848ca38b2 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -163,21 +163,21 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. 
 
 Policy: Allow installation of devices that match any of these device IDs 
-•	SCSI\DiskMsft____Virtual_Disk____ 
-•	{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba 
-•	VMS_VSF 
-•	root\Vpcivsp 
-•	root\VMBus 
-•	vms_mp 
-•	VMS_VSP 
-•	ROOT\VKRNLINTVSP 
-•	ROOT\VID 
-•	root\storvsp 
-•	vms_vsmp 
-•	VMS_PP 
+- SCSI\DiskMsft____Virtual_Disk____ 
+- {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba 
+- VMS_VSF 
+- root\Vpcivsp 
+- root\VMBus 
+- vms_mp 
+- VMS_VSP 
+- ROOT\VKRNLINTVSP 
+- ROOT\VID 
+- root\storvsp 
+- vms_vsmp 
+- VMS_PP 
 
 Policy: Allow installation of devices using drivers that match these device setup classes 
-•	{71a27cdd-812a-11d0-bec7-08002be2092f}
+- {71a27cdd-812a-11d0-bec7-08002be2092f}
 
 
 

From 8c804c84cab3debcc8943263ce00288b2d360edd Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 20 Jan 2021 15:20:59 -0800
Subject: [PATCH 138/396] big metadata fixes

---
 .../app-v/appv-connect-to-the-management-console.md    |  2 +-
 .../app-v/appv-connection-group-virtual-environment.md |  2 +-
 ...-a-package-created-in-a-previous-version-of-appv.md |  2 +-
 ...h-user-published-and-globally-published-packages.md |  2 +-
 .../app-v/appv-create-a-connection-group.md            |  2 +-
 ...m-configuration-file-with-the-management-console.md |  2 +-
 ...ppv-create-a-package-accelerator-with-powershell.md |  2 +-
 .../app-v/appv-create-a-package-accelerator.md         |  2 +-
 ...-virtual-application-package-package-accelerator.md |  2 +-
 .../app-v/appv-create-and-use-a-project-template.md    |  2 +-
 ...v-creating-and-managing-virtualized-applications.md |  2 +-
 ...plication-extensions-with-the-management-console.md |  2 +-
 .../app-v/appv-delete-a-connection-group.md            |  2 +-
 ...ppv-delete-a-package-with-the-management-console.md |  2 +-
 .../appv-deploy-appv-databases-with-sql-scripts.md     |  2 +-
 ...-with-electronic-software-distribution-solutions.md |  2 +-
 .../app-v/appv-deploy-the-appv-server-with-a-script.md |  2 +-
 .../app-v/appv-deploy-the-appv-server.md               |  2 +-
 .../app-v/appv-deploying-appv.md                       |  2 +-
 .../appv-deploying-microsoft-office-2010-wth-appv.md   |  2 +-
 .../appv-deploying-microsoft-office-2013-with-appv.md  |  2 +-
 .../appv-deploying-microsoft-office-2016-with-appv.md  |  2 +-
 ...-with-electronic-software-distribution-solutions.md |  2 +-
 .../appv-deploying-the-appv-sequencer-and-client.md    |  2 +-
 .../app-v/appv-deploying-the-appv-server.md            |  2 +-
 .../app-v/appv-deployment-checklist.md                 |  2 +-
 .../app-v/appv-dynamic-configuration.md                |  2 +-
 ...-with-electronic-software-distribution-solutions.md |  2 +-
 ...ble-reporting-on-the-appv-client-with-powershell.md |  2 +-
 .../app-v/appv-enable-the-app-v-desktop-client.md      |  2 +-
 .../app-v/appv-evaluating-appv.md                      |  2 +-
 .../application-management/app-v/appv-for-windows.md   |  2 +-
 .../app-v/appv-getting-started.md                      |  2 +-
 .../app-v/appv-high-level-architecture.md              |  2 +-
 ...-associated-security-identifiers-with-powershell.md |  2 +-
 ...nt-and-reporting-databases-on-separate-computers.md |  2 +-
 ...l-the-management-server-on-a-standalone-computer.md |  2 +-
 ...stall-the-publishing-server-on-a-remote-computer.md |  2 +-
 ...ll-the-reporting-server-on-a-standalone-computer.md |  2 +-
 .../app-v/appv-install-the-sequencer.md                |  2 +-
 ...-load-the-powershell-cmdlets-and-get-cmdlet-help.md |  2 +-
 .../app-v/appv-maintaining-appv.md                     |  2 +-
 ...unning-on-a-stand-alone-computer-with-powershell.md |  2 +-
 ...groups-on-a-stand-alone-computer-with-powershell.md |  2 +-
 .../app-v/appv-managing-connection-groups.md           |  2 +-
 .../appv-migrating-to-appv-from-a-previous-version.md  |  2 +-
 ...v-modify-an-existing-virtual-application-package.md |  2 +-
 ...appv-modify-client-configuration-with-powershell.md |  2 +-
 .../appv-move-the-appv-server-to-another-computer.md   |  2 +-
 .../application-management/app-v/appv-operations.md    |  2 +-
 .../app-v/appv-performance-guidance.md                 |  2 +-
 .../app-v/appv-planning-checklist.md                   |  2 +-
 .../appv-planning-folder-redirection-with-appv.md      |  2 +-
 .../app-v/appv-planning-for-appv-server-deployment.md  |  2 +-
 .../app-v/appv-planning-for-appv.md                    |  2 +-
 .../appv-planning-for-high-availability-with-appv.md   |  2 +-
 ...ppv-planning-for-sequencer-and-client-deployment.md |  2 +-
 .../app-v/appv-planning-for-using-appv-with-office.md  |  2 +-
 ...-with-electronic-software-distribution-solutions.md |  2 +-
 .../app-v/appv-planning-to-deploy-appv.md              |  2 +-
 .../set-up-and-test-cortana-in-windows-10.md           |  2 +-
 ...dministering-uev-with-windows-powershell-and-wmi.md |  2 +-
 windows/configuration/ue-v/uev-administering-uev.md    |  2 +-
 .../ue-v/uev-application-template-schema-reference.md  |  2 +-
 .../uev-changing-the-frequency-of-scheduled-tasks.md   |  2 +-
 .../uev-configuring-uev-with-group-policy-objects.md   |  2 +-
 .../access-control/access-control.md                   |  2 +-
 .../access-control/active-directory-accounts.md        |  2 +-
 .../access-control/active-directory-security-groups.md |  2 +-
 .../access-control/dynamic-access-control.md           |  2 +-
 .../access-control/local-accounts.md                   |  2 +-
 .../access-control/microsoft-accounts.md               |  2 +-
 .../access-control/security-identifiers.md             |  2 +-
 .../access-control/security-principals.md              |  2 +-
 .../access-control/service-accounts.md                 |  2 +-
 .../access-control/special-identities.md               |  2 +-
 .../change-history-for-access-protection.md            |  2 +-
 .../security/identity-protection/configure-s-mime.md   |  2 +-
 .../credential-guard/additional-mitigations.md         |  2 +-
 .../credential-guard-considerations.md                 |  2 +-
 .../credential-guard/credential-guard-how-it-works.md  |  2 +-
 .../credential-guard/credential-guard-known-issues.md  |  2 +-
 .../credential-guard/credential-guard-manage.md        |  6 +++---
 .../credential-guard-not-protected-scenarios.md        |  2 +-
 .../credential-guard-protection-limits.md              |  2 +-
 .../credential-guard/credential-guard-requirements.md  |  2 +-
 .../credential-guard/credential-guard.md               |  2 +-
 .../hello-key-trust-validate-ad-prereq.md              |  4 ++--
 windows/security/identity-protection/index.md          |  2 +-
 ...alling-digital-certificates-on-windows-10-mobile.md |  2 +-
 .../identity-protection/remote-credential-guard.md     |  2 +-
 .../smart-card-and-remote-desktop-services.md          |  2 +-
 .../smart-cards/smart-card-architecture.md             |  2 +-
 .../smart-card-certificate-propagation-service.md      |  2 +-
 ...rt-card-certificate-requirements-and-enumeration.md |  2 +-
 .../smart-cards/smart-card-events.md                   |  2 +-
 .../smart-card-group-policy-and-registry-settings.md   |  2 +-
 ...art-card-how-smart-card-sign-in-works-in-windows.md |  2 +-
 .../smart-cards/smart-card-removal-policy-service.md   |  2 +-
 .../smart-card-smart-cards-for-windows-service.md      |  2 +-
 .../smart-cards/smart-card-tools-and-settings.md       |  2 +-
 ...mart-card-windows-smart-card-technical-reference.md |  2 +-
 .../how-user-account-control-works.md                  |  2 +-
 ...t-control-group-policy-and-registry-key-settings.md |  2 +-
 .../user-account-control-overview.md                   |  2 +-
 .../user-account-control-security-policy-settings.md   |  2 +-
 .../virtual-smart-card-deploy-virtual-smart-cards.md   |  2 +-
 .../virtual-smart-card-evaluate-security.md            |  2 +-
 .../virtual-smart-card-get-started.md                  |  2 +-
 .../virtual-smart-cards/virtual-smart-card-overview.md |  2 +-
 .../virtual-smart-card-tpmvscmgr.md                    |  2 +-
 .../virtual-smart-card-understanding-and-evaluating.md |  2 +-
 .../virtual-smart-card-use-virtual-smart-cards.md      |  2 +-
 ...ffie-hellman-protocol-over-ikev2-vpn-connections.md |  2 +-
 ...ingle-sign-on-sso-over-vpn-and-wi-fi-connections.md |  2 +-
 .../identity-protection/vpn/vpn-authentication.md      |  2 +-
 .../vpn/vpn-auto-trigger-profile.md                    |  2 +-
 .../identity-protection/vpn/vpn-conditional-access.md  |  2 +-
 .../identity-protection/vpn/vpn-connection-type.md     |  2 +-
 windows/security/identity-protection/vpn/vpn-guide.md  |  4 ++--
 .../identity-protection/vpn/vpn-name-resolution.md     |  2 +-
 .../identity-protection/vpn/vpn-profile-options.md     |  2 +-
 .../security/identity-protection/vpn/vpn-routing.md    |  2 +-
 .../identity-protection/vpn/vpn-security-features.md   |  2 +-
 ...ndows-credential-theft-mitigation-guide-abstract.md |  2 +-
 .../bitlocker/bitlocker-recovery-loop-break.md         |  2 +-
 .../kernel-dma-protection-for-thunderbolt.md           |  2 +-
 .../secure-the-windows-10-boot-process.md              |  2 +-
 .../tpm/backup-tpm-recovery-information-to-ad-ds.md    |  2 +-
 .../tpm/change-the-tpm-owner-password.md               |  2 +-
 .../tpm/how-windows-uses-the-tpm.md                    |  2 +-
 .../initialize-and-configure-ownership-of-the-tpm.md   |  2 +-
 .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md         |  2 +-
 .../information-protection/tpm/tpm-fundamentals.md     |  2 +-
 .../information-protection/tpm/tpm-recommendations.md  |  2 +-
 .../tpm/trusted-platform-module-overview.md            |  2 +-
 ...d-platform-module-services-group-policy-settings.md |  2 +-
 .../tpm/trusted-platform-module-top-node.md            |  2 +-
 .../app-behavior-with-wip.md                           |  2 +-
 .../collect-wip-audit-event-logs.md                    |  2 +-
 .../create-and-verify-an-efs-dra-certificate.md        |  2 +-
 .../create-vpn-and-wip-policy-using-intune-azure.md    |  2 +-
 .../create-wip-policy-using-configmgr.md               |  2 +-
 .../create-wip-policy-using-intune-azure.md            |  4 ++--
 .../deploy-wip-policy-using-intune-azure.md            |  2 +-
 .../enlightened-microsoft-apps-and-wip.md              |  2 +-
 .../guidance-and-best-practices-wip.md                 |  2 +-
 .../mandatory-settings-for-wip.md                      |  2 +-
 .../overview-create-wip-policy-configmgr.md            |  2 +-
 .../overview-create-wip-policy.md                      |  2 +-
 .../protect-enterprise-data-using-wip.md               |  2 +-
 .../recommended-network-definitions-for-wip.md         |  2 +-
 .../testing-scenarios-for-wip.md                       |  2 +-
 .../using-owa-with-wip.md                              |  2 +-
 .../wip-app-enterprise-context.md                      |  2 +-
 .../block-untrusted-fonts-in-enterprise.md             |  4 ++--
 .../microsoft-defender-atp/review-alerts.md            | 10 +++++-----
 .../overview-of-threat-mitigations-in-windows-10.md    |  2 +-
 .../applocker/working-with-applocker-rules.md          |  2 +-
 .../windows-platform-common-criteria.md                |  2 +-
 160 files changed, 170 insertions(+), 170 deletions(-)

diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index 009019e015..dd38c101dd 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -1,7 +1,7 @@
 ---
 title: How to connect to the Management Console (Windows 10)
 description: In this article, learn the procedure for connecting to the App-V Management Console through your web browser.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index a16ae77ec8..743c824815 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -1,7 +1,7 @@
 ---
 title: About the connection group virtual environment (Windows 10)
 description: Learn how the connection group virtual environment works and how package priority is determined.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 60c1c72c77..36691ab472 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -1,7 +1,7 @@
 ---
 title: How to convert a package created in a previous version of App-V (Windows 10)
 description: Use the package converter utility to convert a virtual application package created in a previous version of App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 312adeb09b..62787b9a7c 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a connection croup with user-published and globally published packages (Windows 10)
 description: How to create a connection croup with user-published and globally published packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 829708fe4f..509167b5f4 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a connection group (Windows 10)
 description: Learn how to create a connection group with the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 273b520a59..42081976ef 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
 description: How to create a custom configuration file by using the App-V Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 600df5f713..d6a62ddf52 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator by using Windows PowerShell (Windows 10)
 description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index db4fe23b68..d2c69c8afb 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a package accelerator (Windows 10)
 description: Learn how to create App-V Package Accelerators to automatically generate new virtual application packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index c6983aab02..200f0481e4 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -1,7 +1,7 @@
 ---
 title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
 description: How to create a virtual application package using an App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 54aa412604..0af67b340d 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -1,7 +1,7 @@
 ---
 title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
 description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index b7ee707a61..30debd58c4 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -1,7 +1,7 @@
 ---
 title: Creating and managing App-V virtualized applications (Windows 10)
 description: Create and manage App-V virtualized applications to monitor and record the installation process for an application to be run as a virtualized application.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index aae5ad7d4c..ebbdf508c3 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -1,7 +1,7 @@
 ---
 title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
 description: How to customize virtual application extensions for a specific AD group by using the Management Console.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 20c62b4398..60a5518fe9 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -1,7 +1,7 @@
 ---
 title: How to delete a connection group (Windows 10)
 description: Learn how to delete an existing App-V connection group in the App-V Management Console and where to find information about managing connection groups.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 16a77e0287..27a1adeb35 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -1,7 +1,7 @@
 ---
 title: How to delete a package in the Management Console (Windows 10)
 description: Learn how to delete a package in the App-V Management Console and where to find information about operations for App-V.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index 4717b5e4ef..f7ccc22f58 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
 description: Learn how to use SQL scripts to install the App-V databases and upgrade the App-V databases to a later version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 3c47fd5076..29719a0f8c 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -1,7 +1,7 @@
 ---
 title: How to deploy App-V packages using electronic software distribution (Windows 10)
 description: Learn how use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index 07407291fe..f2c8cc0af3 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server Using a Script (Windows 10)
 description: 'Learn how to deploy the App-V server by using a script (appv_server_setup.exe) from the command line.'
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 9284a9bfc6..ec7bcac622 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -1,7 +1,7 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
 description: Use these instructions to deploy the Application Virtualization (App-V) Server in App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index 14493f0b25..5061447ca8 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V (Windows 10)
 description: App-V supports several different deployment options. Learn how to complete App-V deployment at different stages in your App-V deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index 736d772dfc..143b808f76 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
 description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index fee5c296a1..d4567acef0 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index ba7107286e..5a7bb4a95a 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
 description: Use Application Virtualization (App-V) to deliver Microsoft Office 2016 as a virtualized application to computers in your organization.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 37adcaae5e..5e3c484a69 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying App-V packages by using electronic software distribution (ESD)
 description: Deploying App-V packages by using electronic software distribution (ESD)
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 8cb954168b..15f8f520d4 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Sequencer and configuring the client (Windows 10)
 description: Learn how to deploy the App-V Sequencer and configure the client by using the ADMX template and Group Policy.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index 97f97275be..fad40ca584 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -1,7 +1,7 @@
 ---
 title: Deploying the App-V Server (Windows 10)
 description: Learn how to deploy the Application Virtualization (App-V) Server in App-V for Windows 10 by using different deployment configurations described in this article.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index d09d0141d8..e64dfcb45c 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -1,7 +1,7 @@
 ---
 title: App-V Deployment Checklist (Windows 10)
 description: Use the App-V deployment checklist to understand the recommended steps and items to consider when deploying App-V features.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 196cb62ece..fac027c816 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -1,7 +1,7 @@
 ---
 title: About App-V Dynamic Configuration (Windows 10)
 description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 601bfd8297..013c9bf60d 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -1,7 +1,7 @@
 ---
 title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
 description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 39a072c558..ba86d9400f 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index c7985565d4..e9352f15ee 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -1,7 +1,7 @@
 ---
 title: Enable the App-V in-box client (Windows 10)
 description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 9eb57e8521..c5d8ac6964 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Evaluating App-V (Windows 10)
 description: Learn how to evaluate App-V for Windows 10 in a lab environment before deploying into a production environment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index bec88a55bf..d089cb3371 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -1,7 +1,7 @@
 ---
 title: Application Virtualization (App-V) (Windows 10)
 description: See various topics that can help you administer Application Virtualization (App-V) and its components.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 03f116312a..8fc9117868 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -1,7 +1,7 @@
 ---
 title: Getting Started with App-V (Windows 10)
 description: Get started with Microsoft Application Virtualization (App-V) for Windows 10. App-V for Windows 10 delivers Win32 applications to users as virtual applications.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 941e4f58e7..cf81569563 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -1,7 +1,7 @@
 ---
 title: High-level architecture for App-V (Windows 10)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index 82b6545be6..fed3c5c9ec 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index ffffedff20..2b99c85da9 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -1,7 +1,7 @@
 ---
 title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 44e1be2801..f8c387ecb8 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -1,7 +1,7 @@
 ---
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index f08f5dfe4d..df6dc6c726 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Install the Publishing Server on a Remote Computer (Windows 10)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index d476fda616..17251170f3 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -1,7 +1,7 @@
 ---
 title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 7a13e789c6..0c3ae2e9a0 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -1,7 +1,7 @@
 ---
 title: Install the App-V Sequencer (Windows 10)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index bc8cd9361e..4c3530ae6b 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -1,7 +1,7 @@
 ---
 title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index e03e524b5a..ca2c8811c9 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Maintaining App-V (Windows 10)
 description: After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index c7f1214405..78190c4689 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
 description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index d4e01266f8..d6e03d17a6 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 9b5aa14320..f308ee42da 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -1,7 +1,7 @@
 ---
 title: Managing Connection Groups (Windows 10)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index a3600bfa4c..63e362cc4c 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -1,7 +1,7 @@
 ---
 title: Migrating to App-V from a Previous Version (Windows 10)
 description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10 from a previous version.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index c065c9a2a5..6a6da20d55 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -1,7 +1,7 @@
 ---
 title: How to Modify an Existing Virtual Application Package (Windows 10)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 816015f740..9b7fa5dc90 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index e34dd4f7dc..8d46833f6d 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -1,7 +1,7 @@
 ---
 title: How to Move the App-V Server to Another Computer (Windows 10)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index b68da536ab..a916d38776 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -1,7 +1,7 @@
 ---
 title: Operations for App-V (Windows 10)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index ea4f11a42b..d7c8078b33 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -1,7 +1,7 @@
 ---
 title: Performance Guidance for Application Virtualization (Windows 10)
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index 4c098ba090..e2d9776c2c 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -1,7 +1,7 @@
 ---
 title: App-V Planning Checklist (Windows 10)
 description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 2a6724419a..0b9b995319 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Planning to Use Folder Redirection with App-V (Windows 10)
 description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 8aa07c226e..94b436fd53 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Server Deployment (Windows 10)
 description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 0ebf3ccaf3..39d5199ea8 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Planning for App-V (Windows 10)
 description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 29d772054e..9f01735aab 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Planning for High Availability with App-V Server
 description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index 0f797ad9d7..52019b0496 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -1,7 +1,7 @@
 ---
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
 description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 91ade82d46..32b20fa1e6 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -1,7 +1,7 @@
 ---
 title: Planning for Deploying App-V with Office (Windows 10)
 description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 49e7266314..10fd13f4cc 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index be621c72e2..f08a2b2b44 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -1,7 +1,7 @@
 ---
 title: Planning to Deploy App-V (Windows 10)
 description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index 14dfdcd3da..da23d57297 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -6,7 +6,7 @@ description: Cortana includes powerful configuration options specifically to opt
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: kwekua
+author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
 ---
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 110c062f57..159d0b1376 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -1,7 +1,7 @@
 ---
 title: Administering UE-V with Windows PowerShell and WMI
 description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 1b5004453a..ae0c0dc0e4 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -1,7 +1,7 @@
 ---
 title: Administering UE-V
 description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 6ca0f295e0..9fb9d1704d 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -1,7 +1,7 @@
 ---
 title: Application Template Schema Reference for UE-V
 description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 508ec913ff..a4d2addc34 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -1,7 +1,7 @@
 ---
 title: Changing the Frequency of UE-V Scheduled Tasks
 description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 169e31075f..2a85dc79f2 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -1,7 +1,7 @@
 ---
 title: Configuring UE-V with Group Policy Objects
 description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
-author: trudyha
+author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 8e6cf74f38..61288f4b01 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index 2ae163cea6..f207928d15 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md
index d703f10851..e408ad9ba8 100644
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md
index 3ad985610a..ea1bce53c3 100644
--- a/windows/security/identity-protection/access-control/dynamic-access-control.md
+++ b/windows/security/identity-protection/access-control/dynamic-access-control.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 56e4f2edf2..e988e6da9f 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md
index d1f2624bf6..7abb98e730 100644
--- a/windows/security/identity-protection/access-control/microsoft-accounts.md
+++ b/windows/security/identity-protection/access-control/microsoft-accounts.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md
index c8bdc813a2..b21bd85fd4 100644
--- a/windows/security/identity-protection/access-control/security-identifiers.md
+++ b/windows/security/identity-protection/access-control/security-identifiers.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md
index 111f5d902d..26564af45a 100644
--- a/windows/security/identity-protection/access-control/security-principals.md
+++ b/windows/security/identity-protection/access-control/security-principals.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md
index 7a95b60584..3e5a325d0a 100644
--- a/windows/security/identity-protection/access-control/service-accounts.md
+++ b/windows/security/identity-protection/access-control/service-accounts.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md
index b14254b22a..0dc6406a6d 100644
--- a/windows/security/identity-protection/access-control/special-identities.md
+++ b/windows/security/identity-protection/access-control/special-identities.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/change-history-for-access-protection.md b/windows/security/identity-protection/change-history-for-access-protection.md
index 954dd6020d..d76e6bc56d 100644
--- a/windows/security/identity-protection/change-history-for-access-protection.md
+++ b/windows/security/identity-protection/change-history-for-access-protection.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 0dd5d09a40..cab91d6db4 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 5a88c7b645..885c697548 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 6d52746433..90a4a08397 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 4eaf65890c..8d0219c5dd 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 52e6cf8f15..0780c5d0c4 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 1d0b90717a..27f4be1157 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -7,15 +7,15 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: v-tea
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.reviewer: 
 ms.custom: 
-- CI 120967
-- CSSTroubleshooting
+  - CI 120967
+  - CSSTroubleshooting
 ---
 
 # Manage Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 0083c4e274..dcda95a96c 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 792587963f..845101f5a0 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 6768635d8f..3fae5bee58 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 7f2c136802..a2583e1181 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 51d246f3f4..1a4dcd1e37 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -1,12 +1,12 @@
 ---
-title: Key registration for on-premises deployment of Windows Hello for Business 
+title: Key registration for on-premises deployment of Windows Hello for Business
 description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model.
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
-author: DaniHalfin
+author: dansimp
 audience: ITPro
 ms.author: dolmont
 manager: dansimp
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index 98e0bb9835..f57abc302f 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: danihalfin
+author: dansimp
 ms.author: daniha
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
index 65e353cb81..fc906d9e08 100644
--- a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 60dc685e1e..0637c997cc 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index 5e5003aa9f..f8baa1b11c 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index 89ddb7fa8a..bb2559ccf0 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index 997384b9e0..ae671b4ace 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index 17564fc13b..3d76ae2b17 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index d905fbf992..dbaa8112f7 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index 04e43174e8..50d2b45bb2 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 56228dff85..9939c9ec73 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index dd8812970c..fa36cf563f 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index a913f4c769..e4548fc317 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index 794b8e096c..74fdcc3e8f 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index 53ebc5b4f6..99defcec30 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 254e57e0e9..10ffd31a84 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index e8d50dc97f..130688534d 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 9c9011d7ad..a95145abaa 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index e366385a91..793fe303aa 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 5e643f7d75..a168874b63 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index f0b0220678..6fb462eb81 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index 34daf7a11e..6810a79d95 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index aa61d00b97..29bb2adede 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index a979d2b781..c37a9a9b29 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 0194ee2c80..d7c394285f 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 0737f18fec..30671f6e4a 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 6b9868b0f0..97ee24eb64 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.date: 02/08/2018
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 0b6ff85b21..24a4378ebe 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 3fe2c08d57..5f4cf0a2b1 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 29c8f5e474..59ffc5f231 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index aa6ca89ce6..0d608b647c 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index d825487b05..a0330b3425 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 11/13/2020
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index ae26cfc95a..1ec959d53e 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -1,10 +1,10 @@
 ---
 title: Windows 10 VPN technical guide (Windows 10)
-description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. 
+description: Learn about decisions to make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 11/13/2020
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index 3b6a776b1e..2076d89817 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 077c2d4c8f..d47c757946 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -8,7 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.date: 05/17/2018
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index 416bc57d04..fd26221328 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 19a298bef8..96964c7d9b 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
-author: dulcemontemayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.reviewer: 
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 26db02bc64..2c1a02b8db 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index 9ed6f0f984..4ae0e5d8e8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 ms.author: v-maave
-author: martyav
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 74e8c2d67c..2c39161d3c 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -5,7 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index d3ff0fb615..76cd4b50a5 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: Explore
 ms.pagetype: security
 ms.sitesec: library
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 3e3fdfd9b5..596d94cff0 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 1cb7f1c281..7854157fed 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index c802bfae51..06d8c54066 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index cf6d045df3..27d47eebbc 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index d9e1befbcd..fed9817bba 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index 462656a2ad..06382dc117 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index fb2784e2d5..997c6add77 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index a6c748fa89..d573495c4e 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index d94485704c..f6df5436b6 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
index 45c32cd7da..124caf74f2 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 97733a4dd7..f7aad3051d 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index 78edc9a59e..c84d5cbc1a 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 2bcfcf6622..629994e90f 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index 6c672171ac..a124fbdd24 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index 1f7a0cbc20..ac44e2f1bd 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 7f89a245b5..f36275b6ba 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -1,11 +1,11 @@
 ---
 title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10)
-description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network. 
+description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 42caa212cd..524199cf73 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index ebe3c59220..557fa276cb 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index 576fe7cf71..bbfa13516c 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 27d3f1d9c9..eb25f0556d 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
index 503c15a18d..419f25c61c 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index 76c595ade1..42f746faba 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 3d11ab50ae..336a37f408 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index fee621245c..d2ff6e2a2f 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 7353daae25..2eefdaf76e 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
index 94df767962..c7caa873dc 100644
--- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
index 5a8333cab2..b54cc7cbe1 100644
--- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
+++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 9c201ba4ac..4f91deefd6 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -2,14 +2,14 @@
 title: Block untrusted fonts in an enterprise (Windows 10)
 description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature.
 ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
-ms.reviewer:
+ms.reviewer: 
 manager: dansimp
 keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index ebe2923713..f9911e0643 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -4,16 +4,16 @@ description: Review alert information, including a visualized alert story and de
 keywords: incident, incidents, machines, devices, users, alerts, alert, investigation, graph, evidence
 ms.prod: microsoft-365-enterprise
 ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords: 
+  - NOCSH
 ms.author: daniha
-author: danihalfin
+author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ms.date: 5/1/2020
 ---
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index ca627315b9..7c5371ee9f 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dulcemontemayor
+author: dansimp
 ms.date: 10/13/2017
 ms.reviewer: 
 manager: dansimp
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index 1b92efcccf..0ddb19159b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -9,7 +9,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: mjcaparas
+author: dansimp
 ms.localizationpriority: medium
 msauthor: v-anbic
 ms.date: 08/27/2018
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index 3dece2757f..d5041fcb44 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -3,7 +3,7 @@ title: Common Criteria Certifications
 description: This topic details how Microsoft supports the Common Criteria certification program.
 ms.prod: w10
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management

From 0b2d7ab3e403ea122bd6e5aa85b23cc645cdb053 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:08:22 -0800
Subject: [PATCH 139/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5d51a6f36d..2242561c26 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/19/2021
+ms.date: 01/21/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

From 5ed21322d0b66b4c73b15eaf3e3104299d645813 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:33:35 -0800
Subject: [PATCH 140/396] Update attack-surface-reduction.md

---
 .../microsoft-defender-atp/attack-surface-reduction.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 52f0a3ddf6..72473b65c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -14,7 +14,7 @@ ms.author: deniseb
 ms.reviewer: sugamar, jcedola
 manager: dansimp
 ms.custom: asr
-ms.date: 01/08/2021
+ms.date: 01/20/2021
 ---
 
 # Use attack surface reduction rules to prevent malware infection
@@ -24,7 +24,7 @@ ms.date: 01/08/2021
 
 **Applies to:**
 
-* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Why attack surface reduction rules are important
 

From 2650f302b61b16b5037656a2360d00a652c7e20c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:35:51 -0800
Subject: [PATCH 141/396] Update attack-surface-reduction.md

---
 .../microsoft-defender-atp/attack-surface-reduction.md   | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 72473b65c6..cf10e80626 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -64,7 +64,7 @@ Warn mode is supported on devices running the following versions of Windows:
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) or later
 - [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) or later
  
-Note that Microsoft Defender Antivirus must be running with Real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
+Microsoft Defender Antivirus must be running with real-time protection in [Active mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state).
 
 In addition, make sure [Microsoft Defender Antivirus and antimalware updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions) are installed.
 - Minimum platform release requirement: `4.18.2008.9`  
@@ -126,13 +126,9 @@ DeviceEvents
 You can review the Windows event log to view events generated by attack surface reduction rules:
 
 1. Download the [Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the device.
-
 2. Enter the words, *Event Viewer*, into the Start menu to open the Windows Event Viewer.
-
 3. Under **Actions**, select **Import custom view...**.
-
 4. Select the file *cfa-events.xml* from where it was extracted. Alternatively, [copy the XML directly](event-views.md).
-
 5. Select **OK**.
 
 You can create a custom view that filters events to only show the following events, all of which are related to controlled folder access:
@@ -465,9 +461,6 @@ GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35`
 ## See also
 
 - [Attack surface reduction FAQ](attack-surface-reduction-faq.md)
-
 - [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
-
 - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
-
 - [Compatibility of Microsoft Defender Antivirus with other antivirus/antimalware solutions](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)

From e4f4593dff80eedc07f0af77aa5b8df6dbd04868 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:49:07 -0800
Subject: [PATCH 142/396] Update enable-exploit-protection.md

---
 .../enable-exploit-protection.md              | 110 +++++++++---------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index a3dacf2086..aafa081de2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -46,13 +46,13 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au
 
 ## Windows Security app
 
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Security**.
+1. Open the Windows Security app by selecting the shield icon in the task bar or by searching the start menu for **Security**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**.
+2. Select the **App & browser control** tile (or the app icon on the left menu bar) and then select **Exploit protection settings**.
 
 3. Go to **Program settings** and choose the app you want to apply mitigations to. <br/>
-    - If the app you want to configure is already listed, click it and then click **Edit**.
-    - If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app. <br/>
+    - If the app you want to configure is already listed, select it, and then select **Edit**.
+    - If the app is not listed, at the top of the list select **Add program to customize** and then choose how you want to add the app. <br/>
     - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
     - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
 
@@ -60,12 +60,12 @@ You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Au
 
 5. Repeat steps 3-4 for all the apps and mitigations you want to configure.
 
-6. Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:<br/>
+6. Under the **System settings** section, find the mitigation you want to configure and then specify one of the following settings. Apps that aren't configured individually in the **Program settings** section use the settings that are configured here.<br/>
     - **On by default**: The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
     - **Off by default**: The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
     - **Use default**: The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation
 
-7. Repeat step 6 for all the system-level mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
+7. Repeat step 6 for all the system-level mitigations you want to configure. Select **Apply** when you're done setting up your configuration.
 
 If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
 
@@ -80,7 +80,7 @@ If you add an app to the **Program settings** section and configure individual m
 
 Mikael adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, Mikael enables the **Override system settings** option and sets the switch to **On**. There are no other apps listed in the **Program settings** section.
 
-The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied.
+The result is that DEP is enabled only for *test.exe*. All other apps will not have DEP applied.
 
 ### Example 2: Josie configures Data Execution Prevention in system settings to be off by default
 
@@ -88,38 +88,38 @@ Josie adds the app *test.exe* to the **Program settings** section. In the option
 
 Josie also adds the app *miles.exe* to the **Program settings** section and configures **Control flow guard (CFG)** to **On**. Josie doesn't enable the **Override system settings** option for DEP or any other mitigations for that app.
 
-The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. CFG will be enabled for *miles.exe*.
+The result is that DEP is enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. CFG will be enabled for *miles.exe*.
 
-1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Security app by selecting the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
+2. Select the **App & browser control** tile (or the app icon on the left menu bar) and then select **Exploit protection**.
 
 3. Go to **Program settings** and choose the app you want to apply mitigations to.<br/>
-    - If the app you want to configure is already listed, click it and then click **Edit**.
-    - If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app.<br/>
+    - If the app you want to configure is already listed, select it, and then select **Edit**.
+    - If the app is not listed, at the top of the list se;ect **Add program to customize** and then choose how you want to add the app.<br/>
      - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
      - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
 
 4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
 
-5. Repeat steps 3-4 for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
+5. Repeat steps 3-4 for all the apps and mitigations you want to configure. Select **Apply** when you're done setting up your configuration.
 
 ## Intune
 
 1. Sign in to the [Azure portal](https://portal.azure.com) and open Intune.
 
-2. Click **Device configuration** > **Profiles** > **Create profile**.
+2. Go to **Device configuration** > **Profiles** > **Create profile**.
 
 3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.<br/>
    ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)<br/>
 
-4. Click **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**.
+4. Select **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**.
 
 5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:<br/>![Enable network protection in Intune](../images/enable-ep-intune.png)<br/>
 
-6. Click **OK** to save each open blade and click **Create**.
+6. Select **OK** to save each open blade, and then choose **Create**.
 
-7. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**.
+7. Select the profile **Assignments** tab, assign the policy to **All Users & All Devices**, and then select **Save**.
 
 ## MDM
 
@@ -127,42 +127,42 @@ Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
 
 ## Microsoft Endpoint Manager
 
-1. In Microsoft Endpoint Manager, click **Endpoint Security** > **Attack surface reduction**. 
+1. In Microsoft Endpoint Manager, go to **Endpoint Security** > **Attack surface reduction**. 
 
-2. Click **Create Policy**, select **Platform**, and under **Profile** choose **Exploit Protection**. Click **Create**.
+2. Select **Create Policy** > **Platform**, and for **Profile**, choose **Exploit Protection**. Then select **Create**.
 
-3. Enter a name and a description, and click **Next**.
+3. Specify a name and a description, and then choose **Next**.
 
-4. Click **Select XML File** and browse to the location of the exploit protection XML file, then select it and click **Next**.
+4. Select **Select XML File** and browse to the location of the exploit protection XML file. Select the file, and then choose **Next**.
 
 5. Configure **Scope tags** and **Assignments** if necessary. 
 
-6. Under **Review + create**, review the configuration and click **Create** if everything is ok.
+6. Under **Review + create**, review the configuration and then choose **Create**.
 
 
 ## Microsoft Endpoint Configuration Manager
 
-1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, go to **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
 
-2. Click **Home** > **Create Exploit Guard Policy**.
+2. Select **Home** > **Create Exploit Guard Policy**.
 
-3. Enter a name and a description, click **Exploit protection**, and click **Next**.
+3. Specify a name and a description, select **Exploit protection**, and then choose **Next**.
 
-4. Browse to the location of the exploit protection XML file and click **Next**.
+4. Browse to the location of the exploit protection XML file and select **Next**.
 
-5. Review the settings and click **Next** to create the policy.
+5. Review the settings, and then choose **Next** to create the policy.
 
-6. After the policy is created, click **Close**.
+6. After the policy is created, select **Close**.
 
 ## Group Policy
 
 1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 
 3. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit Protection** > **Use a common set of exploit protection settings**.
 
-4. Click **Enabled** and type the location of the [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) and click **OK**.
+4. Select **Enabled** and type the location of the [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard), and then choose **OK**.
 
 ## PowerShell
 
@@ -222,27 +222,27 @@ This table lists the individual **Mitigations** (and **Audits**, when available)
 
 | Mitigation type | Applies to | Mitigation cmdlet parameter keyword | Audit mode cmdlet parameter |
 | :-------------- | :--------- | :---------------------------------- | :-------------------------- |
-| Control flow guard (CFG) | System and app-level |   CFG,   StrictCFG,   SuppressExports  | Audit not available |
-| Data Execution Prevention (DEP) | System and app-level |   DEP,   EmulateAtlThunks  | Audit not available |
-| Force randomization for images (Mandatory ASLR) | System and app-level |   ForceRelocateImages  | Audit not available |
-| Randomize memory allocations (Bottom-Up ASLR) | System and app-level |   BottomUp,   HighEntropy  | Audit not available
-| Validate exception chains (SEHOP) | System and app-level |   SEHOP,   SEHOPTelemetry  | Audit not available |
-| Validate heap integrity | System and app-level |   TerminateOnError  | Audit not available |
-| Arbitrary code guard (ACG) | App-level only |   DynamicCode  |   AuditDynamicCode |
-| Block low integrity images | App-level only |   BlockLowLabel  |   AuditImageLoad |
-| Block remote images | App-level only |   BlockRemoteImages  | Audit not available |
-| Block untrusted fonts | App-level only |   DisableNonSystemFonts  |   AuditFont,   FontAuditOnly |
-| Code integrity guard | App-level only |   BlockNonMicrosoftSigned,   AllowStoreSigned  |   AuditMicrosoftSigned,   AuditStoreSigned |
-| Disable extension points | App-level only |   ExtensionPoint  | Audit not available |
-| Disable Win32k system calls | App-level only |   DisableWin32kSystemCalls  |   AuditSystemCall |
-| Do not allow child processes | App-level only |   DisallowChildProcessCreation  |   AuditChildProcess |
-| Export address filtering (EAF) | App-level only |   EnableExportAddressFilterPlus,   EnableExportAddressFilter  <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a> |
-| Import address filtering (IAF) | App-level only |   EnableImportAddressFilter  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
-| Simulate execution (SimExec) | App-level only |   EnableRopSimExec  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
-| Validate API invocation (CallerCheck) | App-level only |   EnableRopCallerCheck  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
-| Validate handle usage | App-level only |   StrictHandle  | Audit not available |
-| Validate image dependency integrity | App-level only |   EnforceModuleDepencySigning  | Audit not available |
-| Validate stack integrity (StackPivot) | App-level only |   EnableRopStackPivot  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
+| Control flow guard (CFG) | System and app-level |   `CFG`,   `StrictCFG`,   `SuppressExports`  | Audit not available |
+| Data Execution Prevention (DEP) | System and app-level |   `DEP`,   `EmulateAtlThunks`  | Audit not available |
+| Force randomization for images (Mandatory ASLR) | System and app-level |   `ForceRelocateImages`  | Audit not available |
+| Randomize memory allocations (Bottom-Up ASLR) | System and app-level |   `BottomUp`,   `HighEntropy`  | Audit not available
+| Validate exception chains (SEHOP) | System and app-level |   `SEHOP`,   `SEHOPTelemetry`  | Audit not available |
+| Validate heap integrity | System and app-level |   `TerminateOnError`  | Audit not available |
+| Arbitrary code guard (ACG) | App-level only |   `DynamicCode`  |   `AuditDynamicCode` |
+| Block low integrity images | App-level only |   `BlockLowLabel`  |   `AuditImageLoad` |
+| Block remote images | App-level only |   `BlockRemoteImages`  | Audit not available |
+| Block untrusted fonts | App-level only |   `DisableNonSystemFonts`  |   `AuditFont`,   `FontAuditOnly` |
+| Code integrity guard | App-level only |   `BlockNonMicrosoftSigned`,   `AllowStoreSigned`  |   AuditMicrosoftSigned,   AuditStoreSigned |
+| Disable extension points | App-level only |   `ExtensionPoint`  | Audit not available |
+| Disable Win32k system calls | App-level only |   `DisableWin32kSystemCalls`  |   `AuditSystemCall` |
+| Do not allow child processes | App-level only |   `DisallowChildProcessCreation`  |   `AuditChildProcess` |
+| Export address filtering (EAF) | App-level only |   `EnableExportAddressFilterPlus`,   `EnableExportAddressFilter`  <a href="#r1" id="t1">\[1\]</a> | Audit not available<a href="#r2" id="t2">\[2\]</a> |
+| Import address filtering (IAF) | App-level only |   `EnableImportAddressFilter`  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
+| Simulate execution (SimExec) | App-level only |   `EnableRopSimExec`  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
+| Validate API invocation (CallerCheck) | App-level only |   `EnableRopCallerCheck`  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
+| Validate handle usage | App-level only |   `StrictHandle`  | Audit not available |
+| Validate image dependency integrity | App-level only |   `EnforceModuleDepencySigning`  | Audit not available |
+| Validate stack integrity (StackPivot) | App-level only |   `EnableRopStackPivot`  | Audit not available<a href="#r2" id="t2">\[2\]</a> |
 
 <a href="#t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for DLLs for a process:
 
@@ -253,10 +253,10 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu
 
 ## Customize the notification
 
-See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
+See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) article for more information about customizing the notification when a rule is triggered and blocks an app or file.
 
 ## See also
 
-* [Evaluate exploit protection](evaluate-exploit-protection.md)
-* [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
-* [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+- [Evaluate exploit protection](evaluate-exploit-protection.md)
+- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)

From eee81169e423a772145ed9ed0b340cb62779f1fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:54:30 -0800
Subject: [PATCH 143/396] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 1848ca38b2..fa3402a679 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 11/03/2020
+ms.date: 01/21/2021
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -146,7 +146,7 @@ There is a known issue such that if you change the Exploit Protection settings f
 
 ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
 
-1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 
+1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
 
 2. Disable IpNat.sys from ICS load as follows: <br/> 
 `System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
@@ -160,24 +160,24 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 5. Reboot the device.
 
 ### Why doesn't the container fully load when device control policies are enabled?
-The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. 
+Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. 
 
 Policy: Allow installation of devices that match any of these device IDs 
-- SCSI\DiskMsft____Virtual_Disk____ 
-- {8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba 
-- VMS_VSF 
-- root\Vpcivsp 
-- root\VMBus 
-- vms_mp 
-- VMS_VSP 
-- ROOT\VKRNLINTVSP 
-- ROOT\VID 
-- root\storvsp 
-- vms_vsmp 
-- VMS_PP 
+- `SCSI\DiskMsft____Virtual_Disk____` 
+- `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba` 
+- `VMS_VSF` 
+- `root\Vpcivsp` 
+- `root\VMBus` 
+- `vms_mp` 
+- `VMS_VSP` 
+- `ROOT\VKRNLINTVSP`
+- `ROOT\VID` 
+- `root\storvsp` 
+- `vms_vsmp` 
+- `VMS_PP` 
 
 Policy: Allow installation of devices using drivers that match these device setup classes 
-- {71a27cdd-812a-11d0-bec7-08002be2092f}
+- `{71a27cdd-812a-11d0-bec7-08002be2092f}`
 
 
 

From 8447db3932bab19ae311d31c2f4b71518046b009 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 16:59:28 -0800
Subject: [PATCH 144/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index d1fbec7602..cfe3a3b543 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: tewchen, pahuijbr, shwjha
 manager: dansimp
-ms.date: 01/11/2021
+ms.date: 01/21/2021
 ---
 
 # Microsoft Defender Antivirus compatibility

From 8d61742e2b7149360bbd336c1ae6570b8897bba1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:03:31 -0800
Subject: [PATCH 145/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md          | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index cfe3a3b543..7b5e23bd1d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -47,14 +47,17 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 | Windows Server 2016 or 2019 |                         Microsoft Defender Antivirus                         |                       Yes                       |            Active mode            |
 | Windows Server 2016 or 2019 |                         Microsoft Defender Antivirus                         |                       No                        |            Active mode            |
 
-(<a id="fn1">1</a>)  On Windows Server 2016 or 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
+(<a id="fn1">1</a>)  On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
 
-If you are using Windows Server, version 1803 or Windows Server 2019, you set Microsoft Defender Antivirus to passive mode by setting this registry key:
+If you are using Windows Server, version 1803 or newer, or Windows Server 2019, set Microsoft Defender Antivirus to passive mode by setting this registry key:
 - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
 - Name: `ForceDefenderPassiveMode`
 - Type: `REG_DWORD`
 - Value: `1`
 
+> [!NOTE]
+> The `ForceDefenderPassiveMode` registry key is not supported on Windows Server 2016.
+
 See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
 
 > [!IMPORTANT]

From e2c503e9ee71bb8a38959667b3b79793da2e03be Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:14:57 -0800
Subject: [PATCH 146/396] Update microsoft-defender-antivirus-compatibility.md

---
 ...icrosoft-defender-antivirus-compatibility.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 7b5e23bd1d..46b7cc2375 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -38,14 +38,15 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 
 | Windows version   | Antimalware protection  | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state     |
 |------|------|-------|-------|
-| Windows 10      | A third-party product that is not offered or developed by Microsoft |                       Yes                       |           Passive mode            |
-| Windows 10      | A third-party product that is not offered or developed by Microsoft |                       No                        |      Automatic disabled mode     |
-| Windows 10      |                         Microsoft Defender Antivirus                         |                       Yes                       |            Active mode            |
-| Windows 10      |                         Microsoft Defender Antivirus                         |                       No                        |            Active mode            |
-| Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft |                       Yes                       | Active mode<sup>[[1](#fn1)]</sup> |
-| Windows Server 2016 or 2019 | A third-party product that is not offered or developed by Microsoft |                       No                        | Active mode<sup>[[1](#fn1)]<sup>  |
-| Windows Server 2016 or 2019 |                         Microsoft Defender Antivirus                         |                       Yes                       |            Active mode            |
-| Windows Server 2016 or 2019 |                         Microsoft Defender Antivirus                         |                       No                        |            Active mode            |
+| Windows 10  | A third-party product that is not offered or developed by Microsoft | Yes  | Passive mode  |
+| Windows 10  | A third-party product that is not offered or developed by Microsoft | No   | Automatic disabled mode     |
+| Windows 10  | Microsoft Defender Antivirus | Yes  | Active mode | 
+| Windows 10  | Microsoft Defender Antivirus | No   | Active mode |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes  | Active mode<sup>[[1](#fn1)]</sup> |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No  | Must be set to passive mode (manually)<sup>[[1](#fn1)]<sup>  |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus  | Yes |         Active mode  |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No  | Active mode |
+| Windows Server 2016 |
 
 (<a id="fn1">1</a>)  On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
 

From d10b40afc256e861288a93668c30574429bb9f58 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:18:31 -0800
Subject: [PATCH 147/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md          | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 46b7cc2375..c45faf38d2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -46,11 +46,14 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 | Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No  | Must be set to passive mode (manually)<sup>[[1](#fn1)]<sup>  |
 | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus  | Yes |         Active mode  |
 | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No  | Active mode |
-| Windows Server 2016 |
+| Windows Server 2016 | Microsoft Defender Antivirus | Yes | Active mode |
+| Windows Server 2016 | Microsoft Defender Antivirus | No | Active mode |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually) |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually) |
 
 (<a id="fn1">1</a>)  On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
 
-If you are using Windows Server, version 1803 or newer, or Windows Server 2019, set Microsoft Defender Antivirus to passive mode by setting this registry key:
+If you are using Windows Server, version 1803 or newer, or Windows Server 2019, you can set Microsoft Defender Antivirus to passive mode by setting the following registry key:
 - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
 - Name: `ForceDefenderPassiveMode`
 - Type: `REG_DWORD`

From 41bfb6b812a58807aeb91015fc2a91ffd8b60a7f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:19:25 -0800
Subject: [PATCH 148/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index c45faf38d2..0692acb1cc 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -65,7 +65,7 @@ If you are using Windows Server, version 1803 or newer, or Windows Server 2019,
 See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
 
 > [!IMPORTANT]
-> Microsoft Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019.
+> Microsoft Defender Antivirus is only available on devices running Windows 10, Windows Server 2016, Windows Server, version 1803 or later, and Windows Server 2019.
 >
 > In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager.
 >

From ef0d62339eb41daa0eea559148041bdbca9848fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:21:35 -0800
Subject: [PATCH 149/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 0692acb1cc..a6bc15c92a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -88,7 +88,7 @@ The table in this section summarizes the functionality and features that are ava
 - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
 - In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items.
-- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended.
+- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
 
 ## Keep the following points in mind
 

From 42556272847a811b535fac7e4f3c6a5d1bcd5a04 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:35:48 -0800
Subject: [PATCH 150/396] Update
 microsoft-defender-antivirus-on-windows-server-2016.md

---
 ...fender-antivirus-on-windows-server-2016.md | 45 ++++++++++++-------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
index c16f2a4930..353bfe7752 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
@@ -10,7 +10,7 @@ ms.sitesec: library
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 01/04/2021
+ms.date: 01/21/2021
 ms.reviewer: pahuijbr, shwjha
 manager: dansimp
 ---
@@ -23,9 +23,12 @@ manager: dansimp
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Microsoft Defender Antivirus is available on Windows Server 2016 and 2019. In some instances, Microsoft Defender Antivirus is referred to as *Endpoint Protection*; however, the protection engine is the same.
+Microsoft Defender Antivirus is available on the following editions/versions of Windows Server:
+- Windows Server 2019
+- Windows Server, version  1803 or later
+- Windows Server 2016. 
 
-While the functionality, configuration, and management are largely the same for [Microsoft Defender Antivirus on Windows 10](microsoft-defender-antivirus-in-windows-10.md), there are a few key differences on Windows Server 2016 and 2019:
+In some instances, Microsoft Defender Antivirus is referred to as *Endpoint Protection*; however, the protection engine is the same. Although the functionality, configuration, and management are largely the same for [Microsoft Defender Antivirus on Windows 10](microsoft-defender-antivirus-in-windows-10.md), there are a few key differences on Windows Server:
 
 - In Windows Server, [automatic exclusions](configure-server-exclusions-microsoft-defender-antivirus.md) are applied based on your defined Server Role.
 - In Windows Server, Microsoft Defender Antivirus does not automatically disable itself if you are running another antivirus product.
@@ -34,29 +37,29 @@ While the functionality, configuration, and management are largely the same for
 
 The process of setting up and running Microsoft Defender Antivirus on a server platform includes several steps:
 
-1. [Enable the interface](#enable-the-user-interface-on-windows-server-2016-or-2019).
-2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server-2016-or-2019).
+1. [Enable the interface](#enable-the-user-interface-on-windows-server).
+2. [Install Microsoft Defender Antivirus](#install-microsoft-defender-antivirus-on-windows-server).
 3. [Verify Microsoft Defender Antivirus is running](#verify-microsoft-defender-antivirus-is-running).
 4. [Update your antimalware Security intelligence](#update-antimalware-security-intelligence).
 5. (As needed) [Submit samples](#submit-samples).
 6. (As needed) [Configure automatic exclusions](#configure-automatic-exclusions).
 7. (Only if necessary) [Set Microsoft Defender Antivirus to passive mode](#need-to-set-microsoft-defender-antivirus-to-passive-mode).
 
-## Enable the user interface on Windows Server 2016 or 2019
+## Enable the user interface on Windows Server
 
-By default, Microsoft Defender Antivirus is installed and functional on Windows Server 2016 and 2019. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. And if the GUI is not installed on your server, you can add it by using the Add Roles and Features Wizard or by using PowerShell.
+By default, Microsoft Defender Antivirus is installed and functional on Windows Server. The user interface (GUI) is installed by default on some SKUs, but is not required because you can use PowerShell or other methods to manage Microsoft Defender Antivirus. If the GUI is not installed on your server, you can add it by using the **Add Roles and Features** wizard, or by using PowerShell cmdlets.
 
 ### Turn on the GUI using the Add Roles and Features Wizard
 
-1. Refer to [this article](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**.
+1. See [Install roles, role services, and features by using the add Roles and Features Wizard](https://docs.microsoft.com/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features#install-roles-role-services-and-features-by-using-the-add-roles-and-features-wizard), and use the **Add Roles and Features Wizard**.
 
 2. When you get to the **Features** step of the wizard, under **Windows Defender Features**, select the **GUI for Windows Defender** option.
 
-In Windows Server 2016, the **Add Roles and Features Wizard** looks like this:
+   In Windows Server 2016, the **Add Roles and Features Wizard** looks like this:
 
-![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
+   ![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
 
-In Windows Server 2019, the **Add Roles and Feature Wizard** looks much the same.
+   In Windows Server 2019, the **Add Roles and Feature Wizard** is similar.
 
 ### Turn on the GUI using PowerShell
 
@@ -66,7 +69,7 @@ The following PowerShell cmdlet will enable the interface:
 Install-WindowsFeature -Name Windows-Defender-GUI
 ```
 
-## Install Microsoft Defender Antivirus on Windows Server 2016 or 2019
+## Install Microsoft Defender Antivirus on Windows Server
 
 You can use either the **Add Roles and Features Wizard** or PowerShell to install Microsoft Defender Antivirus.
 
@@ -111,7 +114,7 @@ The `sc query` command returns information about the Microsoft Defender Antiviru
 
 ## Update antimalware Security intelligence 
 
-In order to get updated antimalware Security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.
+To get updated antimalware security intelligence, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Microsoft Defender Antivirus Security intelligence are approved for the computers you manage.
 
 By default, Windows Update does not download and install updates automatically on Windows Server 2019 or Windows Server 2016. You can change this configuration by using one of the following methods:
 
@@ -195,10 +198,22 @@ To turn off the Microsoft Defender Antivirus GUI, use the following PowerShell c
 Uninstall-WindowsFeature -Name Windows-Defender-GUI
 ```
 
+### Are you using Windows Server 2016?
+
+If you are using Windows Server 2016 and a third-party antimalware/antivirus product that is not offered or developed by Microsoft, you'll need to disable/uninstall Microsoft Defender Antivirus. 
+
+> [!NOTE]
+> You can't uninstall the Windows Security app, but you can disable the interface with these instructions.
+
+The following PowerShell cmdlet uninstalls Microsoft Defender Antivirus on Windows Server 2016:
+
+```PowerShell
+Uninstall-WindowsFeature -Name Windows-Defender
+```
+
 ## See also
 
 - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
-
-- [Configure exclusions in Microsoft Defender AV on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md) 
+- [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
 
 

From e72cde14b8c06a9e8261c1e1ea7ee71c4afa0ea6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:38:51 -0800
Subject: [PATCH 151/396] Update
 microsoft-defender-antivirus-on-windows-server-2016.md

---
 .../microsoft-defender-antivirus-on-windows-server-2016.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
index 353bfe7752..abb618c7a2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
@@ -1,5 +1,5 @@
 ---
-title: Microsoft Defender Antivirus on Windows Server 2016 and 2019
+title: Microsoft Defender Antivirus on Windows Server
 description: Learn how to enable and configure Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019.
 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
 search.product: eADQiWindows 10XVcnh
@@ -15,7 +15,7 @@ ms.reviewer: pahuijbr, shwjha
 manager: dansimp
 ---
 
-# Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019
+# Microsoft Defender Antivirus on Windows Server
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 

From 400c3845e5e3d30912695c0762f6cfa43480681a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 20 Jan 2021 17:43:58 -0800
Subject: [PATCH 152/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index a6bc15c92a..48a74184e5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -48,8 +48,8 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No  | Active mode |
 | Windows Server 2016 | Microsoft Defender Antivirus | Yes | Active mode |
 | Windows Server 2016 | Microsoft Defender Antivirus | No | Active mode |
-| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually) |
-| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually) |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
 
 (<a id="fn1">1</a>)  On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
 
@@ -62,7 +62,9 @@ If you are using Windows Server, version 1803 or newer, or Windows Server 2019,
 > [!NOTE]
 > The `ForceDefenderPassiveMode` registry key is not supported on Windows Server 2016.
 
-See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
+(<a id="fn2">2</a>) On Windows Server 2016, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In addition, Microsoft Defender Antivirus is not supported in passive mode. In those cases, [disable/uninstall Microsoft Defender Antivirus manually](microsoft-defender-antivirus-on-windows-server-2016.md#are-you-using-windows-server-2016) to prevent problems caused by having multiple antivirus products installed on a server.
+
+See [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
 
 > [!IMPORTANT]
 > Microsoft Defender Antivirus is only available on devices running Windows 10, Windows Server 2016, Windows Server, version 1803 or later, and Windows Server 2019.

From 335d1e5f9d55d815a9568d45ffa5a8f55d34fc37 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Wed, 20 Jan 2021 18:15:27 -0800
Subject: [PATCH 153/396] fixing policy conflict description

---
 .../hello-manage-in-organization.md              | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 18f6f3dbf0..c21280812b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -15,7 +15,7 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 4/16/2017
+ms.date: 1/20/2021
 ---
 
 # Manage Windows Hello for Business in your organization
@@ -369,9 +369,11 @@ For more information about using the PIN recovery service for PIN reset see [Win
 
 Windows Hello for Business is designed to be managed by Group Policy or MDM but not a combination of both. If policies are set from both sources it can result in a mixed result of what is actually enforced for a user or device.
 
-Policies for Windows Hello for Business are enforced using the following hierarchy: User Group Policy > Computer Group Policy > User MDM > Device MDM > Device Lock policy. All PIN complexity policies are grouped together and enforced from a single policy source.
+Policies for Windows Hello for Business are enforced using the following hierarchy: User Group Policy > Computer Group Policy > User MDM > Device MDM > Device Lock policy. 
 
-Use a hardware security device and RequireSecurityDevice enforcement are also grouped together with PIN complexity policy. Conflict resolution for other Windows Hello for Business policies is enforced on a per policy basis.  
+Feature enablement policy and certificate trust policy are grouped together and enforced from the same source (either GP or MDM), based on the rule above. The Use Passport for Work policy is used to determine the winning policy source.
+
+All PIN complexity policies, are grouped separately from feature enablement and are enforced from a single policy source. Use a hardware security device and RequireSecurityDevice enforcement are also grouped together with PIN complexity policy. Conflict resolution for other Windows Hello for Business policies are enforced on a per policy basis.  
 
 >[!NOTE]
 > Windows Hello for Business policy conflict resolution logic does not respect the ControlPolicyConflict/MDMWinsOverGP policy in the Policy CSP.
@@ -382,8 +384,6 @@ Use a hardware security device and RequireSecurityDevice enforcement are also gr
 >
 >- Use Windows Hello for Business - Enabled
 >- User certificate for on-premises authentication - Enabled
->- Require digits - Enabled
->- Minimum PIN length - 6
 >
 >The following are configured using device MDM Policy:
 >
@@ -398,8 +398,10 @@ Use a hardware security device and RequireSecurityDevice enforcement are also gr
 >
 >- Use Windows Hello for Business - Enabled
 >- Use certificate for on-premises authentication - Enabled
->- Require digits - Enabled
->- Minimum PIN length - 6d
+>- MinimumPINLength - 8
+>- Digits - 1
+>- LowercaseLetters - 1
+>- SpecialCharacters - 1
 
 ## How to use Windows Hello for Business with Azure Active Directory
 

From f58a1d313db4131878d90d90a046a0bf8977b0d2 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 21 Jan 2021 19:07:44 +0530
Subject: [PATCH 154/396] changed minutes to seconds

as per user report #8995 , so i changed minutes to seconds
i took help from below site
**https://docs.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-asprov/7dcdd2c3-43ca-4425-b8d4-443b1d2c0638**
---
 windows/client-management/mdm/policy-csp-devicelock.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index f68a71f820..b106637736 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -677,7 +677,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
+Specifies the maximum amount of time (in seconds) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
 
 * On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
 * On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.

From dcfe63e86640629e005d2ac01d4ef8389d3059b6 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 21 Jan 2021 09:51:09 -0800
Subject: [PATCH 155/396] Acrolinx: "se;ect", "Powershell"

---
 .../enable-exploit-protection.md                      | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index aafa081de2..2ff87af1ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -96,7 +96,7 @@ The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an
 
 3. Go to **Program settings** and choose the app you want to apply mitigations to.<br/>
     - If the app you want to configure is already listed, select it, and then select **Edit**.
-    - If the app is not listed, at the top of the list se;ect **Add program to customize** and then choose how you want to add the app.<br/>
+    - If the app is not listed, at the top of the list select **Add program to customize** and then choose how you want to add the app.<br/>
      - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
      - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
 
@@ -110,12 +110,15 @@ The result is that DEP is enabled for *test.exe*. DEP will not be enabled for an
 
 2. Go to **Device configuration** > **Profiles** > **Create profile**.
 
-3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.<br/>
+3. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
+
    ![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)<br/>
 
 4. Select **Configure** > **Windows Defender Exploit Guard** > **Exploit protection**.
 
-5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:<br/>![Enable network protection in Intune](../images/enable-ep-intune.png)<br/>
+5. Upload an [XML file](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) with the exploit protection settings:
+
+   ![Enable network protection in Intune](../images/enable-ep-intune.png)<br/>
 
 6. Select **OK** to save each open blade, and then choose **Create**.
 
@@ -249,7 +252,7 @@ This table lists the individual **Mitigations** (and **Audits**, when available)
 ```PowerShell
 Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
 ```
-<a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via Powershell cmdlets.
+<a href="#t2" id="r2">\[2\]</a>: Audit for this mitigation is not available via PowerShell cmdlets.
 
 ## Customize the notification
 

From c93d7f2b6c92de90d27d9a8f396bc4228707d38e Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 21 Jan 2021 10:21:50 -0800
Subject: [PATCH 156/396] massive prod & technology metadata update

---
 .../advanced-security-audit-policy-settings.md    |  3 ++-
 .../auditing/advanced-security-auditing-faq.md    |  3 ++-
 .../auditing/advanced-security-auditing.md        |  3 ++-
 ...oring-recommendations-for-many-audit-events.md |  3 ++-
 ...ly-a-basic-audit-policy-on-a-file-or-folder.md |  3 ++-
 .../auditing/audit-account-lockout.md             |  3 ++-
 .../auditing/audit-application-generated.md       |  3 ++-
 .../audit-application-group-management.md         |  3 ++-
 .../auditing/audit-audit-policy-change.md         |  3 ++-
 .../audit-authentication-policy-change.md         |  3 ++-
 .../auditing/audit-authorization-policy-change.md |  3 ++-
 .../audit-central-access-policy-staging.md        |  3 ++-
 .../auditing/audit-certification-services.md      |  3 ++-
 .../auditing/audit-computer-account-management.md |  3 ++-
 .../auditing/audit-credential-validation.md       |  3 ++-
 ...udit-detailed-directory-service-replication.md |  3 ++-
 .../auditing/audit-detailed-file-share.md         |  3 ++-
 .../auditing/audit-directory-service-access.md    |  3 ++-
 .../auditing/audit-directory-service-changes.md   |  3 ++-
 .../audit-directory-service-replication.md        |  3 ++-
 .../audit-distribution-group-management.md        |  3 ++-
 .../auditing/audit-dpapi-activity.md              |  3 ++-
 .../auditing/audit-file-share.md                  |  3 ++-
 .../auditing/audit-file-system.md                 |  3 ++-
 .../audit-filtering-platform-connection.md        |  3 ++-
 .../audit-filtering-platform-packet-drop.md       |  3 ++-
 .../audit-filtering-platform-policy-change.md     |  3 ++-
 .../auditing/audit-group-membership.md            |  3 ++-
 .../auditing/audit-handle-manipulation.md         |  3 ++-
 .../auditing/audit-ipsec-driver.md                |  3 ++-
 .../auditing/audit-ipsec-extended-mode.md         |  3 ++-
 .../auditing/audit-ipsec-main-mode.md             |  3 ++-
 .../auditing/audit-ipsec-quick-mode.md            |  3 ++-
 .../audit-kerberos-authentication-service.md      |  3 ++-
 .../audit-kerberos-service-ticket-operations.md   |  3 ++-
 .../auditing/audit-kernel-object.md               |  3 ++-
 .../threat-protection/auditing/audit-logoff.md    |  3 ++-
 .../threat-protection/auditing/audit-logon.md     |  3 ++-
 .../audit-mpssvc-rule-level-policy-change.md      |  3 ++-
 .../auditing/audit-network-policy-server.md       |  3 ++-
 .../auditing/audit-non-sensitive-privilege-use.md |  3 ++-
 .../auditing/audit-other-account-logon-events.md  |  3 ++-
 .../audit-other-account-management-events.md      |  3 ++-
 .../auditing/audit-other-logonlogoff-events.md    |  3 ++-
 .../auditing/audit-other-object-access-events.md  |  3 ++-
 .../auditing/audit-other-policy-change-events.md  |  3 ++-
 .../auditing/audit-other-privilege-use-events.md  |  5 +++--
 .../auditing/audit-other-system-events.md         |  3 ++-
 .../auditing/audit-pnp-activity.md                |  3 ++-
 .../auditing/audit-process-creation.md            |  3 ++-
 .../auditing/audit-process-termination.md         |  3 ++-
 .../threat-protection/auditing/audit-registry.md  |  3 ++-
 .../auditing/audit-removable-storage.md           |  3 ++-
 .../auditing/audit-rpc-events.md                  |  3 ++-
 .../threat-protection/auditing/audit-sam.md       |  3 ++-
 .../auditing/audit-security-group-management.md   |  3 ++-
 .../auditing/audit-security-state-change.md       |  3 ++-
 .../auditing/audit-security-system-extension.md   |  3 ++-
 .../auditing/audit-sensitive-privilege-use.md     |  3 ++-
 .../auditing/audit-special-logon.md               |  3 ++-
 .../auditing/audit-system-integrity.md            |  3 ++-
 .../auditing/audit-token-right-adjusted.md        |  3 ++-
 .../auditing/audit-user-account-management.md     |  3 ++-
 .../auditing/audit-user-device-claims.md          |  3 ++-
 .../auditing/basic-audit-account-logon-events.md  |  3 ++-
 .../auditing/basic-audit-account-management.md    |  3 ++-
 .../basic-audit-directory-service-access.md       |  3 ++-
 .../auditing/basic-audit-logon-events.md          |  3 ++-
 .../auditing/basic-audit-object-access.md         |  3 ++-
 .../auditing/basic-audit-policy-change.md         |  3 ++-
 .../auditing/basic-audit-privilege-use.md         |  3 ++-
 .../auditing/basic-audit-process-tracking.md      |  3 ++-
 .../auditing/basic-audit-system-events.md         |  3 ++-
 .../auditing/basic-security-audit-policies.md     |  3 ++-
 .../basic-security-audit-policy-settings.md       |  3 ++-
 ...audit-policy-settings-for-an-event-category.md |  3 ++-
 .../threat-protection/auditing/event-1100.md      |  3 ++-
 .../threat-protection/auditing/event-1102.md      |  3 ++-
 .../threat-protection/auditing/event-1104.md      |  5 +++--
 .../threat-protection/auditing/event-1105.md      |  3 ++-
 .../threat-protection/auditing/event-1108.md      |  3 ++-
 .../threat-protection/auditing/event-4608.md      |  3 ++-
 .../threat-protection/auditing/event-4610.md      |  3 ++-
 .../threat-protection/auditing/event-4611.md      |  3 ++-
 .../threat-protection/auditing/event-4612.md      |  3 ++-
 .../threat-protection/auditing/event-4614.md      |  3 ++-
 .../threat-protection/auditing/event-4615.md      |  3 ++-
 .../threat-protection/auditing/event-4616.md      |  3 ++-
 .../threat-protection/auditing/event-4618.md      |  3 ++-
 .../threat-protection/auditing/event-4621.md      |  3 ++-
 .../threat-protection/auditing/event-4622.md      |  3 ++-
 .../threat-protection/auditing/event-4624.md      |  3 ++-
 .../threat-protection/auditing/event-4625.md      |  3 ++-
 .../threat-protection/auditing/event-4626.md      |  3 ++-
 .../threat-protection/auditing/event-4627.md      |  3 ++-
 .../threat-protection/auditing/event-4634.md      |  3 ++-
 .../threat-protection/auditing/event-4647.md      |  3 ++-
 .../threat-protection/auditing/event-4648.md      |  3 ++-
 .../threat-protection/auditing/event-4649.md      |  3 ++-
 .../threat-protection/auditing/event-4656.md      |  3 ++-
 .../threat-protection/auditing/event-4657.md      |  3 ++-
 .../threat-protection/auditing/event-4658.md      |  3 ++-
 .../threat-protection/auditing/event-4660.md      |  3 ++-
 .../threat-protection/auditing/event-4661.md      |  3 ++-
 .../threat-protection/auditing/event-4662.md      |  3 ++-
 .../threat-protection/auditing/event-4663.md      |  3 ++-
 .../threat-protection/auditing/event-4664.md      |  3 ++-
 .../threat-protection/auditing/event-4670.md      |  3 ++-
 .../threat-protection/auditing/event-4671.md      |  3 ++-
 .../threat-protection/auditing/event-4672.md      |  3 ++-
 .../threat-protection/auditing/event-4673.md      |  3 ++-
 .../threat-protection/auditing/event-4674.md      |  3 ++-
 .../threat-protection/auditing/event-4675.md      |  3 ++-
 .../threat-protection/auditing/event-4688.md      |  3 ++-
 .../threat-protection/auditing/event-4689.md      |  3 ++-
 .../threat-protection/auditing/event-4690.md      |  3 ++-
 .../threat-protection/auditing/event-4691.md      |  3 ++-
 .../threat-protection/auditing/event-4692.md      |  3 ++-
 .../threat-protection/auditing/event-4693.md      |  3 ++-
 .../threat-protection/auditing/event-4694.md      |  3 ++-
 .../threat-protection/auditing/event-4695.md      |  3 ++-
 .../threat-protection/auditing/event-4696.md      |  3 ++-
 .../threat-protection/auditing/event-4697.md      |  3 ++-
 .../threat-protection/auditing/event-4698.md      |  3 ++-
 .../threat-protection/auditing/event-4699.md      |  3 ++-
 .../threat-protection/auditing/event-4700.md      |  3 ++-
 .../threat-protection/auditing/event-4701.md      |  3 ++-
 .../threat-protection/auditing/event-4702.md      |  3 ++-
 .../threat-protection/auditing/event-4703.md      |  3 ++-
 .../threat-protection/auditing/event-4704.md      |  3 ++-
 .../threat-protection/auditing/event-4705.md      |  3 ++-
 .../threat-protection/auditing/event-4706.md      |  3 ++-
 .../threat-protection/auditing/event-4707.md      |  3 ++-
 .../threat-protection/auditing/event-4713.md      |  3 ++-
 .../threat-protection/auditing/event-4714.md      |  3 ++-
 .../threat-protection/auditing/event-4715.md      |  3 ++-
 .../threat-protection/auditing/event-4716.md      |  3 ++-
 .../threat-protection/auditing/event-4717.md      |  3 ++-
 .../threat-protection/auditing/event-4718.md      |  3 ++-
 .../threat-protection/auditing/event-4719.md      |  3 ++-
 .../threat-protection/auditing/event-4720.md      |  3 ++-
 .../threat-protection/auditing/event-4722.md      |  3 ++-
 .../threat-protection/auditing/event-4723.md      |  3 ++-
 .../threat-protection/auditing/event-4724.md      |  3 ++-
 .../threat-protection/auditing/event-4725.md      |  3 ++-
 .../threat-protection/auditing/event-4726.md      |  3 ++-
 .../threat-protection/auditing/event-4731.md      |  3 ++-
 .../threat-protection/auditing/event-4732.md      |  3 ++-
 .../threat-protection/auditing/event-4733.md      |  3 ++-
 .../threat-protection/auditing/event-4734.md      |  3 ++-
 .../threat-protection/auditing/event-4735.md      |  3 ++-
 .../threat-protection/auditing/event-4738.md      |  3 ++-
 .../threat-protection/auditing/event-4739.md      |  3 ++-
 .../threat-protection/auditing/event-4740.md      |  3 ++-
 .../threat-protection/auditing/event-4741.md      |  3 ++-
 .../threat-protection/auditing/event-4742.md      |  3 ++-
 .../threat-protection/auditing/event-4743.md      |  3 ++-
 .../threat-protection/auditing/event-4749.md      |  3 ++-
 .../threat-protection/auditing/event-4750.md      |  3 ++-
 .../threat-protection/auditing/event-4751.md      |  3 ++-
 .../threat-protection/auditing/event-4752.md      |  3 ++-
 .../threat-protection/auditing/event-4753.md      |  3 ++-
 .../threat-protection/auditing/event-4764.md      |  5 +++--
 .../threat-protection/auditing/event-4765.md      |  3 ++-
 .../threat-protection/auditing/event-4766.md      |  3 ++-
 .../threat-protection/auditing/event-4767.md      |  3 ++-
 .../threat-protection/auditing/event-4768.md      |  3 ++-
 .../threat-protection/auditing/event-4769.md      |  3 ++-
 .../threat-protection/auditing/event-4770.md      |  3 ++-
 .../threat-protection/auditing/event-4771.md      |  3 ++-
 .../threat-protection/auditing/event-4772.md      |  3 ++-
 .../threat-protection/auditing/event-4773.md      |  3 ++-
 .../threat-protection/auditing/event-4774.md      |  3 ++-
 .../threat-protection/auditing/event-4775.md      |  3 ++-
 .../threat-protection/auditing/event-4776.md      |  3 ++-
 .../threat-protection/auditing/event-4777.md      |  3 ++-
 .../threat-protection/auditing/event-4778.md      |  3 ++-
 .../threat-protection/auditing/event-4779.md      |  3 ++-
 .../threat-protection/auditing/event-4780.md      |  3 ++-
 .../threat-protection/auditing/event-4781.md      |  3 ++-
 .../threat-protection/auditing/event-4782.md      |  3 ++-
 .../threat-protection/auditing/event-4793.md      |  3 ++-
 .../threat-protection/auditing/event-4794.md      |  3 ++-
 .../threat-protection/auditing/event-4798.md      |  3 ++-
 .../threat-protection/auditing/event-4799.md      |  3 ++-
 .../threat-protection/auditing/event-4800.md      |  3 ++-
 .../threat-protection/auditing/event-4801.md      |  3 ++-
 .../threat-protection/auditing/event-4802.md      |  3 ++-
 .../threat-protection/auditing/event-4803.md      |  3 ++-
 .../threat-protection/auditing/event-4816.md      |  3 ++-
 .../threat-protection/auditing/event-4817.md      |  3 ++-
 .../threat-protection/auditing/event-4818.md      |  3 ++-
 .../threat-protection/auditing/event-4819.md      |  3 ++-
 .../threat-protection/auditing/event-4826.md      |  3 ++-
 .../threat-protection/auditing/event-4864.md      |  3 ++-
 .../threat-protection/auditing/event-4865.md      |  3 ++-
 .../threat-protection/auditing/event-4866.md      |  3 ++-
 .../threat-protection/auditing/event-4867.md      |  3 ++-
 .../threat-protection/auditing/event-4902.md      |  3 ++-
 .../threat-protection/auditing/event-4904.md      |  3 ++-
 .../threat-protection/auditing/event-4905.md      |  3 ++-
 .../threat-protection/auditing/event-4906.md      |  3 ++-
 .../threat-protection/auditing/event-4907.md      |  3 ++-
 .../threat-protection/auditing/event-4908.md      |  3 ++-
 .../threat-protection/auditing/event-4909.md      |  3 ++-
 .../threat-protection/auditing/event-4910.md      |  3 ++-
 .../threat-protection/auditing/event-4911.md      |  3 ++-
 .../threat-protection/auditing/event-4912.md      |  3 ++-
 .../threat-protection/auditing/event-4913.md      |  3 ++-
 .../threat-protection/auditing/event-4928.md      |  3 ++-
 .../threat-protection/auditing/event-4929.md      |  3 ++-
 .../threat-protection/auditing/event-4930.md      |  3 ++-
 .../threat-protection/auditing/event-4931.md      |  3 ++-
 .../threat-protection/auditing/event-4932.md      |  3 ++-
 .../threat-protection/auditing/event-4933.md      |  3 ++-
 .../threat-protection/auditing/event-4934.md      |  3 ++-
 .../threat-protection/auditing/event-4935.md      |  3 ++-
 .../threat-protection/auditing/event-4936.md      |  3 ++-
 .../threat-protection/auditing/event-4937.md      |  3 ++-
 .../threat-protection/auditing/event-4944.md      |  3 ++-
 .../threat-protection/auditing/event-4945.md      |  3 ++-
 .../threat-protection/auditing/event-4946.md      |  3 ++-
 .../threat-protection/auditing/event-4947.md      |  3 ++-
 .../threat-protection/auditing/event-4948.md      |  3 ++-
 .../threat-protection/auditing/event-4949.md      |  3 ++-
 .../threat-protection/auditing/event-4950.md      |  3 ++-
 .../threat-protection/auditing/event-4951.md      |  3 ++-
 .../threat-protection/auditing/event-4952.md      |  3 ++-
 .../threat-protection/auditing/event-4953.md      |  3 ++-
 .../threat-protection/auditing/event-4954.md      |  3 ++-
 .../threat-protection/auditing/event-4956.md      |  3 ++-
 .../threat-protection/auditing/event-4957.md      |  3 ++-
 .../threat-protection/auditing/event-4958.md      |  3 ++-
 .../threat-protection/auditing/event-4964.md      |  3 ++-
 .../threat-protection/auditing/event-4985.md      |  3 ++-
 .../threat-protection/auditing/event-5024.md      |  3 ++-
 .../threat-protection/auditing/event-5025.md      |  3 ++-
 .../threat-protection/auditing/event-5027.md      |  5 +++--
 .../threat-protection/auditing/event-5028.md      |  3 ++-
 .../threat-protection/auditing/event-5029.md      |  3 ++-
 .../threat-protection/auditing/event-5030.md      |  3 ++-
 .../threat-protection/auditing/event-5031.md      |  3 ++-
 .../threat-protection/auditing/event-5032.md      |  3 ++-
 .../threat-protection/auditing/event-5033.md      |  3 ++-
 .../threat-protection/auditing/event-5034.md      |  3 ++-
 .../threat-protection/auditing/event-5035.md      |  3 ++-
 .../threat-protection/auditing/event-5037.md      |  3 ++-
 .../threat-protection/auditing/event-5038.md      |  3 ++-
 .../threat-protection/auditing/event-5039.md      |  3 ++-
 .../threat-protection/auditing/event-5051.md      |  3 ++-
 .../threat-protection/auditing/event-5056.md      |  3 ++-
 .../threat-protection/auditing/event-5057.md      |  3 ++-
 .../threat-protection/auditing/event-5058.md      |  3 ++-
 .../threat-protection/auditing/event-5059.md      |  3 ++-
 .../threat-protection/auditing/event-5060.md      |  3 ++-
 .../threat-protection/auditing/event-5061.md      |  3 ++-
 .../threat-protection/auditing/event-5062.md      |  3 ++-
 .../threat-protection/auditing/event-5063.md      |  3 ++-
 .../threat-protection/auditing/event-5064.md      |  3 ++-
 .../threat-protection/auditing/event-5065.md      |  3 ++-
 .../threat-protection/auditing/event-5066.md      |  3 ++-
 .../threat-protection/auditing/event-5067.md      |  3 ++-
 .../threat-protection/auditing/event-5068.md      |  3 ++-
 .../threat-protection/auditing/event-5069.md      |  3 ++-
 .../threat-protection/auditing/event-5070.md      |  3 ++-
 .../threat-protection/auditing/event-5136.md      |  3 ++-
 .../threat-protection/auditing/event-5137.md      |  3 ++-
 .../threat-protection/auditing/event-5138.md      |  3 ++-
 .../threat-protection/auditing/event-5139.md      |  3 ++-
 .../threat-protection/auditing/event-5140.md      |  3 ++-
 .../threat-protection/auditing/event-5141.md      |  3 ++-
 .../threat-protection/auditing/event-5142.md      |  3 ++-
 .../threat-protection/auditing/event-5143.md      |  3 ++-
 .../threat-protection/auditing/event-5144.md      |  3 ++-
 .../threat-protection/auditing/event-5145.md      |  3 ++-
 .../threat-protection/auditing/event-5148.md      |  3 ++-
 .../threat-protection/auditing/event-5149.md      |  3 ++-
 .../threat-protection/auditing/event-5150.md      |  3 ++-
 .../threat-protection/auditing/event-5151.md      |  3 ++-
 .../threat-protection/auditing/event-5152.md      |  3 ++-
 .../threat-protection/auditing/event-5153.md      |  3 ++-
 .../threat-protection/auditing/event-5154.md      |  3 ++-
 .../threat-protection/auditing/event-5155.md      |  3 ++-
 .../threat-protection/auditing/event-5156.md      |  3 ++-
 .../threat-protection/auditing/event-5157.md      |  3 ++-
 .../threat-protection/auditing/event-5158.md      |  3 ++-
 .../threat-protection/auditing/event-5159.md      |  3 ++-
 .../threat-protection/auditing/event-5168.md      |  3 ++-
 .../threat-protection/auditing/event-5376.md      |  3 ++-
 .../threat-protection/auditing/event-5377.md      |  3 ++-
 .../threat-protection/auditing/event-5378.md      |  3 ++-
 .../threat-protection/auditing/event-5447.md      |  3 ++-
 .../threat-protection/auditing/event-5632.md      |  3 ++-
 .../threat-protection/auditing/event-5633.md      |  3 ++-
 .../threat-protection/auditing/event-5712.md      |  3 ++-
 .../threat-protection/auditing/event-5888.md      |  3 ++-
 .../threat-protection/auditing/event-5889.md      |  3 ++-
 .../threat-protection/auditing/event-5890.md      |  3 ++-
 .../threat-protection/auditing/event-6144.md      |  3 ++-
 .../threat-protection/auditing/event-6145.md      |  3 ++-
 .../threat-protection/auditing/event-6281.md      |  3 ++-
 .../threat-protection/auditing/event-6400.md      |  3 ++-
 .../threat-protection/auditing/event-6401.md      |  3 ++-
 .../threat-protection/auditing/event-6402.md      |  3 ++-
 .../threat-protection/auditing/event-6403.md      |  3 ++-
 .../threat-protection/auditing/event-6404.md      |  3 ++-
 .../threat-protection/auditing/event-6405.md      |  3 ++-
 .../threat-protection/auditing/event-6406.md      |  3 ++-
 .../threat-protection/auditing/event-6407.md      |  3 ++-
 .../threat-protection/auditing/event-6408.md      |  3 ++-
 .../threat-protection/auditing/event-6409.md      |  3 ++-
 .../threat-protection/auditing/event-6410.md      |  3 ++-
 .../threat-protection/auditing/event-6416.md      |  3 ++-
 .../threat-protection/auditing/event-6419.md      |  3 ++-
 .../threat-protection/auditing/event-6420.md      |  3 ++-
 .../threat-protection/auditing/event-6421.md      |  3 ++-
 .../threat-protection/auditing/event-6422.md      |  3 ++-
 .../threat-protection/auditing/event-6423.md      |  3 ++-
 .../threat-protection/auditing/event-6424.md      |  3 ++-
 .../file-system-global-object-access-auditing.md  |  3 ++-
 .../how-to-list-xml-elements-in-eventdata.md      |  3 ++-
 ...-central-access-policy-and-rule-definitions.md |  3 ++-
 .../auditing/monitor-claim-types.md               |  3 ++-
 .../monitor-resource-attribute-definitions.md     |  3 ++-
 ...-policies-associated-with-files-and-folders.md |  3 ++-
 ...access-policies-that-apply-on-a-file-server.md |  3 ++-
 ...he-resource-attributes-on-files-and-folders.md |  3 ++-
 ...onitor-the-use-of-removable-storage-devices.md |  5 +++--
 ...nitor-user-and-device-claims-during-sign-in.md |  3 ++-
 .../threat-protection/auditing/other-events.md    |  3 ++-
 ...-deploying-advanced-security-audit-policies.md |  3 ++-
 .../registry-global-object-access-auditing.md     |  3 ++-
 .../auditing/security-auditing-overview.md        |  3 ++-
 ...s-to-monitor-dynamic-access-control-objects.md |  3 ++-
 .../auditing/view-the-security-event-log.md       |  3 ++-
 ...support-advanced-audit-policy-configuration.md |  3 ++-
 .../block-untrusted-fonts-in-enterprise.md        |  3 ++-
 .../change-history-for-threat-protection.md       |  5 +++--
 .../control-usb-devices-using-intune.md           |  3 ++-
 .../device-control/device-control-report.md       |  3 ++-
 ...lization-based-protection-of-code-integrity.md |  3 ++-
 ...ty-and-windows-defender-application-control.md |  3 ++-
 .../device-guard/memory-integrity.md              |  3 ++-
 ...lization-based-protection-of-code-integrity.md |  3 ++-
 .../threat-protection/fips-140-validation.md      |  3 ++-
 .../get-support-for-security-baselines.md         |  3 ++-
 windows/security/threat-protection/index.md       |  3 ++-
 .../intelligence/coinminer-malware.md             |  5 +++--
 .../coordinated-malware-eradication.md            |  5 +++--
 .../threat-protection/intelligence/criteria.md    |  5 +++--
 .../cybersecurity-industry-partners.md            |  5 +++--
 .../intelligence/developer-faq.md                 |  5 +++--
 .../intelligence/developer-resources.md           |  5 +++--
 .../intelligence/exploits-malware.md              |  5 +++--
 .../intelligence/fileless-threats.md              |  7 ++++---
 .../threat-protection/intelligence/index.md       |  5 +++--
 .../intelligence/macro-malware.md                 |  5 +++--
 .../intelligence/malware-naming.md                |  5 +++--
 .../intelligence/phishing-trends.md               |  5 +++--
 .../threat-protection/intelligence/phishing.md    |  5 +++--
 .../portal-submission-troubleshooting.md          |  5 +++--
 .../intelligence/prevent-malware-infection.md     |  5 +++--
 .../intelligence/ransomware-malware.md            |  5 +++--
 .../intelligence/rootkits-malware.md              |  5 +++--
 .../intelligence/safety-scanner-download.md       |  5 +++--
 .../intelligence/submission-guide.md              |  5 +++--
 .../intelligence/supply-chain-malware.md          |  5 +++--
 .../intelligence/support-scams.md                 |  5 +++--
 .../intelligence/trojans-malware.md               |  5 +++--
 .../intelligence/understanding-malware.md         |  5 +++--
 .../intelligence/unwanted-software.md             |  5 +++--
 .../virus-information-alliance-criteria.md        |  5 +++--
 .../intelligence/virus-initiative-criteria.md     |  5 +++--
 .../intelligence/worms-malware.md                 |  5 +++--
 .../mbsa-removal-and-guidance.md                  |  3 ++-
 .../antivirus-false-positives-negatives.md        |  5 +++--
 .../collect-diagnostic-data-update-compliance.md  |  3 ++-
 .../collect-diagnostic-data.md                    |  3 ++-
 ...line-arguments-microsoft-defender-antivirus.md |  5 +++--
 ...usion-mistakes-microsoft-defender-antivirus.md |  3 ++-
 ...ment-reference-microsoft-defender-antivirus.md |  3 ++-
 ...ced-scan-types-microsoft-defender-antivirus.md |  4 ++--
 ...at-first-sight-microsoft-defender-antivirus.md |  3 ++-
 ...timeout-period-microsoft-defender-antivirus.md |  3 ++-
 ...er-interaction-microsoft-defender-antivirus.md |  3 ++-
 ...ure-exclusions-microsoft-defender-antivirus.md |  3 ++-
 ...ile-exclusions-microsoft-defender-antivirus.md |  3 ++-
 ...licy-overrides-microsoft-defender-antivirus.md |  3 ++-
 ...igure-microsoft-defender-antivirus-features.md |  3 ++-
 ...rk-connections-microsoft-defender-antivirus.md |  3 ++-
 ...-notifications-microsoft-defender-antivirus.md |  3 ++-
 ...ile-exclusions-microsoft-defender-antivirus.md |  3 ++-
 ...ction-features-microsoft-defender-antivirus.md |  3 ++-
 ...ime-protection-microsoft-defender-antivirus.md |  3 ++-
 ...re-remediation-microsoft-defender-antivirus.md |  3 ++-
 ...ver-exclusions-microsoft-defender-antivirus.md |  3 ++-
 ...emediate-scans-microsoft-defender-antivirus.md |  3 ++-
 ...-remediate-scans-windows-defender-antivirus.md |  3 ++-
 ...-manage-report-microsoft-defender-antivirus.md |  3 ++-
 .../deploy-microsoft-defender-antivirus.md        |  5 +++--
 ...deployment-vdi-microsoft-defender-antivirus.md |  3 ++-
 ...-unwanted-apps-microsoft-defender-antivirus.md |  3 ++-
 ...oud-protection-microsoft-defender-antivirus.md |  3 ++-
 .../evaluate-microsoft-defender-antivirus.md      |  3 ++-
 ...iodic-scanning-microsoft-defender-antivirus.md |  3 ++-
 ...-based-updates-microsoft-defender-antivirus.md |  3 ++-
 ...ated-endpoints-microsoft-defender-antivirus.md |  3 ++-
 ...pdate-schedule-microsoft-defender-antivirus.md |  5 +++--
 ...ection-updates-microsoft-defender-antivirus.md |  3 ++-
 ...ates-baselines-microsoft-defender-antivirus.md |  3 ++-
 ...le-devices-vms-microsoft-defender-antivirus.md |  3 ++-
 .../microsoft-defender-antivirus-compatibility.md |  3 ++-
 .../microsoft-defender-antivirus-in-windows-10.md |  3 ++-
 ...t-defender-antivirus-on-windows-server-2016.md |  3 ++-
 .../microsoft-defender-offline.md                 |  3 ++-
 ...icrosoft-defender-security-center-antivirus.md |  3 ++-
 .../office-365-microsoft-defender-antivirus.md    | 11 ++++++-----
 ...to-security-settings-with-tamper-protection.md |  3 ++-
 ...er-interaction-microsoft-defender-antivirus.md |  3 ++-
 ...report-monitor-microsoft-defender-antivirus.md |  3 ++-
 ...rantined-files-microsoft-defender-antivirus.md |  3 ++-
 ...w-scan-results-microsoft-defender-antivirus.md |  5 +++--
 .../run-scan-microsoft-defender-antivirus.md      |  3 ++-
 ...catch-up-scans-microsoft-defender-antivirus.md |  3 ++-
 ...otection-level-microsoft-defender-antivirus.md |  3 ++-
 ...microsoft-defender-antivirus-when-migrating.md |  3 ++-
 .../troubleshoot-microsoft-defender-antivirus.md  |  3 ++-
 .../troubleshoot-reporting.md                     |  3 ++-
 ...e-group-policy-microsoft-defender-antivirus.md |  3 ++-
 ...config-manager-microsoft-defender-antivirus.md |  3 ++-
 ...rshell-cmdlets-microsoft-defender-antivirus.md |  3 ++-
 .../use-wmi-microsoft-defender-antivirus.md       |  3 ++-
 ...oud-protection-microsoft-defender-antivirus.md |  3 ++-
 .../why-use-microsoft-defender-antivirus.md       | 11 ++++++-----
 .../configure-md-app-guard.md                     |  3 ++-
 .../faq-md-app-guard.md                           |  3 ++-
 .../install-md-app-guard.md                       |  3 ++-
 .../md-app-guard-browser-extension.md             |  3 ++-
 .../md-app-guard-overview.md                      |  3 ++-
 .../reqs-md-app-guard.md                          |  3 ++-
 .../test-scenarios-md-app-guard.md                |  3 ++-
 .../Onboard-Windows-10-multi-session-device.md    | 11 ++++++-----
 .../microsoft-defender-atp/access-mssp-portal.md  |  5 +++--
 .../add-or-remove-machine-tags.md                 |  5 +++--
 .../microsoft-defender-atp/advanced-features.md   |  5 +++--
 ...advanced-hunting-assignedipaddress-function.md |  7 ++++---
 .../advanced-hunting-best-practices.md            |  5 +++--
 .../advanced-hunting-devicealertevents-table.md   |  5 +++--
 .../advanced-hunting-deviceevents-table.md        |  5 +++--
 ...ced-hunting-devicefilecertificateinfo-table.md |  5 +++--
 .../advanced-hunting-devicefileevents-table.md    |  7 ++++---
 ...dvanced-hunting-deviceimageloadevents-table.md |  5 +++--
 .../advanced-hunting-deviceinfo-table.md          |  7 ++++---
 .../advanced-hunting-devicelogonevents-table.md   |  5 +++--
 .../advanced-hunting-devicenetworkevents-table.md |  5 +++--
 .../advanced-hunting-devicenetworkinfo-table.md   |  5 +++--
 .../advanced-hunting-deviceprocessevents-table.md |  5 +++--
 ...advanced-hunting-deviceregistryevents-table.md |  5 +++--
 ...evicetvmsecureconfigurationassessment-table.md |  9 +++++----
 ...icetvmsecureconfigurationassessmentkb-table.md |  7 ++++---
 ...cetvmsoftwareinventoryvulnerabilities-table.md |  5 +++--
 ...ng-devicetvmsoftwarevulnerabilitieskb-table.md |  9 +++++----
 .../advanced-hunting-errors.md                    |  5 +++--
 .../advanced-hunting-extend-data.md               | 11 ++++++-----
 .../advanced-hunting-fileprofile-function.md      |  7 ++++---
 .../advanced-hunting-go-hunt.md                   | 13 +++++++------
 .../advanced-hunting-limits.md                    |  5 +++--
 .../advanced-hunting-overview.md                  |  5 +++--
 .../advanced-hunting-query-language.md            |  5 +++--
 .../advanced-hunting-query-results.md             |  5 +++--
 .../advanced-hunting-schema-reference.md          |  5 +++--
 .../advanced-hunting-shared-queries.md            |  5 +++--
 .../advanced-hunting-take-action.md               |  5 +++--
 .../alerts-queue-endpoint-detection-response.md   |  5 +++--
 .../microsoft-defender-atp/alerts-queue.md        |  5 +++--
 .../microsoft-defender-atp/alerts.md              |  3 ++-
 .../microsoft-defender-atp/android-configure.md   | 11 ++++++-----
 .../microsoft-defender-atp/android-intune.md      |  9 +++++----
 .../microsoft-defender-atp/android-privacy.md     |  5 +++--
 .../android-support-signin.md                     |  9 +++++----
 .../microsoft-defender-atp/android-terms.md       |  7 ++++---
 .../microsoft-defender-atp/api-explorer.md        |  9 +++++----
 .../microsoft-defender-atp/api-hello-world.md     |  5 +++--
 .../microsoft-defender-atp/api-microsoft-flow.md  |  5 +++--
 .../microsoft-defender-atp/api-portal-mapping.md  |  5 +++--
 .../microsoft-defender-atp/api-power-bi.md        |  5 +++--
 .../microsoft-defender-atp/api-terms-of-use.md    |  5 +++--
 .../microsoft-defender-atp/apis-intro.md          |  7 ++++---
 .../assign-portal-access.md                       |  5 +++--
 .../microsoft-defender-atp/attack-simulations.md  |  5 +++--
 .../attack-surface-reduction-faq.md               |  3 ++-
 .../attack-surface-reduction.md                   |  3 ++-
 .../audit-windows-defender.md                     |  3 ++-
 .../auto-investigation-action-center.md           |  7 ++++---
 .../automated-investigations.md                   |  6 +++---
 .../microsoft-defender-atp/automation-levels.md   |  6 +++---
 .../microsoft-defender-atp/basic-permissions.md   |  3 ++-
 .../behavioral-blocking-containment.md            | 15 ++++++++-------
 .../microsoft-defender-atp/check-sensor-status.md |  5 +++--
 .../client-behavioral-blocking.md                 | 15 ++++++++-------
 .../collect-investigation-package.md              |  6 +++---
 .../microsoft-defender-atp/common-errors.md       |  7 ++++---
 .../microsoft-defender-atp/community.md           |  5 +++--
 .../microsoft-defender-atp/conditional-access.md  |  5 +++--
 .../microsoft-defender-atp/configure-arcsight.md  |  5 +++--
 .../configure-attack-surface-reduction.md         |  5 +++--
 ...figure-automated-investigations-remediation.md |  4 ++--
 .../configure-conditional-access.md               |  5 +++--
 .../configure-email-notifications.md              |  5 +++--
 .../configure-endpoints-gp.md                     |  5 +++--
 .../configure-endpoints-mdm.md                    |  5 +++--
 .../configure-endpoints-non-windows.md            |  5 +++--
 .../configure-endpoints-sccm.md                   |  5 +++--
 .../configure-endpoints-script.md                 |  5 +++--
 .../configure-endpoints-vdi.md                    |  5 +++--
 .../microsoft-defender-atp/configure-endpoints.md |  5 +++--
 .../configure-machines-asr.md                     |  7 ++++---
 .../configure-machines-onboarding.md              |  5 +++--
 .../configure-machines-security-baseline.md       |  5 +++--
 .../microsoft-defender-atp/configure-machines.md  |  5 +++--
 .../configure-microsoft-threat-experts.md         |  7 ++++---
 .../configure-mssp-notifications.md               |  7 ++++---
 .../configure-mssp-support.md                     |  7 ++++---
 .../configure-proxy-internet.md                   |  7 ++++---
 .../configure-server-endpoints.md                 |  3 ++-
 .../microsoft-defender-atp/configure-siem.md      |  5 +++--
 .../connected-applications.md                     |  7 ++++---
 .../contact-support-usgov.md                      |  5 +++--
 .../microsoft-defender-atp/contact-support.md     |  5 +++--
 .../microsoft-defender-atp/controlled-folders.md  |  3 ++-
 .../create-alert-by-reference.md                  |  5 +++--
 .../custom-detection-rules.md                     |  5 +++--
 .../custom-detections-manage.md                   |  5 +++--
 .../customize-attack-surface-reduction.md         |  3 ++-
 .../customize-controlled-folders.md               |  3 ++-
 .../customize-exploit-protection.md               |  5 +++--
 .../data-retention-settings.md                    |  7 ++++---
 .../data-storage-privacy.md                       |  5 +++--
 .../defender-compatibility.md                     |  7 ++++---
 .../delete-ti-indicator-by-id.md                  |  5 +++--
 .../microsoft-defender-atp/deployment-phases.md   |  9 +++++----
 .../microsoft-defender-atp/deployment-rings.md    |  9 +++++----
 .../microsoft-defender-atp/deployment-strategy.md |  7 ++++---
 .../device-timeline-event-flag.md                 |  7 ++++---
 .../microsoft-defender-atp/edr-in-block-mode.md   | 15 ++++++++-------
 .../enable-attack-surface-reduction.md            |  3 ++-
 .../enable-controlled-folders.md                  |  3 ++-
 .../enable-exploit-protection.md                  |  3 ++-
 .../enable-network-protection.md                  |  3 ++-
 .../enable-siem-integration.md                    |  5 +++--
 .../microsoft-defender-atp/evaluate-atp.md        |  7 ++++---
 .../evaluate-attack-surface-reduction.md          |  3 ++-
 .../evaluate-controlled-folder-access.md          |  3 ++-
 .../evaluate-exploit-protection.md                |  3 ++-
 .../evaluate-network-protection.md                |  3 ++-
 .../microsoft-defender-atp/evaluation-lab.md      |  7 ++++---
 .../microsoft-defender-atp/event-error-codes.md   |  5 +++--
 .../microsoft-defender-atp/event-views.md         |  3 ++-
 .../exploit-protection-reference.md               |  3 ++-
 .../microsoft-defender-atp/exploit-protection.md  |  3 ++-
 .../exposed-apis-create-app-nativeapp.md          |  7 ++++---
 .../exposed-apis-create-app-partners.md           |  5 +++--
 .../exposed-apis-create-app-webapp.md             |  5 +++--
 .../exposed-apis-full-sample-powershell.md        |  7 ++++---
 .../microsoft-defender-atp/exposed-apis-list.md   |  9 +++++----
 .../exposed-apis-odata-samples.md                 |  5 +++--
 .../feedback-loop-blocking.md                     | 11 ++++++-----
 .../microsoft-defender-atp/fetch-alerts-mssp.md   |  5 +++--
 .../microsoft-defender-atp/files.md               |  5 +++--
 .../find-machine-info-by-ip.md                    |  5 +++--
 .../microsoft-defender-atp/find-machines-by-ip.md |  7 ++++---
 .../fix-unhealthy-sensors.md                      |  5 +++--
 .../get-alert-info-by-id.md                       |  5 +++--
 .../get-alert-related-domain-info.md              |  7 ++++---
 .../get-alert-related-files-info.md               |  7 ++++---
 .../get-alert-related-ip-info.md                  |  7 ++++---
 .../get-alert-related-machine-info.md             |  7 ++++---
 .../get-alert-related-user-info.md                |  7 ++++---
 .../microsoft-defender-atp/get-alerts.md          |  5 +++--
 .../get-all-recommendations.md                    |  7 ++++---
 .../get-all-vulnerabilities-by-machines.md        |  5 +++--
 .../get-all-vulnerabilities.md                    |  5 +++--
 .../get-cvekbmap-collection.md                    |  5 +++--
 .../get-device-secure-score.md                    |  5 +++--
 .../get-discovered-vulnerabilities.md             |  5 +++--
 .../get-domain-related-alerts.md                  |  5 +++--
 .../get-domain-related-machines.md                |  5 +++--
 .../get-domain-statistics.md                      |  5 +++--
 .../microsoft-defender-atp/get-exposure-score.md  |  5 +++--
 .../get-file-information.md                       |  5 +++--
 .../get-file-related-alerts.md                    |  5 +++--
 .../get-file-related-machines.md                  |  5 +++--
 .../microsoft-defender-atp/get-file-statistics.md |  5 +++--
 .../get-installed-software.md                     |  3 ++-
 .../get-investigation-collection.md               |  5 +++--
 .../get-investigation-object.md                   |  5 +++--
 .../get-ip-related-alerts.md                      |  5 +++--
 .../microsoft-defender-atp/get-ip-statistics.md   |  5 +++--
 .../get-kbinfo-collection.md                      |  5 +++--
 .../microsoft-defender-atp/get-machine-by-id.md   |  5 +++--
 .../get-machine-group-exposure-score.md           |  5 +++--
 .../get-machine-log-on-users.md                   |  5 +++--
 .../get-machine-related-alerts.md                 |  5 +++--
 .../get-machineaction-object.md                   |  5 +++--
 .../get-machineactions-collection.md              |  5 +++--
 .../get-machines-by-software.md                   |  5 +++--
 .../get-machines-by-vulnerability.md              |  5 +++--
 .../microsoft-defender-atp/get-machines.md        |  5 +++--
 .../get-machinesecuritystates-collection.md       |  7 ++++---
 .../get-missing-kbs-machine.md                    |  5 +++--
 .../get-missing-kbs-software.md                   |  5 +++--
 .../microsoft-defender-atp/get-package-sas-uri.md |  5 +++--
 .../get-recommendation-by-id.md                   |  7 ++++---
 .../get-recommendation-machines.md                |  9 +++++----
 .../get-recommendation-software.md                |  7 ++++---
 .../get-recommendation-vulnerabilities.md         |  7 ++++---
 .../get-security-recommendations.md               |  5 +++--
 .../microsoft-defender-atp/get-software-by-id.md  |  5 +++--
 .../get-software-ver-distribution.md              |  9 +++++----
 .../microsoft-defender-atp/get-software.md        |  5 +++--
 .../get-started-partner-integration.md            |  7 ++++---
 .../get-ti-indicators-collection.md               |  5 +++--
 .../get-user-information.md                       |  5 +++--
 .../get-user-related-alerts.md                    |  5 +++--
 .../get-user-related-machines.md                  |  5 +++--
 .../get-vuln-by-software.md                       |  7 ++++---
 .../get-vulnerability-by-id.md                    |  5 +++--
 .../microsoft-defender-atp/gov.md                 |  7 ++++---
 .../microsoft-defender-atp/grant-mssp-access.md   |  7 ++++---
 .../microsoft-defender-atp/helpful-resources.md   |  7 ++++---
 .../import-export-exploit-protection-emet-xml.md  |  3 ++-
 .../indicator-certificates.md                     |  7 ++++---
 .../microsoft-defender-atp/indicator-file.md      |  7 ++++---
 .../microsoft-defender-atp/indicator-ip-domain.md |  7 ++++---
 .../microsoft-defender-atp/indicator-manage.md    |  5 +++--
 .../information-protection-in-windows-overview.md |  5 +++--
 .../information-protection-investigation.md       |  5 +++--
 .../initiate-autoir-investigation.md              |  5 +++--
 .../microsoft-defender-atp/investigate-alerts.md  |  7 ++++---
 .../investigate-behind-proxy.md                   |  7 ++++---
 .../microsoft-defender-atp/investigate-domain.md  |  7 ++++---
 .../microsoft-defender-atp/investigate-files.md   |  7 ++++---
 .../investigate-incidents.md                      |  9 +++++----
 .../microsoft-defender-atp/investigate-ip.md      |  7 ++++---
 .../investigate-machines.md                       |  7 ++++---
 .../microsoft-defender-atp/investigate-user.md    |  7 ++++---
 .../microsoft-defender-atp/investigation.md       |  7 ++++---
 .../ios-configure-features.md                     |  9 +++++----
 .../microsoft-defender-atp/ios-install.md         |  9 +++++----
 .../microsoft-defender-atp/ios-privacy.md         |  9 +++++----
 .../microsoft-defender-atp/ios-terms.md           | 11 ++++++-----
 .../microsoft-defender-atp/isolate-machine.md     |  5 +++--
 .../microsoft-defender-atp/linux-exclusions.md    |  7 ++++---
 .../linux-install-manually.md                     |  9 +++++----
 .../linux-install-with-ansible.md                 |  9 +++++----
 .../linux-install-with-puppet.md                  |  9 +++++----
 .../microsoft-defender-atp/linux-preferences.md   |  7 ++++---
 .../microsoft-defender-atp/linux-privacy.md       |  3 ++-
 .../microsoft-defender-atp/linux-pua.md           |  7 ++++---
 .../microsoft-defender-atp/linux-resources.md     |  7 ++++---
 .../linux-schedule-scan-atp.md                    |  3 ++-
 .../linux-static-proxy-configuration.md           |  7 ++++---
 .../linux-support-connectivity.md                 |  9 +++++----
 .../linux-support-events.md                       |  7 ++++---
 .../linux-support-install.md                      |  9 +++++----
 .../microsoft-defender-atp/linux-support-perf.md  |  7 ++++---
 .../linux-update-MDE-Linux.md                     |  3 ++-
 .../microsoft-defender-atp/linux-updates.md       |  7 ++++---
 .../microsoft-defender-atp/linux-whatsnew.md      |  7 ++++---
 .../live-response-command-examples.md             |  7 ++++---
 .../microsoft-defender-atp/live-response.md       |  7 ++++---
 .../microsoft-defender-atp/mac-exclusions.md      |  7 ++++---
 .../mac-install-jamfpro-login.md                  |  7 ++++---
 .../mac-install-manually.md                       |  7 ++++---
 .../mac-install-with-intune.md                    |  7 ++++---
 .../mac-install-with-jamf.md                      |  7 ++++---
 .../mac-install-with-other-mdm.md                 |  7 ++++---
 .../mac-jamfpro-device-groups.md                  |  7 ++++---
 .../mac-jamfpro-enroll-devices.md                 | 11 ++++++-----
 .../mac-jamfpro-policies.md                       |  7 ++++---
 .../microsoft-defender-atp/mac-preferences.md     |  7 ++++---
 .../microsoft-defender-atp/mac-privacy.md         |  7 ++++---
 .../microsoft-defender-atp/mac-pua.md             |  7 ++++---
 .../microsoft-defender-atp/mac-resources.md       |  9 +++++----
 .../mac-schedule-scan-atp.md                      |  7 ++++---
 .../microsoft-defender-atp/mac-support-install.md |  7 ++++---
 .../microsoft-defender-atp/mac-support-kext.md    |  7 ++++---
 .../microsoft-defender-atp/mac-support-license.md |  7 ++++---
 .../microsoft-defender-atp/mac-support-perf.md    |  7 ++++---
 .../microsoft-defender-atp/mac-sysext-policies.md |  7 ++++---
 .../microsoft-defender-atp/mac-sysext-preview.md  |  7 ++++---
 .../microsoft-defender-atp/mac-updates.md         |  7 ++++---
 .../microsoft-defender-atp/mac-whatsnew.md        |  7 ++++---
 .../microsoft-defender-atp/machine-groups.md      |  5 +++--
 .../microsoft-defender-atp/machine-reports.md     |  5 +++--
 .../microsoft-defender-atp/machine-tags.md        |  5 +++--
 .../microsoft-defender-atp/machine.md             |  5 +++--
 .../microsoft-defender-atp/machineaction.md       |  5 +++--
 .../machines-view-overview.md                     |  5 +++--
 .../microsoft-defender-atp/manage-alerts.md       |  5 +++--
 ...ge-atp-post-migration-configuration-manager.md |  6 +++---
 ...age-atp-post-migration-group-policy-objects.md |  6 +++---
 .../manage-atp-post-migration-intune.md           |  6 +++---
 .../manage-atp-post-migration-other-tools.md      |  6 +++---
 .../manage-atp-post-migration.md                  |  6 +++---
 .../manage-auto-investigation.md                  |  7 ++++---
 .../manage-automation-file-uploads.md             |  5 +++--
 .../manage-automation-folder-exclusions.md        |  7 ++++---
 .../microsoft-defender-atp/manage-edr.md          |  7 ++++---
 .../microsoft-defender-atp/manage-incidents.md    |  9 +++++----
 .../microsoft-defender-atp/manage-indicators.md   |  5 +++--
 .../manage-suppression-rules.md                   |  5 +++--
 .../microsoft-defender-atp/management-apis.md     |  7 ++++---
 .../mcafee-to-microsoft-defender-migration.md     |  8 ++++----
 .../mcafee-to-microsoft-defender-onboard.md       |  8 ++++----
 .../mcafee-to-microsoft-defender-prepare.md       |  8 ++++----
 .../mcafee-to-microsoft-defender-setup.md         |  8 ++++----
 .../microsoft-cloud-app-security-config.md        |  7 ++++---
 .../microsoft-cloud-app-security-integration.md   |  5 +++--
 ...crosoft-defender-advanced-threat-protection.md |  5 +++--
 .../microsoft-defender-atp-android.md             |  9 +++++----
 .../microsoft-defender-atp-ios.md                 |  9 +++++----
 .../microsoft-defender-atp-linux.md               | 11 ++++++-----
 .../microsoft-defender-atp-mac.md                 |  9 +++++----
 .../microsoft-defender-security-center.md         |  7 ++++---
 .../microsoft-threat-experts.md                   |  9 +++++----
 .../microsoft-defender-atp/migration-guides.md    | 11 ++++++-----
 .../minimum-requirements.md                       |  3 ++-
 .../microsoft-defender-atp/mssp-list.md           |  7 ++++---
 .../microsoft-defender-atp/mssp-support.md        |  5 +++--
 .../microsoft-defender-atp/network-protection.md  |  4 ++--
 .../next-gen-threat-and-vuln-mgt.md               |  5 +++--
 .../microsoft-defender-atp/non-windows.md         |  7 ++++---
 .../offboard-machine-api.md                       |  5 +++--
 .../microsoft-defender-atp/offboard-machines.md   |  5 +++--
 .../microsoft-defender-atp/onboard-configure.md   |  5 +++--
 .../microsoft-defender-atp/onboard-downlevel.md   |  5 +++--
 .../onboard-offline-machines.md                   |  5 +++--
 .../microsoft-defender-atp/onboard.md             |  5 +++--
 .../onboarding-endpoint-configuration-manager.md  |  9 +++++----
 .../onboarding-endpoint-manager.md                |  9 +++++----
 .../onboarding-notification.md                    |  7 ++++---
 .../microsoft-defender-atp/onboarding.md          |  9 +++++----
 .../overview-attack-surface-reduction.md          |  5 +++--
 .../overview-custom-detections.md                 |  5 +++--
 .../overview-endpoint-detection-response.md       |  5 +++--
 .../overview-hardware-based-isolation.md          |  5 +++--
 .../partner-applications.md                       |  7 ++++---
 .../microsoft-defender-atp/partner-integration.md |  7 ++++---
 .../microsoft-defender-atp/portal-overview.md     |  7 ++++---
 .../microsoft-defender-atp/post-ti-indicator.md   |  5 +++--
 .../microsoft-defender-atp/preferences-setup.md   |  5 +++--
 .../microsoft-defender-atp/prepare-deployment.md  | 11 ++++++-----
 .../microsoft-defender-atp/preview-settings.md    |  5 +++--
 .../microsoft-defender-atp/preview.md             |  7 ++++---
 .../production-deployment.md                      | 11 ++++++-----
 .../pull-alerts-using-rest-api.md                 |  5 +++--
 .../raw-data-export-event-hub.md                  |  7 ++++---
 .../raw-data-export-storage.md                    |  5 +++--
 .../microsoft-defender-atp/raw-data-export.md     |  7 ++++---
 .../microsoft-defender-atp/rbac.md                |  5 +++--
 .../microsoft-defender-atp/recommendation.md      |  5 +++--
 .../microsoft-defender-atp/respond-file-alerts.md |  3 ++-
 .../respond-machine-alerts.md                     |  5 +++--
 .../restrict-code-execution.md                    |  5 +++--
 .../microsoft-defender-atp/review-alerts.md       |  3 ++-
 .../run-advanced-query-api.md                     |  5 +++--
 .../run-advanced-query-sample-powershell.md       |  5 +++--
 .../run-advanced-query-sample-python.md           |  5 +++--
 .../microsoft-defender-atp/run-av-scan.md         |  5 +++--
 .../microsoft-defender-atp/run-detection-test.md  |  7 ++++---
 .../microsoft-defender-atp/score.md               |  5 +++--
 .../security-operations-dashboard.md              |  5 +++--
 .../microsoft-defender-atp/service-status.md      |  5 +++--
 .../microsoft-defender-atp/set-device-value.md    |  5 +++--
 .../microsoft-defender-atp/software.md            |  5 +++--
 .../stop-and-quarantine-file.md                   |  5 +++--
 .../supported-response-apis.md                    |  9 +++++----
 .../switch-to-microsoft-defender-migration.md     |  9 +++++----
 .../switch-to-microsoft-defender-onboard.md       |  6 +++---
 .../switch-to-microsoft-defender-prepare.md       |  6 +++---
 .../switch-to-microsoft-defender-setup.md         |  6 +++---
 ...ymantec-to-microsoft-defender-atp-migration.md |  8 ++++----
 .../symantec-to-microsoft-defender-atp-onboard.md |  6 +++---
 .../symantec-to-microsoft-defender-atp-prepare.md |  6 +++---
 .../symantec-to-microsoft-defender-atp-setup.md   |  6 +++---
 .../threat-analytics-analyst-reports.md           |  7 ++++---
 .../microsoft-defender-atp/threat-analytics.md    |  9 +++++----
 .../threat-and-vuln-mgt-event-timeline.md         |  9 +++++----
 .../threat-indicator-concepts.md                  |  5 +++--
 .../threat-protection-integration.md              |  5 +++--
 .../threat-protection-reports.md                  |  5 +++--
 .../microsoft-defender-atp/ti-indicator.md        |  5 +++--
 .../microsoft-defender-atp/time-settings.md       |  5 +++--
 .../microsoft-defender-atp/troubleshoot-asr.md    |  3 ++-
 .../troubleshoot-collect-support-log.md           |  5 +++--
 ...troubleshoot-exploit-protection-mitigations.md |  3 ++-
 .../troubleshoot-live-response.md                 |  7 ++++---
 .../microsoft-defender-atp/troubleshoot-mdatp.md  |  7 ++++---
 .../microsoft-defender-atp/troubleshoot-np.md     |  3 ++-
 .../troubleshoot-onboarding-error-messages.md     |  5 +++--
 .../troubleshoot-onboarding.md                    |  3 ++-
 .../microsoft-defender-atp/troubleshoot-siem.md   |  5 +++--
 .../tvm-assign-device-value.md                    |  7 ++++---
 .../tvm-dashboard-insights.md                     |  9 +++++----
 .../tvm-end-of-support-software.md                |  7 ++++---
 .../microsoft-defender-atp/tvm-exception.md       |  9 +++++----
 .../microsoft-defender-atp/tvm-exposure-score.md  |  7 ++++---
 .../tvm-hunt-exposed-devices.md                   | 11 ++++++-----
 .../tvm-microsoft-secure-score-devices.md         |  7 ++++---
 .../microsoft-defender-atp/tvm-prerequisites.md   |  5 +++--
 .../microsoft-defender-atp/tvm-remediation.md     |  9 +++++----
 .../tvm-security-recommendation.md                |  7 ++++---
 .../tvm-software-inventory.md                     |  7 ++++---
 .../microsoft-defender-atp/tvm-supported-os.md    |  7 ++++---
 .../tvm-vulnerable-devices-report.md              |  7 ++++---
 .../microsoft-defender-atp/tvm-weaknesses.md      | 11 ++++++-----
 .../tvm-zero-day-vulnerabilities.md               |  7 ++++---
 .../microsoft-defender-atp/unisolate-machine.md   |  6 +++---
 .../unrestrict-code-execution.md                  |  5 +++--
 .../microsoft-defender-atp/update-alert.md        |  5 +++--
 .../microsoft-defender-atp/use.md                 |  5 +++--
 .../microsoft-defender-atp/user-roles.md          |  5 +++--
 .../microsoft-defender-atp/user.md                |  5 +++--
 .../view-incidents-queue.md                       |  5 +++--
 .../microsoft-defender-atp/vulnerability.md       |  5 +++--
 .../web-content-filtering.md                      |  7 ++++---
 .../web-protection-monitoring.md                  |  7 ++++---
 .../web-protection-overview.md                    |  7 ++++---
 .../web-protection-response.md                    |  5 +++--
 .../web-threat-protection.md                      |  7 ++++---
 .../whats-new-in-microsoft-defender-atp.md        |  7 ++++---
 ...oft-defender-smartscreen-available-settings.md |  3 ++-
 .../microsoft-defender-smartscreen-overview.md    |  3 ++-
 ...-defender-smartscreen-set-individual-device.md |  3 ++-
 ...n-options-for-app-related-security-policies.md |  3 ++-
 ...verview-of-threat-mitigations-in-windows-10.md |  3 ++-
 ...ling-the-health-of-windows-10-based-devices.md |  3 ++-
 .../security-compliance-toolkit-10.md             |  3 ++-
 ...cess-credential-manager-as-a-trusted-caller.md |  3 ++-
 .../access-this-computer-from-the-network.md      |  3 ++-
 .../account-lockout-duration.md                   |  3 ++-
 .../account-lockout-policy.md                     |  3 ++-
 .../account-lockout-threshold.md                  |  3 ++-
 .../security-policy-settings/account-policies.md  |  3 ++-
 .../accounts-administrator-account-status.md      |  3 ++-
 .../accounts-block-microsoft-accounts.md          |  3 ++-
 .../accounts-guest-account-status.md              |  3 ++-
 ...se-of-blank-passwords-to-console-logon-only.md |  3 ++-
 .../accounts-rename-administrator-account.md      |  3 ++-
 .../accounts-rename-guest-account.md              |  3 ++-
 .../act-as-part-of-the-operating-system.md        |  3 ++-
 .../add-workstations-to-domain.md                 |  3 ++-
 .../adjust-memory-quotas-for-a-process.md         |  3 ++-
 .../administer-security-policy-settings.md        |  3 ++-
 .../allow-log-on-locally.md                       |  3 ++-
 ...llow-log-on-through-remote-desktop-services.md |  3 ++-
 ...t-audit-the-access-of-global-system-objects.md |  3 ++-
 ...dit-the-use-of-backup-and-restore-privilege.md |  3 ++-
 ...dit-policy-subcategory-settings-to-override.md |  3 ++-
 .../security-policy-settings/audit-policy.md      |  3 ++-
 ...mmediately-if-unable-to-log-security-audits.md |  3 ++-
 .../back-up-files-and-directories.md              |  3 ++-
 .../bypass-traverse-checking.md                   |  3 ++-
 .../change-the-system-time.md                     |  3 ++-
 .../change-the-time-zone.md                       |  3 ++-
 .../security-policy-settings/create-a-pagefile.md |  3 ++-
 .../create-a-token-object.md                      |  3 ++-
 .../create-global-objects.md                      |  3 ++-
 .../create-permanent-shared-objects.md            |  3 ++-
 .../create-symbolic-links.md                      |  3 ++-
 ...-descriptor-definition-language-sddl-syntax.md |  3 ++-
 ...-descriptor-definition-language-sddl-syntax.md |  3 ++-
 .../security-policy-settings/debug-programs.md    |  3 ++-
 ...ny-access-to-this-computer-from-the-network.md |  3 ++-
 .../deny-log-on-as-a-batch-job.md                 |  3 ++-
 .../deny-log-on-as-a-service.md                   |  3 ++-
 .../deny-log-on-locally.md                        |  3 ++-
 ...deny-log-on-through-remote-desktop-services.md |  3 ++-
 ...vices-allow-undock-without-having-to-log-on.md |  3 ++-
 ...allowed-to-format-and-eject-removable-media.md |  3 ++-
 ...event-users-from-installing-printer-drivers.md |  3 ++-
 ...d-rom-access-to-locally-logged-on-user-only.md |  3 ++-
 ...loppy-access-to-locally-logged-on-user-only.md |  3 ++-
 ...er-allow-server-operators-to-schedule-tasks.md |  3 ++-
 ...controller-ldap-server-signing-requirements.md |  3 ++-
 ...ler-refuse-machine-account-password-changes.md |  3 ++-
 ...-encrypt-or-sign-secure-channel-data-always.md |  3 ++-
 ...y-encrypt-secure-channel-data-when-possible.md |  3 ++-
 ...ally-sign-secure-channel-data-when-possible.md |  3 ++-
 ...er-disable-machine-account-password-changes.md |  3 ++-
 ...member-maximum-machine-account-password-age.md |  3 ++-
 ...re-strong-windows-2000-or-later-session-key.md |  3 ++-
 ...-user-accounts-to-be-trusted-for-delegation.md |  3 ++-
 .../enforce-password-history.md                   |  3 ++-
 .../enforce-user-logon-restrictions.md            |  3 ++-
 .../force-shutdown-from-a-remote-system.md        |  3 ++-
 .../generate-security-audits.md                   |  3 ++-
 .../how-to-configure-security-policy-settings.md  |  4 ++--
 .../impersonate-a-client-after-authentication.md  |  3 ++-
 .../increase-a-process-working-set.md             |  3 ++-
 .../increase-scheduling-priority.md               |  3 ++-
 ...user-information-when-the-session-is-locked.md |  3 ++-
 ...ractive-logon-do-not-display-last-user-name.md |  3 ++-
 ...teractive-logon-do-not-require-ctrl-alt-del.md |  3 ++-
 ...tive-logon-dont-display-username-at-sign-in.md |  5 +++--
 ...ive-logon-machine-account-lockout-threshold.md |  3 ++-
 .../interactive-logon-machine-inactivity-limit.md |  3 ++-
 ...message-text-for-users-attempting-to-log-on.md |  3 ++-
 ...essage-title-for-users-attempting-to-log-on.md |  3 ++-
 ...-in-case-domain-controller-is-not-available.md |  3 ++-
 ...t-user-to-change-password-before-expiration.md |  5 +++--
 ...roller-authentication-to-unlock-workstation.md |  3 ++-
 .../interactive-logon-require-smart-card.md       |  3 ++-
 ...teractive-logon-smart-card-removal-behavior.md |  3 ++-
 .../security-policy-settings/kerberos-policy.md   |  3 ++-
 .../load-and-unload-device-drivers.md             |  3 ++-
 .../lock-pages-in-memory.md                       |  3 ++-
 .../log-on-as-a-batch-job.md                      |  3 ++-
 .../log-on-as-a-service.md                        |  3 ++-
 .../manage-auditing-and-security-log.md           |  3 ++-
 .../maximum-lifetime-for-service-ticket.md        |  3 ++-
 .../maximum-lifetime-for-user-ticket-renewal.md   |  3 ++-
 .../maximum-lifetime-for-user-ticket.md           |  3 ++-
 .../maximum-password-age.md                       |  3 ++-
 ...olerance-for-computer-clock-synchronization.md |  3 ++-
 ...client-digitally-sign-communications-always.md |  3 ++-
 ...crypted-password-to-third-party-smb-servers.md |  3 ++-
 ...dle-time-required-before-suspending-session.md |  3 ++-
 ...ttempt-s4u2self-to-obtain-claim-information.md |  3 ++-
 ...server-digitally-sign-communications-always.md |  3 ++-
 ...-disconnect-clients-when-logon-hours-expire.md |  3 ++-
 ...ver-server-spn-target-name-validation-level.md |  3 ++-
 .../minimum-password-age.md                       |  3 ++-
 .../minimum-password-length.md                    |  3 ++-
 .../modify-an-object-label.md                     |  3 ++-
 .../modify-firmware-environment-values.md         |  3 ++-
 ...-access-allow-anonymous-sidname-translation.md |  3 ++-
 ...mous-enumeration-of-sam-accounts-and-shares.md |  3 ++-
 ...allow-anonymous-enumeration-of-sam-accounts.md |  3 ++-
 ...-and-credentials-for-network-authentication.md |  3 ++-
 ...eryone-permissions-apply-to-anonymous-users.md |  3 ++-
 ...amed-pipes-that-can-be-accessed-anonymously.md |  3 ++-
 ...tely-accessible-registry-paths-and-subpaths.md |  3 ++-
 ...k-access-remotely-accessible-registry-paths.md |  3 ++-
 ...-anonymous-access-to-named-pipes-and-shares.md |  3 ++-
 ...ct-clients-allowed-to-make-remote-sam-calls.md |  3 ++-
 ...ess-shares-that-can-be-accessed-anonymously.md |  3 ++-
 ...aring-and-security-model-for-local-accounts.md |  3 ++-
 .../network-list-manager-policies.md              |  3 ++-
 ...al-system-to-use-computer-identity-for-ntlm.md |  3 ++-
 ...ity-allow-localsystem-null-session-fallback.md |  3 ++-
 ...s-to-this-computer-to-use-online-identities.md |  3 ++-
 ...igure-encryption-types-allowed-for-kerberos.md |  3 ++-
 ...-manager-hash-value-on-next-password-change.md |  3 ++-
 ...curity-force-logoff-when-logon-hours-expire.md |  3 ++-
 ...k-security-lan-manager-authentication-level.md |  3 ++-
 ...k-security-ldap-client-signing-requirements.md |  3 ++-
 ...ntlm-ssp-based-including-secure-rpc-clients.md |  3 ++-
 ...ntlm-ssp-based-including-secure-rpc-servers.md |  3 ++-
 ...e-server-exceptions-for-ntlm-authentication.md |  3 ++-
 ...t-ntlm-add-server-exceptions-in-this-domain.md |  3 ++-
 ...y-restrict-ntlm-audit-incoming-ntlm-traffic.md |  3 ++-
 ...lm-audit-ntlm-authentication-in-this-domain.md |  3 ++-
 ...ecurity-restrict-ntlm-incoming-ntlm-traffic.md |  3 ++-
 ...ict-ntlm-ntlm-authentication-in-this-domain.md |  3 ++-
 ...tlm-outgoing-ntlm-traffic-to-remote-servers.md |  3 ++-
 .../password-must-meet-complexity-requirements.md |  3 ++-
 .../security-policy-settings/password-policy.md   |  3 ++-
 .../perform-volume-maintenance-tasks.md           |  3 ++-
 .../profile-single-process.md                     |  3 ++-
 .../profile-system-performance.md                 |  3 ++-
 ...onsole-allow-automatic-administrative-logon.md |  3 ++-
 ...y-copy-and-access-to-all-drives-and-folders.md |  3 ++-
 .../remove-computer-from-docking-station.md       |  3 ++-
 .../replace-a-process-level-token.md              |  3 ++-
 .../reset-account-lockout-counter-after.md        |  3 ++-
 .../restore-files-and-directories.md              |  3 ++-
 ...pol-advanced-security-audit-policy-settings.md |  3 ++-
 .../security-policy-settings/security-options.md  |  3 ++-
 .../security-policy-settings-reference.md         |  3 ++-
 .../security-policy-settings.md                   |  3 ++-
 .../shut-down-the-system.md                       |  3 ++-
 ...em-to-be-shut-down-without-having-to-log-on.md |  3 ++-
 .../shutdown-clear-virtual-memory-pagefile.md     |  3 ++-
 ...client-digitally-sign-communications-always.md |  3 ++-
 ...itally-sign-communications-if-server-agrees.md |  3 ++-
 ...server-digitally-sign-communications-always.md |  3 ++-
 ...itally-sign-communications-if-client-agrees.md |  3 ++-
 ...store-passwords-using-reversible-encryption.md |  3 ++-
 .../synchronize-directory-service-data.md         |  3 ++-
 ...ection-for-user-keys-stored-on-the-computer.md |  3 ++-
 ...gorithms-for-encryption-hashing-and-signing.md |  3 ++-
 ...se-insensitivity-for-non-windows-subsystems.md |  3 ++-
 ...ault-permissions-of-internal-system-objects.md |  3 ++-
 .../system-settings-optional-subsystems.md        |  3 ++-
 ...ecutables-for-software-restriction-policies.md |  3 ++-
 .../take-ownership-of-files-or-other-objects.md   |  3 ++-
 ...mode-for-the-built-in-administrator-account.md |  3 ++-
 ...-elevation-without-using-the-secure-desktop.md |  3 ++-
 ...t-for-administrators-in-admin-approval-mode.md |  3 ++-
 ...-of-the-elevation-prompt-for-standard-users.md |  3 ++-
 ...tion-installations-and-prompt-for-elevation.md |  3 ++-
 ...e-executables-that-are-signed-and-validated.md |  3 ++-
 ...ions-that-are-installed-in-secure-locations.md |  3 ++-
 ...n-all-administrators-in-admin-approval-mode.md |  3 ++-
 ...secure-desktop-when-prompting-for-elevation.md |  3 ++-
 ...gistry-write-failures-to-per-user-locations.md |  3 ++-
 .../user-rights-assignment.md                     |  3 ++-
 ...forwarding-to-assist-in-intrusion-detection.md |  3 ++-
 .../windows-10-mobile-security-guide.md           |  3 ++-
 .../LOB-win32-apps-on-s.md                        |  5 +++--
 ...windows-defender-application-control-policy.md |  5 +++--
 ...ackaged-apps-to-existing-applocker-rule-set.md |  3 ++-
 .../applocker/administer-applocker.md             |  3 ++-
 .../applocker-architecture-and-components.md      |  3 ++-
 .../applocker/applocker-functions.md              |  3 ++-
 .../applocker/applocker-overview.md               |  3 ++-
 .../applocker-policies-deployment-guide.md        |  3 ++-
 .../applocker/applocker-policies-design-guide.md  |  3 ++-
 .../applocker/applocker-policy-use-scenarios.md   |  3 ++-
 .../applocker-processes-and-interactions.md       |  3 ++-
 .../applocker/applocker-settings.md               |  3 ++-
 .../applocker/applocker-technical-reference.md    |  3 ++-
 ...onfigure-an-applocker-policy-for-audit-only.md |  3 ++-
 ...igure-an-applocker-policy-for-enforce-rules.md |  3 ++-
 .../configure-exceptions-for-an-applocker-rule.md |  3 ++-
 .../configure-the-appLocker-reference-device.md   |  3 ++-
 .../configure-the-application-identity-service.md |  3 ++-
 .../applocker/create-a-rule-for-packaged-apps.md  |  3 ++-
 ...eate-a-rule-that-uses-a-file-hash-condition.md |  3 ++-
 .../create-a-rule-that-uses-a-path-condition.md   |  3 ++-
 ...eate-a-rule-that-uses-a-publisher-condition.md |  3 ++-
 .../applocker/create-applocker-default-rules.md   |  3 ++-
 ...pplications-deployed-to-each-business-group.md |  3 ++-
 .../applocker/create-your-applocker-policies.md   |  3 ++-
 .../applocker/create-your-applocker-rules.md      |  3 ++-
 .../applocker/delete-an-applocker-rule.md         |  3 ++-
 ...policies-by-using-the-enforce-rules-setting.md |  3 ++-
 ...deploy-the-applocker-policy-into-production.md |  3 ++-
 ...group-policy-structure-and-rule-enforcement.md |  3 ++-
 ...re-digitally-signed-on-a-reference-computer.md |  3 ++-
 ...termine-your-application-control-objectives.md |  3 ++-
 ...when-users-try-to-run-a-blocked-application.md |  3 ++-
 .../applocker/dll-rules-in-applocker.md           |  3 ++-
 ...cy-structure-and-applocker-rule-enforcement.md |  3 ++-
 .../applocker/document-your-application-list.md   |  3 ++-
 .../applocker/document-your-applocker-rules.md    |  3 ++-
 .../applocker/edit-an-applocker-policy.md         |  3 ++-
 .../applocker/edit-applocker-rules.md             |  3 ++-
 .../applocker/enable-the-dll-rule-collection.md   |  3 ++-
 .../applocker/enforce-applocker-rules.md          |  3 ++-
 .../applocker/executable-rules-in-applocker.md    |  3 ++-
 .../export-an-applocker-policy-from-a-gpo.md      |  3 ++-
 .../export-an-applocker-policy-to-an-xml-file.md  |  3 ++-
 .../applocker/how-applocker-works-techref.md      |  3 ++-
 ...t-an-applocker-policy-from-another-computer.md |  3 ++-
 .../import-an-applocker-policy-into-a-gpo.md      |  3 ++-
 .../applocker/maintain-applocker-policies.md      |  3 ++-
 .../manage-packaged-apps-with-applocker.md        |  3 ++-
 ...ocker-policies-by-using-set-applockerpolicy.md |  3 ++-
 .../merge-applocker-policies-manually.md          |  3 ++-
 .../monitor-application-usage-with-applocker.md   |  3 ++-
 .../applocker/optimize-applocker-performance.md   |  3 ++-
 ...d-packaged-app-installer-rules-in-applocker.md |  3 ++-
 .../plan-for-applocker-policy-management.md       |  3 ++-
 .../applocker/refresh-an-applocker-policy.md      |  3 ++-
 ...quirements-for-deploying-applocker-policies.md |  3 ++-
 .../applocker/requirements-to-use-applocker.md    |  3 ++-
 ...run-the-automatically-generate-rules-wizard.md |  3 ++-
 .../applocker/script-rules-in-applocker.md        |  3 ++-
 .../security-considerations-for-applocker.md      |  3 ++-
 .../applocker/select-types-of-rules-to-create.md  |  3 ++-
 ...locker-policy-by-using-test-applockerpolicy.md |  3 ++-
 .../test-and-update-an-applocker-policy.md        |  3 ++-
 .../applocker/tools-to-use-with-applocker.md      |  3 ++-
 .../understand-applocker-enforcement-settings.md  |  3 ++-
 ...nderstand-applocker-policy-design-decisions.md |  3 ++-
 ...rcement-setting-inheritance-in-group-policy.md |  3 ++-
 ...and-the-applocker-policy-deployment-process.md |  3 ++-
 ...g-applocker-allow-and-deny-actions-on-rules.md |  3 ++-
 .../understanding-applocker-default-rules.md      |  3 ++-
 .../understanding-applocker-rule-behavior.md      |  3 ++-
 .../understanding-applocker-rule-collections.md   |  3 ++-
 ...nderstanding-applocker-rule-condition-types.md |  3 ++-
 .../understanding-applocker-rule-exceptions.md    |  3 ++-
 ...g-the-file-hash-rule-condition-in-applocker.md |  3 ++-
 ...anding-the-path-rule-condition-in-applocker.md |  3 ++-
 ...g-the-publisher-rule-condition-in-applocker.md |  3 ++-
 ...r-to-create-and-maintain-applocker-policies.md |  5 +++--
 ...are-restriction-policies-in-the-same-domain.md |  3 ++-
 ...se-the-applocker-windows-powershell-cmdlets.md |  3 ++-
 .../using-event-viewer-with-applocker.md          |  3 ++-
 ...restriction-policies-and-applocker-policies.md |  3 ++-
 .../applocker/what-is-applocker.md                |  3 ++-
 .../windows-installer-rules-in-applocker.md       |  3 ++-
 .../applocker/working-with-applocker-policies.md  |  3 ++-
 .../applocker/working-with-applocker-rules.md     |  3 ++-
 ...ndows-defender-application-control-policies.md |  5 +++--
 .../configure-wdac-managed-installer.md           |  5 +++--
 ...rt-for-windows-defender-application-control.md |  5 +++--
 .../create-initial-default-policy.md              |  5 +++--
 ...reate-wdac-policy-for-fully-managed-devices.md |  5 +++--
 ...ate-wdac-policy-for-lightly-managed-devices.md |  5 +++--
 ...upport-windows-defender-application-control.md |  5 +++--
 ...ndows-defender-application-control-policies.md |  5 +++--
 ...ication-control-policies-using-group-policy.md |  5 +++--
 ...r-application-control-policies-using-intune.md |  5 +++--
 ...ndows-defender-application-control-policies.md |  5 +++--
 ...ndows-defender-application-control-policies.md |  5 +++--
 .../event-id-explanations.md                      |  5 +++--
 .../event-tag-explanations.md                     |  5 +++--
 .../example-wdac-base-policies.md                 |  5 +++--
 .../feature-availability.md                       |  5 +++--
 ...s-with-windows-defender-application-control.md |  5 +++--
 ...ndows-defender-application-control-policies.md |  5 +++--
 .../microsoft-recommended-block-rules.md          |  7 ++++---
 .../microsoft-recommended-driver-block-rules.md   |  7 ++++---
 ...ows-defender-application-control-management.md |  5 +++--
 ...rol-events-centrally-using-advanced-hunting.md |  5 +++--
 .../select-types-of-rules-to-create.md            |  5 +++--
 .../types-of-devices.md                           |  3 ++-
 ...application-control-policy-design-decisions.md |  7 ++++---
 ...on-control-for-classic-windows-applications.md |  5 +++--
 ...ning-portal-in-microsoft-store-for-business.md |  3 ++-
 ...ender-application-control-against-tampering.md |  7 ++++---
 ...ntrol-specific-plug-ins-add-ins-and-modules.md |  3 ++-
 ...lication-control-with-dynamic-code-security.md |  5 +++--
 ...ion-control-with-intelligent-security-graph.md |  3 ++-
 ...-application-control-with-managed-installer.md |  7 ++++---
 .../wdac-and-applocker-overview.md                |  3 ++-
 .../wdac-wizard-create-base-policy.md             |  3 ++-
 .../wdac-wizard-create-supplemental-policy.md     |  3 ++-
 .../wdac-wizard-editing-policy.md                 |  3 ++-
 .../wdac-wizard-merging-policies.md               |  3 ++-
 .../wdac-wizard.md                                |  3 ++-
 ...fender-application-control-deployment-guide.md |  5 +++--
 ...s-defender-application-control-design-guide.md |  3 ++-
 ...ender-application-control-operational-guide.md |  3 ++-
 .../windows-defender-application-control.md       |  3 ++-
 .../wdsc-account-protection.md                    |  3 ++-
 .../wdsc-app-browser-control.md                   |  3 ++-
 .../wdsc-customize-contact-information.md         |  3 ++-
 .../wdsc-device-performance-health.md             |  3 ++-
 .../wdsc-device-security.md                       |  3 ++-
 .../wdsc-family-options.md                        |  3 ++-
 .../wdsc-firewall-network-protection.md           |  3 ++-
 .../wdsc-hide-notifications.md                    |  3 ++-
 .../wdsc-virus-threat-protection.md               |  3 ++-
 .../wdsc-windows-10-in-s-mode.md                  |  3 ++-
 .../windows-defender-security-center.md           |  3 ++-
 ...e-based-root-of-trust-helps-protect-windows.md |  3 ++-
 ...e-based-root-of-trust-helps-protect-windows.md |  3 ++-
 ...stem-guard-secure-launch-and-smm-protection.md |  3 ++-
 ...-devices-to-the-membership-group-for-a-zone.md |  3 ++-
 ...-devices-to-the-membership-group-for-a-zone.md |  3 ++-
 ...plate-files-for-settings-used-in-this-guide.md |  3 ++-
 .../assign-security-group-filters-to-the-gpo.md   |  3 ++-
 .../basic-firewall-policy-design.md               |  3 ++-
 .../best-practices-configuring.md                 |  8 +++-----
 .../windows-firewall/boundary-zone-gpos.md        |  3 ++-
 .../windows-firewall/boundary-zone.md             |  3 ++-
 ...icate-based-isolation-policy-design-example.md |  3 ++-
 .../certificate-based-isolation-policy-design.md  |  3 ++-
 .../change-rules-from-request-to-require-mode.md  |  3 ++-
 ...ecklist-configuring-basic-firewall-settings.md |  5 +++--
 ...nfiguring-rules-for-an-isolated-server-zone.md |  3 ++-
 ...ervers-in-a-standalone-isolated-server-zone.md |  3 ++-
 ...ist-configuring-rules-for-the-boundary-zone.md |  3 ++-
 ...t-configuring-rules-for-the-encryption-zone.md |  3 ++-
 ...t-configuring-rules-for-the-isolated-domain.md |  3 ++-
 .../checklist-creating-group-policy-objects.md    |  3 ++-
 .../checklist-creating-inbound-firewall-rules.md  |  3 ++-
 .../checklist-creating-outbound-firewall-rules.md |  3 ++-
 ...lients-of-a-standalone-isolated-server-zone.md |  3 ++-
 ...implementing-a-basic-firewall-policy-design.md |  5 +++--
 ...a-certificate-based-isolation-policy-design.md |  3 ++-
 ...plementing-a-domain-isolation-policy-design.md |  3 ++-
 ...a-standalone-server-isolation-policy-design.md |  3 ++-
 .../configure-authentication-methods.md           |  3 ++-
 ...nfigure-data-protection-quick-mode-settings.md |  3 ++-
 ...olicy-to-autoenroll-and-deploy-certificates.md |  3 ++-
 .../configure-key-exchange-main-mode-settings.md  |  3 ++-
 .../configure-the-rules-to-require-encryption.md  |  3 ++-
 .../configure-the-windows-firewall-log.md         |  3 ++-
 ...station-authentication-certificate-template.md |  3 ++-
 ...ess-notifications-when-a-program-is-blocked.md |  3 ++-
 ...rm-that-certificates-are-deployed-correctly.md |  3 ++-
 .../copy-a-gpo-to-create-a-new-gpo.md             |  3 ++-
 .../create-a-group-account-in-active-directory.md |  3 ++-
 .../create-a-group-policy-object.md               |  3 ++-
 ...reate-an-authentication-exemption-list-rule.md |  3 ++-
 .../create-an-authentication-request-rule.md      |  3 ++-
 .../create-an-inbound-icmp-rule.md                |  3 ++-
 .../create-an-inbound-port-rule.md                |  3 ++-
 .../create-an-inbound-program-or-service-rule.md  |  3 ++-
 .../create-an-outbound-port-rule.md               |  3 ++-
 .../create-an-outbound-program-or-service-rule.md |  3 ++-
 .../create-inbound-rules-to-support-rpc.md        |  3 ++-
 .../create-windows-firewall-rules-in-intune.md    |  3 ++-
 .../create-wmi-filters-for-the-gpo.md             |  3 ++-
 ...ws-firewall-with-advanced-security-strategy.md |  3 ++-
 ...termining-the-trusted-state-of-your-devices.md |  3 ++-
 .../windows-firewall/documenting-the-zones.md     |  3 ++-
 .../domain-isolation-policy-design-example.md     |  3 ++-
 .../domain-isolation-policy-design.md             |  3 ++-
 .../enable-predefined-inbound-rules.md            |  3 ++-
 .../enable-predefined-outbound-rules.md           |  3 ++-
 .../windows-firewall/encryption-zone-gpos.md      |  3 ++-
 .../windows-firewall/encryption-zone.md           |  3 ++-
 ...wall-with-advanced-security-design-examples.md |  3 ++-
 .../exempt-icmp-from-authentication.md            |  3 ++-
 .../windows-firewall/exemption-list.md            |  3 ++-
 .../filter-origin-documentation.md                |  7 ++++---
 .../windows-firewall/firewall-gpos.md             |  3 ++-
 .../firewall-policy-design-example.md             |  3 ++-
 .../firewall-settings-lost-on-upgrade.md          |  7 ++++---
 ...tion-about-your-active-directory-deployment.md |  3 ++-
 ...n-about-your-current-network-infrastructure.md |  3 ++-
 .../gathering-information-about-your-devices.md   |  3 ++-
 .../gathering-other-relevant-information.md       |  3 ++-
 .../gathering-the-information-you-need.md         |  3 ++-
 .../windows-firewall/gpo-domiso-boundary.md       |  3 ++-
 .../windows-firewall/gpo-domiso-encryption.md     |  3 ++-
 .../windows-firewall/gpo-domiso-firewall.md       |  3 ++-
 .../gpo-domiso-isolateddomain-clients.md          |  3 ++-
 .../gpo-domiso-isolateddomain-servers.md          |  3 ++-
 ...all-with-advanced-security-deployment-goals.md |  3 ++-
 ...firewall-with-advanced-security-design-plan.md |  3 ++-
 .../windows-firewall/isolated-domain-gpos.md      |  3 ++-
 .../windows-firewall/isolated-domain.md           |  3 ++-
 .../isolating-apps-on-your-network.md             |  3 ++-
 .../link-the-gpo-to-the-domain.md                 |  3 ++-
 ...dows-firewall-with-advanced-security-design.md |  5 +++--
 ...y-to-a-different-zone-or-version-of-windows.md |  3 ++-
 ...-management-console-to-ip-security-policies.md |  3 ++-
 ...-to-windows-firewall-with-advanced-security.md |  3 ++-
 ...licy-management-console-to-windows-firewall.md |  3 ++-
 ...pen-windows-firewall-with-advanced-security.md |  3 ++-
 .../planning-certificate-based-authentication.md  |  3 ++-
 .../planning-domain-isolation-zones.md            |  3 ++-
 .../windows-firewall/planning-gpo-deployment.md   |  3 ++-
 ...-policy-deployment-for-your-isolation-zones.md |  3 ++-
 .../planning-isolation-groups-for-the-zones.md    |  3 ++-
 .../planning-network-access-groups.md             |  3 ++-
 .../planning-server-isolation-zones.md            |  3 ++-
 ...anning-settings-for-a-basic-firewall-policy.md |  3 ++-
 .../windows-firewall/planning-the-gpos.md         |  3 ++-
 ...loy-windows-firewall-with-advanced-security.md |  3 ++-
 ...dows-firewall-with-advanced-security-design.md |  3 ++-
 .../procedures-used-in-this-guide.md              |  3 ++-
 ...otect-devices-from-unwanted-network-traffic.md |  3 ++-
 .../windows-firewall/quarantine.md                |  3 ++-
 ...-when-accessing-sensitive-network-resources.md |  3 ++-
 ...t-access-to-only-specified-users-or-devices.md |  3 ++-
 .../restrict-access-to-only-trusted-devices.md    |  3 ++-
 ...ct-server-access-to-members-of-a-group-only.md |  3 ++-
 ...end-to-end-ipsec-connections-by-using-ikev2.md |  3 ++-
 .../windows-firewall/server-isolation-gpos.md     |  3 ++-
 .../server-isolation-policy-design-example.md     |  3 ++-
 .../server-isolation-policy-design.md             |  3 ++-
 .../troubleshooting-uwp-firewall.md               |  8 ++++----
 ...ows-firewall-and-configure-default-behavior.md |  3 ++-
 ...ewall-with-advanced-security-design-process.md |  3 ++-
 ...erify-that-network-traffic-is-authenticated.md |  3 ++-
 ...rity-administration-with-windows-powershell.md |  3 ++-
 ...all-with-advanced-security-deployment-guide.md |  3 ++-
 ...irewall-with-advanced-security-design-guide.md |  3 ++-
 .../windows-firewall-with-advanced-security.md    |  3 ++-
 .../windows-platform-common-criteria.md           |  3 ++-
 .../windows-sandbox-architecture.md               |  3 ++-
 .../windows-sandbox-configure-using-wsb-file.md   |  3 ++-
 .../windows-sandbox/windows-sandbox-overview.md   |  5 +++--
 .../windows-security-baselines.md                 |  3 ++-
 .../get-support-for-security-baselines.md         |  3 ++-
 .../security-compliance-toolkit-10.md             |  3 ++-
 .../windows-security-baselines.md                 |  3 ++-
 1277 files changed, 3252 insertions(+), 2003 deletions(-)

diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 2893cf7ece..6df69c3b35 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: This reference for IT professionals provides information about the
 ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
 ms.reviewer: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Advanced security audit policy settings
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md
index 99b8a989c4..86a39fc1b7 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists questions and answers abou
 ms.assetid: 80f8f187-0916-43c2-a7e8-ea712b115a06
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Advanced security auditing FAQ
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md
index 7c55d51d21..4a3608816f 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md
@@ -4,7 +4,7 @@ description: Advanced security audit policy settings may appear to overlap with
 ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Advanced security audit policies
diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index 505da9bbb0..c892db7b11 100644
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -2,7 +2,7 @@
 title: Appendix A, Security monitoring recommendations for many audit events (Windows 10)
 description: Learn about recommendations for the type of monitoring required for certain classes of security audit events.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Appendix A: Security monitoring recommendations for many audit events
diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
index a18783d92c..2d63b25eb8 100644
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -4,7 +4,7 @@ description: Apply audit policies to individual files and folders on your comput
 ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 07/25/2018
+ms.technology: mde
 ---
 
 # Apply a basic audit policy on a file or folder
diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md
index 1ea3e878e6..77f8126a98 100644
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 07/16/2018
+ms.technology: mde
 ---
 
 # Audit Account Lockout
diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md
index b594ba40ca..9215959064 100644
--- a/windows/security/threat-protection/auditing/audit-application-generated.md
+++ b/windows/security/threat-protection/auditing/audit-application-generated.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Application Generated
diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md
index 8dce282dfa..a06d67b8d9 100644
--- a/windows/security/threat-protection/auditing/audit-application-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-application-group-management.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Application Group Management
diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
index 376cab2bcf..81422c0d3f 100644
--- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Audit Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
index 4a6f754c01..8bf74ed78f 100644
--- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Authentication Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
index b13bec6cbc..c00445582a 100644
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Authorization Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
index f655b5d8c6..e607b7c276 100644
--- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
+++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Central Access Policy Staging
diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md
index a1e50c1538..24af233cc3 100644
--- a/windows/security/threat-protection/auditing/audit-certification-services.md
+++ b/windows/security/threat-protection/auditing/audit-certification-services.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Certification Services
diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md
index ab838fd042..677244f857 100644
--- a/windows/security/threat-protection/auditing/audit-computer-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Computer Account Management
diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md
index 9ce3b5aa5b..4fdf9060db 100644
--- a/windows/security/threat-protection/auditing/audit-credential-validation.md
+++ b/windows/security/threat-protection/auditing/audit-credential-validation.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Credential Validation
diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
index 859859fc2b..a6f472d018 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Detailed Directory Service Replication
diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
index 3b223b9331..4428aad464 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Detailed File Share
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md
index 0a13f90a87..db603d8330 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Directory Service Access
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
index 1a962ee86f..f81b20e2a5 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Directory Service Changes
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
index dffea817d4..df8ddc7f12 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Directory Service Replication
diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
index 2bacdbe3a1..352eea4cfe 100644
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Distribution Group Management
diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
index fc94d79d95..7c346e1e52 100644
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit DPAPI Activity
diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md
index ccab879b4f..88b51b6a3f 100644
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit File Share
diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md
index 57ea7bc917..7da7e7d670 100644
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit File System
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
index 52475e4276..e45f321af3 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Filtering Platform Connection
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index bdaff33b06..fabd2a6b86 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Filtering Platform Packet Drop
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
index 204a9b6320..72b892151f 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Filtering Platform Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index 5775f97220..37a86a6424 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Group Membership
diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
index 64fd2edce2..e82188ac78 100644
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Handle Manipulation
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
index d396f0ed40..606acf77a3 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 10/02/2018
+ms.technology: mde
 ---
 
 # Audit IPsec Driver
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
index 37421d3b3e..179c4e5e22 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 10/02/2018
+ms.technology: mde
 ---
 
 # Audit IPsec Extended Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
index bf2db28b53..092717cc70 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 10/02/2018
+ms.technology: mde
 ---
 
 # Audit IPsec Main Mode
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
index 290c41687a..fefab72132 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 10/02/2018
+ms.technology: mde
 ---
 
 # Audit IPsec Quick Mode
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
index 529003459d..14495b2794 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Kerberos Authentication Service
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 0c95144cb1..555de3229e 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Kerberos Service Ticket Operations
diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md
index 60f0a374d8..35d10b40fa 100644
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Kernel Object
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index 011a5d397c..a07a10fd9a 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 07/16/2018
+ms.technology: mde
 ---
 
 # Audit Logoff
diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md
index 711c16301c..e87dd6ad1d 100644
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Logon
diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
index d58bafa0de..5107277a3d 100644
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit MPSSVC Rule-Level Policy Change
diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md
index 697ae99b16..78f17fb1a1 100644
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Network Policy Server
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index b75e993891..8cf59016dd 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Non-Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index 959a951636..39fa1e83de 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other Account Logon Events
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index 2795a0bb73..bb5d7120a3 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other Account Management Events
diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
index 9265129828..d50fe53957 100644
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other Logon/Logoff Events
diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
index 54b132e114..a485aa2d07 100644
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 05/29/2017
+ms.technology: mde
 ---
 
 # Audit Other Object Access Events
diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
index 2ceacf7bd7..5f55e34285 100644
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other Policy Change Events
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index 9adb4cfd74..87c74a4998 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -2,16 +2,17 @@
 title: Audit Other Privilege Use Events (Windows 10)
 description: Learn about the audit other privilege use events, an auditing subcategory that should not have any events in it but enables generation of event 4985(S).
 ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
-ms.reviewer:
+ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other Privilege Use Events
diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md
index 314723a738..7554066d42 100644
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Other System Events
diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md
index 2d1298584a..16b696e3a2 100644
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit PNP Activity
diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md
index 2eb2aa20f8..456c7082b1 100644
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Process Creation
diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md
index 7ba49fbd59..97b0a91741 100644
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Process Termination
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index 4b0d88838f..8b5fa48820 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Registry
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index 82d5170b7c..d09d98cb1d 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Removable Storage
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index b35eacaf51..59202d82fa 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit RPC Events
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 6e60284ead..2d23fcdcce 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit SAM
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index d75b85e522..c80fe834a9 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 02/28/2019
+ms.technology: mde
 ---
 
 # Audit Security Group Management
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index c10e8072f7..19614087bb 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Security State Change
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index 8c764f65c4..b787507ef4 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Security System Extension
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index 3bdb900b00..2f23c9cbcc 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index ec7e84c990..b17dccbcb1 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Special Logon
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index 89d27ff3cb..b461299ea0 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit System Integrity
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index bb9d974920..266ab2e3c9 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -5,7 +5,8 @@ manager: dansimp
 author: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
+ms.technology: mde
 ---
 
 # Audit Token Right Adjusted
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index 5b2d45cc98..145e04e477 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit User Account Management
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index bea0be45b0..6051e50d2f 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -6,12 +6,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit User/Device Claims
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index f345a84336..7e9d098f5d 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
 ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit account logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index e699a88ac1..10a7cb1c8c 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each event of account management on a d
 ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit account management
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index 530a4255bc..e52e2e7382 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -4,7 +4,7 @@ description: Determines whether to audit the event of a user accessing an Active
 ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit directory service access
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index 66c1906086..c730790cfa 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
 ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index c3bada3ea8..7bb1357af3 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -4,7 +4,7 @@ description: The policy setting, Audit object access, determines whether to audi
 ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit object access
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index b80e5788af..a04167e8c2 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -4,7 +4,7 @@ description: Determines whether to audit every incident of a change to user righ
 ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit policy change
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index a3e7893fe6..4b6a28a415 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user exercising a us
 ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit privilege use
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index 4f02eab9a3..c2e1ff94ca 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -4,7 +4,7 @@ description: Determines whether to audit detailed tracking information for event
 ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit process tracking
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 7811de4253..8c5e33028e 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit when a user restarts or shuts down the
 ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit system events
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index 3856637432..fd291c792a 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -4,7 +4,7 @@ description: Learn about basic security audit policies that specify the categori
 ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Basic security audit policies
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index 686cdfdc71..0ddb0a6152 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: Basic security audit policy settings are found under Computer Confi
 ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Basic security audit policy settings
diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index 745c787671..526946d4b5 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -4,7 +4,7 @@ description: By defining auditing settings for specific event categories, you ca
 ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create a basic audit policy for an event category
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index 251aa8834c..f3fbd46308 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -2,7 +2,7 @@
 title: 1100(S) The event logging service has shut down. (Windows 10)
 description: Describes security event 1100(S) The event logging service has shut down.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 1100(S): The event logging service has shut down.
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index 4a9b1e8b3a..fecf1badde 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -2,7 +2,7 @@
 title: 1102(S) The audit log was cleared. (Windows 10)
 description: Though you shouldn't normally see it, this event generates every time Windows Security audit log is cleared. This is for event 1102(S).
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 1102(S): The audit log was cleared.
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index fbcbb7dad9..8dbb841dce 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -1,8 +1,8 @@
 ---
 title: 1104(S) The security log is now full. (Windows 10)
-description: This event generates every time Windows security log becomes full and the event log retention method is set to "Do not overwrite events."
+description: This event generates every time Windows security log becomes full and the event log retention method is set to Do not overwrite events.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 1104(S): The security log is now full.
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index bd4e2bb72a..c08fa7be61 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -2,7 +2,7 @@
 title: 1105(S) Event log automatic backup. (Windows 10)
 description: This event generates every time Windows security log becomes full and new event log file was created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 1105(S): Event log automatic backup
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index 0aaa3b6a99..cd3bf45ca4 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -2,7 +2,7 @@
 title: The event logging service encountered an error (Windows 10)
 description: Describes security event 1108(S) The event logging service encountered an error while processing an incoming event published from %1.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 5f0730407d..6372e6acc2 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -2,7 +2,7 @@
 title: 4608(S) Windows is starting up. (Windows 10)
 description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4608(S): Windows is starting up.
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index c9be68814f..b85a2d5918 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -2,7 +2,7 @@
 title: 4610(S) An authentication package has been loaded by the Local Security Authority. (Windows 10)
 description: Describes security event 4610(S) An authentication package has been loaded by the Local Security Authority.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4610(S): An authentication package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index 6862a8d6a8..c3174b766e 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -2,7 +2,7 @@
 title: 4611(S) A trusted logon process has been registered with the Local Security Authority. (Windows 10)
 description: Describes security event 4611(S) A trusted logon process has been registered with the Local Security Authority.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4611(S): A trusted logon process has been registered with the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index 2ca7cca35a..c4561550d5 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -2,7 +2,7 @@
 title: 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. (Windows 10)
 description: Describes security event 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index f86b22408c..5bc966978c 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -2,7 +2,7 @@
 title: 4614(S) A notification package has been loaded by the Security Account Manager. (Windows 10)
 description: Describes security event 4614(S) A notification package has been loaded by the Security Account Manager.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4614(S): A notification package has been loaded by the Security Account Manager.
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index 0490e0ae3e..6c8f9cd7ac 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -2,7 +2,7 @@
 title: 4615(S) Invalid use of LPC port. (Windows 10)
 description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4615(S): Invalid use of LPC port.
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 3f700f0719..690bde945f 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -2,7 +2,7 @@
 title: 4616(S) The system time was changed. (Windows 10)
 description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4616(S): The system time was changed.
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index 4155868172..c1bc41f942 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -2,7 +2,7 @@
 title: 4618(S) A monitored security event pattern has occurred. (Windows 10)
 description: Describes security event 4618(S) A monitored security event pattern has occurred.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4618(S): A monitored security event pattern has occurred.
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index f3365acf99..8868b9b584 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -2,7 +2,7 @@
 title: 4621(S) Administrator recovered system from CrashOnAuditFail. (Windows 10)
 description: Describes security event 4621(S) Administrator recovered system from CrashOnAuditFail.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4621(S): Administrator recovered system from CrashOnAuditFail.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index 385f508b09..3579709147 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -2,7 +2,7 @@
 title: 4622(S) A security package has been loaded by the Local Security Authority. (Windows 10)
 description: Describes security event 4622(S) A security package has been loaded by the Local Security Authority.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4622(S): A security package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index 637a86a151..49f1a0d83c 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -2,7 +2,7 @@
 title: 4624(S) An account was successfully logged on. (Windows 10)
 description: Describes security event 4624(S) An account was successfully logged on.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4624(S): An account was successfully logged on.
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 293e52c57f..9dcf332398 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -2,7 +2,7 @@
 title: 4625(F) An account failed to log on. (Windows 10)
 description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4625(F): An account failed to log on.
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 2adc4b2f1b..667de4c561 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -2,7 +2,7 @@
 title: 4626(S) User/Device claims information. (Windows 10)
 description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4626(S): User/Device claims information.
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index fb47564ea9..ff63c0c122 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -2,7 +2,7 @@
 title: 4627(S) Group membership information. (Windows 10)
 description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4627(S): Group membership information.
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index d76dc2df61..b0541e2dbb 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -2,7 +2,7 @@
 title: 4634(S) An account was logged off. (Windows 10)
 description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 11/20/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4634(S): An account was logged off.
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 26bbcd86f8..14dc2a7083 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -2,7 +2,7 @@
 title: 4647(S) User initiated logoff. (Windows 10)
 description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4647(S): User initiated logoff.
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 5a44bd38f1..8483ee08ac 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -2,7 +2,7 @@
 title: 4648(S) A logon was attempted using explicit credentials. (Windows 10)
 description: Describes security event 4648(S) A logon was attempted using explicit credentials.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4648(S): A logon was attempted using explicit credentials.
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index dce0305250..06ae9ca1aa 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -2,7 +2,7 @@
 title: 4649(S) A replay attack was detected. (Windows 10)
 description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4649(S): A replay attack was detected.
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index 918d665121..f0ce074332 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -2,7 +2,7 @@
 title: 4656(S, F) A handle to an object was requested. (Windows 10)
 description: Describes security event 4656(S, F) A handle to an object was requested.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4656(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index cb009c97df..f7ebcac31c 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -2,7 +2,7 @@
 title: 4657(S) A registry value was modified. (Windows 10)
 description: Describes security event 4657(S) A registry value was modified. This event is generated when a registry key value is modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4657(S): A registry value was modified.
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index c461aa3d20..85b56fb6d0 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -2,7 +2,7 @@
 title: 4658(S) The handle to an object was closed. (Windows 10)
 description: Describes security event 4658(S) The handle to an object was closed. This event is generated when the handle to an object is closed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4658(S): The handle to an object was closed.
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 0823b6ae3e..db4a9fd649 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -2,7 +2,7 @@
 title: 4660(S) An object was deleted. (Windows 10)
 description: Describes security event 4660(S) An object was deleted. This event is generated when an object is deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4660(S): An object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index 13513c1eb8..1fd43e2292 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -2,7 +2,7 @@
 title: 4661(S, F) A handle to an object was requested. (Windows 10)
 description: Describes security event 4661(S, F) A handle to an object was requested.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4661(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index 31fd7fd716..8998dbb81a 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -2,7 +2,7 @@
 title: 4662(S, F) An operation was performed on an object. (Windows 10)
 description: Describes security event 4662(S, F) An operation was performed on an object.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4662(S, F): An operation was performed on an object.
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index 44da729457..367e5eb029 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -2,7 +2,7 @@
 title: 4663(S) An attempt was made to access an object. (Windows 10)
 description: Describes security event 4663(S) An attempt was made to access an object.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4663(S): An attempt was made to access an object.
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index 6f60cce3a7..9c99e5f2bc 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -2,7 +2,7 @@
 title: 4664(S) An attempt was made to create a hard link. (Windows 10)
 description: Describes security event 4664(S) An attempt was made to create a hard link.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4664(S): An attempt was made to create a hard link.
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index bc6d20907b..c52b274d4f 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -2,7 +2,7 @@
 title: 4670(S) Permissions on an object were changed. (Windows 10)
 description: Describes security event 4670(S) Permissions on an object were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4670(S): Permissions on an object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index 3e81e5f2f6..fb46f1fb5a 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -2,7 +2,7 @@
 title: 4671(-) An application attempted to access a blocked ordinal through the TBS. (Windows 10)
 description: Describes security event 4671(-) An application attempted to access a blocked ordinal through the TBS.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4671(-): An application attempted to access a blocked ordinal through the TBS.
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index 81b9fd94a0..60e95bde44 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -2,7 +2,7 @@
 title: 4672(S) Special privileges assigned to new logon. (Windows 10)
 description: Describes security event 4672(S) Special privileges assigned to new logon.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 12/20/2018
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4672(S): Special privileges assigned to new logon.
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index c647485d66..579be30565 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -2,7 +2,7 @@
 title: 4673(S, F) A privileged service was called. (Windows 10)
 description: Describes security event 4673(S, F) A privileged service was called. This event is generated for an attempt to perform privileged system service operations.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4673(S, F): A privileged service was called.
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 5781254277..5eecd1f2b5 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -2,7 +2,7 @@
 title: 4674(S, F) An operation was attempted on a privileged object. (Windows 10)
 description: Describes security event 4674(S, F) An operation was attempted on a privileged object.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4674(S, F): An operation was attempted on a privileged object.
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 978d25bf39..0af7742f2c 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -2,7 +2,7 @@
 title: 4675(S) SIDs were filtered. (Windows 10)
 description: Describes security event 4675(S) SIDs were filtered. This event is generated when SIDs were filtered for a specific Active Directory trust.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4675(S): SIDs were filtered.
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 4c48e4623a..31baef1ba5 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -2,7 +2,7 @@
 title: 4688(S) A new process has been created. (Windows 10)
 description: Describes security event 4688(S) A new process has been created. This event is generated when a new process starts.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4688(S): A new process has been created.
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 81c27d0423..99bee451d9 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -2,7 +2,7 @@
 title: 4689(S) A process has exited. (Windows 10)
 description: Describes security event 4689(S) A process has exited. This event is generates when a process exits.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4689(S): A process has exited.
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index be4ce4de7c..d7a23d1da4 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -2,7 +2,7 @@
 title: 4690(S) An attempt was made to duplicate a handle to an object. (Windows 10)
 description: Describes security event 4690(S) An attempt was made to duplicate a handle to an object.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4690(S): An attempt was made to duplicate a handle to an object.
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index 001cce1266..cadefa2220 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -2,7 +2,7 @@
 title: 4691(S) Indirect access to an object was requested. (Windows 10)
 description: Describes security event 4691(S) Indirect access to an object was requested.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4691(S): Indirect access to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index dc84c4c3d6..5d421a4e9f 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -2,7 +2,7 @@
 title: 4692(S, F) Backup of data protection master key was attempted. (Windows 10)
 description: Describes security event 4692(S, F) Backup of data protection master key was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4692(S, F): Backup of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 72c5473fe1..705ede7a61 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -2,7 +2,7 @@
 title: 4693(S, F) Recovery of data protection master key was attempted. (Windows 10)
 description: Describes security event 4693(S, F) Recovery of data protection master key was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4693(S, F): Recovery of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index 9d96a529ac..3d9e4f51cf 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -2,7 +2,7 @@
 title: 4694(S, F) Protection of auditable protected data was attempted. (Windows 10)
 description: Describes security event 4694(S, F) Protection of auditable protected data was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4694(S, F): Protection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 675ba33601..cbca831957 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -2,7 +2,7 @@
 title: 4695(S, F) Unprotection of auditable protected data was attempted. (Windows 10)
 description: Describes security event 4695(S, F) Unprotection of auditable protected data was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4695(S, F): Unprotection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index 0268cd25a8..520d0d5d1e 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -2,7 +2,7 @@
 title: 4696(S) A primary token was assigned to process. (Windows 10)
 description: Describes security event 4696(S) A primary token was assigned to process.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4696(S): A primary token was assigned to process.
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index d454c05905..090b2436e1 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -2,7 +2,7 @@
 title: 4697(S) A service was installed in the system. (Windows 10)
 description: Describes security event 4697(S) A service was installed in the system.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4697(S): A service was installed in the system.
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index a6f3256c16..567815e3b8 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -2,7 +2,7 @@
 title: 4698(S) A scheduled task was created. (Windows 10)
 description: Describes security event 4698(S) A scheduled task was created. This event is generated when a scheduled task is created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4698(S): A scheduled task was created.
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index 48148e6246..5b2861c4d1 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -2,7 +2,7 @@
 title: 4699(S) A scheduled task was deleted. (Windows 10)
 description: Describes security event 4699(S) A scheduled task was deleted. This event is generated every time a scheduled task is deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4699(S): A scheduled task was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index 8d39b0e38d..90e9f7b574 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -2,7 +2,7 @@
 title: 4700(S) A scheduled task was enabled. (Windows 10)
 description: Describes security event 4700(S) A scheduled task was enabled. This event is generated every time a scheduled task is enabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4700(S): A scheduled task was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index ef24c397fc..bc81734079 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -2,7 +2,7 @@
 title: 4701(S) A scheduled task was disabled. (Windows 10)
 description: Describes security event 4701(S) A scheduled task was disabled. This event is generated every time a scheduled task is disabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4701(S): A scheduled task was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 393a0619d6..f6d5b753e4 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -2,7 +2,7 @@
 title: 4702(S) A scheduled task was updated. (Windows 10)
 description: Describes security event 4702(S) A scheduled task was updated. This event is generated when a scheduled task is updated/changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4702(S): A scheduled task was updated.
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index 7483483ea2..e0a624d4fb 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -2,7 +2,7 @@
 title: 4703(S) A user right was adjusted. (Windows 10)
 description: Describes security event 4703(S) A user right was adjusted. This event is generated when token privileges are enabled or disabled for a specific account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4703(S): A user right was adjusted.
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index bc3e9d5c3a..d1d045bb0d 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -2,7 +2,7 @@
 title: 4704(S) A user right was assigned. (Windows 10)
 description: Describes security event 4704(S) A user right was assigned. This event is generated when a user right is assigned to an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4704(S): A user right was assigned.
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 5b337c9941..317b3b23fb 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -2,7 +2,7 @@
 title: 4705(S) A user right was removed. (Windows 10)
 description: Describes security event 4705(S) A user right was removed. This event is generated when a user right is removed from an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4705(S): A user right was removed.
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index 2a57c47db5..d39473364c 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -2,7 +2,7 @@
 title: 4706(S) A new trust was created to a domain. (Windows 10)
 description: Describes security event 4706(S) A new trust was created to a domain. This event is generated when a new trust is created for a domain.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4706(S): A new trust was created to a domain.
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index dc7e2f5419..f16f66bdcd 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -2,7 +2,7 @@
 title: 4707(S) A trust to a domain was removed. (Windows 10)
 description: Describes security event 4707(S) A trust to a domain was removed. This event is generated when a domain trust is removed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4707(S): A trust to a domain was removed.
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 69c6f2f153..3c7ada997e 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -2,7 +2,7 @@
 title: 4713(S) Kerberos policy was changed. (Windows 10)
 description: Describes security event 4713(S) Kerberos policy was changed. This event is generated when Kerberos policy is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4713(S): Kerberos policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index c81891ffc9..36dec3a969 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -2,7 +2,7 @@
 title: 4714(S) Encrypted data recovery policy was changed. (Windows 10)
 description: Describes security event 4714(S) Encrypted data recovery policy was changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4714(S): Encrypted data recovery policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index c51f51c999..d4e9d14839 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -2,7 +2,7 @@
 title: 4715(S) The audit policy (SACL) on an object was changed. (Windows 10)
 description: Describes security event 4715(S) The audit policy (SACL) on an object was changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4715(S): The audit policy (SACL) on an object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 4ab122d7f1..35b1bfc9d2 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -2,7 +2,7 @@
 title: 4716(S) Trusted domain information was modified. (Windows 10)
 description: Describes security event 4716(S) Trusted domain information was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/04/2019
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4716(S): Trusted domain information was modified.
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index ffe87e87e0..ddbd9f66db 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -2,7 +2,7 @@
 title: 4717(S) System security access was granted to an account. (Windows 10)
 description: Describes security event 4717(S) System security access was granted to an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4717(S): System security access was granted to an account.
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index ecef74c71a..0e7892c9c8 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -2,7 +2,7 @@
 title: 4718(S) System security access was removed from an account. (Windows 10)
 description: Describes security event 4718(S) System security access was removed from an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4718(S): System security access was removed from an account.
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index e634cf0bbf..98469b6945 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -2,7 +2,7 @@
 title: 4719(S) System audit policy was changed. (Windows 10)
 description: Describes security event 4719(S) System audit policy was changed. This event is generated when the computer audit policy changes.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4719(S): System audit policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index d18fd86200..1569aebb53 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -2,7 +2,7 @@
 title: 4720(S) A user account was created. (Windows 10)
 description: Describes security event 4720(S) A user account was created. This event is generated a user object is created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4720(S): A user account was created.
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index 97a958aba9..e156a9bedf 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -2,7 +2,7 @@
 title: 4722(S) A user account was enabled. (Windows 10)
 description: Describes security event 4722(S) A user account was enabled. This event is generated when a user or computer object is enabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4722(S): A user account was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index 4622d802a2..8a2eb1aa9b 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -2,7 +2,7 @@
 title: 4723(S, F) An attempt was made to change an account's password. (Windows 10)
 description: Describes security event 4723(S, F) An attempt was made to change an account's password.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4723(S, F): An attempt was made to change an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index 3d9bbc1a0d..f360a13828 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -2,7 +2,7 @@
 title: 4724(S, F) An attempt was made to reset an account's password. (Windows 10)
 description: Describes security event 4724(S, F) An attempt was made to reset an account's password.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4724(S, F): An attempt was made to reset an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index c1bdc4c1f4..5be795b261 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -2,7 +2,7 @@
 title: 4725(S) A user account was disabled. (Windows 10)
 description: Describes security event 4725(S) A user account was disabled. This event is generated when a user or computer object is disabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4725(S): A user account was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index ae0997e85e..f8f7ffba8c 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -2,7 +2,7 @@
 title: 4726(S) A user account was deleted. (Windows 10)
 description: Describes security event 4726(S) A user account was deleted. This event is generated when a user object is deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4726(S): A user account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 5fcdcba641..78d8e0e0c8 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -2,7 +2,7 @@
 title: 4731(S) A security-enabled local group was created. (Windows 10)
 description: Describes security event 4731(S) A security-enabled local group was created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4731(S): A security-enabled local group was created.
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index 65ba0ae840..94a84c0054 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -2,7 +2,7 @@
 title: 4732(S) A member was added to a security-enabled local group. (Windows 10)
 description: Describes security event 4732(S) A member was added to a security-enabled local group.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4732(S): A member was added to a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index b970a918bc..b23bf184d3 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -2,7 +2,7 @@
 title: 4733(S) A member was removed from a security-enabled local group. (Windows 10)
 description: Describes security event 4733(S) A member was removed from a security-enabled local group.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4733(S): A member was removed from a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index 5e439c5e46..144c20c935 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -2,7 +2,7 @@
 title: 4734(S) A security-enabled local group was deleted. (Windows 10)
 description: Describes security event 4734(S) A security-enabled local group was deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4734(S): A security-enabled local group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index 07ff8c48cf..98843abaa0 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -2,7 +2,7 @@
 title: 4735(S) A security-enabled local group was changed. (Windows 10)
 description: Describes security event 4735(S) A security-enabled local group was changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4735(S): A security-enabled local group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index 3ad4e0bb93..6262726e51 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -2,7 +2,7 @@
 title: 4738(S) A user account was changed. (Windows 10)
 description: Describes security event 4738(S) A user account was changed. This event is generated when a user object is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4738(S): A user account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index 644aa94187..900d034c18 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -2,7 +2,7 @@
 title: 4739(S) Domain Policy was changed. (Windows 10)
 description: Describes security event 4739(S) Domain Policy was changed. This event is generated when certain changes are made to the local computer security policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4739(S): Domain Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 68838caedf..db7139e935 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -2,7 +2,7 @@
 title: 4740(S) A user account was locked out. (Windows 10)
 description: Describes security event 4740(S) A user account was locked out. This event is generated every time a user account is locked out.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4740(S): A user account was locked out.
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 22809b4f8f..466e46e06b 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -2,7 +2,7 @@
 title: 4741(S) A computer account was created. (Windows 10)
 description: Describes security event 4741(S) A computer account was created. This event is generated every time a computer object is created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4741(S): A computer account was created.
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index 0d9f50526b..c692aef6e1 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -2,7 +2,7 @@
 title: 4742(S) A computer account was changed. (Windows 10)
 description: Describes security event 4742(S) A computer account was changed. This event is generated every time a computer object is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4742(S): A computer account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index 3cc90698fb..3402a5e1d7 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -2,7 +2,7 @@
 title: 4743(S) A computer account was deleted. (Windows 10)
 description: Describes security event 4743(S) A computer account was deleted. This event is generated every time a computer object is deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4743(S): A computer account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index cb2cbe96a6..478ae9e021 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -2,7 +2,7 @@
 title: 4749(S) A security-disabled global group was created. (Windows 10)
 description: Describes security event 4749(S) A security-disabled global group was created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4749(S): A security-disabled global group was created.
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index 7d5ba9d12e..4bdfe79f69 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -2,7 +2,7 @@
 title: 4750(S) A security-disabled global group was changed. (Windows 10)
 description: Describes security event 4750(S) A security-disabled global group was changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4750(S): A security-disabled global group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index e72bc3b3a0..c86b86e123 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -2,7 +2,7 @@
 title: 4751(S) A member was added to a security-disabled global group. (Windows 10)
 description: Describes security event 4751(S) A member was added to a security-disabled global group.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4751(S): A member was added to a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index b1fc1df98f..791b2886aa 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -2,7 +2,7 @@
 title: 4752(S) A member was removed from a security-disabled global group. (Windows 10)
 description: Describes security event 4752(S) A member was removed from a security-disabled global group.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4752(S): A member was removed from a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index 0eef2ab038..501018ce26 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -2,7 +2,7 @@
 title: 4753(S) A security-disabled global group was deleted. (Windows 10)
 description: Describes security event 4753(S) A security-disabled global group was deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4753(S): A security-disabled global group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 86df9d9645..1697b853f9 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -1,8 +1,8 @@
 ---
 title: 4764(S) A group's type was changed. (Windows 10)
-description: "Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed."
+description: Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4764(S): A group’s type was changed.
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index 3ea2c4e756..3a23558650 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -2,7 +2,7 @@
 title: 4765(S) SID History was added to an account. (Windows 10)
 description: Describes security event 4765(S) SID History was added to an account. This event is generated when SID History is added to an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4765(S): SID History was added to an account.
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index d8dab9d004..afac5f0fe1 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -2,7 +2,7 @@
 title: 4766(F) An attempt to add SID History to an account failed. (Windows 10)
 description: Describes security event 4766(F) An attempt to add SID History to an account failed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4766(F): An attempt to add SID History to an account failed.
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index 87baefbc54..cf7b13e4f0 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -2,7 +2,7 @@
 title: 4767(S) A user account was unlocked. (Windows 10)
 description: Describes security event 4767(S) A user account was unlocked. This event is generated every time a user account is unlocked.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4767(S): A user account was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 1da086eb93..22df11d465 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -2,7 +2,7 @@
 title: 4768(S, F) A Kerberos authentication ticket (TGT) was requested. (Windows 10)
 description: Describes security event 4768(S, F) A Kerberos authentication ticket (TGT) was requested.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index 64f7bf4503..522068cbbb 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -2,7 +2,7 @@
 title: 4769(S, F) A Kerberos service ticket was requested. (Windows 10)
 description: Describes security event 4769(S, F) A Kerberos service ticket was requested.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4769(S, F): A Kerberos service ticket was requested.
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index 0085dcf3ff..8ec543b090 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -2,7 +2,7 @@
 title: 4770(S) A Kerberos service ticket was renewed. (Windows 10)
 description: Describes security event 4770(S) A Kerberos service ticket was renewed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4770(S): A Kerberos service ticket was renewed.
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index 9c6cb7f55a..840d05eefb 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -2,7 +2,7 @@
 title: 4771(F) Kerberos pre-authentication failed. (Windows 10)
 description: Describes security event 4771(F) Kerberos pre-authentication failed. This event is generated when the Key Distribution Center fails to issue a Kerberos TGT.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 07/23/2020
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4771(F): Kerberos pre-authentication failed.
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index 1119135008..2124b16bb1 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -2,7 +2,7 @@
 title: 4772(F) A Kerberos authentication ticket request failed. (Windows 10)
 description: Describes security event 4772(F) A Kerberos authentication ticket request failed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4772(F): A Kerberos authentication ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index 7a307bbea1..ba672478d8 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -2,7 +2,7 @@
 title: 4773(F) A Kerberos service ticket request failed. (Windows 10)
 description: Describes security event 4773(F) A Kerberos service ticket request failed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4773(F): A Kerberos service ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index 21a33e20a2..08eb0fe72f 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -2,7 +2,7 @@
 title: 4774(S, F) An account was mapped for logon. (Windows 10)
 description: Describes security event 4774(S, F) An account was mapped for logon. This event is generated when an account is mapped for logon.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4774(S, F): An account was mapped for logon.
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index e444e1c1bd..cf27ccdf2a 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -2,7 +2,7 @@
 title: 4775(F) An account could not be mapped for logon. (Windows 10)
 description: Describes security event 4775(F) An account could not be mapped for logon.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4775(F): An account could not be mapped for logon.
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 2e759dcb4e..18bd592d00 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -2,7 +2,7 @@
 title: 4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10)
 description: Describes security event 4776(S, F) The computer attempted to validate the credentials for an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4776(S, F): The computer attempted to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 4cdf40b163..28a4b42d08 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -2,7 +2,7 @@
 title: 4777(F) The domain controller failed to validate the credentials for an account. (Windows 10)
 description: Describes security event 4777(F) The domain controller failed to validate the credentials for an account.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4777(F): The domain controller failed to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index 265b39dbcf..53c1eac2d8 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -2,7 +2,7 @@
 title: 4778(S) A session was reconnected to a Window Station. (Windows 10)
 description: Describes security event 4778(S) A session was reconnected to a Window Station.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4778(S): A session was reconnected to a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index bd733289bb..76337cfdf8 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -2,7 +2,7 @@
 title: 4779(S) A session was disconnected from a Window Station. (Windows 10)
 description: Describes security event 4779(S) A session was disconnected from a Window Station.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4779(S): A session was disconnected from a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 4a521896e8..dafa5d3ff1 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -2,7 +2,7 @@
 title: 4780(S) The ACL was set on accounts which are members of administrators groups. (Windows 10)
 description: Describes security event 4780(S) The ACL was set on accounts which are members of administrators groups.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4780(S): The ACL was set on accounts which are members of administrators groups.
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index a48651e686..2adb3bcac5 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -2,7 +2,7 @@
 title: 4781(S) The name of an account was changed. (Windows 10)
 description: Describes security event 4781(S) The name of an account was changed. This event is generated every time a user or computer account name is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4781(S): The name of an account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index 571fdf3a93..a7907aed15 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -2,7 +2,7 @@
 title: 4782(S) The password hash of an account was accessed. (Windows 10)
 description: Describes security event 4782(S) The password hash of an account was accessed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4782(S): The password hash of an account was accessed.
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index f2bdc2b09f..d6fecbdbdf 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -2,7 +2,7 @@
 title: 4793(S) The Password Policy Checking API was called. (Windows 10)
 description: Describes security event 4793(S) The Password Policy Checking API was called.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4793(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 9ecf3cfcb7..6e585048c1 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -2,7 +2,7 @@
 title: 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password. (Windows 10)
 description: Describes security event 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 76e806ffcf..3fddfd9b65 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -2,7 +2,7 @@
 title: 4798(S) A user's local group membership was enumerated. (Windows 10)
 description: Describes security event 4798(S) A user's local group membership was enumerated.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4798(S): A user's local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index c9963afbb0..18b337fcdc 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -2,7 +2,7 @@
 title: 4799(S) A security-enabled local group membership was enumerated. (Windows 10)
 description: Describes security event 4799(S) A security-enabled local group membership was enumerated.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4799(S): A security-enabled local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index b0be9a0f3a..92c543f8b0 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -2,7 +2,7 @@
 title: 4800(S) The workstation was locked. (Windows 10)
 description: Describes security event 4800(S) The workstation was locked. This event is generated when a workstation is locked.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4800(S): The workstation was locked.
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index 61e2682379..ed7c8ec85c 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -2,7 +2,7 @@
 title: 4801(S) The workstation was unlocked. (Windows 10)
 description: Describes security event 4801(S) The workstation was unlocked. This event is generated when workstation is unlocked.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4801(S): The workstation was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index a00ead7497..9f5fa2b8e3 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -2,7 +2,7 @@
 title: 4802(S) The screen saver was invoked. (Windows 10)
 description: Describes security event 4802(S) The screen saver was invoked. This event is generated when screen saver is invoked.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4802(S): The screen saver was invoked.
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 0354849e13..20304e4527 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -2,7 +2,7 @@
 title: 4803(S) The screen saver was dismissed. (Windows 10)
 description: Describes security event 4803(S) The screen saver was dismissed. This event is generated when screen saver is dismissed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4803(S): The screen saver was dismissed.
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 1efa9756ec..9e36c52bb1 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -2,7 +2,7 @@
 title: 4816(S) RPC detected an integrity violation while decrypting an incoming message. (Windows 10)
 description: Describes security event 4816(S) RPC detected an integrity violation while decrypting an incoming message.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4816(S): RPC detected an integrity violation while decrypting an incoming message.
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index efdf01da8a..48757706f8 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -2,7 +2,7 @@
 title: 4817(S) Auditing settings on object were changed. (Windows 10)
 description: Describes security event 4817(S) Auditing settings on object were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4817(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 1134b02c0b..7da8723ef4 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -2,7 +2,7 @@
 title: 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. (Windows 10)
 description: Describes security event 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index c2de9d1e36..58fa2fcf24 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -2,7 +2,7 @@
 title: 4819(S) Central Access Policies on the machine have been changed. (Windows 10)
 description: Describes security event 4819(S) Central Access Policies on the machine have been changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4819(S): Central Access Policies on the machine have been changed.
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 3729924d93..29f4675931 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -2,7 +2,7 @@
 title: 4826(S) Boot Configuration Data loaded. (Windows 10)
 description: Describes security event 4826(S) Boot Configuration Data loaded. This event is generated every time system starts and loads Boot Configuration Data settings.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4826(S): Boot Configuration Data loaded.
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index 5556b207b5..ca1995291e 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -2,7 +2,7 @@
 title: 4864(S) A namespace collision was detected. (Windows 10)
 description: Describes security event 4864(S) A namespace collision was detected. This event is generated when a namespace collision is detected.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4864(S): A namespace collision was detected.
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 15e738f7be..e1ff8e242a 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -2,7 +2,7 @@
 title: 4865(S) A trusted forest information entry was added. (Windows 10)
 description: Describes security event 4865(S) A trusted forest information entry was added.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4865(S): A trusted forest information entry was added.
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index e0f05fbf3e..f189e60e01 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -2,7 +2,7 @@
 title: 4866(S) A trusted forest information entry was removed. (Windows 10)
 description: Describes security event 4866(S) A trusted forest information entry was removed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4866(S): A trusted forest information entry was removed.
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index ae2bf03bb6..9635b1cd74 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -2,7 +2,7 @@
 title: 4867(S) A trusted forest information entry was modified. (Windows 10)
 description: Describes security event 4867(S) A trusted forest information entry was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4867(S): A trusted forest information entry was modified.
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index c8b89b375c..d5a7640b84 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -2,7 +2,7 @@
 title: 4902(S) The Per-user audit policy table was created. (Windows 10)
 description: Describes security event 4902(S) The Per-user audit policy table was created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4902(S): The Per-user audit policy table was created.
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index cfd3f1c0fe..d22ff00643 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -2,7 +2,7 @@
 title: 4904(S) An attempt was made to register a security event source. (Windows 10)
 description: Describes security event 4904(S) An attempt was made to register a security event source.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4904(S): An attempt was made to register a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index bfc9d5bbb9..aa98ea5517 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -2,7 +2,7 @@
 title: 4905(S) An attempt was made to unregister a security event source. (Windows 10)
 description: Describes security event 4905(S) An attempt was made to unregister a security event source.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4905(S): An attempt was made to unregister a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 7782a6571d..617b7a2597 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -2,7 +2,7 @@
 title: 4906(S) The CrashOnAuditFail value has changed. (Windows 10)
 description: Describes security event 4906(S) The CrashOnAuditFail value has changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4906(S): The CrashOnAuditFail value has changed.
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 6610d670eb..74edaaa9a3 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -2,7 +2,7 @@
 title: 4907(S) Auditing settings on object were changed. (Windows 10)
 description: Describes security event 4907(S) Auditing settings on object were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4907(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index 7573adb5f7..3a12a949e0 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -2,7 +2,7 @@
 title: 4908(S) Special Groups Logon table modified. (Windows 10)
 description: Describes security event 4908(S) Special Groups Logon table modified. This event is generated when the Special Groups Logon table is modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4908(S): Special Groups Logon table modified.
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index 2acda55983..9c3b067418 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -2,7 +2,7 @@
 title: 4909(-) The local policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4909(-) The local policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4909(-): The local policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index 8b90247c65..948c3a6dab 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -2,7 +2,7 @@
 title: 4910(-) The group policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4910(-) The group policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4910(-): The group policy settings for the TBS were changed.
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index bbd17b1660..cf47c889e0 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -2,7 +2,7 @@
 title: 4911(S) Resource attributes of the object were changed. (Windows 10)
 description: Describes security event 4911(S) Resource attributes of the object were changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4911(S): Resource attributes of the object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index cf141b9a2d..e4bc6d9d43 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -2,7 +2,7 @@
 title: 4912(S) Per User Audit Policy was changed. (Windows 10)
 description: Describes security event 4912(S) Per User Audit Policy was changed. This event is generated every time Per User Audit Policy is changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4912(S): Per User Audit Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index 3be7e9bec3..95f0aa8b70 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -2,7 +2,7 @@
 title: 4913(S) Central Access Policy on the object was changed. (Windows 10)
 description: Describes security event 4913(S) Central Access Policy on the object was changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4913(S): Central Access Policy on the object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index 664b36c1ca..45fa768785 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -2,7 +2,7 @@
 title: 4928(S, F) An Active Directory replica source naming context was established. (Windows 10)
 description: Describes security event 4928(S, F) An Active Directory replica source naming context was established.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4928(S, F): An Active Directory replica source naming context was established.
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index b5a1ba430e..9e126439a2 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -2,7 +2,7 @@
 title: 4929(S, F) An Active Directory replica source naming context was removed. (Windows 10)
 description: Describes security event 4929(S, F) An Active Directory replica source naming context was removed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4929(S, F): An Active Directory replica source naming context was removed.
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index f7b993d3a9..42d488915d 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -2,7 +2,7 @@
 title: 4930(S, F) An Active Directory replica source naming context was modified. (Windows 10)
 description: Describes security event 4930(S, F) An Active Directory replica source naming context was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4930(S, F): An Active Directory replica source naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index 3f02d54421..fc3a7fc61f 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -2,7 +2,7 @@
 title: 4931(S, F) An Active Directory replica destination naming context was modified. (Windows 10)
 description: Describes security event 4931(S, F) An Active Directory replica destination naming context was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4931(S, F): An Active Directory replica destination naming context was modified.
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index 615a83328d..4450fb0acc 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -2,7 +2,7 @@
 title: 4932(S) Synchronization of a replica of an Active Directory naming context has begun. (Windows 10)
 description: Describes security event 4932(S) Synchronization of a replica of an Active Directory naming context has begun.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4932(S): Synchronization of a replica of an Active Directory naming context has begun.
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index b5fbe33942..1143269597 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -2,7 +2,7 @@
 title: 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended. (Windows 10)
 description: Describes security event 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index 4a5890af24..ffc4b9b4a3 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -2,7 +2,7 @@
 title: 4934(S) Attributes of an Active Directory object were replicated. (Windows 10)
 description: Describes security event 4934(S) Attributes of an Active Directory object were replicated.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4934(S): Attributes of an Active Directory object were replicated.
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index c9e2159bc0..f2910784e6 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -2,7 +2,7 @@
 title: 4935(F) Replication failure begins. (Windows 10)
 description: Describes security event 4935(F) Replication failure begins. This event is generated when Active Directory replication failure begins.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4935(F): Replication failure begins.
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index d9d60e43be..3f808bf11d 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -2,7 +2,7 @@
 title: 4936(S) Replication failure ends. (Windows 10)
 description: Describes security event 4936(S) Replication failure ends. This event is generated when Active Directory replication failure ends.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4936(S): Replication failure ends.
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index 8fb915289b..2775be1c5d 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -2,7 +2,7 @@
 title: 4937(S) A lingering object was removed from a replica. (Windows 10)
 description: Describes security event 4937(S) A lingering object was removed from a replica.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4937(S): A lingering object was removed from a replica.
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index ca2c97045e..1b6522a256 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -2,7 +2,7 @@
 title: 4944(S) The following policy was active when the Windows Firewall started. (Windows 10)
 description: Describes security event 4944(S) The following policy was active when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4944(S): The following policy was active when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index 74d3f7c688..da8105bffc 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -2,7 +2,7 @@
 title: 4945(S) A rule was listed when the Windows Firewall started. (Windows 10)
 description: Describes security event 4945(S) A rule was listed when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4945(S): A rule was listed when the Windows Firewall started.
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index 4ff3dd9f1d..30ae25fd28 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -2,7 +2,7 @@
 title: 4946(S) A change has been made to Windows Firewall exception list. A rule was added. (Windows 10)
 description: Describes security event 4946(S) A change has been made to Windows Firewall exception list. A rule was added.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4946(S): A change has been made to Windows Firewall exception list. A rule was added.
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index a4906d1dbc..b38eef6371 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -2,7 +2,7 @@
 title: 4947(S) A change has been made to Windows Firewall exception list. A rule was modified. (Windows 10)
 description: Describes security event 4947(S) A change has been made to Windows Firewall exception list. A rule was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 5c86cb55c9..5f92a37c6a 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -2,7 +2,7 @@
 title: 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted. (Windows 10)
 description: Describes security event 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index 983159d9e8..e304844bc8 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -2,7 +2,7 @@
 title: 4949(S) Windows Firewall settings were restored to the default values. (Windows 10)
 description: Describes security event 4949(S) Windows Firewall settings were restored to the default values.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4949(S): Windows Firewall settings were restored to the default values.
diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index eb6c3770c9..54ead99c65 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -2,7 +2,7 @@
 title: 4950(S) A Windows Firewall setting has changed. (Windows 10)
 description: Describes security event 4950(S) A Windows Firewall setting has changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4950(S): A Windows Firewall setting has changed.
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index ff8ed88bdb..4a2c32b9e2 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -2,7 +2,7 @@
 title: 4951(F) A rule has been ignored because its major version number was not recognized by Windows Firewall. (Windows 10)
 description: Describes security event 4951(F) A rule has been ignored because its major version number was not recognized by Windows Firewall.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall.
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index 0bd8a3b9b6..150a0ac97d 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -2,7 +2,7 @@
 title: 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. (Windows 10)
 description: Security event 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index 1e9dcd7898..38d9aa6a3d 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -2,7 +2,7 @@
 title: 4953(F) Windows Firewall ignored a rule because it could not be parsed. (Windows 10)
 description: Describes security event 4953(F) Windows Firewall ignored a rule because it could not be parsed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4953(F): Windows Firewall ignored a rule because it could not be parsed.
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index b58926388b..99bb6457e2 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -2,7 +2,7 @@
 title: 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied. (Windows 10)
 description: Describes security event 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index 6af6a50864..34d36fa5d0 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -2,7 +2,7 @@
 title: 4956(S) Windows Firewall has changed the active profile. (Windows 10)
 description: Describes security event 4956(S) Windows Firewall has changed the active profile.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4956(S): Windows Firewall has changed the active profile.
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index 396a5b587d..8b822ee84c 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -2,7 +2,7 @@
 title: 4957(F) Windows Firewall did not apply the following rule. (Windows 10)
 description: Describes security event 4957(F) Windows Firewall did not apply the following rule.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4957(F): Windows Firewall did not apply the following rule.
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index 14d3b2ad4b..05922fd7a7 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -2,7 +2,7 @@
 title: 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
 description: Describes security event 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index 4cd9707147..0ee97ac194 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -2,7 +2,7 @@
 title: 4964(S) Special groups have been assigned to a new logon. (Windows 10)
 description: Describes security event 4964(S) Special groups have been assigned to a new logon.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4964(S): Special groups have been assigned to a new logon.
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index 2a98d42db6..9b3680639b 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -2,7 +2,7 @@
 title: 4985(S) The state of a transaction has changed. (Windows 10)
 description: Describes security event 4985(S) The state of a transaction has changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 4985(S): The state of a transaction has changed.
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index 9dede9c866..b24cd95e31 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -2,7 +2,7 @@
 title: 5024(S) The Windows Firewall Service has started successfully. (Windows 10)
 description: Describes security event 5024(S) The Windows Firewall Service has started successfully.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5024(S): The Windows Firewall Service has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index d6a60c5da2..a9a3c5e14b 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -2,7 +2,7 @@
 title: 5025(S) The Windows Firewall Service has been stopped. (Windows 10)
 description: Describes security event 5025(S) The Windows Firewall Service has been stopped.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5025(S): The Windows Firewall Service has been stopped.
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index 23bf6e5c30..4ea2177c6b 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -1,8 +1,8 @@
 ---
 title: 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. (Windows 10)
-description: Details on security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. 
+description: Details on security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index 8929b86d33..9ab51ca985 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -2,7 +2,7 @@
 title: 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. (Windows 10)
 description: Describes security event 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index dcdda6a60f..46d9b7b3e7 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -2,7 +2,7 @@
 title: 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. (Windows 10)
 description: Describes security event 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index 37d3844e1f..de68bc30db 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -2,7 +2,7 @@
 title: 5030(F) The Windows Firewall Service failed to start. (Windows 10)
 description: Describes security event 5030(F) The Windows Firewall Service failed to start.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5030(F): The Windows Firewall Service failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index e6bcd4a68c..7453df6988 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -5,11 +5,12 @@ manager: dansimp
 ms.author: dansimp
 description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
+ms.technology: mde
 ---
 
 # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index 02b5e5768f..a356c6ba72 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -2,7 +2,7 @@
 title: 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. (Windows 10)
 description: Describes security event 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index 834f4c95b8..05552da629 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -2,7 +2,7 @@
 title: 5033(S) The Windows Firewall Driver has started successfully. (Windows 10)
 description: Describes security event 5033(S) The Windows Firewall Driver has started successfully.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5033(S): The Windows Firewall Driver has started successfully.
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index c3f04488fa..7cef4c54e0 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -2,7 +2,7 @@
 title: 5034(S) The Windows Firewall Driver was stopped. (Windows 10)
 description: Describes security event 5034(S) The Windows Firewall Driver was stopped.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5034(S): The Windows Firewall Driver was stopped.
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index 2815638be4..6b9d8a9488 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -2,7 +2,7 @@
 title: 5035(F) The Windows Firewall Driver failed to start. (Windows 10)
 description: Describes security event 5035(F) The Windows Firewall Driver failed to start.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5035(F): The Windows Firewall Driver failed to start.
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index 026d2c2985..a189ce3f21 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -2,7 +2,7 @@
 title: 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating. (Windows 10)
 description: Describes security event 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 15bd4ad7e1..eac7f9eea0 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -2,7 +2,7 @@
 title: 5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10)
 description: Describes security event 5038(F) Code integrity determined that the image hash of a file is not valid.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index 1f6c100b8d..fda19e5f16 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -2,7 +2,7 @@
 title: 5039(-) A registry key was virtualized. (Windows 10)
 description: Describes security event 5039(-) A registry key was virtualized. This event is generated when a registry key is virtualized using LUAFV.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5039(-): A registry key was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index 0bf8362113..3ac07671d2 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -2,7 +2,7 @@
 title: 5051(-) A file was virtualized. (Windows 10)
 description: Describes security event 5051(-) A file was virtualized. This event is generated when a file is virtualized using LUAFV.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5051(-): A file was virtualized.
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index 96e278db56..a717d05e4a 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -2,7 +2,7 @@
 title: 5056(S) A cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5056(S) A cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5056(S): A cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index eb3cc568ab..c83ca8bd2e 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -2,7 +2,7 @@
 title: 5057(F) A cryptographic primitive operation failed. (Windows 10)
 description: Describes security event 5057(F) A cryptographic primitive operation failed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5057(F): A cryptographic primitive operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index 008ecb3292..5f999b36d1 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -2,7 +2,7 @@
 title: 5058(S, F) Key file operation. (Windows 10)
 description: Describes security event 5058(S, F) Key file operation. This event is generated when an operation is performed on a file that contains a KSP key.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5058(S, F): Key file operation.
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 096fcfe2c9..e7c0a1264b 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -2,7 +2,7 @@
 title: 5059(S, F) Key migration operation. (Windows 10)
 description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5059(S, F): Key migration operation.
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index e24e71d924..11b9903d5d 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -2,7 +2,7 @@
 title: 5060(F) Verification operation failed. (Windows 10)
 description: Describes security event 5060(F) Verification operation failed. This event is generated when the CNG verification operation fails.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5060(F): Verification operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index d283324906..a7f832d34b 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -2,7 +2,7 @@
 title: 5061(S, F) Cryptographic operation. (Windows 10)
 description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5061(S, F): Cryptographic operation.
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index 0d9e37b259..e397844d41 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -2,7 +2,7 @@
 title: 5062(S) A kernel-mode cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5062(S) A kernel-mode cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5062(S): A kernel-mode cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index 159cda1e2b..e06e3118a6 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -2,7 +2,7 @@
 title: 5063(S, F) A cryptographic provider operation was attempted. (Windows 10)
 description: Describes security event 5063(S, F) A cryptographic provider operation was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5063(S, F): A cryptographic provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index a5c3c577e0..77da8c5596 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -2,7 +2,7 @@
 title: 5064(S, F) A cryptographic context operation was attempted. (Windows 10)
 description: Describes security event 5064(S, F) A cryptographic context operation was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5064(S, F): A cryptographic context operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 0f5d4dd997..7c46971bc8 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -2,7 +2,7 @@
 title: 5065(S, F) A cryptographic context modification was attempted. (Windows 10)
 description: Describes security event 5065(S, F) A cryptographic context modification was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5065(S, F): A cryptographic context modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index 9c5f389dcf..c78b0bd513 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -2,7 +2,7 @@
 title: 5066(S, F) A cryptographic function operation was attempted. (Windows 10)
 description: Describes security event 5066(S, F) A cryptographic function operation was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5066(S, F): A cryptographic function operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 6ab1f5a7c1..eae3eb2038 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -2,7 +2,7 @@
 title: 5067(S, F) A cryptographic function modification was attempted. (Windows 10)
 description: Describes security event 5067(S, F) A cryptographic function modification was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5067(S, F): A cryptographic function modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index fb084fd8dd..1cb02be991 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -2,7 +2,7 @@
 title: 5068(S, F) A cryptographic function provider operation was attempted. (Windows 10)
 description: Describes security event 5068(S, F) A cryptographic function provider operation was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5068(S, F): A cryptographic function provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index 64dbd91086..104d55f067 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -2,7 +2,7 @@
 title: 5069(S, F) A cryptographic function property operation was attempted. (Windows 10)
 description: Describes security event 5069(S, F) A cryptographic function property operation was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5069(S, F): A cryptographic function property operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index ce069a495c..0cb592e4d4 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -2,7 +2,7 @@
 title: 5070(S, F) A cryptographic function property modification was attempted. (Windows 10)
 description: Describes security event 5070(S, F) A cryptographic function property modification was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5070(S, F): A cryptographic function property modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index a5708a86f6..58301baf30 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -2,7 +2,7 @@
 title: 5136(S) A directory service object was modified. (Windows 10)
 description: Describes security event 5136(S) A directory service object was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5136(S): A directory service object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index 8d1d729333..959ae8dbd8 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -2,7 +2,7 @@
 title: 5137(S) A directory service object was created. (Windows 10)
 description: Describes security event 5137(S) A directory service object was created.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5137(S): A directory service object was created.
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index 75cebe45a7..54582252c1 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -2,7 +2,7 @@
 title: 5138(S) A directory service object was undeleted. (Windows 10)
 description: Describes security event 5138(S) A directory service object was undeleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5138(S): A directory service object was undeleted.
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index fe3921db6f..2860791322 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -2,7 +2,7 @@
 title: 5139(S) A directory service object was moved. (Windows 10)
 description: Describes security event 5139(S) A directory service object was moved.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5139(S): A directory service object was moved.
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 3d3d5152cc..199e5a4cd7 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -2,7 +2,7 @@
 title: 5140(S, F) A network share object was accessed. (Windows 10)
 description: Describes security event 5140(S, F) A network share object was accessed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5140(S, F): A network share object was accessed.
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index 221a5c56cf..09e46f5b1b 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -2,7 +2,7 @@
 title: 5141(S) A directory service object was deleted. (Windows 10)
 description: Describes security event 5141(S) A directory service object was deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5141(S): A directory service object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index fdb2fe2741..d29c26ddc4 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -2,7 +2,7 @@
 title: 5142(S) A network share object was added. (Windows 10)
 description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5142(S): A network share object was added.
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index a62699a745..bc8f827e03 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -2,7 +2,7 @@
 title: 5143(S) A network share object was modified. (Windows 10)
 description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5143(S): A network share object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 581c19e3c9..886dc70759 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -2,7 +2,7 @@
 title: 5144(S) A network share object was deleted. (Windows 10)
 description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5144(S): A network share object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index f5ec73669e..dee8d57794 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -2,7 +2,7 @@
 title: 5145(S, F) A network share object was checked to see whether client can be granted desired access. (Windows 10)
 description: Describes security event 5145(S, F) A network share object was checked to see whether client can be granted desired access.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5145(S, F): A network share object was checked to see whether client can be granted desired access.
diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index 6787ac6329..23a31eb1a6 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -2,7 +2,7 @@
 title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10)
 description: Details on Security event 5148(F), The Windows Filtering Platform has detected a DoS attack and entered a defensive mode.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 05/29/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index 59386a8ef4..04f6c8747a 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -2,7 +2,7 @@
 title: 5149(F) The DoS attack has subsided and normal processing is being resumed. (Windows 10)
 description: Describes security event 5149(F) The DoS attack has subsided and normal processing is being resumed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 05/29/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5149(F): The DoS attack has subsided and normal processing is being resumed.
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index c1f8d98680..018894b1cf 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -2,7 +2,7 @@
 title: 5150(-) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5150(-) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5150(-): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index 699a093def..1b55b64d41 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -2,7 +2,7 @@
 title: 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index ece1e4566d..d89a240a64 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -2,7 +2,7 @@
 title: 5152(F) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5152(F) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5152(F): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index 8751b40002..ce3f53f60d 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -2,7 +2,7 @@
 title: 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index b464c877d6..5083012650 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -2,7 +2,7 @@
 title: 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. (Windows 10)
 description: Describes security event 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index 9964b6f390..7d6eac1919 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -2,7 +2,7 @@
 title: 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. (Windows 10)
 description: Describes security event 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index d44b9a921f..8c1116cba5 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -2,7 +2,7 @@
 title: 5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10)
 description: Describes security event 5156(S) The Windows Filtering Platform has permitted a connection.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5156(S): The Windows Filtering Platform has permitted a connection.
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index 88bc5b1315..2f2b2cd8fd 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -2,7 +2,7 @@
 title: 5157(F) The Windows Filtering Platform has blocked a connection. (Windows 10)
 description: Describes security event 5157(F) The Windows Filtering Platform has blocked a connection.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5157(F): The Windows Filtering Platform has blocked a connection.
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index 76bb82efef..63753bbc2b 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -2,7 +2,7 @@
 title: 5158(S) The Windows Filtering Platform has permitted a bind to a local port. (Windows 10)
 description: Describes security event 5158(S) The Windows Filtering Platform has permitted a bind to a local port.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index 460e244dd8..b5b867bc47 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -2,7 +2,7 @@
 title: 5159(F) The Windows Filtering Platform has blocked a bind to a local port. (Windows 10)
 description: Describes security event 5159(F) The Windows Filtering Platform has blocked a bind to a local port.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index fcc35ba385..819d9f191e 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -2,7 +2,7 @@
 title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10)
 description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5168(F): SPN check for SMB/SMB2 failed.
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index f888db6fb2..3d7cc2e623 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -2,7 +2,7 @@
 title: 5376(S) Credential Manager credentials were backed up. (Windows 10)
 description: Describes security event 5376(S) Credential Manager credentials were backed up.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5376(S): Credential Manager credentials were backed up.
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index 1ed830b074..98ccff769a 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -2,7 +2,7 @@
 title: 5377(S) Credential Manager credentials were restored from a backup. (Windows 10)
 description: Describes security event 5377(S) Credential Manager credentials were restored from a backup.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5377(S): Credential Manager credentials were restored from a backup.
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index bb48a36562..04395a702b 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -2,7 +2,7 @@
 title: 5378(F) The requested credentials delegation was disallowed by policy. (Windows 10)
 description: Describes security event 5378(F) The requested credentials delegation was disallowed by policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5378(F): The requested credentials delegation was disallowed by policy.
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 89dd2b5bf0..a647b4c565 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -2,7 +2,7 @@
 title: 5447(S) A Windows Filtering Platform filter has been changed. (Windows 10)
 description: Describes security event 5447(S) A Windows Filtering Platform filter has been changed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5447(S): A Windows Filtering Platform filter has been changed.
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index 756db4ebbf..0870e6a7fc 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -2,7 +2,7 @@
 title: 5632(S, F) A request was made to authenticate to a wireless network. (Windows 10)
 description: Describes security event 5632(S, F) A request was made to authenticate to a wireless network.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5632(S, F): A request was made to authenticate to a wireless network.
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index d85599c157..1bb8d2d300 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -2,7 +2,7 @@
 title: 5633(S, F) A request was made to authenticate to a wired network. (Windows 10)
 description: Describes security event 5633(S, F) A request was made to authenticate to a wired network.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5633(S, F): A request was made to authenticate to a wired network.
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index 2fae83e65f..5bb81e6f09 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -2,7 +2,7 @@
 title: 5712(S) A Remote Procedure Call (RPC) was attempted. (Windows 10)
 description: Describes security event 5712(S) A Remote Procedure Call (RPC) was attempted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5712(S): A Remote Procedure Call (RPC) was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 43f79ed55d..8531945a54 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -2,7 +2,7 @@
 title: 5888(S) An object in the COM+ Catalog was modified. (Windows 10)
 description: Describes security event 5888(S) An object in the COM+ Catalog was modified.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5888(S): An object in the COM+ Catalog was modified.
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index 5daae37ce0..3fe376f85c 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -2,7 +2,7 @@
 title: 5889(S) An object was deleted from the COM+ Catalog. (Windows 10)
 description: Describes security event 5889(S) An object was deleted from the COM+ Catalog.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5889(S): An object was deleted from the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index f5f0c81561..9a90b1a6a3 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -2,7 +2,7 @@
 title: 5890(S) An object was added to the COM+ Catalog. (Windows 10)
 description: Describes security event 5890(S) An object was added to the COM+ Catalog.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 5890(S): An object was added to the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index 7f0df8a521..7565e8f794 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -2,7 +2,7 @@
 title: 6144(S) Security policy in the group policy objects has been applied successfully. (Windows 10)
 description: Describes security event 6144(S) Security policy in the group policy objects has been applied successfully.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6144(S): Security policy in the group policy objects has been applied successfully.
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index c9a27526cd..8b541749d6 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -2,7 +2,7 @@
 title: 6145(F) One or more errors occurred while processing security policy in the group policy objects. (Windows 10)
 description: Describes security event 6145(F) One or more errors occurred while processing security policy in the group policy objects.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6145(F): One or more errors occurred while processing security policy in the group policy objects.
diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index e8dfb2d7cf..b4d79cbbdb 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -2,7 +2,7 @@
 title: 6281(F) Code Integrity determined that the page hashes of an image file are not valid. (Windows 10)
 description: Describes security event 6281(F) Code Integrity determined that the page hashes of an image file are not valid.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index 7a379132bc..acefc262d9 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -2,7 +2,7 @@
 title: 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. (Windows 10)
 description: Describes security event 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index 1ce4c083dd..1b442d10d9 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -2,7 +2,7 @@
 title: 6401(-) BranchCache Received invalid data from a peer. Data discarded. (Windows 10)
 description: Describes security event 6401(-) BranchCache Received invalid data from a peer. Data discarded.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index dde20455d3..77a10ac4dc 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -2,7 +2,7 @@
 title: 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. (Windows 10)
 description: Describes security event 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index e8020581ad..d730acb9d3 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -2,7 +2,7 @@
 title: 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. (Windows 10)
 description: Describes security event 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index 43228f26be..808c8e4264 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -2,7 +2,7 @@
 title: 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. (Windows 10)
 description: Describes security event 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index ea59bc3fc7..2638753673 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -2,7 +2,7 @@
 title: 6405(-) BranchCache %2 instance(s) of event id %1 occurred. (Windows 10)
 description: Describes security event 6405(-) BranchCache %2 instance(s) of event id %1 occurred.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index d70fac0adb..11cef9058e 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -2,7 +2,7 @@
 title: 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. (Windows 10)
 description: Describes security event 6406(-) %1 registered to Windows Firewall to control filtering for the following %2.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index ca5e8e02d6..1e3d0cbd85 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -2,7 +2,7 @@
 title: 6407(-) 1%. (Windows 10)
 description: Describes security event 6407(-) 1%. This is a BranchCache event, which is outside the scope of this document.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6407(-): 1%.
diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md
index ffb33ccdee..d3bd29901c 100644
--- a/windows/security/threat-protection/auditing/event-6408.md
+++ b/windows/security/threat-protection/auditing/event-6408.md
@@ -2,7 +2,7 @@
 title: 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. (Windows 10)
 description: Describes security event 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md
index e1f76dbf69..97d212be9a 100644
--- a/windows/security/threat-protection/auditing/event-6409.md
+++ b/windows/security/threat-protection/auditing/event-6409.md
@@ -2,7 +2,7 @@
 title: 6409(-) BranchCache A service connection point object could not be parsed. (Windows 10)
 description: Describes security event 6409(-) BranchCache A service connection point object could not be parsed.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6409(-): BranchCache: A service connection point object could not be parsed.
diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md
index b13bbde8fc..a8980cfb49 100644
--- a/windows/security/threat-protection/auditing/event-6410.md
+++ b/windows/security/threat-protection/auditing/event-6410.md
@@ -2,7 +2,7 @@
 title: 6410(F) Code integrity determined that a file does not meet the security requirements to load into a process. (Windows 10)
 description: Describes security event 6410(F) Code integrity determined that a file does not meet the security requirements to load into a process.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md
index 6e4c4af309..4b85673aa7 100644
--- a/windows/security/threat-protection/auditing/event-6416.md
+++ b/windows/security/threat-protection/auditing/event-6416.md
@@ -2,7 +2,7 @@
 title: 6416(S) A new external device was recognized by the System. (Windows 10)
 description: Describes security event 6416(S) A new external device was recognized by the System.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6416(S): A new external device was recognized by the System.
diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md
index e5c1d7fab1..90c145ff77 100644
--- a/windows/security/threat-protection/auditing/event-6419.md
+++ b/windows/security/threat-protection/auditing/event-6419.md
@@ -2,7 +2,7 @@
 title: 6419(S) A request was made to disable a device. (Windows 10)
 description: Describes security event 6419(S) A request was made to disable a device.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6419(S): A request was made to disable a device.
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 2ede6f7fce..51570d3ab3 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -2,7 +2,7 @@
 title: 6420(S) A device was disabled. (Windows 10)
 description: Describes security event 6420(S) A device was disabled. This event is generated when a specific device is disabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6420(S): A device was disabled.
diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md
index 4994eafbd7..ef4e0b856f 100644
--- a/windows/security/threat-protection/auditing/event-6421.md
+++ b/windows/security/threat-protection/auditing/event-6421.md
@@ -2,7 +2,7 @@
 title: 6421(S) A request was made to enable a device. (Windows 10)
 description: Describes security event 6421(S) A request was made to enable a device.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6421(S): A request was made to enable a device.
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 606f0228a6..2b2f45d1b8 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -2,7 +2,7 @@
 title: 6422(S) A device was enabled. (Windows 10)
 description: Describes security event 6422(S) A device was enabled. This event is generated when a specific device is enabled.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6422(S): A device was enabled.
diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md
index 67b96baef5..3332a01011 100644
--- a/windows/security/threat-protection/auditing/event-6423.md
+++ b/windows/security/threat-protection/auditing/event-6423.md
@@ -2,7 +2,7 @@
 title: 6423(S) The installation of this device is forbidden by system policy. (Windows 10)
 description: Describes security event 6423(S) The installation of this device is forbidden by system policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6423(S): The installation of this device is forbidden by system policy.
diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md
index 4e21756137..8ca1ce36d6 100644
--- a/windows/security/threat-protection/auditing/event-6424.md
+++ b/windows/security/threat-protection/auditing/event-6424.md
@@ -2,7 +2,7 @@
 title: 6424(S) The installation of this device was allowed, after having previously been forbidden by policy. (Windows 10)
 description: Describes security event 6424(S) The installation of this device was allowed, after having previously been forbidden by policy.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
index c9d3a1c9ba..1093140e38 100644
--- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
@@ -4,7 +4,7 @@ description: The policy setting, File System (Global Object Access Auditing), en
 ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # File System (Global Object Access Auditing)
diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
index 58bd7574f2..1efc819647 100644
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -1,7 +1,7 @@
 ---
 title: How to get a list of XML data name elements in <EventData> (Windows 10)
 description: This reference article for the IT professional explains how to use PowerShell to get a list of XML data name elements that can appear in <EventData>.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -11,6 +11,7 @@ ms.date: 10/22/2018
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # How to get a list of XML data name elements in EventData
diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
index 51cb23c22b..5331884d19 100644
--- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
@@ -4,7 +4,7 @@ description: Learn how to use advanced security auditing options to monitor chan
 ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor central access policy and rule definitions
diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md
index d2369fe778..50b89da04a 100644
--- a/windows/security/threat-protection/auditing/monitor-claim-types.md
+++ b/windows/security/threat-protection/auditing/monitor-claim-types.md
@@ -4,7 +4,7 @@ description: Learn how to monitor changes to claim types that are associated wit
 ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor claim types
diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
index 14dccc71b4..6d433c9bcd 100644
--- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
@@ -4,7 +4,7 @@ description: Learn how to monitor changes to resource attribute definitions when
 ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor resource attribute definitions
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
index e6131584e5..d1429af0f1 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -4,7 +4,7 @@ description: Monitor changes to central access policies associated with files an
 ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor the central access policies associated with files and folders
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index fac29703cb..36bd40c78c 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -4,7 +4,7 @@ description: Learn how to monitor changes to the central access policies that ap
 ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor the central access policies that apply on a file server
diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
index e1418e2ad9..243c686c50 100644
--- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
@@ -4,7 +4,7 @@ description: Learn how to use advanced security auditing options to monitor atte
 ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor the resource attributes on files and folders
diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
index 30ed1af8fc..ef0df1f2a8 100644
--- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
@@ -4,7 +4,7 @@ description: Learn how advanced security auditing options can be used to monitor
 ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,7 +14,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date:
+ms.date: 
+ms.technology: mde
 ---
 
 # Monitor the use of removable storage devices
diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
index 606e073432..7f14c10bd0 100644
--- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
@@ -4,7 +4,7 @@ description: Learn how to monitor user and device claims that are associated wit
 ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Monitor user and device claims during sign-in
diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md
index 42a1f36edd..e74cf80553 100644
--- a/windows/security/threat-protection/auditing/other-events.md
+++ b/windows/security/threat-protection/auditing/other-events.md
@@ -2,7 +2,7 @@
 title: Other Events (Windows 10)
 description: Describes the Other Events auditing subcategory, which includes events that are generated automatically and enabled by default.
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,6 +11,7 @@ ms.date: 04/19/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Other Events
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index 2bc61ffce1..78bb89bc17 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -4,7 +4,7 @@ description: Learn to deploy an effective security audit policy in a network tha
 ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Plan and deploy advanced security audit policies
diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
index 88585f3a9a..3c5c1ece1e 100644
--- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
@@ -4,7 +4,7 @@ description: The Advanced Security Audit policy setting, Registry (Global Object
 ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Registry (Global Object Access Auditing)
diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md
index 8859ea5f7e..ba71110680 100644
--- a/windows/security/threat-protection/auditing/security-auditing-overview.md
+++ b/windows/security/threat-protection/auditing/security-auditing-overview.md
@@ -4,7 +4,7 @@ description: Learn about security auditing features in Windows, and how your org
 ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Security auditing
diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 91e999ee6e..9f9218109c 100644
--- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -4,7 +4,7 @@ description: Domain admins can set up advanced security audit options in Windows
 ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Using advanced security auditing options to monitor dynamic access control objects
diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md
index 7c25bfb2f8..84a296e182 100644
--- a/windows/security/threat-protection/auditing/view-the-security-event-log.md
+++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md
@@ -4,7 +4,7 @@ description: The security log records each event as defined by the audit policie
 ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # View the security event log
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index 92cdd0107e..4b20841dd8 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -4,7 +4,7 @@ description: This reference topic for the IT professional describes which versio
 ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Which editions of Windows support advanced audit policy configuration
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 4f91deefd6..fa3a798839 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -5,7 +5,7 @@ ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
 ms.reviewer: 
 manager: dansimp
 keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
@@ -13,6 +13,7 @@ author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
+ms.technology: mde
 ---
 
 # Block untrusted fonts in an enterprise
diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 53466cf41c..50746cadf8 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -1,9 +1,9 @@
 ---
-title: Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+title: "Change history for [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)"
 ms.reviewer: 
 ms.author: dansimp
 description: This topic lists new and updated topics in the Defender for Endpoint content set.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.localizationpriority: medium
+ms.technology: mde
 ---
 
 # Change history for threat protection
diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
index 8913e9025c..1c2d45ad8e 100644
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@@ -1,7 +1,7 @@
 ---
 title: How to control USB devices and other removable media using Intune (Windows 10)
 description: You can configure Intune settings to reduce threats from removable storage such as USB devices.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -11,6 +11,7 @@ author: dansimp
 ms.reviewer: dansimp
 manager: dansimp
 audience: ITPro
+ms.technology: mde
 ---
 
 # How to control USB devices and other removable media using Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/device-control/device-control-report.md b/windows/security/threat-protection/device-control/device-control-report.md
index 5cf0ce8621..2c35de2163 100644
--- a/windows/security/threat-protection/device-control/device-control-report.md
+++ b/windows/security/threat-protection/device-control/device-control-report.md
@@ -1,7 +1,7 @@
 ---
 title: Protect your organization’s data with device control
 description: Monitor your organization's data security through device control reports.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -11,6 +11,7 @@ author: alluthewriter
 ms.reviewer: dansimp
 manager: dansimp
 audience: ITPro
+ms.technology: mde
 ---
 # Protect your organization’s data with device control
 
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index fdec65680d..1c2019f4f1 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -1,7 +1,7 @@
 ---
 title: Enable virtualization-based protection of code integrity
 description: This article explains the steps to opt in to using HVCI on Windows devices.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: ellevin
@@ -12,6 +12,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/01/2019
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Enable virtualization-based protection of code integrity
diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index 9483ca4022..5b4942082c 100644
--- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -2,7 +2,7 @@
 title: Windows Defender Application Control and virtualization-based code integrity (Windows 10)
 description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with Windows Defender Application Control (WDAC).
 keywords: virtualization, security, malware, device guard
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: denisebmsft
@@ -10,6 +10,7 @@ ms.author: deniseb
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Windows Defender Application Control and virtualization-based protection of code integrity
diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md
index 2d935942a3..d743f3eae6 100644
--- a/windows/security/threat-protection/device-guard/memory-integrity.md
+++ b/windows/security/threat-protection/device-guard/memory-integrity.md
@@ -3,7 +3,7 @@ title: Memory integrity
 keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
 description: Learn about memory integrity, a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy.
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Memory integrity
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index 535e713ba2..47f912cc8d 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -2,7 +2,7 @@
 title: Deployment guidelines for Windows Defender Device Guard (Windows 10)
 description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: dansimp
@@ -13,6 +13,7 @@ ms.topic: conceptual
 ms.date: 10/20/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Baseline protections and additional qualifications for virtualization-based protection of code integrity
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 98392dd180..7be719b91a 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 title: Federal Information Processing Standard (FIPS) 140 Validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
-ms.prod: w10
+ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # FIPS 140-2 Validation
diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md
index c8b8c76461..c6c0883e58 100644
--- a/windows/security/threat-protection/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/get-support-for-security-baselines.md
@@ -2,7 +2,7 @@
 title: Get support
 description: Frequently asked question about how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization.
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Get Support
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 88ac6667fb..fc1d481a34 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -3,7 +3,7 @@ title: Threat Protection (Windows 10)
 description: Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
 keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Threat Protection
diff --git a/windows/security/threat-protection/intelligence/coinminer-malware.md b/windows/security/threat-protection/intelligence/coinminer-malware.md
index 2584ee9200..aa36031971 100644
--- a/windows/security/threat-protection/intelligence/coinminer-malware.md
+++ b/windows/security/threat-protection/intelligence/coinminer-malware.md
@@ -3,7 +3,7 @@ title: Coin miners
 ms.reviewer: 
 description: Learn about coin miners, how they can infect devices, and what you can do to protect yourself.
 keywords: security, malware, coin miners, protection, cryptocurrencies
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Coin miners
 
diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
index 6a3a933a3f..47e4ffb819 100644
--- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
+++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md
@@ -3,7 +3,7 @@ title: Coordinated Malware Eradication
 ms.reviewer: 
 description: The Coordinated Malware Eradication program aims to unite security organizations to disrupt the malware ecosystem.
 keywords: security, malware, malware eradication, Microsoft Malware Protection Center, MMPC
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,8 +11,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 # Coordinated Malware Eradication
 
diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md
index 77a3c4e33d..869519e673 100644
--- a/windows/security/threat-protection/intelligence/criteria.md
+++ b/windows/security/threat-protection/intelligence/criteria.md
@@ -3,7 +3,7 @@ title: How Microsoft identifies malware and potentially unwanted applications
 ms.reviewer: 
 description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
 keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # How Microsoft identifies malware and potentially unwanted applications
diff --git a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
index 3cb57c45ef..fec4892d00 100644
--- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
+++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
@@ -3,7 +3,7 @@ title: Industry collaboration programs
 ms.reviewer: 
 description: Microsoft industry-wide antimalware collaboration programs - Virus Information Alliance (VIA), Microsoft Virus Initiative (MVI), and Coordinated Malware Eradication (CME)
 keywords: security, malware, antivirus industry, antimalware Industry, collaboration programs, alliances, Virus Information Alliance, Microsoft Virus Initiative, Coordinated Malware Eradication, WDSI, MMPC, Microsoft Malware Protection Center, partnerships
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,8 +11,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Industry collaboration programs
 
diff --git a/windows/security/threat-protection/intelligence/developer-faq.md b/windows/security/threat-protection/intelligence/developer-faq.md
index 06734edb7a..5f91ef4a1f 100644
--- a/windows/security/threat-protection/intelligence/developer-faq.md
+++ b/windows/security/threat-protection/intelligence/developer-faq.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: This page provides answers to common questions we receive from software developers
 keywords: wdsi, software, developer, faq, dispute, false-positive, classify, installer, software, bundler, blocking
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Software developer FAQ
diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md
index b413cea906..9c99065431 100644
--- a/windows/security/threat-protection/intelligence/developer-resources.md
+++ b/windows/security/threat-protection/intelligence/developer-resources.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: This page provides information for developers such as detection criteria, developer questions, and how to check your software against Security intelligence.
 keywords: wdsi, software, developer, resources, detection, criteria, questions, scan, software, definitions, cloud, protection, security intelligence
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,8 +13,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Software developer resources
diff --git a/windows/security/threat-protection/intelligence/exploits-malware.md b/windows/security/threat-protection/intelligence/exploits-malware.md
index f7895be9f2..c7a418d55c 100644
--- a/windows/security/threat-protection/intelligence/exploits-malware.md
+++ b/windows/security/threat-protection/intelligence/exploits-malware.md
@@ -3,7 +3,7 @@ title: Exploits and exploit kits
 ms.reviewer: 
 description: Learn about how exploits use vulnerabilities in common software to give attackers access to your computer and install other malware.
 keywords: security, malware, exploits, exploit kits, prevention, vulnerabilities, Microsoft, Exploit malware family, exploits, java, flash, adobe, update software, prevent exploits, exploit pack, vulnerability, 0-day, holes, weaknesses, attack, Flash, Adobe, out-of-date software, out of date software, update, update software, reinfection, Java cache, reinfected,  won't remove, won't clean, still detects, full scan, MSE, Defender, WDSI, MMPC, Microsoft Malware Protection Center
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Exploits and exploit kits
 
diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md
index 9be24dcbe2..a120169e13 100644
--- a/windows/security/threat-protection/intelligence/fileless-threats.md
+++ b/windows/security/threat-protection/intelligence/fileless-threats.md
@@ -1,9 +1,9 @@
 ---
 title: Fileless threats
 ms.reviewer: 
-description: Learn about the categories of fileless threats and malware that "live off the land"
+description: Learn about the categories of fileless threats and malware that live off the land
 keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next-generation protection
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Fileless threats
diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md
index 1814307aac..819ce7f08a 100644
--- a/windows/security/threat-protection/intelligence/index.md
+++ b/windows/security/threat-protection/intelligence/index.md
@@ -2,7 +2,7 @@
 title: Security intelligence
 description: Learn about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs.
 keywords: security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -10,8 +10,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Security intelligence
 
diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md
index 45dd414624..6faec90f87 100644
--- a/windows/security/threat-protection/intelligence/macro-malware.md
+++ b/windows/security/threat-protection/intelligence/macro-malware.md
@@ -3,7 +3,7 @@ title: Macro malware
 ms.reviewer: 
 description: Learn about macro viruses and malware, which are embedded in documents and are used to drop malicious payloads and distribute other threats.
 keywords: security, malware, macro, protection, WDSI, MMPC, Microsoft Malware Protection Center, macro virus, macro malware, documents, viruses in Office, viruses in Word
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Macro malware
 
diff --git a/windows/security/threat-protection/intelligence/malware-naming.md b/windows/security/threat-protection/intelligence/malware-naming.md
index d920870809..abd3753a03 100644
--- a/windows/security/threat-protection/intelligence/malware-naming.md
+++ b/windows/security/threat-protection/intelligence/malware-naming.md
@@ -3,7 +3,7 @@ title: Malware names
 ms.reviewer: 
 description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
 keywords: security, malware, names, Microsoft, MMPC, Microsoft Malware Protection Center, WDSI, malware name, malware prefix, malware type, virus name
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Malware names
 
diff --git a/windows/security/threat-protection/intelligence/phishing-trends.md b/windows/security/threat-protection/intelligence/phishing-trends.md
index dcb01fd998..d8cd025a74 100644
--- a/windows/security/threat-protection/intelligence/phishing-trends.md
+++ b/windows/security/threat-protection/intelligence/phishing-trends.md
@@ -3,7 +3,7 @@ title: Phishing trends and techniques
 ms.reviewer: 
 description: Learn about how to spot phishing techniques
 keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack, spear phishing, whaling
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Phishing trends and techniques
diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md
index f2cd0a919e..20bf7cc3fd 100644
--- a/windows/security/threat-protection/intelligence/phishing.md
+++ b/windows/security/threat-protection/intelligence/phishing.md
@@ -3,7 +3,7 @@ title: How to protect against phishing attacks
 ms.reviewer: 
 description: Learn about how phishing work, deliver malware do your devices, and  what you can do to protect yourself
 keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # How to protect against phishing attacks
diff --git a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
index bd1b4f57e7..e84f8e37a8 100644
--- a/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
+++ b/windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md
@@ -3,7 +3,7 @@ title: Troubleshoot MSI portal errors caused by admin block
 description: Troubleshoot MSI portal errors
 ms.reviewer: 
 keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesn’t detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesn’t detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: dansimp
 author: dansimp
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Troubleshooting malware submission errors caused by administrator block
diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md
index 026d1653b0..45f1877661 100644
--- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md
+++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md
@@ -3,7 +3,7 @@ title: Prevent malware infection
 ms.reviewer: 
 description: Learn steps you can take to help prevent a malware or potentially unwanted software from infecting your computer.
 keywords: security, malware, prevention, infection, tips, Microsoft, MMPC, Microsoft Malware Protection Center, virus, trojan, worm, stop, prevent, full scan, infection, avoid malware, avoid trojan, avoid virus, infection, how, detection, security software, antivirus, updates, how malware works, how virus works, firewall, turn on, user privileges, limit, prevention, WDSI, MMPC, Microsoft Malware Protection Center
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Prevent malware infection
 
diff --git a/windows/security/threat-protection/intelligence/ransomware-malware.md b/windows/security/threat-protection/intelligence/ransomware-malware.md
index 2936cf36c4..851d1f8c50 100644
--- a/windows/security/threat-protection/intelligence/ransomware-malware.md
+++ b/windows/security/threat-protection/intelligence/ransomware-malware.md
@@ -3,7 +3,7 @@ title: Ransomware
 ms.reviewer: 
 description: Learn how to protect your computer and network from ransomware attacks, which can stop you from accessing your files.
 keywords: security, malware, ransomware, encryption, extortion, money, key, infection, prevention, tips, WDSI, MMPC, Microsoft Malware Protection Center, ransomware-as-a-service, ransom, ransomware downloader, protection, prevention, solution, exploit kits, backup, Cerber, Locky, WannaCry, WannaCrypt, Petya, Spora
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Ransomware
 
diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md
index f5ea7e21b2..ab4fa996bd 100644
--- a/windows/security/threat-protection/intelligence/rootkits-malware.md
+++ b/windows/security/threat-protection/intelligence/rootkits-malware.md
@@ -3,7 +3,7 @@ title: Rootkits
 ms.reviewer: 
 description: Rootkits may be used by malware authors to hide malicious code on your computer and make malware or potentially unwanted software harder to remove.
 keywords: security, malware, rootkit, hide, protection, hiding, WDSI, MMPC, Microsoft Malware Protection Center, rootkits, Sirefef, Rustock, Sinowal, Cutwail, malware, virus
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Rootkits
 
diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md
index 96e45bc39b..a9c1588361 100644
--- a/windows/security/threat-protection/intelligence/safety-scanner-download.md
+++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md
@@ -3,7 +3,7 @@ title: Microsoft Safety Scanner Download
 ms.reviewer: 
 description: Get the Microsoft Safety Scanner tool to find and remove malware from Windows computers.
 keywords: security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Microsoft Safety Scanner
 
diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md
index 7e771ce477..87667989e4 100644
--- a/windows/security/threat-protection/intelligence/submission-guide.md
+++ b/windows/security/threat-protection/intelligence/submission-guide.md
@@ -3,7 +3,7 @@ title: Submit files for analysis by Microsoft
 description: Learn how to submit files to Microsoft for malware analysis, how to track your submissions, and dispute detections.
 ms.reviewer: 
 keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesn’t detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesn’t detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Submit files for analysis
diff --git a/windows/security/threat-protection/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md
index 7530ec2c2e..fff7e3b7b3 100644
--- a/windows/security/threat-protection/intelligence/supply-chain-malware.md
+++ b/windows/security/threat-protection/intelligence/supply-chain-malware.md
@@ -3,7 +3,7 @@ title: Supply chain attacks
 ms.reviewer: 
 description: Learn about how supply chain attacks work, deliver malware do your devices, and  what you can do to protect yourself
 keywords: security, malware, protection, supply chain, hide, distribute, trust, compromised
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Supply chain attacks
diff --git a/windows/security/threat-protection/intelligence/support-scams.md b/windows/security/threat-protection/intelligence/support-scams.md
index 5ecbd9a101..0cfb94aa8f 100644
--- a/windows/security/threat-protection/intelligence/support-scams.md
+++ b/windows/security/threat-protection/intelligence/support-scams.md
@@ -3,7 +3,7 @@ title: Tech Support Scams
 ms.reviewer: 
 description: Microsoft security software can protect you from tech support scams that claims to scan for malware or viruses and then shows you fake detections and warnings.
 keywords: security, malware, tech support, scam, protection, trick, spoof, fake, error messages, report, rogue security software, fake, antivirus, fake software, rogue, threats, fee, removal fee, upgrade, pay for removal, install full version, trial, lots of threats, scanner, scan, clean, computer, security, program, XP home security, fake microsoft, activate, activate scan, activate antivirus, warnings, pop-ups, security warnings, security pop-ups tech support scams, fake Microsoft error notification, fake virus alert, fake product expiration, fake Windows activation, scam web pages, scam phone numbers, telephone numbers, MMPC, WDSI, Microsoft Malware Protection Center, tech support scam numbers
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Tech support scams
 
diff --git a/windows/security/threat-protection/intelligence/trojans-malware.md b/windows/security/threat-protection/intelligence/trojans-malware.md
index 2ed753b049..31228195f8 100644
--- a/windows/security/threat-protection/intelligence/trojans-malware.md
+++ b/windows/security/threat-protection/intelligence/trojans-malware.md
@@ -3,7 +3,7 @@ title: Trojan malware
 ms.reviewer: 
 description: Trojans are a type of threat that can infect your device. This page tells you what they are and how to remove them.
 keywords: security, malware, protection, trojan, download, file, infection, trojans, virus, protection, cleanup, removal, antimalware, antivirus, WDSI, MMPC, Microsoft Malware Protection Center, malware types
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Trojans
diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md
index 87e0080d20..d7d82578fa 100644
--- a/windows/security/threat-protection/intelligence/understanding-malware.md
+++ b/windows/security/threat-protection/intelligence/understanding-malware.md
@@ -3,7 +3,7 @@ title: Understanding malware & other threats
 ms.reviewer: 
 description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them.
 keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 search.appverid: met150
+ms.technology: mde
 ---
 # Understanding malware & other threats
 
diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md
index ab2471f894..31dc9dc196 100644
--- a/windows/security/threat-protection/intelligence/unwanted-software.md
+++ b/windows/security/threat-protection/intelligence/unwanted-software.md
@@ -3,7 +3,7 @@ title: Unwanted software
 ms.reviewer: 
 description: Learn about how unwanted software changes your default settings without your consent and what you can do to protect yourself.
 keywords: security, malware, protection, unwanted, software, alter, infect, unwanted software, software bundlers, browser modifiers, privacy, security, computing experience, prevent infection, solution, WDSI, MMPC, Microsoft Malware Protection Center, virus research threats, research malware, pc protection, computer infection, virus infection, descriptions, remediation, latest threats
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 # Unwanted software
 
diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
index fa58868aa8..a70ae6fe7e 100644
--- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md
@@ -3,7 +3,7 @@ title: Virus Information Alliance
 ms.reviewer: 
 description: The Microsoft Virus Information Alliance (VIA) is a collaborative antimalware program for organizations fighting cybercrime.
 keywords: security, malware, Microsoft, MMPC, Microsoft Malware Protection Center, partners, sharing, samples, vendor exchange, CSS, alliance, WDSI
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,8 +11,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 # Virus Information Alliance
 
diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index 5f8f3c8139..8512c8d267 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -3,7 +3,7 @@ title: Microsoft Virus Initiative
 ms.reviewer: 
 description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft.
 keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,8 +11,9 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Virus Initiative
diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md
index ca62c08fd9..99c3fafa1a 100644
--- a/windows/security/threat-protection/intelligence/worms-malware.md
+++ b/windows/security/threat-protection/intelligence/worms-malware.md
@@ -3,7 +3,7 @@ title: Worms
 ms.reviewer: 
 description: Learn about how worms replicate and spread to other computers or networks. Read about the most popular worms and steps you can take to stop them.
 keywords: security, malware, protection, worm, vulnerabilities, infect, steal, Jenxcus, Gamarue, Bondat, WannaCrypt, WDSI, MMPC, Microsoft Malware Protection Center, worms, malware types, threat propagation, mass-mailing, IP scanning
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,9 +11,10 @@ ms.author: ellevin
 author: levinec
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
 search.appverid: met150
+ms.technology: mde
 ---
 
 # Worms
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index 24bcf88c2d..09dc088c59 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -2,13 +2,14 @@
 title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
 keywords: MBSA, security, removal
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
  
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
index 273298bf6c..099dbc450f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
@@ -1,9 +1,9 @@
 ---
-title: What to do with false positives/negatives in Microsoft Defender Antivirus 
+title: What to do with false positives/negatives in Microsoft Defender Antivirus
 description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do.
 keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.reviewer: shwetaj
 manager: dansimp
 audience: ITPro
 ms.topic: article
+ms.technology: mde
 ---
 
 # What to do with false positives/negatives in Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
index 586598290d..53cc0585bb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data-update-compliance.md
@@ -3,7 +3,7 @@ title: Collect diagnostic data for Update Compliance and Windows Defender Micros
 description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Microsoft Defender Antivirus Assessment add in
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Collect Update Compliance diagnostic data for Microsoft Defender AV Assessment
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
index b98d9268b6..db2a7a7f8e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
@@ -3,7 +3,7 @@ title: Collect diagnostic data of Microsoft Defender Antivirus
 description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender av, group policy object, setting, diagnostic data
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 06/29/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Collect Microsoft Defender AV diagnostic data
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
index f6c285389b..04a84573cc 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md
@@ -3,16 +3,17 @@ title: Use the command line to manage Microsoft Defender Antivirus
 description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
 keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.reviewer: ksarens 
+ms.reviewer: ksarens
 manager: dansimp
 ms.date: 08/17/2020
+ms.technology: mde
 ---
 
 # Configure and manage Microsoft Defender Antivirus with the mpcmdrun.exe command-line tool
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index c4401ca56a..3108c5ea6b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Common mistakes to avoid when defining exclusions
 description: Avoid common mistakes when defining exclusions for Microsoft Defender Antivirus scans.
 keywords: exclusions, files, extension, file type, folder name, file name, scans
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Common mistakes to avoid when defining exclusions
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
index 756111f940..060cddd476 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Manage Windows Defender in your business
 description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender AV
 keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 12/16/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage Microsoft Defender Antivirus in your business
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
index 6d63b6ef5a..7782d63b95 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md
@@ -4,7 +4,7 @@ description: You can configure Microsoft Defender AV to scan email storage files
 keywords: advanced scans, scanning, email, archive, zip, rar, archive, reparse scanning
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender Antivirus scanning options
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
index c3ec759d81..801001d7ef 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Enable block at first sight to detect malware in seconds
 description: Turn on the block at first sight feature to detect and block malware within seconds.
 keywords: scan, BAFS, malware, first seen, first sight, cloud, defender
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -13,6 +13,7 @@ ms.reviewer:
 manager: dansimp
 ms.custom: nextgen
 ms.date: 10/22/2020
+ms.technology: mde
 ---
 
 # Turn on block at first sight
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
index 2555377694..fc9ab62d48 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure the Microsoft Defender AV cloud block timeout period
 description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination.
 keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, timeout, block, period, seconds
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure the cloud block timeout period
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
index 93e3d5c543..91d207c1bc 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure how users can interact with Microsoft Defender AV
 description: Configure how end-users interact with Microsoft Defender AV, what notifications they see, and if they can override settings.
 keywords: endpoint, user, interaction, notifications, ui lockdown mode, headless mode, hide interface
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure end-user interaction with Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
index 55b286bcf0..beb6882a8b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Set up exclusions for Microsoft Defender AV scans
 description: You can exclude files (including files modified by specified processes) and folders from being scanned by Microsoft Defender AV. Validate your exclusions with PowerShell.
 keywords: 
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure and validate exclusions for Microsoft Defender Antivirus scans
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 2d5abc1960..49091cb89b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure and validate exclusions based on extension, name, or location
 description: Exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location.
 keywords: exclusions, files, extension, file type, folder name, file name, scans
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure and validate exclusions based on file extension and folder location
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
index e9c99642d5..4b69f181b0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure local overrides for Microsoft Defender AV settings
 description: Enable or disable users from locally changing settings in Microsoft Defender AV.
 keywords: local override, local policy, group policy, gpo, lockdown,merge, lists
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 02/13/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Prevent or allow users to locally modify Microsoft Defender Antivirus policy settings
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
index fd9d16d4b6..6185228b0b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md
@@ -3,7 +3,7 @@ title: Configure Microsoft Defender Antivirus features
 description: You can configure Microsoft Defender Antivirus features with Intune, Microsoft Endpoint Configuration Manager, Group Policy, and PowerShell.
 keywords: Microsoft Defender Antivirus, antimalware, security, defender, configure, configuration, Config Manager, Microsoft Endpoint Configuration Manager, SCCM, Intune, MDM, mobile device management, GP, group policy, PowerShell
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 11/18/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender Antivirus features
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index e4896f9709..f00a35da1f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure and validate Microsoft Defender Antivirus network connections
 description: Configure and test your connection to the Microsoft Defender Antivirus cloud protection service.
 keywords: antivirus, Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 12/28/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure and validate Microsoft Defender Antivirus network connections
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
index ac51c3d326..1660b6284e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure Microsoft Defender Antivirus notifications
 description: Learn how to configure and customize both standard and additional Microsoft Defender Antivirus notifications on endpoints.
 keywords: notifications, defender, antivirus, endpoint, management, admin
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure the notifications that appear on endpoints
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index bbb7a6b79c..52641f673b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure exclusions for files opened by specific processes
 description: You can exclude files from scans if they have been opened by a specific process.
 keywords: Microsoft Defender Antivirus, process, exclusion, files, scans
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure exclusions for files opened by processes
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
index 5e47aa185b..12fa08755b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Enable and configure Microsoft Defender Antivirus protection features
 description: Enable behavior-based, heuristic, and real-time protection in Microsoft Defender AV.
 keywords: heuristic, machine-learning, behavior monitor, real-time protection, always-on, Microsoft Defender Antivirus, antimalware, security, defender
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure behavioral, heuristic, and real-time protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
index 83078c2db2..63abc5021b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Enable and configure Microsoft Defender Antivirus protection capabilities
 description: Enable and configure Microsoft Defender Antivirus real-time protection features such as behavior monitoring, heuristics, and machine-learning
 keywords: antivirus, real-time protection, rtp, machine-learning, behavior monitoring, heuristics
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.date: 12/16/2019
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Enable and configure Microsoft Defender Antivirus always-on protection in Group Policy
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
index b080c70faa..95cd08db31 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Remediate and resolve infections detected by Microsoft Defender Antivirus
 description: Configure what Microsoft Defender Antivirus should do when it detects a threat, and how long quarantined files should be retained in the quarantine folder
 keywords: remediation, fix, remove, threats, quarantine, scan, restore
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 01/06/2021
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure remediation for Microsoft Defender Antivirus scans
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 3ac64a1e57..75911ebb62 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -5,7 +5,7 @@ manager: dansimp
 description: Windows Servers 2016 and 2019 include automatic exclusions, based on server role. You can also add custom exclusions.
 keywords: exclusions, server, auto-exclusions, automatic, custom, scans, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender Antivirus exclusions on Windows Server
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
index 0651cae7a7..10b6622a43 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Run and customize scheduled and on-demand scans
 description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network.
 keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Customize, initiate, and review the results of Microsoft Defender Antivirus scans and remediation
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
index 6b950c1ad9..a2a610032c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Run and customize scheduled and on-demand scans
 description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network.
 keywords: scan, schedule, customize, exclusions, exclude files, remediation, scan results, quarantine, remove threat, quick scan, full scan, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Customize, initiate, and review the results of Microsoft Defender Antivirus scans & remediation
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
index a8268af781..01a88d64d7 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Deploy, manage, and report on Microsoft Defender Antivirus
 description: You can deploy and manage Microsoft Defender Antivirus with Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell, or WMI
 keywords: deploy, manage, update, protection, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Deploy, manage, and report on Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
index 56d70bda19..c27135a1f6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md
@@ -1,9 +1,9 @@
 ---
-title: Deploy and enable Microsoft Defender Antivirus 
+title: Deploy and enable Microsoft Defender Antivirus
 description: Deploy Microsoft Defender Antivirus for protection of your endpoints with Microsoft Intune, Microsoft Endpoint Configuration Manager, Group Policy, PowerShell cmdlets, or WMI.
 keywords: deploy, enable, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 01/06/2021
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Deploy and enable Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index 172fb7952f..3849774f8b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment gu
 description: Learn how to deploy Microsoft Defender Antivirus in a virtual desktop environment for the best balance between protection and performance.
 keywords: vdi, hyper-v, vm, virtual machine, windows defender, antivirus, av, virtual desktop, rds, remote desktop
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 12/28/2020
 ms.reviewer: jesquive
 manager: dansimp
+ms.technology: mde
 ---
 
 # Deployment guide for Microsoft Defender Antivirus in a virtual desktop infrastructure (VDI) environment
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 8d04445395..dc721c7813 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Block potentially unwanted applications with Microsoft Defender Antivirus
 description: Enable the potentially unwanted application (PUA) antivirus feature to block unwanted software such as adware.
 keywords: pua, enable, unwanted software, unwanted apps, adware, browser toolbar, detect, block, Microsoft Defender Antivirus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: detect
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -14,6 +14,7 @@ audience: ITPro
 ms.date: 01/08/2021
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Detect and block potentially unwanted applications
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
index 69956ae919..483ca94393 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Turn on cloud-delivered protection in Microsoft Defender Antivirus
 description: Turn on cloud-delivered protection to benefit from fast and advanced protection features.
 keywords: Microsoft Defender Antivirus, antimalware, security, cloud, block at first sight
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.date: 11/13/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Turn on cloud-delivered protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
index 0cba7e0b50..e56c78b8f3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Evaluate Microsoft Defender Antivirus
 description: Businesses of all sizes can use this guide to evaluate and test the protection offered by Microsoft Defender Antivirus in Windows 10.
 keywords: Microsoft Defender Antivirus, cloud protection, cloud, antimalware, security, defender, evaluate, test, protection, compare, real-time protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Evaluate Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
index 1edd31f232..0e6a552e4c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Enable the limited periodic Microsoft Defender Antivirus scanning feature
 description: Limited periodic scanning lets you use Microsoft Defender Antivirus in addition to your other installed AV providers
 keywords: lps, limited, periodic, scan, scanning, compatibility, 3rd party, other av, disable
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
index 6cd83a72ce..8dc17adfac 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Apply Microsoft Defender Antivirus updates after certain events
 description: Manage how Microsoft Defender Antivirus applies security intelligence updates after startup or receiving cloud-delivered detection reports.
 keywords: updates, protection, force updates, events, startup, check for latest, notifications
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/17/2018
 ms.reviewer: pahuijbr
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage event-based forced updates
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
index 204266480c..668830b824 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Apply Microsoft Defender AV protection updates to out of date endpoints
 description: Define when and how updates should be applied for endpoints that have not updated in a while.
 keywords: updates, protection, out-of-date, outdated, old, catch-up
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage Microsoft Defender Antivirus updates and scans for endpoints that are out of date
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
index 1147a164e1..494811e6e8 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md
@@ -1,9 +1,9 @@
 ---
 title: Schedule Microsoft Defender Antivirus protection updates
-description: Schedule the day, time, and interval for when protection updates should be downloaded 
+description: Schedule the day, time, and interval for when protection updates should be downloaded
 keywords: updates, security baselines, schedule updates
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 search.appverid: met150
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,6 +14,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage the schedule for when protection updates should be downloaded and applied
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
index d45869f99e..acd96cc68b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Manage how and where Microsoft Defender Antivirus receives updates
 description: Manage the fallback order for how Microsoft Defender Antivirus receives protection updates.
 keywords: updates, security baselines, protection, fallback order, ADL, MMPC, UNC, file path, share, wsus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.reviewer: pahuijbr
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Manage the sources for Microsoft Defender Antivirus protection updates
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index b0d94c4785..a93bfb03a8 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Manage Microsoft Defender Antivirus updates and apply baselines
 description: Manage how Microsoft Defender Antivirus receives protection and product updates.
 keywords: updates, security baselines, protection, schedule updates, force updates, mobile updates, wsus
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
 ms.date: 01/07/2021
+ms.technology: mde
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
index e2fb5173d8..8f192cc64b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Define how mobile devices are updated by Microsoft Defender Antivirus
 description: Manage how mobile devices, such as laptops, should be updated with Microsoft Defender Antivirus protection updates.
 keywords: updates, protection, schedule updates, battery, mobile device, laptop, notebook, opt-in, microsoft update, wsus, override
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage updates for mobile devices and virtual machines (VMs)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index d1fbec7602..3c946f7096 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -4,7 +4,7 @@ description: Get an overview of what to expect from Microsoft Defender Antivirus
 keywords: windows defender, next-generation, atp, advanced threat protection, compatibility, passive mode
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.reviewer: tewchen, pahuijbr, shwjha
 manager: dansimp
 ms.date: 01/11/2021
+ms.technology: mde
 ---
 
 # Microsoft Defender Antivirus compatibility
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
index fb9db59528..63a22fd4f7 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
@@ -3,7 +3,7 @@ title: Next-generation protection in Windows 10, Windows Server 2016, and Window
 description: Learn how to manage, configure, and use Microsoft Defender Antivirus, built-in antimalware and antivirus protection.
 keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.date: 12/16/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Next-generation protection in Windows
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
index c16f2a4930..74cf899332 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
@@ -4,7 +4,7 @@ description: Learn how to enable and configure Microsoft Defender Antivirus on W
 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.date: 01/04/2021
 ms.reviewer: pahuijbr, shwjha
 manager: dansimp
+ms.technology: mde
 ---
 
 # Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
index fa33dd9526..b22545f7af 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
@@ -3,7 +3,7 @@ title: Microsoft Defender Offline in Windows 10
 description: You can use Microsoft Defender Offline straight from the Windows Defender Antivirus app. You can also manage how it is deployed in your network.
 keywords: scan, defender, offline
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Run and review the results of a Microsoft Defender Offline scan
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
index e4f4d4c952..427ebf59db 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
@@ -3,7 +3,7 @@ title: Microsoft Defender Antivirus in the Windows Security app
 description: With Microsoft Defender AV now included in the Windows Security app, you can review, compare, and perform common tasks.
 keywords: wdav, antivirus, firewall, security, windows
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Microsoft Defender Antivirus in the Windows Security app
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
index 3ca4e0239b..7f35ddf666 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md
@@ -1,21 +1,22 @@
 ---
-title: "Better together - Microsoft Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats"
-description: "Office 365, which includes OneDrive, goes together wonderfully with Microsoft Defender Antivirus. Read this article to learn more."
+title: Better together - Microsoft Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats
+description: Office 365, which includes OneDrive, goes together wonderfully with Microsoft Defender Antivirus. Read this article to learn more.
 keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro 
-ms.topic: article 
+audience: ITPro
+ms.topic: article
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 ms.date: 03/04/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Better together: Microsoft Defender Antivirus and Office 365
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index ad05cd6b37..4a620da214 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -6,7 +6,7 @@ description: Use tamper protection to prevent malicious apps from changing impor
 keywords: malware, defender, antivirus, tamper protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 ms.date: 01/07/2021
+ms.technology: mde
 ---
 
 # Protect security settings with tamper protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
index bc77598593..93d033b274 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Hide the Microsoft Defender Antivirus interface
 description: You can hide virus and threat protection tile in the Windows Security app.
 keywords: ui lockdown, headless mode, hide app, hide settings, hide interface
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Prevent users from seeing or interacting with the Microsoft Defender Antivirus user interface
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
index 5219b4f3eb..f6c46b93b9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Monitor and report on Microsoft Defender Antivirus protection
 description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Microsoft Defender AV with PowerShell and WMI.
 keywords: siem, monitor, report, Microsoft Defender AV
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 12/07/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Report on Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
index e2ce17b208..e3f5c1f0fe 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Restore quarantined files in Microsoft Defender AV
 description: You can restore files and folders that were quarantined by Microsoft Defender AV.
 keywords: 
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 05/20/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Restore quarantined files in Microsoft Defender AV
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
index 44079dd62b..4168fb1d63 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md
@@ -1,9 +1,9 @@
 ---
-title: Review the results of Microsoft Defender AV scans 
+title: Review the results of Microsoft Defender AV scans
 description: Review the results of scans using Microsoft Endpoint Configuration Manager, Microsoft Intune, or the Windows Security app
 keywords: scan results, remediation, full scan, quick scan
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Review Microsoft Defender Antivirus scan results
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
index 3f93858b01..5a65b6a165 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Run and customize on-demand scans in Microsoft Defender AV
 description: Run and configure on-demand scans using PowerShell, Windows Management Instrumentation, or individually on endpoints with the Windows Security app
 keywords: scan, on-demand, dos, intune, instant scan
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 11/13/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure and run on-demand Microsoft Defender Antivirus scans
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index 153100cb9f..ce888c039c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Schedule regular quick and full scans with Microsoft Defender Antivirus
 description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
 keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 11/02/2020
 ms.reviewer: pauhijbr
 manager: dansimp
+ms.technology: mde
 ---
 
 # Configure scheduled quick or full Microsoft Defender Antivirus scans
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
index 770bc4a2bb..1e4c37caba 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md
@@ -4,7 +4,7 @@ description: Set your level of cloud-delivered protection for Microsoft Defender
 keywords: Microsoft Defender Antivirus, antimalware, security, defender, cloud, aggressiveness, protection level
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -14,6 +14,7 @@ ms.date: 10/26/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Specify the cloud-delivered protection level
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
index 6c91515428..d0c2933ef9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md
@@ -3,7 +3,7 @@ title: Troubleshoot Microsoft Defender Antivirus while migrating from a third-pa
 description: Troubleshoot common errors when migrating to Microsoft Defender Antivirus
 keywords: event, error code, logging, troubleshooting, microsoft defender antivirus, windows defender antivirus, migration
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 09/11/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
index ba1346ed98..b65212267f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Microsoft Defender AV event IDs and error codes
 description: Look up the causes and solutions for Microsoft Defender Antivirus event IDs and errors
 keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 09/11/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Review event logs and error codes to troubleshoot issues with Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
index 4693016f63..0b3b787b77 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md
@@ -3,7 +3,7 @@ title: Troubleshoot problems with reporting tools for Microsoft Defender AV
 description: Identify and solve common problems when attempting to report in Microsoft Defender AV protection status in Update Compliance
 keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
index 87f46b0cd9..b3383fd1a6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure Microsoft Defender Antivirus with Group Policy
 description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender for Endpoint.
 keywords: group policy, GPO, configuration, settings
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.custom: nextgen
 ms.date: 10/01/2018
 ms.reviewer: ksarens
 manager: dansimp
+ms.technology: mde
 ---
 
 # Use Group Policy settings to configure and manage Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
index 40f6f950ca..75f4f1b7cc 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure Microsoft Defender Antivirus with Configuration Manager and Int
 description: Use Microsoft Endpoint Manager and Microsoft Intune to configure Microsoft Defender AV and Endpoint Protection
 keywords: scep, intune, endpoint protection, configuration
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 10/26/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Use Microsoft Endpoint Manager and Microsoft Intune to configure and manage Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
index ae51436faa..078fbf7fab 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Use PowerShell cmdlets to configure and run Microsoft Defender AV
 description: In Windows 10, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus.
 keywords: scan, command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 07/23/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Use PowerShell cmdlets to configure and manage Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
index 51137f3e9e..92f746d03d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure Microsoft Defender Antivirus with WMI
 description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender for Endpoint.
 keywords: wmi, scripts, windows management instrumentation, configuration
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Use Windows Management Instrumentation (WMI) to configure and manage Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
index f732c5f89d..5bc184057b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Use next-generation technologies in Microsoft Defender Antivirus through
 description: next-generation technologies in cloud-delivered protection provide an advanced level of fast, robust antivirus detection.
 keywords: Microsoft Defender Antivirus, next-generation technologies, next-generation av, machine learning, antimalware, security, defender, cloud, cloud-delivered protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.author: deniseb
 ms.reviewer: shwjha
 manager: dansimp
 ms.custom: nextgen
+ms.technology: mde
 ---
 
 # Use next-generation technologies in Microsoft Defender Antivirus through cloud-delivered protection
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
index 56c8f7668f..bf55abf1c4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
@@ -1,19 +1,20 @@
 ---
-title: "Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint"
-description: "For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings."
+title: Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint
+description: For best results, use Microsoft Defender Antivirus together with your other Microsoft offerings.
 keywords: windows defender, antivirus, third party av
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
-audience: ITPro 
-ms.topic: article 
+audience: ITPro
+ms.topic: article
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
index aa6d77cbd0..bbab8b350a 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10)
 description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 10/17/2017
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender Application Guard policy settings
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index ab42d2eb12..fb236e3d94 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: FAQ - Microsoft Defender Application Guard (Windows 10)
 description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Frequently asked questions - Microsoft Defender Application Guard 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
index 2ead755621..919fc5c18b 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge (Windows 10)
 description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 10/21/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Prepare to install Microsoft Defender Application Guard
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
index a84686a871..2731dfe662 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard Extension
 description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 06/12/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Microsoft Defender Application Guard Extension
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 98150e0f15..9f31a06bdd 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard (Windows 10)
 description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 12/17/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Microsoft Defender Application Guard overview
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
index 81623005a4..4444817c21 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: System requirements for Microsoft Defender Application Guard (Windows 10)
 description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 02/11/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # System requirements for Microsoft Defender Application Guard
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index 6ffce8a986..0c7e53c3fb 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -1,7 +1,7 @@
 ---
 title: Testing scenarios with Microsoft Defender Application Guard (Windows 10)
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.reviewer:
 manager: dansimp
 ms.date: 09/14/2020
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Application Guard testing scenarios
diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 72cf708d67..e63643ed0a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -1,21 +1,22 @@
 ---
-title: "Onboard Windows 10 multi-session devices in Windows Virtual Desktop"
-description: "Read more in this article about Onboarding Windows 10 multi-session devices in Windows Virtual Desktop"
+title: Onboard Windows 10 multi-session devices in Windows Virtual Desktop
+description: Read more in this article about Onboarding Windows 10 multi-session devices in Windows Virtual Desktop
 keywords: Windows Virtual Desktop, WVD, microsoft defender, endpoint, onboard
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro 
-ms.topic: article 
+audience: ITPro
+ms.topic: article
 author: dansimp
 ms.author: dansimp
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
index ccf8b5f19e..c2ef3ab727 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
@@ -4,7 +4,7 @@ description: Access the Microsoft Defender Security Center MSSP customer portal
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Access the Microsoft Defender Security Center MSSP customer portal
diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index 2cb1370de1..c9987f3a99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -3,7 +3,7 @@ title: Add or Remove Machine Tags API
 description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, tags, machine tags
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Add or Remove Machine Tags API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index 50b285cef4..20f0d4f434 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -4,7 +4,7 @@ description: Turn on advanced features such as block file in Microsoft Defender
 keywords: advanced features, settings, block file, automated investigation, auto-resolve, skype, azure atp, office 365, azure information protection, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure advanced features in Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
index 46e60648d1..276a068e26 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
@@ -1,10 +1,10 @@
 ---
 title: AssignedIPAddresses() function in advanced hunting for Microsoft Defender Advanced Threat Protection
-description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device 
+description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/20/2020
+ms.technology: mde
 ---
 
 # AssignedIPAddresses()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index bd47d4a12b..a7e13d3cdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -4,7 +4,7 @@ description: Learn how to construct fast, efficient, and error-free threat hunti
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: m365-security-compliance 
+ms.collection: m365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Advanced hunting query best practices
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
index 51940745aa..3c5026b44c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
@@ -4,7 +4,7 @@ description: Learn about alert generation events in the DeviceAlertEvents table
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 01/22/2020
+ms.technology: mde
 ---
 
 # DeviceAlertEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
index 82be65bdc4..33c2baedda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
@@ -4,7 +4,7 @@ description: Learn about antivirus, firewall, and other event types in the misce
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard, MiscEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
index 20c0ceb254..f939a66576 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
@@ -4,7 +4,7 @@ description: Learn about file signing information in the DeviceFileCertificateIn
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 01/14/2020
+ms.technology: mde
 ---
 
 # DeviceFileCertificateInfo
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
index 2a453a4169..f7a83b8132 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
@@ -1,10 +1,10 @@
 ---
-title: DeviceFileEvents table in the advanced hunting schema 
+title: DeviceFileEvents table in the advanced hunting schema
 description: Learn about file-related events in the DeviceFileEvents table of the advanced hunting schema
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, devicefileevents, files, path, hash, sha1, sha256, md5, FileCreationEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceFileEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
index a00c2ef094..5d5663f9e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
@@ -4,7 +4,7 @@ description: Learn about DLL loading events in the DeviceImageLoadEvents table o
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, deviceimageloadevents, DLL loading, library, file image, ImageLoadEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceImageLoadEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
index 8c806a1b38..47e3f44b7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
@@ -1,10 +1,10 @@
 ---
 title: DeviceInfo table in the advanced hunting schema
 description: Learn about OS, computer name, and other device information in the DeviceInfo table of the advanced hunting schema
-keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, deviceinfo, device, OS, platform, users, DeviceInfo 
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, deviceinfo, device, OS, platform, users, DeviceInfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceInfo
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index c04883052f..e9062bbd6b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -4,7 +4,7 @@ description: Learn about authentication or sign-in events in the DeviceLogonEven
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, devicelogonevents, authentication, logon, sign in, LogonEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceLogonEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
index 467888a9d3..5bbce755a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
@@ -4,7 +4,7 @@ description: Learn about network connection events you can query from the Device
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, devicenetworkevents, network connection, remote ip, local ip, NetworkCommunicationEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceNetworkEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
index 48ae9ead1e..2b9b626fb5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
@@ -4,7 +4,7 @@ description: Learn about network configuration information in the DeviceNetworkI
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, devicenetworkinfo, device, device, mac, ip, adapter, dns, dhcp, gateway, tunnel, DeviceNetworkInfo
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceNetworkInfo
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
index 921304b30c..cf942a6f36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
@@ -4,7 +4,7 @@ description: Learn about the process spawning or creation events in the DevicePr
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, deviceprocessevents, process id, command line, ProcessCreationEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceProcessEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
index ec6f722e98..eeb92421d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
@@ -4,7 +4,7 @@ description: Learn about registry events you can query from the DeviceRegistryEv
 keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, deviceregistryevents, registry, key, subkey, value, RegistryEvents
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceRegistryEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
index bf6dc4404d..6dab26214e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
@@ -1,10 +1,10 @@
 ---
 title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
-description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide device information as well as security configuration details, impact, and compliance information. 
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment  
+description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide device information as well as security configuration details, impact, and compliance information.
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceTvmSecureConfigurationAssessment 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
index 317e6e26c6..26521cd2fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
@@ -1,10 +1,10 @@
 ---
 title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
-description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. 
+description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema.
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceTvmSecureConfigurationAssessmentKB
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
index d61956dee5..849feba90c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
@@ -4,7 +4,7 @@ description: Learn about the inventory of software in your devices and their vul
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceTvmSoftwareInventoryVulnerabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
index 0779d7d929..dd82717d64 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
@@ -1,10 +1,10 @@
 ---
 title: DeviceTvmSoftwareVulnerabilitiesKB  table in the advanced hunting schema
-description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. 
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB 
+description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # DeviceTvmSoftwareVulnerabilitiesKB 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
index ab53ab3585..a3c2545b6b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
@@ -4,7 +4,7 @@ description: Understand errors displayed when using advanced hunting
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, m365, search, query, telemetry, schema, kusto, timeout, resources, errors, unknown error
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Handle advanced hunting errors
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
index 60566f53f5..9fb4a8a8d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
@@ -1,10 +1,10 @@
 ---
-title: Extend advanced hunting coverage with the right settings 
-description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting  
-keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection 
+title: Extend advanced hunting coverage with the right settings
+description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting
+keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 10/10/2020
+ms.technology: mde
 ---
 
 # Extend advanced hunting coverage with the right settings
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
index 365f8ef6ba..66e5df0593 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
@@ -1,10 +1,10 @@
 ---
 title: FileProfile() function in advanced hunting for Microsoft Defender Advanced Threat Protection
-description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results 
+description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/20/2020
+ms.technology: mde
 ---
 
 # FileProfile()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
index 9b8aed20bc..c16f450428 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
@@ -1,22 +1,23 @@
 ---
-title: Get relevant info about an entity with go hunt 
-description: Learn how to use the "go hunt" tool to quickly query for relevant information about an entity or event using advanced hunting.
+title: Get relevant info about an entity with go hunt
+description: Learn how to use the go hunt tool to quickly query for relevant information about an entity or event using advanced hunting.
 keywords: advanced hunting, incident, pivot, entity, go hunt, relevant events, threat hunting, cyber threat hunting, search, query, telemetry, Microsoft Threat Protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-f1.keywords:
-- NOCSH
+f1.keywords: 
+  - NOCSH
 ms.author: v-maave
 author: martyav
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Quickly hunt for entity or event information with go hunt
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
index 0516afc2f2..373fc237b7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
@@ -4,7 +4,7 @@ description: Understand various service limits that keep the advanced hunting se
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, schema, kusto, CPU limit, query limit, resources, maximum results
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Advanced hunting service limits
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index e42dbf4cf3..35fa634bff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -4,7 +4,7 @@ description: Use threat hunting capabilities in Microsoft Defender ATP to build
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto, time zone, UTC
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Proactively hunt for threats with advanced hunting
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index 76fd2bee7e..6bf8d2fa92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -4,7 +4,7 @@ description: Create your first threat hunting query and learn about common opera
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Learn the advanced hunting query language
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
index 34db3e0745..08515a57eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
@@ -4,7 +4,7 @@ description: Make the most of the query results returned by advanced hunting in
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, visualization, chart, filters, drill down
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Work with advanced hunting query results
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index a0988a90d0..4d15c46f81 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -4,7 +4,7 @@ description: Learn about the tables in the advanced hunting schema to understand
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, data
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 01/14/2020
+ms.technology: mde
 ---
 
 # Understand the advanced hunting schema
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index 0daf0cbfda..c3b430655b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -4,7 +4,7 @@ description: Start threat hunting immediately with predefined and shared queries
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Use shared queries in advanced hunting
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
index d535b139e2..a0bc9e4540 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
@@ -4,7 +4,7 @@ description: Quickly address threats and affected assets in your advanced huntin
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/20/2020
+ms.technology: mde
 ---
 
 # Take action on advanced hunting query results
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
index 5e96430994..6c96b5ea1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md
@@ -5,7 +5,7 @@ description: View and manage the alerts surfaced in Microsoft Defender Security
 keywords: 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/03/2018
+ms.technology: mde
 ---
 
 # Alerts queue in Microsoft Defender Security Center
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index e403e8465c..7ac4d17fb3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -4,7 +4,7 @@ description: Learn about how the Microsoft Defender ATP alerts queues work, and
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period, microsoft threat experts alerts
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 03/27/2020
+ms.technology: mde
 ---
 
 # View and organize the Microsoft Defender for Endpoint Alerts queue
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index 9c311bdd80..f6b1666c6c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -3,7 +3,7 @@ title: Get alerts API
 description: Learn about the methods and properties of the Alert resource type in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Alert resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index f9f5d899e6..c0d3f7f4e0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -1,11 +1,11 @@
 ---
 title: Configure Microsoft Defender ATP for Android features
-ms.reviewer:
-description: Describes how to configure Microsoft Defender ATP for Android 
+ms.reviewer: 
+description: Describes how to configure Microsoft Defender ATP for Android
 keywords: microsoft, defender, atp, android, configuration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure Defender for Endpoint for Android features
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index 52450260ef..dcaf457b37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -1,11 +1,11 @@
 ---
 title: Deploy Microsoft Defender ATP for Android with Microsoft Intune
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for Android with Microsoft Intune
 keywords: microsoft, defender, atp, android, installation, deploy, uninstallation,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
index 66ec2fa838..d14d7b7606 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
@@ -4,7 +4,7 @@ description: Privacy controls, how to configure policy settings that impact priv
 keywords: microsoft, defender, atp, android, privacy, diagnostic
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 #  Microsoft Defender for Endpoint for Android - Privacy information
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
index 34959bf022..f9fe77aefa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
@@ -1,11 +1,11 @@
 ---
 title: Troubleshoot issues on Microsoft Defender ATP for Android
-ms.reviewer:
+ms.reviewer: 
 description: Troubleshoot issues for Microsoft Defender ATP for Android
 keywords: microsoft, defender, atp, android, cloud, connectivity, communication
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshooting issues on Microsoft Defender for Endpoint for Android
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
index d8dd335aff..05151f5a7c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for Android Application license terms
-ms.reviewer:
+ms.reviewer: 
 description: Describes the Microsoft Defender ATP for Android license terms
-keywords: microsoft, defender, atp, android,license, terms, application, use, installation, service, feedback, scope, 
+keywords: microsoft, defender, atp, android,license, terms, application, use, installation, service, feedback, scope,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -17,6 +17,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 hideEdit: true
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for Android application license terms
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
index c75879bafc..f6ea5a6c0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
@@ -1,11 +1,11 @@
 ---
-title: API Explorer in Microsoft Defender ATP  
+title: API Explorer in Microsoft Defender ATP
 ms.reviewer: 
 description: Use the API Explorer to construct and do API queries, test, and send requests for any available API
-keywords: api, explorer, send, request, get, post, 
+keywords: api, explorer, send, request, get, post,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # API Explorer
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
index 81f125ba22..bf85bfd5d2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Create a practice 'Hello world'-style API call to the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint API - Hello World 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
index 44003ec0b9..c789f3dcc8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Use Microsoft Defender ATP Flow connector to automate security and create a flow that will be triggered any time a new alert occurs on your tenant.
 keywords: flow, supported apis, api, Microsoft flow, query, automation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Power Automate (formerly Microsoft Flow), and Azure Functions
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
index 2170d310c0..fcaccc4e0e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
@@ -4,7 +4,7 @@ description: Understand how the Detections API fields map to the values in Micro
 keywords: detections, detections fields, fields, api, fields, pull Detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint detections API fields
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
index 9bb4eb7102..c62e574323 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Create a Power Business Intelligence (BI) report on top of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
 keywords: apis, supported apis, Power BI, reports
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create custom reports using Power BI
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
index 9c8c96f2ea..b4e75388d9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
@@ -3,7 +3,7 @@ title: Microsoft Defender ATP API license and terms of use
 description: Description of the license and terms of use for Microsoft Defender APIs
 keywords: license, terms, apis, legal, notices, code of conduct
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint API license and terms of use
diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index ba3e749a61..7a6ced874a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -1,10 +1,10 @@
 ---
-title: Access the Microsoft Defender Advanced Threat Protection APIs  
+title: Access the Microsoft Defender Advanced Threat Protection APIs
 ms.reviewer: 
 description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
 keywords: apis, api, wdatp, open api, microsoft defender atp api, public api, supported apis, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Access the Microsoft Defender for Endpoint APIs 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
index a8bf456da1..66d9bed2d9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
@@ -4,7 +4,7 @@ description: Assign read and write or read only access to the Microsoft Defender
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/28/2018
+ms.technology: mde
 ---
 
 # Assign user access to Microsoft Defender Security Center
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
index 74cc0538fb..4fe5d45a88 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
@@ -4,7 +4,7 @@ description: Run the provided attack scenario simulations to experience how Micr
 keywords: wdatp, test, scenario, attack, simulation, simulated, diy, microsoft defender advanced threat protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/20/2018
+ms.technology: mde
 ---
 
 # Experience Microsoft Defender for Endpoint through simulated attacks 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
index 27c2c2db47..d2eec941c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
@@ -4,7 +4,7 @@ description: Find answers to frequently asked questions about Microsoft Defender
 keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -14,6 +14,7 @@ ms.author: v-maave
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Attack surface reduction frequently asked questions (FAQ)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index c0c77ae782..a4e5a71827 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -3,7 +3,7 @@ title: Use attack surface reduction rules to prevent malware infection
 description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware.
 keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: sugamar, jcedola
 manager: dansimp
 ms.custom: asr
 ms.date: 01/08/2021
+ms.technology: mde
 ---
 
 # Use attack surface reduction rules to prevent malware infection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
index b442dcb82a..3ebf7ef6a5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
@@ -3,7 +3,7 @@ title: Test how Microsoft Defender ATP features work in audit mode
 description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it was enabled.
 keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Test how Microsoft Defender for Endpoint features work in audit mode
diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
index 0a77813dd2..e929d6e210 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@@ -3,7 +3,7 @@ title: View details and results of automated investigations
 description: Use the action center to view details and results following an automated investigation
 keywords: action, center, autoir, automated, investigation, response, remediation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,11 +13,12 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.date: 09/24/2020
+ms.technology: mde
 ---
 
 # View details and results of automated investigations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index fea480df60..781676ba34 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -4,7 +4,7 @@ description: Understand the automated investigation flow in Microsoft Defender f
 keywords: automated, investigation, detection, source, threat types, id, tags, devices, duration, filter export, defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,8 +16,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.custom: AIR
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
index 9fa9ebd762..1a1fc25199 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
@@ -4,7 +4,7 @@ description: Get an overview of automation levels and how they work in Microsoft
 keywords: automated, investigation, level, defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -16,8 +16,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.custom: AIR
diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
index 1c8fc2eacd..9846c04523 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
@@ -4,7 +4,7 @@ description: Learn how to use basic permissions to access the Microsoft Defender
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Use basic permissions to access the portal
diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
index 05ec75c8d0..fb60ac8f53 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -8,16 +8,17 @@ author: denisebmsft
 ms.author: deniseb
 manager: dansimp
 ms.reviewer: shwetaj
-audience: ITPro 
-ms.topic: article 
-ms.prod: w10 
+audience: ITPro
+ms.topic: article
+ms.prod: m365-security
 ms.localizationpriority: medium
 ms.custom: 
-- next-gen
-- edr
+  - next-gen
+  - edr
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
+ms.technology: mde
 ---
 
 # Behavioral blocking and containment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
index bbff2e68b9..d7e2bcdf23 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
@@ -4,7 +4,7 @@ description: Check the sensor health on devices to identify which ones are misco
 keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Check sensor health state in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
index ef5d153836..095899b2c9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
@@ -8,16 +8,17 @@ author: denisebmsft
 ms.author: deniseb
 manager: dansimp
 ms.reviewer: shwetaj
-audience: ITPro 
-ms.topic: article 
-ms.prod: w10 
+audience: ITPro
+ms.topic: article
+ms.prod: m365-security
 ms.localizationpriority: medium
 ms.custom: 
-- next-gen
-- edr
+  - next-gen
+  - edr
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
+ms.technology: mde
 ---
 
 # Client behavioral blocking
diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index b3cb7a04fa..ee50396e37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -3,7 +3,7 @@ title: Collect investigation package API
 description: Use this API to create calls related to the collecting an investigation package from a device.
 keywords: apis, graph api, supported apis, collect investigation package
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
-
+ms.technology: mde
 ---
 
 # Collect investigation package API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
index c43240cb86..c0c401ff5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
@@ -1,9 +1,9 @@
 ---
 title: Common Microsoft Defender ATP API errors
 description: List of common Microsoft Defender ATP API errors with descriptions.
-keywords: apis, mdatp api, errors, troubleshooting 
+keywords: apis, mdatp api, errors, troubleshooting
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Common REST API error codes
diff --git a/windows/security/threat-protection/microsoft-defender-atp/community.md b/windows/security/threat-protection/microsoft-defender-atp/community.md
index f68dcdeab3..d229d8aea0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/community.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/community.md
@@ -4,7 +4,7 @@ description: Access the Microsoft Defender ATP Community Center to share experie
 keywords: community, community center, tech community, conversation, announcements
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
index a0ace30f14..96b9d372c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
@@ -4,7 +4,7 @@ description: Enable Conditional Access to prevent applications from running if a
 keywords: conditional access, block applications, security level, intune,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Enable Conditional Access to better protect users, devices, and data 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index aca0be0b19..873f96e24e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -4,7 +4,7 @@ description: Configure Micro Focus ArcSight to receive and pull detections from
 keywords: configure Micro Focus ArcSight, security information and events management tools, arcsight
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Micro Focus ArcSight to pull Defender for Endpoint detections
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
index 736ab0b846..3db29d7045 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md
@@ -4,7 +4,7 @@ description: Use Microsoft Intune, Microsoft Endpoint Configuration Manager, Pow
 keywords: asr, attack surface reduction, windows defender, microsoft defender, antivirus, av
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure attack surface reduction
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
index f8d91cd3e1..ee4a6acd7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
@@ -4,7 +4,7 @@ description: Set up your automated investigation and remediation capabilities in
 keywords: configure, setup, automated, investigation, detection, alerts, remediation, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -14,7 +14,7 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/24/2020
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
index 206e5721b3..b6c75e30e5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
@@ -4,7 +4,7 @@ description: Learn about steps that you need to do in Intune, Microsoft Defender
 keywords: conditional access, conditional, access, device risk, risk level, integration, intune integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Conditional Access in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
index f7ccfe871b..834863b741 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
@@ -4,7 +4,7 @@ description: You can use Microsoft Defender Advanced Threat Protection to config
 keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure alert notifications in Microsoft Defender ATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
index 5360517315..1aef8eda63 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
@@ -4,7 +4,7 @@ description: Use Group Policy to deploy the configuration package on Windows 10
 keywords: configure devices using group policy, device management, configure Windows ATP devices, onboard Microsoft Defender Advanced Threat Protection devices, group policy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Onboard Windows 10 devices using Group Policy 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
index 0a97fbf1e3..a4e70fd9b2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
@@ -4,7 +4,7 @@ description: Use Mobile Device Management tools to deploy the configuration pack
 keywords: onboard devices using mdm, device management, onboard Windows ATP devices, onboard Microsoft Defender Advanced Threat Protection devices, mdm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard Windows 10 devices using Mobile Device Management tools
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
index ba65815551..460d048802 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@@ -4,7 +4,7 @@ description: Configure non-Windows devices so that they can send sensor data to
 keywords: onboard non-Windows devices, macos, linux, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard non-Windows devices
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
index 70d15daa13..32028e17ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
@@ -4,7 +4,7 @@ description: Use Configuration Manager to deploy the configuration package on de
 keywords: onboard devices using sccm, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 02/07/2020
+ms.technology: mde
 ---
 
 # Onboard Windows 10 devices using Configuration Manager
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
index acfdb668c7..4bfafb3193 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
@@ -4,7 +4,7 @@ description: Use a local script to deploy the configuration package on devices s
 keywords: configure devices using a local script, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard Windows 10 devices using a local script
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index fc7c7e1d3c..7eb2606edf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -4,7 +4,7 @@ description: Deploy the configuration package on virtual desktop infrastructure
 keywords: configure virtual desktop infrastructure (VDI) device, vdi, device management, configure Windows ATP endpoints, configure Microsoft Defender Advanced Threat Protection endpoints
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 04/16/2020
+ms.technology: mde
 ---
 
 # Onboard non-persistent virtual desktop infrastructure (VDI) devices
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
index d4fd6a0a02..7bf86ff101 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
@@ -4,7 +4,7 @@ description: Onboard Windows 10 devices so that they can send sensor data to the
 keywords: Onboard Windows 10 devices, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Onboarding tools and methods for Windows 10 devices
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
index 17e8cb3039..d42925b857 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
@@ -1,10 +1,10 @@
 ---
 title: Optimize ASR rule deployment and detections
-description: Optimize your attack surface reduction (ASR) rules to identify and prevent typical malware exploits. 
+description: Optimize your attack surface reduction (ASR) rules to identify and prevent typical malware exploits.
 keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Optimize ASR rule deployment and detections
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
index b207e1fb84..a755aece6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -4,7 +4,7 @@ description: Track onboarding of Intune-managed devices to Microsoft Defender AT
 keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, configuration management
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get devices onboarded to Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
index e110a3d518..fdb402917b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
@@ -4,7 +4,7 @@ description: The Microsoft Defender ATP security baseline sets Microsoft Defende
 keywords: Intune management, MDATP, WDATP, Microsoft Defender, advanced threat protection ASR, security baseline
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Increase compliance to the Microsoft Defender for Endpoint security baseline
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
index 9b830a3988..b48a92f312 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
@@ -4,7 +4,7 @@ description: Properly configure devices to boost overall resilience against thre
 keywords: onboard, Intune management, MDATP, WDATP, Microsoft Defender, Windows Defender, advanced threat protection, attack surface reduction, ASR, security baseline
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Ensure your devices are configured properly
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index 3ce240d781..f961d52e99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -5,7 +5,7 @@ description: Register to Microsoft Threats Experts to configure, manage, and use
 keywords: Microsoft Threat Experts, managed threat hunting service, MTE, Microsoft managed hunting service
 search.product: Windows 10
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure and manage Microsoft Threat Experts capabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
index e75588efda..bb8199f49c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
@@ -1,10 +1,10 @@
 ---
-title: Configure alert notifications that are sent to MSSPs 
+title: Configure alert notifications that are sent to MSSPs
 description: Configure alert notifications that are sent to MSSPs
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure alert notifications that are sent to MSSPs 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
index dde5d47ec5..f6521931c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
@@ -1,10 +1,10 @@
 ---
 title: Configure managed security service provider support
-description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP 
+description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure managed security service provider integration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 48fd0bee7d..712d30276f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -4,7 +4,7 @@ description: Configure the Microsoft Defender ATP proxy and internet settings to
 keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure device proxy and Internet connectivity settings
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 58d8cc748e..3e1fad5b1a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -4,7 +4,7 @@ description: Onboard Windows servers so that they can send sensor data to the Mi
 keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard Windows servers to the Microsoft Defender for Endpoint service
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
index 62e2e5f5b1..570ac8e0e5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -4,7 +4,7 @@ description: Learn how to use REST API and configure supported security informat
 keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Pull detections to your SIEM tools
diff --git a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
index 99a86d51e7..77a5862d83 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
@@ -1,11 +1,11 @@
 ---
-title: Connected applications in Microsoft Defender ATP   
+title: Connected applications in Microsoft Defender ATP
 ms.reviewer: 
 description: View connected partner applications that use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender ATP APIs.
 keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Connected applications in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md
index a3ea45d493..d82a536e7c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support-usgov.md
@@ -4,7 +4,7 @@ description: Learn how to contact Microsoft Defender for Endpoint support for US
 keywords: support, contact, premier support, solutions, problems, case, government, gcc, gcc-m, gcc-h, defender, endpoint, mdatp, mde
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ROBOTS: noindex,nofollow
+ms.technology: mde
 ---
 
 # Contact Microsoft Defender for Endpoint support for US Government customers
diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
index b8af068443..4082593706 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
@@ -4,7 +4,7 @@ description: Learn how to contact Microsoft Defender ATP support
 keywords: support, contact, premier support, solutions, problems, case
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Contact Microsoft Defender for Endpoint support
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index d01c44566e..f193b2eca8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -3,7 +3,7 @@ title: Prevent ransomware and threats from encrypting and changing files
 description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
 keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.date: 12/17/2020
 ms.reviewer: v-maave
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Protect important folders with controlled folder access
diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index eefccc5624..ac6a1ed6be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -3,7 +3,7 @@ title: Create alert from event API
 description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, alert, information, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create alert API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 17e23e40fc..6dd72d0e5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -5,7 +5,7 @@ description: Learn how to create custom detection rules based on advanced huntin
 keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 09/20/2020
+ms.technology: mde
 ---
 
 # Create custom detection rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
index ef5088e134..8089825d75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
@@ -5,7 +5,7 @@ description: Learn how to view and manage custom detection rules
 keywords: custom detections, view, manage, alerts, edit, run on demand, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
index 81ede44b00..1da7a9ee99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
@@ -3,7 +3,7 @@ title: Customize attack surface reduction rules
 description: Individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from attack surface reduction rules
 keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Customize attack surface reduction rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
index 8c2ab186eb..3d14a162c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
@@ -3,7 +3,7 @@ title: Customize controlled folder access
 description: Add other folders that should be protected by controlled folder access, or allow apps that are incorrectly blocking changes to important files.
 keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, customize, add folder, add app, allow, add executable
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.reviewer: jcedola, dbodorin, vladiso, nixanm, anvascon
 manager: dansimp
 ms.date: 01/06/2021
+ms.technology: mde
 ---
 
 # Customize controlled folder access
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
index 3c72846e6a..fb5a2ad59a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
@@ -3,15 +3,16 @@ title: Customize exploit protection
 keywords: Exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr
 description: You can enable or disable specific mitigations used by exploit protection using the Windows Security app or PowerShell. You can also audit mitigations and export configurations.
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
 audience: ITPro
 author: levinec
 ms.author: ellevin
-ms.reviewer:
+ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Customize exploit protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
index 7932cfb153..dbf2b89d69 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
@@ -1,10 +1,10 @@
 ---
-title: Verify data storage location and update data retention settings 
+title: Verify data storage location and update data retention settings
 description: Verify data storage location and update data retention settings for Microsoft Defender Advanced Threat Protection
 keywords: data, storage, settings, retention, update
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Verify data storage location and update data retention settings for Microsoft Defender for Endpoint
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
index 4a5639583d..ec1ee3cba5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
@@ -4,7 +4,7 @@ description: Learn about how Microsoft Defender for Endpoint handles privacy and
 keywords: Microsoft Defender for Endpoint, Microsoft Defender ATP, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint data storage and privacy
diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
index f84762a3a0..a26df70136 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
@@ -1,10 +1,10 @@
 ---
 title: Microsoft Defender Antivirus compatibility with Microsoft Defender ATP
-description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used.  
+description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used.
 keywords: windows defender compatibility, defender, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Microsoft Defender Antivirus compatibility with Microsoft Defender ATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index dfde8bf37e..c4921c50f4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -3,7 +3,7 @@ title: Delete Indicator API.
 description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender Advanced Threat Protection.
 keywords: apis, public api, supported apis, delete, ti indicator, entity, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Delete Indicator API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 8332173b94..6acca76c77 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -3,7 +3,7 @@ title: Deployment phases
 description: Learn how to deploy Microsoft Defender ATP by preparing, setting up, and onboarding endpoints to that service
 keywords: deploy, prepare, setup, onboard, phase, deployment, deploying, adoption, configuring
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-overview  
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-overview
 ms.topic: article
+ms.technology: mde
 ---
 
 # Deployment phases
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 8ad96f8300..cce214bf30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -3,7 +3,7 @@ title: Deploy Microsoft Defender ATP in rings
 description: Learn how to deploy Microsoft Defender ATP in rings
 keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-overview  
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-overview
 ms.topic: article
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender ATP in rings
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
index fad489826a..3711adcf75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
@@ -1,9 +1,9 @@
 ---
-title: Plan your Microsoft Defender ATP deployment 
+title: Plan your Microsoft Defender ATP deployment
 description: Select the best Microsoft Defender ATP deployment strategy for your environment
 keywords: deploy, plan, deployment strategy, cloud native, management, on prem, evaluation, onboarding, local, group policy, gp, endpoint manager, mem
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Plan your Microsoft Defender for Endpoint deployment 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
index 8ab3495d50..77bc0b62f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
@@ -1,9 +1,9 @@
 ---
 title: Microsoft Defender ATP device timeline event flags
-description: Use Microsoft Defender ATP device timeline event flags to 
+description: Use Microsoft Defender ATP device timeline event flags to
 keywords: Defender ATP device timeline, event flags
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint device timeline event flags
diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 0c01e2faf7..0304cdd397 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -8,17 +8,18 @@ author: denisebmsft
 ms.author: deniseb
 manager: dansimp
 ms.reviewer: shwetaj
-audience: ITPro 
-ms.topic: article 
-ms.prod: w10 
+audience: ITPro
+ms.topic: article
+ms.prod: m365-security
 ms.localizationpriority: medium
 ms.custom: 
-- next-gen
-- edr
+  - next-gen
+  - edr
 ms.date: 01/07/2021
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
+ms.technology: mde
 ---
 
 # Endpoint detection and response (EDR) in block mode
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 1356b96d9c..44d58c8d1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -3,7 +3,7 @@ title: Enable attack surface reduction rules
 description: Enable attack surface reduction (ASR) rules to protect your devices from attacks that use macros, scripts, and common injection techniques.
 keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, enable, turn on
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Enable attack surface reduction rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
index 8af897f9a0..a8bc3ae850 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
@@ -3,7 +3,7 @@ title: Enable controlled folder access
 keywords: Controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use
 description: Learn how to protect your important files by enabling Controlled folder access
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Enable controlled folder access
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 91a6dc887a..683cc19965 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -3,7 +3,7 @@ title: Turn on exploit protection to help mitigate against attacks
 keywords: exploit, mitigation, attacks, vulnerability
 description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware.
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.reviewer: ksarens
 manager: dansimp
+ms.technology: mde
 ---
 
 # Enable exploit protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index 4f9ad6dff7..b489a186a7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -3,7 +3,7 @@ title: Turn on network protection
 description: Enable network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager.
 keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Turn on network protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
index c4e8e36cbe..63dc623e7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
@@ -4,7 +4,7 @@ description: Enable SIEM integration to receive detections in your security info
 keywords: enable siem connector, siem, connector, security information and events
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Enable SIEM integration in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
index b80ba00b38..836dcb090d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@@ -2,10 +2,10 @@
 title: Evaluate Microsoft Defender for Endpoint
 ms.reviewer: 
 description: Evaluate the different security capabilities in Microsoft Defender for Endpoint.
-keywords: attack surface reduction, evaluate, next, generation, protection 
+keywords: attack surface reduction, evaluate, next, generation, protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Evaluate Microsoft Defender for Endpoint 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
index 4fdbaae9b9..e5e1491d2b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md
@@ -3,7 +3,7 @@ title: Evaluate attack surface reduction rules
 description: See how attack surface reduction would block and prevent attacks with the custom demo tool.
 keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Evaluate attack surface reduction rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
index cf36b1169f..e85e2cd887 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
@@ -3,7 +3,7 @@ title: Evaluate controlled folder access
 description: See how controlled folder access can help protect files from being changed by malicious apps.
 keywords: Exploit protection, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Evaluate controlled folder access
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
index a7d1eb5399..55fb86a8b7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md
@@ -3,7 +3,7 @@ title: See how exploit protection works in a demo
 description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps.
 keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.author: deniseb
 ms.date: 01/06/2021
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Evaluate exploit protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
index 1da3fe309f..067bb51204 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md
@@ -3,7 +3,7 @@ title: Evaluate network protection
 description: See how network protection works by testing common scenarios that it protects against.
 keywords: Network protection, exploits, malicious website, ip, domain, domains, evaluate, test, demo
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Evaluate network protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index 64a0179395..4d6f35d840 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -3,7 +3,7 @@ title: Microsoft Defender for Endpoint evaluation lab
 description: Learn about Microsoft Defender for Endpoint capabilities, run attack simulations, and see how it prevents, detects, and remediates threats.
 keywords: evaluate mdatp, evaluation, lab, simulation, windows 10, windows server 2019, evaluation lab
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-evalutatemtp
+  - M365-security-compliance
+  - m365solution-evalutatemtp
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint evaluation lab
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index a2b75300ee..cf4a725b95 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -4,7 +4,7 @@ description: Get descriptions and further troubleshooting steps (if required) fo
 keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender for Endpoint service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 05/21/2018
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-views.md b/windows/security/threat-protection/microsoft-defender-atp/event-views.md
index 9edcad6d34..73f0cf3ba2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-views.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-views.md
@@ -3,7 +3,7 @@ title: View attack surface reduction events
 description: Import custom views to see attack surface reduction events.
 keywords: event view, exploit guard, audit, review, events
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # View attack surface reduction events
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
index f1867fadcb..28051f72bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
@@ -4,7 +4,7 @@ keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, expl
 description: Details on how the exploit protection feature works in Windows 10
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ ms.date: 01/06/2021
 ms.reviewer: cjacks
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Exploit Protection Reference
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
index b2ad6f832b..9b169e43bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
@@ -3,7 +3,7 @@ title: Apply mitigations to help prevent attacks through vulnerabilities
 keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
 description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET).
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.date: 10/21/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Protect devices from exploits
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
index 9f93b7365e..9994672041 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -1,10 +1,10 @@
 ---
-title: Use Microsoft Defender for Endpoint APIs  
+title: Use Microsoft Defender for Endpoint APIs
 ms.reviewer: 
 description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Use Microsoft Defender for Endpoint APIs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
index cfb61033a4..2e5ce37a4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Learn how to design a web app to get programmatic access to  Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Partner access through Microsoft Defender for Endpoint APIs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
index f4dc27179e..dbec1029c4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Learn how to design a web app to get programmatic access to Microsoft Defender for Endpoint without a user.
 keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create an app to access Microsoft Defender for Endpoint without a user
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
index 8100c26890..0f872dce10 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Use these code samples, querying several Microsoft Defender for Endpoint APIs.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article 
+ms.collection: M365-security-compliance
+ms.topic: article
 ms.date: 09/24/2018
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint APIs using PowerShell
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
index e5f0ac91e0..631006a9c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
@@ -1,10 +1,10 @@
 ---
-title: Supported Microsoft Defender for Endpoint APIs  
+title: Supported Microsoft Defender for Endpoint APIs
 ms.reviewer: 
-description: Learn about the specific supported Microsoft Defender for Endpoint entities where you can create API calls to. 
+description: Learn about the specific supported Microsoft Defender for Endpoint entities where you can create API calls to.
 keywords: apis, supported apis, actor, alerts, device, user, domain, ip, file, advanced queries, advanced hunting
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Supported Microsoft Defender for Endpoint APIs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index e9735e3e07..ab3344e02c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender for Endpoint.
 keywords: apis, supported apis, odata, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # OData queries with Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
index b5ac0c1ea5..709f74bc35 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md
@@ -8,14 +8,15 @@ author: denisebmsft
 ms.author: deniseb
 manager: dansimp
 ms.reviewer: shwetaj
-audience: ITPro 
-ms.topic: article 
-ms.prod: w10 
+audience: ITPro
+ms.topic: article
+ms.prod: m365-security
 ms.localizationpriority: medium
 ms.custom: 
-- next-gen
-- edr
+  - next-gen
+  - edr
 ms.collection: 
+ms.technology: mde
 ---
 
 # Feedback-loop blocking
diff --git a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
index a4f175566c..bc70d8c0e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md
@@ -4,7 +4,7 @@ description: Learn how to fetch alerts from a customer tenant
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Fetch alerts from MSSP customer tenant
diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md
index 677387cad1..0fbe833f68 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@@ -3,7 +3,7 @@ title: File resource type
 description: Retrieve recent Microsoft Defender for Endpoint alerts related to files.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # File resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
index b94742b61d..b00bf9017d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
@@ -3,7 +3,7 @@ title: Find device information by internal IP API
 description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP.
 keywords: ip, apis, graph api, supported apis, find device, device information
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Find device information by internal IP API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 616dfffb2e..5a461d731b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -1,9 +1,9 @@
 ---
 title: Find devices by internal IP API
-description: Find devices seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
+description: Find devices seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
 keywords: apis, graph api, supported apis, get, device, IP, find, find device, by ip, ip
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Find devices by internal IP API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
index ce92f63d99..2ab8c7db1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md
@@ -4,7 +4,7 @@ description: Fix device sensors that are reporting as misconfigured or inactive
 keywords: misconfigured, inactive, fix sensor, sensor health,  no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 11/06/2020
+ms.technology: mde
 ---
 
 # Fix unhealthy sensors in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
index 210a00624f..5177928062 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@@ -3,7 +3,7 @@ title: Get alert information by ID API
 description: Learn how to use the Get alert information by ID API to retrieve a specific alert by its ID in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, alert, information, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert information by ID API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
index 607206740c..9347365103 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@@ -1,9 +1,9 @@
 ---
-title: Get alert related domains information 
+title: Get alert related domains information
 description: Retrieve all domains related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, graph api, supported apis, get alert information, alert information, related domain
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert related domain information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
index f95776b987..80dfa7de59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@@ -1,9 +1,9 @@
 ---
-title: Get alert related files information 
+title: Get alert related files information
 description: Retrieve all files related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
 keywords: apis, graph api, supported apis, get alert information, alert information, related files
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert related files information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
index dd5859b46d..b241dd2b72 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@@ -1,9 +1,9 @@
 ---
-title: Get alert related IPs information 
+title: Get alert related IPs information
 description: Retrieve all IPs related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
 keywords: apis, graph api, supported apis, get alert information, alert information, related ip
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert related IPs information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index ab1cfd8107..e4850f8d55 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -1,9 +1,9 @@
 ---
-title: Get alert related machine information 
+title: Get alert related machine information
 description: Retrieve all devices related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
 keywords: apis, graph api, supported apis, get alert information, alert information, related device
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert related machine information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index c5461ce794..ea89e7158c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -1,9 +1,9 @@
 ---
-title: Get alert related user information 
+title: Get alert related user information
 description: Learn how to use the Get alert related user information API to retrieve the user related to a specific alert in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, alert, information, related, user
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get alert related user information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index 687c2dffa2..918af17cc7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -3,7 +3,7 @@ title: List alerts API
 description: Learn how to use the List alerts API to retrieve a collection of alerts in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List alerts API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
index a076a373b1..9be5af6b31 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
@@ -1,9 +1,9 @@
 ---
 title: List all recommendations
 description: Retrieves a list of all security recommendations affecting the organization.
-keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api 
+keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List all recommendations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
index 8839180405..73cc542fda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
@@ -3,7 +3,7 @@ title: Get all vulnerabilities by machine and software
 description: Retrieves a list of all the vulnerabilities affecting the organization by Machine and Software
 keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List vulnerabilities by machine and software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
index d899f7c360..17f9e97ef1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
@@ -3,7 +3,7 @@ title: Get all vulnerabilities
 description: Retrieves a list of all the vulnerabilities affecting the organization
 keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List vulnerabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
index fb60d09e95..41df827074 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@@ -4,7 +4,7 @@ description: Learn how to use the Get CVE-KB map API to retrieve a map of CVE's
 keywords: apis, graph api, supported apis, get, cve, kb
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: mde
 ---
 
 # Get CVE-KB map API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
index 920e2fab04..b18413a57e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
@@ -3,7 +3,7 @@ title: Get device secure score
 description: Retrieves the organizational device secure score.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ ms.author: ellevin
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get device secure score
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
index 14425d3b01..773a35d073 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@@ -3,7 +3,7 @@ title: Get discovered vulnerabilities
 description: Retrieves a collection of discovered vulnerabilities related to a given device ID.
 keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ ms.author: ellevin
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get discovered vulnerabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
index 2ef6ab2307..12f8042a7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@@ -3,7 +3,7 @@ title: Get domain related alerts API
 description: Learn how to use the Get domain related alerts API to retrieve alerts related to a given domain address in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, domain, related, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get domain related alerts API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
index 8c70e05df5..87af94f174 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@@ -3,7 +3,7 @@ title: Get domain related machines API
 description: Learn how to use the Get domain related machines API to get machines that communicated to or from a domain in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, domain, related, devices
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get domain related machines API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index a1174ffd17..dda241406d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -3,7 +3,7 @@ title: Get domain statistics API
 description: Learn how to use the Get domain statistics API to retrieve the statistics on the given domain in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, domain, domain related devices
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get domain statistics API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
index 2dc25a2049..c06627a36f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
@@ -3,7 +3,7 @@ title: Get exposure score
 description: Retrieves the organizational exposure score.
 keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ ms.author: ellevin
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get exposure score
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
index c69bbf38e5..736c3298e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@@ -3,7 +3,7 @@ title: Get file information API
 description: Learn how to use the Get file information API to get a file by Sha1, Sha256, or MD5 identifier in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get file information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
index e9088291e8..dd23bde922 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@@ -3,7 +3,7 @@ title: Get file related alerts API
 description: Learn how to use the Get file related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, file, hash
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get file related alerts API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
index 99313ac5c8..981b5352e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@@ -3,7 +3,7 @@ title: Get file related machines API
 description: Learn how to use the Get file related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, devices, hash
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get file related machines API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index d81d9b8af3..45c0c7f97f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -3,7 +3,7 @@ title: Get file statistics API
 description: Learn how to use the Get file statistics API to retrieve the statistics for the given file in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, file, statistics
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get file statistics API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
index 09233fa7ab..1d74c52f25 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
@@ -3,7 +3,7 @@ title: Get installed software
 description: Retrieves a collection of installed software related to a given device ID.
 keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per device, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get installed software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
index b58d1ddd9e..47662456ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@@ -3,7 +3,7 @@ title: List Investigations API
 description: Use this API to create calls related to get Investigations collection
 keywords: apis, graph api, supported apis, Investigations collection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List Investigations API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
index 866f046908..74f3ac1b33 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
@@ -3,7 +3,7 @@ title: Get Investigation object API
 description: Use this API to create calls related to get Investigation object
 keywords: apis, graph api, supported apis, Investigation object
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get Investigation API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
index b18a482d19..ec0bd5533a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@@ -3,7 +3,7 @@ title: Get IP related alerts API
 description: Retrieve a collection of alerts related to a given IP address using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, graph api, supported apis, get, ip, related, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get IP related alerts API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
index c34fe0e526..e720d2f338 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@@ -3,7 +3,7 @@ title: Get IP statistics API
 description: Get the latest stats for your IP using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, graph api, supported apis, get, ip, statistics, prevalence
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get IP statistics API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
index b3e1d5574a..f108cdfbf6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@@ -4,7 +4,7 @@ description: Retrieve a collection of knowledge bases (KB's) and KB details with
 keywords: apis, graph api, supported apis, get, kb
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: mde
 ---
 
 # Get KB collection API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index f46e912d8c..ceac9cc0ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -3,7 +3,7 @@ title: Get machine by ID API
 description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, devices, entity, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get machine by ID API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
index e13a900af5..f7ea61feb1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
@@ -3,7 +3,7 @@ title: List exposure score by device group
 description: Retrieves a list of exposure scores by device group.
 keywords: apis, graph api, supported apis, get, exposure score, device group, device group exposure score
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ ms.author: ellevin
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List exposure score by device group
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
index 42ceb10f0e..f4730dce02 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@@ -3,7 +3,7 @@ title: Get machine logon users API
 description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, device, log on, users
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get machine logon users API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
index 86de75298d..cf6f953a00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@@ -3,7 +3,7 @@ title: Get machine related alerts API
 description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, devices, related, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get machine related alerts  API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
index da012c1b41..35d7343116 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@@ -3,7 +3,7 @@ title: Get MachineAction object API
 description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, machineaction object
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get machineAction API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
index ec9d161528..11bd89fa3b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@@ -3,7 +3,7 @@ title: List machineActions API
 description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, machineaction collection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List MachineActions API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
index 8cb9e3c2d3..cbcb0e0b06 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
@@ -3,7 +3,7 @@ title: List devices by software
 description: Retrieve a list of devices that has this software installed.
 keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List devices by software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
index bc0c969c79..35a821c812 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
@@ -3,7 +3,7 @@ title: List devices by vulnerability
 description: Retrieves a list of devices affected by a vulnerability.
 keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List devices by vulnerability
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index 6c89d74e65..ad2331e5ab 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -3,7 +3,7 @@ title: List machines API
 description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud.
 keywords: apis, graph api, supported apis, get, devices
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List machines API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
index 4f1d4fedec..9565ba0014 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@@ -4,7 +4,7 @@ description: Retrieve a collection of device security states using Microsoft Def
 keywords: apis, graph api, supported apis, get, device, security, state
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article 
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.technology: mde
 ---
 
 # Get Machines security states collection API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
index 089381bade..9ac01f22cf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@@ -3,7 +3,7 @@ title: Get missing KBs by device ID
 description: Retrieves missing security updates by device ID
 keywords: apis, graph api, supported apis, get, list, file, information, device id, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get missing KBs by device ID
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
index a74bad1490..4c037b678e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
@@ -3,7 +3,7 @@ title: Get missing KBs by software ID
 description: Retrieves missing security updates by software ID
 keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get missing KBs by software ID
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
index 332e875e6e..ccd17fea22 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@@ -3,7 +3,7 @@ title: Get package SAS URI API
 description: Use this API to get a URI that allows downloading an investigation package.
 keywords: apis, graph api, supported apis, get package, sas, uri
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get package SAS URI API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
index 3666ef7955..d752962405 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
@@ -1,9 +1,9 @@
 ---
 title: Get recommendation by Id
 description: Retrieves a security recommendation by its ID.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api 
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get recommendation by ID
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
index dfec0fb89f..7d46d6e6fe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
@@ -1,9 +1,9 @@
 ---
 title: List devices by recommendation
-description: Retrieves a list of devices associated with the security recommendation. 
-keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api 
+description: Retrieves a list of devices associated with the security recommendation.
+keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List devices by recommendation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
index c0adaddae0..4f144b37e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
@@ -1,9 +1,9 @@
 ---
 title: Get recommendation by software
 description: Retrieves a security recommendation related to a specific software.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api 
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get recommendation by software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
index 9c06a2df8f..6c606f3bfc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
@@ -1,9 +1,9 @@
 ---
 title: List vulnerabilities by recommendation
 description: Retrieves a list of vulnerabilities associated with the security recommendation.
-keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api 
+keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List vulnerabilities by recommendation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
index 1cf2a7793b..1d2dfe41dd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@@ -3,7 +3,7 @@ title: Get security recommendations
 description: Retrieves a collection of security recommendations related to a given device ID.
 keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get security recommendations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
index 8c13f1d5da..da3f09fb2d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@@ -3,7 +3,7 @@ title: Get software by Id
 description: Retrieves a list of exposure scores by device group.
 keywords: apis, graph api, supported apis, get, software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get software by Id
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
index 2bb098203c..c707f59ef2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
@@ -1,9 +1,9 @@
 ---
-title: List software version distribution 
-description: Retrieves a list of your organization's software version distribution 
+title: List software version distribution
+description: Retrieves a list of your organization's software version distribution
 keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List software version distribution 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
index 7629b66bff..95e59d134f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
@@ -3,7 +3,7 @@ title: List software
 description: Retrieves a list of software inventory
 keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List software inventory API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
index f0151a49db..d126296521 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@@ -5,7 +5,7 @@ description: Learn the steps and requirements to integrate your solution with Mi
 keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual 
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Become a Microsoft Defender for Endpoint partner
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
index 5cd725bebe..58cb3f78a5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@@ -3,7 +3,7 @@ title: List Indicators API
 description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection.
 keywords: apis, public api, supported apis, Indicators collection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List Indicators API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
index d9af8b76ce..7a7e85e081 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@@ -3,7 +3,7 @@ title: Get user information API
 description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, user, user information
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get user information API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
index d16cd4cfee..7705c00e4b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@@ -3,7 +3,7 @@ title: Get user-related alerts API
 description: Retrieve a collection of alerts related to a given user ID using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, graph api, supported apis, get, user, related, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get user-related alerts API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
index 88a70fd056..7cab2321b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@@ -3,7 +3,7 @@ title: Get user-related machines API
 description: Learn how to use the Get user-related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, user, user related alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get user-related machines API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
index abb77af560..c60ff31fdb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
@@ -1,9 +1,9 @@
 ---
 title: List vulnerabilities by software
-description: Retrieve a list of vulnerabilities in the installed software. 
+description: Retrieve a list of vulnerabilities in the installed software.
 keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # List vulnerabilities by software
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
index df3bc5a56f..e8cc9c8257 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
@@ -3,7 +3,7 @@ title: Get vulnerability by Id
 description: Retrieves vulnerability information by its ID.
 keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Get vulnerability by ID
diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 7576cf0006..2bde8df0d5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -1,10 +1,10 @@
 ---
-title: Microsoft Defender for Endpoint for US Government customers 
+title: Microsoft Defender for Endpoint for US Government customers
 description: Learn about the requirements and the available Microsoft Defender for Endpoint capabilities for US Government customers
 keywords: government, gcc, high, requirements, capabilities, defender, defender atp, mdatp, endpoint, dod
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for US Government customers
diff --git a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md
index f62c3b418f..f5397c26f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md
@@ -1,10 +1,10 @@
 ---
 title: Grant access to managed security service provider (MSSP)
-description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP 
+description: Take the necessary steps to configure the MSSP integration with Microsoft Defender ATP
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Grant managed security service provider (MSSP) access (preview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
index adc3dd0a3b..7d275ab90b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
@@ -4,7 +4,7 @@ description: Access helpful resources such as links to blogs and other resources
 keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual 
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Helpful Microsoft Defender for Endpoint resources
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
index f496d2d153..73079133a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
@@ -4,7 +4,7 @@ description: Use Group Policy to deploy mitigations configuration.
 keywords: Exploit protection, mitigations, import, export, configure, convert, conversion, deploy, install
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -13,6 +13,7 @@ author: levinec
 ms.author: ellevin
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Import, export, and deploy exploit protection configurations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
index 4c34fbe26c..40baef0411 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
@@ -1,11 +1,11 @@
 ---
-title: Create indicators based on certificates 
+title: Create indicators based on certificates
 ms.reviewer: 
 description: Create indicators based on certificates that define the detection, prevention, and exclusion of entities.
 keywords: ioc, certificate, certificates, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create indicators based on certificates
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
index 3e7b8c855d..be86647e97 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
@@ -1,11 +1,11 @@
 ---
-title:  Create indicators for files
+title: Create indicators for files
 ms.reviewer: 
 description: Create indicators for a file hash that define the detection, prevention, and exclusion of entities.
 keywords: file, hash, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create indicators for files
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 3ed8df33d8..f238e1f680 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -1,11 +1,11 @@
 ---
-title:  Create indicators for IPs and URLs/domains 
+title: Create indicators for IPs and URLs/domains
 ms.reviewer: 
 description: Create indicators for IPs and URLs/domains that define the detection, prevention, and exclusion of entities.
 keywords: ip, url, domain, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create indicators for IPs and URLs/domains 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
index 569a727336..347e36b6a5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
@@ -5,7 +5,7 @@ description: Manage indicators for a file hash, IP address, URLs, or domains tha
 keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage indicators
diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
index 74f53cc04c..1c11db4157 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Information protection in Windows overview
-ms.reviewer:
+ms.reviewer: 
 description: Learn about how information protection works in Windows to identify and protect sensitive information
 keywords: information, protection, dlp, data, loss, prevention, protect
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Information protection in Windows overview
diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md
index 30a7574c30..6299559448 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md
@@ -3,7 +3,7 @@ title: Use sensitivity labels to prioritize incident response
 description: Learn how to use sensitivity labels to prioritize and investigate incidents
 keywords: information, protection, data, loss, prevention,labels, dlp, incident, investigate, investigation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Use sensitivity labels to prioritize incident response  
diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
index 90bd7b9256..dfb9ea34c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@@ -3,7 +3,7 @@ title: Start Investigation API
 description: Use this API to start investigation on a device.
 keywords: apis, graph api, supported apis, investigation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Start Investigation API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
index 541f45d7c4..b58e9f2197 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md
@@ -4,7 +4,7 @@ description: Use the investigation options to get details on alerts are affectin
 keywords: investigate, investigation, devices, device, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Investigate alerts in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
index 42e6837413..179a53a1fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
@@ -4,7 +4,7 @@ description: Learn how to use advanced HTTP level monitoring through network pro
 keywords: proxy, network protection, forward proxy, network events, audit, block, domain names, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Investigate connection events that occur behind forward proxies
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
index bee61aaabc..5297a8957a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md
@@ -4,7 +4,7 @@ description: Use the investigation options to see if devices and servers have be
 keywords: investigate domain, domain, malicious domain, microsoft defender atp, alert, URL
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 # Investigate a domain associated with a Microsoft Defender for Endpoint alert
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
index 3ac5eb62bb..0f4a60d9b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@@ -4,7 +4,7 @@ description: Use the investigation options to get details on files associated wi
 keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Investigate a file associated with a Microsoft Defender for Endpoint alert
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
index 003cb02227..7b03162e01 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
@@ -1,10 +1,10 @@
 ---
 title: Investigate incidents in Microsoft Defender ATP
-description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident 
+description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
 keywords: investigate, incident, alerts, metadata, risk, detection source, affected devices, patterns, correlation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Investigate incidents in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
index 3647ff20ed..a9f13f2327 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md
@@ -4,7 +4,7 @@ description: Use the investigation options to examine possible communication bet
 keywords: investigate, investigation, IP address, alert, microsoft defender atp, external IP
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 
 # Investigate an IP address associated with a Microsoft Defender for Endpoint alert
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
index 1a47eaf935..5fe4f76ffc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
@@ -4,7 +4,7 @@ description: Investigate affected devices by reviewing alerts, network connectio
 keywords: devices, tags, groups, endpoint, alerts queue, alerts, device name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service health
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Investigate devices in the Microsoft Defender for Endpoint Devices list
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
index 292ee98eec..694b64620b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md
@@ -4,7 +4,7 @@ description: Investigate a user account for potential compromised credentials or
 keywords: investigate, account, user, user entity, alert, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
 ms.date: 04/24/2018
+ms.technology: mde
 ---
 # Investigate a user account in Microsoft Defender for Endpoint
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
index d5a2cf97cf..6afbbec900 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
@@ -3,7 +3,7 @@ title: Investigation resource type
 description: Microsoft Defender ATP Investigation entity.
 keywords: apis, graph api, supported apis, get, alerts, investigations
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Investigation resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index 6c50645b1f..d04735e349 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -1,11 +1,11 @@
 ---
 title: Configure Microsoft Defender ATP for iOS features
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for iOS features
 keywords: microsoft, defender, atp, ios, configure, features, ios
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender for Endpoint for iOS features
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md
index 6f0005e8b9..c58faa8d2e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md
@@ -1,11 +1,11 @@
 ---
 title: App-based deployment for Microsoft Defender ATP for iOS
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for iOS using an app
 keywords: microsoft, defender, atp, ios, app, installation, deploy, uninstallation, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender for Endpoint for iOS
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
index bc3acd8fcc..8bea026e5d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md
@@ -1,11 +1,11 @@
 ---
 title: Privacy information - Microsoft Defender for Endpoint for iOS
-ms.reviewer:
+ms.reviewer: 
 description: Describes privacy information for Microsoft Defender for Endpoint for iOS
 keywords: microsoft, defender, atp, ios, policy, overview
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Privacy information - Microsoft Defender for Endpoint for iOS
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md
index 997e5ed226..aa2cb53ec8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for iOS Application license terms
-ms.reviewer:
+ms.reviewer: 
 description: Describes the Microsoft Defender ATP for iOS license terms
-keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, 
+keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,10 +15,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 hideEdit: true
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for iOS application license terms
diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index 7d5d12f3e4..00d02c3bfe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -3,7 +3,7 @@ title: Isolate machine API
 description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, isolate device
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Isolate machine API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
index e1e14ad345..34da9afb03 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -4,7 +4,7 @@ description: Provide and validate exclusions for Microsoft Defender ATP for Linu
 keywords: microsoft, defender, atp, linux, exclusions, scans, antivirus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure and validate exclusions for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index cb813cf147..c45701fbed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -1,11 +1,11 @@
 ---
 title: Deploy Microsoft Defender ATP for Linux manually
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for Linux manually from the command line.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender for Endpoint for Linux manually
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
index 35fe0795ab..b0ac68a9e6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@@ -1,11 +1,11 @@
 ---
 title: Deploy Microsoft Defender ATP for Linux with Ansible
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for Linux using Ansible.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender for Endpoint for Linux with Ansible
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
index 46100ac983..95fab0a842 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@@ -1,11 +1,11 @@
 ---
 title: Deploy Microsoft Defender ATP for Linux with Puppet
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to deploy Microsoft Defender ATP for Linux using Puppet.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy Microsoft Defender for Endpoint for Linux with Puppet
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
index 2ec4ae0d08..09c10a6802 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@@ -5,7 +5,7 @@ description: Describes how to configure Microsoft Defender ATP for Linux in ente
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Set preferences for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md
index 28afe2d32b..f389dd572e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md
@@ -4,7 +4,7 @@ description: Privacy controls, how to configure policy settings that impact priv
 keywords: microsoft, defender, atp, linux, privacy, diagnostic
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Privacy for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
index ff2da099a2..7062258108 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md
@@ -4,7 +4,7 @@ description: Detect and block Potentially Unwanted Applications (PUA) using Micr
 keywords: microsoft, defender, atp, linux, pua, pus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index b8e1e244b8..ec804b1358 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -5,7 +5,7 @@ description: Describes resources for Microsoft Defender ATP for Linux, including
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Resources
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
index fe7f0dbd32..f8853d02af 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
@@ -4,7 +4,7 @@ description: Learn how to schedule an automatic scanning time for Microsoft Defe
 keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Schedule scans with Microsoft Defender for Endpoint (Linux)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
index 6f0bf1667a..7aa2cb9dbe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
@@ -5,7 +5,7 @@ description: Describes how to configure Microsoft Defender ATP for static proxy
 keywords: microsoft, defender, atp, linux, installation, proxy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender for Endpoint for Linux for static proxy discovery
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
index 9e0a8a30c6..2567347f46 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
@@ -1,11 +1,11 @@
 ---
 title: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux
-ms.reviewer:
+ms.reviewer: 
 description: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux
 keywords: microsoft, defender, atp, linux, cloud, connectivity, communication
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md
index af7e797106..3d8a64c5c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-events.md
@@ -4,7 +4,7 @@ description: Troubleshoot missing events or alerts issues in Microsoft Defender
 keywords: microsoft, defender, atp, linux, events
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 mms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
index cf23de1bf6..f9e2cf4acd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@@ -1,11 +1,11 @@
 ---
 title: Troubleshoot installation issues for Microsoft Defender ATP for Linux
-ms.reviewer:
+ms.reviewer: 
 description: Troubleshoot installation issues for Microsoft Defender ATP for Linux
 keywords: microsoft, defender, atp, linux, installation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot installation issues for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
index ab5e272c34..483084d117 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
@@ -4,7 +4,7 @@ description: Troubleshoot performance issues in Microsoft Defender ATP for Linux
 keywords: microsoft, defender, atp, linux, performance
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 mms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot performance issues for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md b/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md
index dde0bd8f3a..24da7b0066 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md
@@ -4,7 +4,7 @@ description: Learn how to schedule an update of the Microsoft Defender for Endpo
 keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Schedule an update of the Microsoft Defender for Endpoint (Linux)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
index 7c9fe1e51e..336214e71b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md
@@ -5,7 +5,7 @@ description: Describes how to deploy updates for Microsoft Defender ATP for Linu
 keywords: microsoft, defender, atp, linux, updates, deploy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy updates for Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
index d769c548fd..fecdb626d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
@@ -4,7 +4,7 @@ description: List of major changes for Microsoft Defender ATP for Linux.
 keywords: microsoft, defender, atp, linux, whatsnew, release
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: security
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # What's new in Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
index 8c0898ffc7..2da23f201a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
@@ -1,10 +1,10 @@
 ---
 title: Live response command examples
 description: Learn to run basic or advanced live response commands for Microsoft Defender Advanced Threat Protection (ATP) and see examples on how it's used.
-keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file 
+keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Live response command examples
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index ac2f1b09ba..e534ccd9f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -1,10 +1,10 @@
 ---
 title: Investigate entities on devices using live response in Microsoft Defender ATP
 description: Access a device using a secure remote shell connection to do investigative work and take immediate response actions on a device in real time.
-keywords: remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file, 
+keywords: remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Investigate entities on devices using live response
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
index 2e17fbc6fd..818558bc99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
@@ -4,7 +4,7 @@ description: Provide and validate exclusions for Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, exclusions, scans, antivirus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint  
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure and validate exclusions for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
index d1f6337306..bc0711a28e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md
@@ -4,7 +4,7 @@ description: Log in to Jamf Pro
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Log in to Jamf Pro
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index 7f15b5ad73..904279814f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -4,7 +4,7 @@ description: Install Microsoft Defender ATP for macOS manually, from the command
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Manual deployment for Microsoft Defender for Endpoint for macOS
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index 319d2756e1..e0cb7de973 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -4,7 +4,7 @@ description: Install Microsoft Defender for Endpoint for Mac, using Microsoft In
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Intune-based deployment for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
index fccf7ab83a..45e4130495 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
@@ -4,7 +4,7 @@ description: Deploying Microsoft Defender ATP for macOS with Jamf Pro
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploying Microsoft Defender for Endpoint for macOS with Jamf Pro
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
index 509a722b64..e1befe8407 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md
@@ -4,7 +4,7 @@ description: Install Microsoft Defender ATP for Mac on other management solution
 keywords: microsoft, defender, atp, mac, installation, deploy, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
index d0bde6a3d1..3b011e3606 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
@@ -4,7 +4,7 @@ description: Learn how to set up device groups in Jamf Pro for Microsoft Defende
 keywords: device, group, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Set up Microsoft c for macOS device groups in Jamf Pro
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
index d6954e0d90..ab77dc10cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md
@@ -1,10 +1,10 @@
 ---
-title: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
-description: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro 
+title: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro
+description: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Enroll Microsoft Defender for Endpoint for macOS devices into Jamf Pro 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index 5faeec9c8d..bf4e6038cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -4,7 +4,7 @@ description: Learn how to set up the Microsoft Defender ATP for macOS policies i
 keywords: policies, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Set up the Microsoft Defender for Endpoint for macOS policies in Jamf Pro
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 615f212fd6..0c8ecdb75c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -4,7 +4,7 @@ description: Configure Microsoft Defender ATP for Mac in enterprise organization
 keywords: microsoft, defender, atp, mac, management, preferences, enterprise, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint  
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Set preferences for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
index 2bf5eaf608..c77522dac0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md
@@ -4,7 +4,7 @@ description: Privacy controls, how to configure policy settings that impact priv
 keywords: microsoft, defender, atp, mac, privacy, diagnostic
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Privacy for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index 7668c4bfd0..a83bc01f7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -4,7 +4,7 @@ description: Detect and block Potentially Unwanted Applications (PUA) using Micr
 keywords: microsoft, defender, atp, mac, pua, pus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index b62abb198b..8ab4ccb54a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -4,7 +4,7 @@ description: Resources for Microsoft Defender ATP for Mac, including how to unin
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection:
-- m365-security-compliance
-- m365initiative-defender-endpoint
+ms.collection: 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Resources for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
index 98d0151efc..b7f2649c73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@@ -4,7 +4,7 @@ description: Learn how to schedule an automatic scanning time for Microsoft Defe
 keywords: microsoft, defender, atp, mac, scans, antivirus
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Schedule scans with Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
index 4df09099cf..a7f4720a58 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md
@@ -4,7 +4,7 @@ description: Troubleshoot installation issues in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, install
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot installation issues for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index 9241a56fdf..3cefc80735 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -4,7 +4,7 @@ description: Troubleshoot kernel extension-related issues in Microsoft Defender
 keywords: microsoft, defender, atp, mac, kernel, extension
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot kernel extension issues in Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
index f93f41004d..569887eafb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md
@@ -4,7 +4,7 @@ description: Troubleshoot license issues in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, performance
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot license issues for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 40e8240cbf..96b85255e0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -4,7 +4,7 @@ description: Troubleshoot performance issues in Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, performance
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint  
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Troubleshoot performance issues for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
index 73bb94faf9..3d864fb010 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md
@@ -4,7 +4,7 @@ description: This topic describes the changes that are must be made in order to
 keywords: microsoft, defender, atp, mac, kernel, system, extensions, catalina
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: security
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ROBOTS: noindex,nofollow
+ms.technology: mde
 ---
 
 # New configuration profiles for macOS Catalina and newer versions of macOS
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
index 79da63c6c7..3e8f336502 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@@ -4,7 +4,7 @@ description: This article contains instructions for trying out the system extens
 keywords: microsoft, defender, atp, mac, kernel, system, extensions, catalina
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: security
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ROBOTS: noindex,nofollow
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
index 7db11e8873..0efff9d505 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md
@@ -4,7 +4,7 @@ description: Control updates for Microsoft Defender ATP for Mac in enterprise en
 keywords: microsoft, defender, atp, mac, updates, deploy
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Deploy updates for Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 4f5d0daced..617e8532aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -4,7 +4,7 @@ description: Learn about the major changes for previous versions of Microsoft De
 keywords: microsoft, defender, atp, mac, installation, macos, whatsnew
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: security
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # What's new in Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
index 3b19a5d4f9..315170192f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-groups.md
@@ -4,7 +4,7 @@ description: Create device groups and set automated remediation levels on them b
 keywords: device groups, groups, remediation, level, rules, aad group, role, assign, rank
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create and manage device groups
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
index 45864dd1d6..29250d2e6e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
@@ -4,7 +4,7 @@ description: Track device health state detections, antivirus status, OS platform
 keywords: health state, antivirus, os platform, windows 10 version, version, health, compliance, state
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Device health and compliance report in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
index 73940895f1..8b7dd420b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@@ -4,7 +4,7 @@ description: Use device tags to group devices to capture context and enable dyna
 keywords: tags, device tags, device groups, groups, remediation, level, rules, aad group, role, assign, rank
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create and manage device tags
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 53bdfe131c..aaf741920d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -3,7 +3,7 @@ title: Machine resource type
 description: Learn about the methods and properties of the Machine resource type in Microsoft Defender Advanced Threat Protection.
 keywords: apis, supported apis, get, machines
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Machine resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
index 4f6e60ca31..8971087180 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@@ -3,7 +3,7 @@ title: machineAction resource type
 description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender Advanced Threat Protection.
 keywords: apis, supported apis, get, machineaction, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # MachineAction resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
index efae39c258..6752d4f806 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
@@ -4,7 +4,7 @@ description: Learn about the available features that you can use from the Device
 keywords: sort, filter, export, csv, device name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # View and organize the Microsoft Defender for Endpoint Devices list
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
index 92810d1d1f..5698863784 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
@@ -4,7 +4,7 @@ description: Change the status of alerts, create suppression rules to hide alert
 keywords: manage alerts, manage, alerts, status, new, in progress, resolved, resolve alerts, suppress, supression, rules, context, history, comments, changes
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage Microsoft Defender for Endpoint alerts
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
index a0a93f2dc7..a6b368617d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
@@ -4,7 +4,7 @@ description: Learn how to manage Microsoft Defender for Endpoint with Configurat
 keywords: post-migration, manage, operations, maintenance, utilization, Configuration Manager, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
index c9fe3f4c85..ea79eeab2e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
@@ -4,7 +4,7 @@ description: Learn how to manage Microsoft Defender for Endpoint with Group Poli
 keywords: post-migration, manage, operations, maintenance, utilization, PowerShell, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index 94a77a1007..0acb66ee5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -4,7 +4,7 @@ description: Learn how to manage Microsoft Defender for Endpoint with Intune
 keywords: post-migration, manage, operations, maintenance, utilization, intune, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
index 339857a351..d719b716b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
@@ -4,7 +4,7 @@ description: Learn how to manage Microsoft Defender for Endpoint with PowerShell
 keywords: post-migration, manage, operations, maintenance, utilization, PowerShell, WMI, MPCmdRun.exe, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.topic: article
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index 6cabea4054..5c0b3182cf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -4,7 +4,7 @@ description: Now that you've made the switch to Microsoft Defender for Endpoint,
 keywords: post-migration, manage, operations, maintenance, utilization, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.topic: conceptual
 ms.date: 09/22/2020
 ms.reviewer: chventou
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index b0ca7217c9..eba504af82 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -4,7 +4,7 @@ description: Review and approve (or reject) remediation actions following an aut
 keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, devices, duration, filter export
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
 ms.date: 12/15/2020
+ms.technology: mde
 ---
 
 # Review and approve remediation actions following an automated investigation
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
index a82c4c98cc..a01e6d0c82 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md
@@ -4,7 +4,7 @@ description: Enable content analysis and configure the file extension and email
 keywords: automation, file, uploads, content, analysis, file, extension, email, attachment
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage automation file uploads
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
index c60093cd86..ad0b7534bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
@@ -1,10 +1,10 @@
 ---
 title: Manage automation folder exclusions
-description: Add automation folder exclusions to control the files that are excluded from an automated investigation. 
+description: Add automation folder exclusions to control the files that are excluded from an automated investigation.
 keywords: manage, automation, exclusion, block, clean, malicious
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage automation folder exclusions 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
index 458c0798ce..e3078652a2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
@@ -5,7 +5,7 @@ description:
 keywords: 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Manage endpoint detection and response capabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index 4fa8c2f463..8da70d0d7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -1,10 +1,10 @@
 ---
 title: Manage Microsoft Defender ATP incidents
-description: Manage incidents by assigning it, updating its status, or setting its classification. 
+description: Manage incidents by assigning it, updating its status, or setting its classification.
 keywords: incidents, manage, assign, status, classification, true alert, false alert
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage Microsoft Defender for Endpoint incidents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index e13c8bff5c..b6cfdd2f4a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -1,11 +1,11 @@
 ---
 title: Create indicators
-ms.reviewer:
+ms.reviewer: 
 description: Create indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities.
 keywords: manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create indicators
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
index bf6e43d5b2..4c884b71f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md
@@ -4,7 +4,7 @@ description: You might need to prevent alerts from appearing in the portal by us
 keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage suppression rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index 913d131857..7fa475efba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -5,7 +5,7 @@ description: Learn about the management tools and API categories in Microsoft De
 keywords: onboarding, api, siem, rbac, access, portal, integration, investigation, response, entities, entity, user context, application context, streaming
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual 
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Overview of management and APIs 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 6977f6f2c9..8ccb856a54 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -4,7 +4,7 @@ description: Make the switch from McAfee to Microsoft Defender for Endpoint. Rea
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,9 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-mcafeemigrate
-- m365solution-overview 
+  - M365-security-compliance
+  - m365solution-mcafeemigrate
+  - m365solution-overview
 ms.topic: conceptual
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index dd52552ec9..e003046028 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -4,7 +4,7 @@ description: This is phase 3, Onboard, for migrating from McAfee to Microsoft De
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,9 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-McAfeemigrate
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-McAfeemigrate
+  - m365solution-scenario
 ms.custom: migrationguides
 ms.topic: article
 ms.date: 09/24/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 886846f36f..e877489dac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -4,7 +4,7 @@ description: This is phase 1, Prepare, for migrating from McAfee to Microsoft De
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,9 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-mcafeemigrate
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-mcafeemigrate
+  - m365solution-scenario
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 432aed7160..5801957ef9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -4,7 +4,7 @@ description: This is phase 2, Setup, for migrating from McAfee to Microsoft Defe
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,9 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-mcafeemigrate
-- m365solution-scenario 
+  - M365-security-compliance
+  - m365solution-mcafeemigrate
+  - m365solution-scenario
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
index 1ec715c5e8..0f3f29d7c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
@@ -1,11 +1,11 @@
 ---
-title: Configure Microsoft Cloud App Security integration 
+title: Configure Microsoft Cloud App Security integration
 ms.reviewer: 
 description: Learn how to turn on the settings to enable the Microsoft Defender ATP integration with Microsoft Cloud App Security.
 keywords: cloud, app, security, settings, integration, discovery, report
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Microsoft Cloud App Security in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
index 87814b1b25..e3851124d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md
@@ -5,7 +5,7 @@ description: Microsoft Defender Advanced Threat Protection (Microsoft Defender A
 keywords: cloud, app, networking, visibility, usage
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/18/2018
+ms.technology: mde
 ---
 
 # Microsoft Cloud App Security in Defender for Endpoint overview
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index fc37668b46..d3217034e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -4,7 +4,7 @@ description: Microsoft Defender for Endpoint is an enterprise endpoint security
 keywords: introduction to Microsoft Defender for Endpoint, introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index 8fe16c9e8d..f6108d29ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for Android
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to install and use Microsoft Defender ATP for Android
 keywords: microsoft, defender, atp, android, installation, deploy, uninstallation, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for Android
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
index 7aa02ac093..dcb323a464 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for iOS overview
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to install and use Microsoft Defender ATP for iOS
 keywords: microsoft, defender, atp, ios, overview, installation, deploy, uninstallation, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for iOS
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index 18f7835e25..aa76048828 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for Linux
-ms.reviewer:
+ms.reviewer: 
 description: Describes how to install and use Microsoft Defender ATP for Linux.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection:
-- m365-security-compliance
-- m365initiative-defender-endpoint
+ms.collection: 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 0ec7a8050c..61c7fe0660 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -1,11 +1,11 @@
 ---
 title: Microsoft Defender ATP for Mac
-ms.reviewer:
+ms.reviewer: 
 description: Learn how to install, configure, update, and use Microsoft Defender Advanced Threat Protection for Mac.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for Mac
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
index b9fff07022..87fcc676b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md
@@ -4,7 +4,7 @@ description: Microsoft Defender Security Center is the portal where you can acce
 keywords: windows, defender, security, center, defender, advanced, threat, protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender Security Center
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
index d73aa55b7b..12ad2b50bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md
@@ -1,11 +1,11 @@
 ---
-title: Microsoft Threat Experts 
+title: Microsoft Threat Experts
 ms.reviewer: 
 description: Microsoft Threat Experts provides an additional layer of expertise to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts
 search.product: Windows 10
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Threat Experts
diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
index 24527c0a89..5b18b5bad9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md
@@ -1,21 +1,22 @@
 ---
 title: Migration guides to make the switch to Microsoft Defender for Endpoint
 description: Learn how to make the switch from a non-Microsoft threat protection solution to Microsoft Defender for Endpoint
-search.appverid: MET150    
+search.appverid: MET150
 author: denisebmsft
 ms.author: deniseb
 manager: dansimp
 audience: ITPro
 ms.topic: conceptual
-ms.prod: w10
+ms.prod: m365-security
 ms.localizationpriority: medium
 ms.collection: 
-- M365-security-compliance
-- m365solution-scenario
+  - M365-security-compliance
+  - m365solution-scenario
 ms.custom: migrationguides
 ms.reviewer: chriggs, depicker, yongrhee
-f1.keywords: NOCSH 
+f1.keywords: NOCSH
 ms.date: 09/24/2020
+ms.technology: mde
 ---
 
 # Make the switch to Microsoft Defender for Endpoint and Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index be00d43191..7d4ff91ed4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -4,7 +4,7 @@ description: Understand the licensing requirements and requirements for onboardi
 keywords: minimum requirements, licensing, comparison table
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Minimum requirements for Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
index 0bf437cb62..31f6d2de46 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-list.md
@@ -1,10 +1,10 @@
 ---
-title: Supported managed security service providers 
+title: Supported managed security service providers
 description: See the list of MSSPs that Microsoft Defender ATP integrates with
 keywords: managed security service provider, mssp, configure, integration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Supported managed security service providers
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
index e6d53ec221..a1e10a6e12 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mssp-support.md
@@ -4,7 +4,7 @@ description: Understand how Microsoft Defender ATP integrates with managed secur
 keywords: mssp, integration, managed, security, service, provider
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Managed security service provider partnership opportunities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index ce1b2006f7..7fd98bd981 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -3,7 +3,7 @@ title: Use network protection to help prevent connections to bad sites
 description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
 keywords: Network protection, exploits, malicious website, ip, domain, domains
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,7 +14,7 @@ ms.author: deniseb
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
-
+ms.technology: mde
 ---
 
 # Protect your network
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index d0317cd1ba..5cf235d1a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -4,7 +4,7 @@ description: This new capability uses a game-changing risk-based approach to the
 keywords: threat & vulnerability management, threat and vulnerability management, MDATP TVM, MDATP-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, microsoft defender atp, microsoft defender atp, endpoint vulnerabilities, next generation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: overview
+ms.technology: mde
 ---
 
 # Threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
index 0cce3c728b..0b951d8070 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md
@@ -3,7 +3,7 @@ title: Microsoft Defender ATP for non-Windows platforms
 description: Learn about Microsoft Defender ATP capabilities  for non-Windows platforms
 keywords: non windows, mac, macos, linux, android
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-evalutatemtp
+  - M365-security-compliance
+  - m365solution-evalutatemtp
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint for non-Windows platforms
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index b87d77da37..8eef870362 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -3,7 +3,7 @@ title: Offboard machine API
 description: Learn how to use an API to offboard a device from Windows Defender Advanced Threat Protection (WDATP).
 keywords: apis, graph api, supported apis, collect investigation package
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Offboard machine API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 3eb9642bf4..b34544a337 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -4,7 +4,7 @@ description: Onboard Windows 10 devices, servers, non-Windows devices from the M
 keywords: offboarding, microsoft defender advanced threat protection offboarding, windows atp offboarding
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Offboard devices from the Microsoft Defender for Endpoint service
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
index 1a625303aa..5e9181a051 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md
@@ -4,7 +4,7 @@ description: Onboard Windows 10 devices, servers, non-Windows devices and learn
 keywords: onboarding, microsoft defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Onboard devices to the Microsoft Defender for Endpoint service
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index f99a9fbab3..8bf4aa0e07 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -4,7 +4,7 @@ description: Onboard supported previous versions of Windows devices so that they
 keywords: onboard, windows, 7, 81, oms, sp1, enterprise, pro, down level
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard previous versions of Windows
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
index 0d267cf0ea..eefffe4525 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md
@@ -5,7 +5,7 @@ description: Onboard devices without Internet access so that they can send senso
 keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard devices without Internet access to Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
index d35f1668f8..8c0015c6fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md
@@ -5,7 +5,7 @@ description: Configure and manage Microsoft Defender ATP capabilities such as at
 keywords: configure, manage, capabilities, attack surface reduction, next-generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Configure and manage Microsoft Defender for Endpoint capabilities
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
index 8458613991..aad57b1401 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md
@@ -3,7 +3,7 @@ title: Onboarding using Microsoft Endpoint Configuration Manager
 description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Configuration Manager
 keywords: onboarding, configuration, deploy, deployment, endpoint configuration manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint configuration manager
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-scenario 
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-scenario
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboarding using Microsoft Endpoint Configuration Manager
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 353ba8213d..ee5f9c54a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -3,7 +3,7 @@ title: Onboarding using Microsoft Endpoint Manager
 description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Endpoint Manager
 keywords: onboarding, configuration, deploy, deployment, endpoint manager, mdatp, advanced threat protection, collection creation, endpoint detection response, next generation protection, attack surface reduction, microsoft endpoint manager
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-scenario 
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-scenario
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboarding using Microsoft Endpoint Manager
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
index 452f25222e..7c5d617346 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
@@ -1,10 +1,10 @@
 ---
-title: Create an onboarding or offboarding notification rule 
+title: Create an onboarding or offboarding notification rule
 description: Get a notification when a local onboarding or offboarding script is used.
 keywords: onboarding, offboarding, local, script, notification, rule
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create a notification rule when a local onboarding or offboarding script is used
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index e4a6a6708b..e990c35bcf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -3,7 +3,7 @@ title: Onboard to the Microsoft Defender ATP service
 description: Learn how to onboard endpoints to Microsoft Defender ATP service
 keywords: 
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,10 +13,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-scenario  
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-scenario
 ms.topic: article
+ms.technology: mde
 ---
 
 # Onboard to the Microsoft Defender for Endpoint service
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
index 6f7a10acf3..60083b17cd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md
@@ -5,7 +5,7 @@ description: Learn about the attack surface reduction capabilities of Microsoft
 keywords: asr, attack surface reduction, microsoft defender atp, microsoft defender advanced threat protection, microsoft defender, antivirus, av, windows defender
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ author: denisebmsft
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.custom: asr
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Overview of attack surface reduction
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
index 9135f4ebe0..2a4e3f129e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
@@ -5,7 +5,7 @@ description: Understand how you can use advanced hunting to create custom detect
 keywords: custom detections, alerts, detection rules, advanced hunting, hunt, query, response actions, interval, mdatp, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Custom detections overview
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index f79f0792f3..0441772cda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -5,7 +5,7 @@ description: Learn about the endpoint detection and response capabilities in Mic
 keywords: 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Overview of endpoint detection and response
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
index c1705995b8..0e43599b7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md
@@ -3,7 +3,7 @@ title: Hardware-based isolation (Windows 10)
 ms.reviewer: 
 description: Learn about how hardware-based isolation in Windows 10 helps to combat malware.
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -11,10 +11,11 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.author: macapara
 ms.date: 09/07/2018
+ms.technology: mde
 ---
 
 # Hardware-based isolation in Windows 10
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
index af671e6890..d4b17c7972 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md
@@ -1,11 +1,11 @@
 ---
-title: Partner applications in Microsoft Defender ATP   
+title: Partner applications in Microsoft Defender ATP
 ms.reviewer: 
 description: View supported partner applications to enhance the detection, investigation, and threat intelligence capabilities of the platform
 keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Partner applications in Microsoft Defender for Endpoint 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
index 349dc8d30d..5aae40dce1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md
@@ -5,7 +5,7 @@ description: Learn how you can extend existing security offerings on top of the
 keywords: API, partner, extend, open framework, apis, extensions, integrations, detection, management, response, vulnerabilities, intelligence
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual 
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint partner opportunities and scenarios
diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
index e4679370bb..302c9405a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
@@ -4,7 +4,7 @@ description: Microsoft Defender Security Center can monitor your enterprise netw
 keywords: Microsoft Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, devices list, settings, device management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: conceptual 
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender Security Center portal overview
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index ac9c3929ea..237c0e1501 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -3,7 +3,7 @@ title: Submit or Update Indicator API
 description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, submit, ti, indicator, update
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Submit or Update Indicator API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
index 335e716372..aba7dce04f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md
@@ -4,7 +4,7 @@ description: Use the settings page to configure general settings, permissions, a
 keywords: settings, general settings, permissions, apis, rules
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender Security Center settings
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index f93867d6d6..c39bab20ac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -4,7 +4,7 @@ description: Prepare stakeholder approval, timelines, environment considerations
 keywords: deploy, prepare, stakeholder, timeline, environment, endpoint, server, management, adoption
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-scenario 
-ms.topic: article 
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-scenario
+ms.topic: article
+ms.technology: mde
 ---
 
 # Prepare Microsoft Defender for Endpoint deployment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
index 8c1f70f474..f821f26626 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -4,7 +4,7 @@ description: Turn on the preview experience in Microsoft Defender Advanced Threa
 keywords: advanced features, settings, block file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 # Turn on the preview experience in Microsoft Defender for Endpoint
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index ef3c2f75b8..508d8c7ff6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -4,7 +4,7 @@ description: Learn how to access Microsoft Defender Advanced Threat Protection p
 keywords: preview, preview experience, Microsoft Defender Advanced Threat Protection, features, updates
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint preview features
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index 3f5f8aabcc..b773ed3d47 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -4,7 +4,7 @@ description: Learn how to setup the deployment for Microsoft Defender ATP
 keywords: deploy, setup, licensing validation, tenant configuration, network configuration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,10 +14,11 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-endpointprotect
-- m365solution-scenario 
-ms.topic: article 
+  - M365-security-compliance
+  - m365solution-endpointprotect
+  - m365solution-scenario
+ms.topic: article
+ms.technology: mde
 ---
 
 # Set up Microsoft Defender for Endpoint deployment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index ad55a65531..035be361f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -4,7 +4,7 @@ description: Learn how call an Microsoft Defender for Endpoint API endpoint to p
 keywords: detections, pull detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Pull Microsoft Defender for Endpoint detections using SIEM REST API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index d04e995194..6fe781ca15 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -1,10 +1,10 @@
 ---
-title: Stream Microsoft Defender Advanced Threat Protection events to Azure Event Hubs 
+title: Stream Microsoft Defender Advanced Threat Protection events to Azure Event Hubs
 description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Event Hub.
 keywords: raw data export, streaming API, API, Azure Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Azure Event Hubs
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index 8dae2a2358..84b4d64c9c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -4,7 +4,7 @@ description: Learn how to configure Microsoft Defender ATP to stream Advanced Hu
 keywords: raw data export, streaming API, API, Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index d619e6803f..5498729b00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -1,10 +1,10 @@
 ---
-title: Stream Microsoft Defender Advanced Threat Protection event 
+title: Stream Microsoft Defender Advanced Threat Protection event
 description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to Event Hubs or Azure storage account
 keywords: raw data export, streaming API, API, Event hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Raw Data Streaming API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/rbac.md b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
index 754b84fd55..2cbeaf06af 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/rbac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/rbac.md
@@ -4,7 +4,7 @@ description: Create roles and groups within your security operations to grant ac
 keywords: rbac, role, based, access, control, groups, control, tier, aad
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Manage portal access using role-based access control
diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
index 6a3c3ce05d..bd7d795620 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@@ -3,7 +3,7 @@ title: Recommendation methods and properties
 description: Retrieves top recent alerts.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Recommendation resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
index 05fd5e59e7..4040df0a11 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
@@ -4,7 +4,7 @@ description: Take response actions on file-related alerts by stopping and quaran
 keywords: respond, stop and quarantine, block file, deep analysis
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Take response actions on a file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 4bb5a90936..43c6ea2779 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -4,7 +4,7 @@ description: Take response actions on a device such as isolating devices, collec
 keywords: respond, isolate, isolate device, collect investigation package, action center, restrict, manage tags, av scan, restrict app
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Take response actions on a device
diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index 3c91b9c04c..fb99be0444 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -3,7 +3,7 @@ title: Restrict app execution API
 description: Use this API to create calls related to restricting an application from executing.
 keywords: apis, graph api, supported apis, collect investigation package
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Restrict app execution API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
index f9911e0643..3a560a21fe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@@ -2,7 +2,7 @@
 title: Review alerts in Microsoft Defender Advanced Threat Protection
 description: Review alert information, including a visualized alert story and details for each step of the chain.
 keywords: incident, incidents, machines, devices, users, alerts, alert, investigation, graph, evidence
-ms.prod: microsoft-365-enterprise
+ms.prod: m365-security
 ms.pagetype: security
 f1.keywords: 
   - NOCSH
@@ -16,6 +16,7 @@ ms.collection:
   - m365initiative-defender-endpoint
 ms.topic: conceptual
 ms.date: 5/1/2020
+ms.technology: mde
 ---
 
 # Review alerts in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 50b5f9255d..88fddcc27b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection. Find out about limitations and see an example.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Advanced hunting API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
index 247f300dac..3435095384 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using PowerShell.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Advanced Hunting using PowerShell
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
index 7cda7c8cd9..db8dce54e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@@ -4,7 +4,7 @@ ms.reviewer:
 description: Learn how to query using the Microsoft Defender Advanced Threat Protection API, by using Python, with examples.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Advanced Hunting using Python
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index f2d979889c..dda698fd60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -3,7 +3,7 @@ title: Run antivirus scan API
 description: Use this API to create calls related to running an antivirus scan on a device.
 keywords: apis, graph api, supported apis, remove device from isolation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Run antivirus scan API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
index 0ade180410..278c62f37e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md
@@ -4,7 +4,7 @@ description: Run the detection script on a newly onboarded device to verify that
 keywords: detection test, detection, powershell, script, verify, onboarding, microsoft defender advanced threat protection onboarding, clients, servers, test
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Run a detection test on a newly onboarded Microsoft Defender for Endpoint device 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md
index aab54c586f..16a1f602bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/score.md
@@ -3,7 +3,7 @@ title: Score methods and properties
 description: Retrieves your organization's exposure score, device secure score, and exposure score by device group
 keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by device group
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Score resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index e0b381b7f9..4215777b33 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -4,7 +4,7 @@ description: Use the dashboard to identify devices at risk, keep track of the st
 keywords: dashboard, alerts, new, in progress, resolved, risk, devices at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender Security Center Security operations dashboard
diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
index fb69f1e1c3..e4c2b710e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
@@ -4,7 +4,7 @@ description: Check Microsoft Defender ATP service health, see if the service is
 keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Check the Microsoft Defender for Endpoint service health
diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
index 98266678c3..6f1fe23a4a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
@@ -3,7 +3,7 @@ title: Set device value API
 description: Learn how to specify the value of a device using a Microsoft Defender Advanced Threat Protection API.
 keywords: apis, graph api, supported apis, tags, machine tags
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance  
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Set device value API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md
index a471bd94f2..cbe9c7e0d5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/software.md
@@ -3,7 +3,7 @@ title: Software methods and properties
 description: Retrieves top recent alerts.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Software resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
index 83727872ac..26a77dc157 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@@ -3,7 +3,7 @@ title: Stop and quarantine file API
 description: Learn how to stop running a file on a device and delete the file in Microsoft Defender Advanced Threat Protection. See an example.
 keywords: apis, graph api, supported apis, stop and quarantine file
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Stop and quarantine file API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
index 96ca537f4d..111a228fa4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
@@ -1,10 +1,10 @@
 ---
-title: Supported Microsoft Defender Advanced Threat Protection response APIs  
-description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls. 
+title: Supported Microsoft Defender Advanced Threat Protection response APIs
+description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls.
 keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Supported Microsoft Defender for Endpoint query APIs 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
index 0a7421bb95..1780f55497 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md
@@ -4,7 +4,7 @@ description: Make the switch to Microsoft Defender for Endpoint. Read this artic
 keywords: migration, windows defender advanced endpoint protection, for Endpoint, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,13 +14,14 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-migratetomdatp
-- m365solution-overview 
+  - M365-security-compliance
+  - m365solution-migratetomdatp
+  - m365solution-overview
 ms.topic: conceptual
 ms.custom: migrationguides
 ms.date: 09/24/2020
 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
+ms.technology: mde
 ---
 
 # Make the switch from a non-Microsoft endpoint solution to Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
index 18422aba57..0f1c89ca89 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
@@ -4,7 +4,7 @@ description: This is phase 3, Onboard, for migrating from a non-Microsoft soluti
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-migratetomdatp
+  - M365-security-compliance
+  - m365solution-migratetomdatp
 ms.custom: migrationguides
 ms.topic: article
 ms.date: 09/24/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index c55bd95f20..c54aa06438 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -4,7 +4,7 @@ description: This is phase 1, Prepare, for migrating to Microsoft Defender for E
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-migratetomdatp
+  - M365-security-compliance
+  - m365solution-migratetomdatp
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index c1ad46027c..1753949339 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -4,7 +4,7 @@ description: This is phase 2, Setup, for switching to Microsoft Defender for End
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-migratetomdatp
+  - M365-security-compliance
+  - m365solution-migratetomdatp
 ms.topic: article
 ms.custom: migrationguides
 ms.date: 09/22/2020
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 0fe3fbf828..c16c24adb2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -4,7 +4,7 @@ description: Get an overview of how to make the switch from Symantec to Microsof
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,9 +15,9 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-symantecmigrate
-- m365solution-overview 
+  - M365-security-compliance
+  - m365solution-symantecmigrate
+  - m365solution-overview
 ms.topic: conceptual
 ms.date: 09/22/2020
 ms.custom: migrationguides
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index a80c0ae736..12fa37277d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -4,7 +4,7 @@ description: This is Phase 3, Onboarding, of migrating from Symantec to Microsof
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-symantecmigrate
+  - M365-security-compliance
+  - m365solution-symantecmigrate
 ms.topic: article
 ms.date: 09/24/2020
 ms.custom: migrationguides
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 10e8d99bb4..371303c14f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -4,7 +4,7 @@ description: This is Phase 1, Prepare, of migrating from Symantec to Microsoft D
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance 
-- m365solution-symantecmigrate
+  - M365-security-compliance
+  - m365solution-symantecmigrate
 ms.topic: article
 ms.date: 09/22/2020
 ms.custom: migrationguides
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 72385ecf92..0e99e17b94 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -4,7 +4,7 @@ description: This is Phase 2, Setup, of migrating from Symantec to Microsoft Def
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -15,8 +15,8 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- M365-security-compliance
-- m365solution-symantecmigrate 
+  - M365-security-compliance
+  - m365solution-symantecmigrate
 ms.topic: article
 ms.date: 11/30/2020
 ms.custom: migrationguides
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
index 30c8152b76..d65629d1ca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md
@@ -2,10 +2,10 @@
 title: Understand the analyst report section in threat analytics
 ms.reviewer: 
 description: Learn about the analyst report section of each threat analytics report. Understand how it provides information about threats, mitigations, detections, advanced hunting queries, and more.
-keywords: analyst report, threat analytics, detections, advanced hunting queries, mitigations, 
+keywords: analyst report, threat analytics, detections, advanced hunting queries, mitigations,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Understand the analyst report in threat analytics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
index 5618f4c5a4..a7163a294f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
@@ -2,10 +2,10 @@
 title: Track and respond to emerging threats with Microsoft Defender ATP threat analytics
 ms.reviewer: 
 description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience.
-keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status 
+keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,9 +15,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Track and respond to emerging threats with threat analytics 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
index 32cb4825cb..3ab66598fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@@ -1,10 +1,10 @@
 ---
 title: Event timeline in threat and vulnerability management
-description: Event timeline is a "risk news feed" that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
+description: Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
 keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Event timeline - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
index b59077b758..6d076ba18e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md
@@ -4,7 +4,7 @@ description: Create custom threat alerts for your organization and learn the con
 keywords: threat intelligence, alert definitions, indicators of compromise, ioc
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Understand threat intelligence concepts
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
index 133bcab341..f825bed722 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md
@@ -3,7 +3,7 @@ title: Integrate Microsoft Defender for Endpoint with other Microsoft solutions
 description: Learn how Microsoft Defender for Endpoint integrates with other Microsoft solutions, including Microsoft Defender for Identity and Azure Security Center.
 author: mjcaparas
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 keywords: microsoft 365 defender, conditional access, office, advanced threat protection, microsoft defender for identity, microsoft defender for office, azure security center, microsoft cloud app security, azure sentinel
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -13,8 +13,9 @@ ms.pagetype: security
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Microsoft Defender for Endpoint and other Microsoft solutions
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
index 221de57589..de27be571b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md
@@ -4,7 +4,7 @@ description: Track alert detections, categories, and severity using the threat p
 keywords: alert detection, source, alert by category, alert severity, alert classification, determination
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Threat protection report in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
index 39a5774d5c..8d8758f2ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@@ -3,7 +3,7 @@ title: Indicator resource type
 description: Specify the entity details and define the expiration of the indicator using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: apis, supported apis, get, TiIndicator, Indicator, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Indicator resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
index f8fe1639aa..efce09619a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/time-settings.md
@@ -4,7 +4,7 @@ description: Use the info contained here to configure the Microsoft Defender Sec
 keywords: settings, Microsoft Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Microsoft Defender Security Center time zone settings
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index f860930a0a..8a626f4670 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -4,7 +4,7 @@ description: Resources and sample code to troubleshoot issues with attack surfac
 keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ ms.date: 03/27/2019
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Troubleshoot attack surface reduction rules
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
index 8a53dd2388..a0705e4829 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md
@@ -4,7 +4,7 @@ description: Learn how to collect logs using live response to troubleshoot Micro
 keywords: support, log, collect, troubleshoot, live response, liveanalyzer, analyzer, live, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Collect support logs in Microsoft Defender for Endpoint using live response 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
index 3b515a9853..6169ebd01f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md
@@ -3,7 +3,7 @@ title: Troubleshoot exploit protection mitigations
 keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install
 description: Learn how to deal with unwanted mitigations in Windows Security, including a process to remove all mitigations and import a baseline configuration file instead.
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.author: dansimp
 ms.date: 08/09/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Troubleshoot exploit protection mitigations
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
index 01ddeadebe..222234bfb9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
@@ -1,10 +1,10 @@
 ---
 title: Troubleshoot Microsoft Defender ATP live response issues
-description: Troubleshoot issues that might arise when using live response in Microsoft Defender ATP 
+description: Troubleshoot issues that might arise when using live response in Microsoft Defender ATP
 keywords: troubleshoot live response, live, response, locked, file
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshoot Microsoft Defender for Endpoint live response issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
index 01836bb8c5..00e7f45c28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md
@@ -1,10 +1,10 @@
 ---
-title:  Troubleshoot Microsoft Defender Advanced Threat Protection service issues
+title: Troubleshoot Microsoft Defender Advanced Threat Protection service issues
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Microsoft Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, allow, event viewer
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshoot service issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index 522973a893..4bfdccfe50 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -3,7 +3,7 @@ title: Troubleshoot problems with Network protection
 description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
 keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.author: dansimp
 ms.date: 03/27/2019
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Troubleshoot network protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
index 1ecd70b09d..995a0869a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
@@ -4,7 +4,7 @@ description: Troubleshoot onboarding issues and error message while completing s
 keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, microsoft defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshoot subscription and portal access issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index ff4ab30d14..52bbe320a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -4,7 +4,7 @@ description: Troubleshoot issues that might arise during the onboarding of devic
 keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshoot Microsoft Defender for Endpoint onboarding issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
index e98e9a3f71..d1f622f732 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md
@@ -4,7 +4,7 @@ description: Troubleshoot issues that might arise when using SIEM tools with Mic
 keywords: troubleshoot, siem, client secret, secret
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshoot SIEM tool integration issues
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
index 3e49cdb1c3..ba994dd266 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md
@@ -4,7 +4,7 @@ description: Learn how to assign a low, normal, or high value to a device to hel
 keywords: microsoft defender atp device value, threat and vulnerability management device value, high value devices, device value exposure score
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Assign device value - threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index c1a94e108f..5eea3a7195 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -1,10 +1,10 @@
 ---
 title: Dashboard insights - threat and vulnerability management
 description: The threat and vulnerability management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
-keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, threat and vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score    
+keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, threat and vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
 search.appverid: met150
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Dashboard insights - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
index 1b100207a8..c28f1e8ea5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md
@@ -4,7 +4,7 @@ description: Discover and plan for software and software versions that are no lo
 keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Plan for end-of-support software and software versions with threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
index 9bb2ff23bb..0a6e51b1a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md
@@ -1,10 +1,10 @@
 ---
 title: Create and view exceptions for security recommendations - threat and vulnerability management
-description: Create and monitor exceptions for security recommendations in threat and vulnerability management. 
+description: Create and monitor exceptions for security recommendations in threat and vulnerability management.
 keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Create and view exceptions for security recommendations - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index 45f7973943..4c7a90fef7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -4,7 +4,7 @@ description: The threat and vulnerability management exposure score reflects how
 keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender Advanced Threat Protection
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint  
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Exposure score - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
index 2ce01e4071..9f049bbf57 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
@@ -1,10 +1,10 @@
 ---
-title: 	Hunt for exposed devices 
+title: Hunt for exposed devices
 description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
-keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls 
+keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Hunt for exposed devices - threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
index 36959192bb..ca1b85ec5e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
@@ -4,7 +4,7 @@ description: Your score for devices shows the collective security configuration
 keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Microsoft Secure Score for Devices
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
index ef781abcdd..aabc368193 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md
@@ -4,7 +4,7 @@ description: Before you begin using threat and vulnerability management, make su
 keywords: threat & vulnerability management permissions prerequisites, threat and vulnerability management permissions prerequisites, MDATP TVM permissions prerequisites, vulnerability management
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Prerequisites & permissions - threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index 2c7a81ec77..baad4cc61d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -1,10 +1,10 @@
 ---
 title: Remediate vulnerabilities with threat and vulnerability management
-description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management. 
+description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management.
 keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Remediate vulnerabilities with threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 1a7f20a55c..5ec3a45841 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -4,7 +4,7 @@ description: Get actionable security recommendations prioritized by threat, like
 keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Security recommendations - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index e927418779..f2a3b70362 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -4,7 +4,7 @@ description: The software inventory page for Microsoft Defender ATP's threat and
 keywords: threat and vulnerability management, microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Software inventory - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index d466083c34..5a407a7cb6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -4,7 +4,7 @@ description: Ensure that you meet the operating system or platform requisites fo
 keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm,
 search.appverid: met150
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 # Supported operating systems and platforms - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index 5ce499f8fe..9bf4ddccc7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -4,7 +4,7 @@ description: A report showing vulnerable device trends and current statistics. T
 keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Vulnerable devices report - threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index e9ead66986..28fb4d19b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -1,10 +1,10 @@
 ---
 title: Vulnerabilities in my organization - threat and vulnerability management
-description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability. 
-keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm 
+description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability.
+keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 # Vulnerabilities in my organization - threat and vulnerability management
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
index 6a90da4f66..2a58bec532 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md
@@ -4,7 +4,7 @@ description: Learn how to find and mitigate zero-day vulnerabilities in your env
 keywords: mdatp tvm zero day vulnerabilities, tvm, threat & vulnerability management, zero day, 0-day, mitigate 0 day vulnerabilities, vulnerable CVE
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: article
+ms.technology: mde
 ---
 
 # Mitigate zero-day vulnerabilities - threat and vulnerability management
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
index 2f5e42faa5..2ddc0fa5f4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@@ -3,7 +3,7 @@ title: Release device from isolation API
 description: Use this API to create calls related to release a device from isolation.
 keywords: apis, graph api, supported apis, remove device from isolation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
-
+ms.technology: mde
 ---
 
 # Release device from isolation API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
index ef5ea2434a..c8b9276441 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@@ -3,7 +3,7 @@ title: Remove app restriction API
 description: Use this API to create calls related to removing a restriction from applications from executing.
 keywords: apis, graph api, supported apis, remove device from isolation
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Remove app restriction API
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index 9e142b87bc..4f6423b15e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -3,7 +3,7 @@ title: Update alert entity API
 description: Learn how to update a Microsoft Defender ATP alert by using this API. You can update the status, determination, classification, and assignedTo properties.
 keywords: apis, graph api, supported apis, get, alert, information, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Update alert
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md
index eeeba70ccd..777f2b2ae4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use.md
@@ -4,7 +4,7 @@ description: Learn about the features on Microsoft Defender Security Center, inc
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate devices, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Overview of Microsoft Defender Security Center
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index fa2af61c92..f312b2554c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -4,7 +4,7 @@ description: Create roles and define the permissions assigned to the role as par
 keywords: user roles, roles, access rbac
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Create and manage roles for role-based access control
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md
index 8d75aea649..ed14562c20 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user.md
@@ -3,7 +3,7 @@ title: User resource type
 description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to users.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # User resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index df9ae6390d..887ca33b19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -5,7 +5,7 @@ description: See the list of incidents and learn how to apply filters to limit t
 keywords: view, organize, incidents, aggregate, investigations, queue, ttp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,8 +14,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # View and organize the Microsoft Defender for Endpoint Incidents queue
diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
index 924169d5d8..fa32bd8294 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md
@@ -3,7 +3,7 @@ title: Vulnerability methods and properties
 description: Retrieves vulnerability information
 keywords: apis, graph api, supported apis, get, vulnerability
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,8 +12,9 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Vulnerability resource type
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index d8daf9644c..1564652fc4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -1,10 +1,10 @@
 ---
 title: Web content filtering
 description: Use web content filtering in Microsoft Defender ATP to track and regulate access to websites based on their content categories.
-keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser 
+keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Web content filtering
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
index 8bc1e5811a..835cbc6860 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md
@@ -1,10 +1,10 @@
 ---
 title: Monitoring web browsing security in Microsoft Defender ATP
 description: Use web protection in Microsoft Defender ATP to monitor web browsing security
-keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser 
+keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Monitor web browsing security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
index 998d416c2a..052d013832 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md
@@ -1,10 +1,10 @@
 ---
 title: Web protection
 description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization
-keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, malicious websites 
+keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, malicious websites
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Web protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
index 4d52993b4d..3abe8edad9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md
@@ -4,7 +4,7 @@ description: Respond to alerts related to malicious and unwanted websites. Under
 keywords: web protection, web threat protection, web browsing, alerts, response, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, notifications, end users, Windows notifications, blocking page,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Respond to web threats
diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
index f6b119e508..77a0809bf4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md
@@ -1,10 +1,10 @@
 ---
 title: Protect your organization against web threats
 description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization
-keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser 
+keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,8 +13,9 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
+ms.technology: mde
 ---
 
 # Protect your organization against web threats
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 43382105c2..1eb35c6079 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -4,7 +4,7 @@ description: See what features are generally available (GA) in the latest releas
 keywords: what's new in microsoft defender atp, ga, generally available, capabilities, available, new
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,10 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
+  - m365-security-compliance
+  - m365initiative-defender-endpoint
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # What's new in Microsoft Defender for Endpoint
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index ef53ba233b..ace344e032 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -2,7 +2,7 @@
 title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
 keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 09/28/2020
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 **Applies to:**
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index 0c20744eee..9b7c62b617 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -2,7 +2,7 @@
 title: Microsoft Defender SmartScreen overview (Windows 10)
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
 keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.localizationpriority: high
 ms.date: 11/27/2019
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Microsoft Defender SmartScreen
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
index 728d759855..6b4f9fc6e2 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
@@ -2,7 +2,7 @@
 title: Set up and use Microsoft Defender SmartScreen on individual devices (Windows 10)
 description: Learn how employees can use Windows Security to set up Microsoft Defender SmartScreen. Microsoft Defender SmartScreen protects users from running malicious apps.
 keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 10/13/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: macapara
+ms.technology: mde
 ---
 
 # Set up and use Microsoft Defender SmartScreen on individual devices
diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
index 3e5cd564fb..c792222c8a 100644
--- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
@@ -4,12 +4,13 @@ ms.author: dansimp
 title: Override Process Mitigation Options (Windows 10)
 description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies.
 keywords: Process Mitigation Options, Mitigation Options, Group Policy Mitigation Options
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
 author: dulcemontemayor
 ms.localizationpriority: medium
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 7c5371ee9f..3237437499 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -1,7 +1,7 @@
 ---
 title: Mitigate threats by using Windows 10 security features (Windows 10)
 description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -11,6 +11,7 @@ ms.date: 10/13/2017
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Mitigate threats by using Windows 10 security features
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index 905bf8c06a..00e7c27ee7 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -6,13 +6,14 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 keywords: security, BYOD, malware, device health attestation, mobile
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, devices
 author: dulcemontemayor
 ms.date: 10/13/2017
 ms.localizationpriority: medium
+ms.technology: mde
 ---
 
 # Control the health of Windows 10-based devices
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 9aa1555aa0..fd8ba1f7f9 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -2,7 +2,7 @@
 title: Microsoft Security Compliance Toolkit 1.0
 description: This article describes how to use the Security Compliance Toolkit in your organization
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/21/2019
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Microsoft Security Compliance Toolkit 1.0
diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
index 073cfbd4cb..152f6711fe 100644
--- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
@@ -4,7 +4,7 @@ description: Describes best practices, security considerations, and more for the
 ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Access Credential Manager as a trusted caller
diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
index 06d067f006..d20934b1f3 100644
--- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: f6767bc2-83d1-45f1-847c-54f5362db022
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Access this computer from the network - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
index 4394099acc..4df87c418a 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: a4167bf4-27c3-4a9b-8ef0-04e3c6ec3aa4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Account lockout duration
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index 852449d7ce..26ba3362f0 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -4,7 +4,7 @@ description: Describes the Account Lockout Policy settings and links to informat
 ms.assetid: eb968c28-17c5-405f-b413-50728cb7b724
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/11/2018
+ms.technology: mde
 ---
 
 # Account Lockout Policy
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index d9c2770ad4..d7dacae92e 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 4904bb40-a2bd-4fef-a102-260ba8d74e30
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/02/2018
+ms.technology: mde
 ---
 
 # Account lockout threshold
diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md
index f740ced849..42f0509874 100644
--- a/windows/security/threat-protection/security-policy-settings/account-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/account-policies.md
@@ -4,7 +4,7 @@ description: An overview of account policies in Windows and provides links to po
 ms.assetid: 711b3797-b87a-4cd9-a2e3-1f8ef18688fb
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Account Policies
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index 242f47b39f..983c8abe93 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 71a3bd48-1014-49e0-a936-bfe9433af23e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/01/2017
+ms.technology: mde
 ---
 
 # Accounts: Administrator account status
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
index 44ba58b22d..999953b0f6 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, management, and sec
 ms.assetid: 94c76f45-057c-4d80-8d01-033cf28ef2f7
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/10/2017
+ms.technology: mde
 ---
 
 # Accounts: Block Microsoft accounts
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
index 0677dbe5ed..1828f74f0d 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 07e53fc5-b495-4d02-ab42-5b245d10d0ce
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Accounts: Guest account status - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
index 429a6e932a..88adc7aa01 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
@@ -4,7 +4,7 @@ description: Learn best practices, security considerations, and more for the pol
 ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Accounts: Limit local account use of blank passwords to console logon only
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
index 416c761dd9..1bf1c8e328 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
@@ -4,7 +4,7 @@ description: This security policy reference topic for the IT professional descri
 ms.assetid: d21308eb-7c60-4e48-8747-62b8109844f9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Accounts: Rename administrator account
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
index 4e136d6fc7..5694b75065 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 9b8052b4-bbb9-4cc1-bfee-ce25390db707
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Accounts: Rename guest account - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
index b32355b82a..dfd593bde8 100644
--- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
+++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c1b7e084-a9f7-4377-b678-07cc913c8b0c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Act as part of the operating system
diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
index e961da2395..c2cfbb9858 100644
--- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a
 ms.assetid: b0c21af4-c928-4344-b1f1-58ef162ad0b3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Add workstations to domain
diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
index fc90fa5e4b..154ecd7c75 100644
--- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
+++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 6754a2c8-6d07-4567-9af3-335fd8dd7626
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Adjust memory quotas for a process
diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index 378bc21d36..0e4d3680f2 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -4,7 +4,7 @@ description: This article discusses different methods to administer security pol
 ms.assetid: 7617d885-9d28-437a-9371-171197407599
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Administer security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
index ee0f5f1b86..3bb3d64326 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: d9e5e1f3-3bff-4da7-a9a2-4bb3e0c79055
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Allow log on locally - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
index 518c760a7e..044f3c2fe5 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: 6267c376-8199-4f2b-ae56-9c5424e76798
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Allow log on through Remote Desktop Services
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
index ef5a46869a..4015f85f3f 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 20d40a79-ce89-45e6-9bb4-148f83958460
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit: Audit the access of global system objects
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
index 4c8003e0f3..3c398b2262 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -4,7 +4,7 @@ description: "Describes the best practices, location, values, and security consi
 ms.assetid: f656a2bb-e8d6-447b-8902-53df3a7756c5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/01/2019
+ms.technology: mde
 ---
 
 # Audit: Audit the use of Backup and Restore privilege
diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
index 023e1eac23..3c64ae947a 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
@@ -4,7 +4,7 @@ description: Learn more about the security policy setting, Audit Force audit pol
 ms.assetid: 8ddc06bc-b6d6-4bac-9051-e0d77035bd4e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md
index 01e76f7782..351b357bb8 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md
@@ -4,7 +4,7 @@ description: Provides information about basic audit policies that are available
 ms.assetid: 2e8ea400-e555-43e5-89d6-0898cb89da90
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit Policy
diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
index e9e6d09cf2..6b2a642f91 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Audit: Shut down system immediately if unable to log security audits
diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
index a431f30baf..67a1efe7b8 100644
--- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
@@ -4,7 +4,7 @@ description: Describes the recommended practices, location, values, policy manag
 ms.assetid: 1cd6bdd5-1501-41f4-98b9-acf29ac173ae
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Back up files and directories - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
index af394cc02a..b82df05bd9 100644
--- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
+++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 1c828655-68d3-4140-aa0f-caa903a7087e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Bypass traverse checking
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
index 3729af5440..611c4f29c6 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: f2f6637d-acbc-4352-8ca3-ec563f918e65
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Change the system time - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
index 21918a8f75..f9251b7542 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 3b1afae4-68bb-472f-a43e-49e300d73e50
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Change the time zone - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
index 55281194fb..eaca0ecfbb 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: dc087897-459d-414b-abe0-cd86c8dccdea
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create a pagefile - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
index 2aab29e91a..52fb6a0e53 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: bfbf52fc-6ba4-442a-9df7-bd277e55729c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create a token object
diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
index 6093dfc046..c29a2716ee 100644
--- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 9cb6247b-44fc-4815-86f2-cb59b6f0221e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create global objects
diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
index 99d3c81d18..33b84b4ddd 100644
--- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 6a58438d-65ca-4c4a-a584-450eed976649
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create permanent shared objects
diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
index 696c309ef6..70f390d16a 100644
--- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
+++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 882922b9-0ff8-4ee9-8afc-4475515ee3fd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create symbolic links
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index dbef4f23b0..8b5c1ba80d 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the syntax policy setting,
 ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 1e3fb1aac8..46bcee01d5 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, DCOM Machi
 ms.assetid: 4b95d45f-dd62-4c34-ba32-43954528dabe
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md
index 8e9e1de135..ee678fa038 100644
--- a/windows/security/threat-protection/security-policy-settings/debug-programs.md
+++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 594d9f2c-8ffc-444b-9522-75615ec87786
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Debug programs
diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
index c7de16a3ed..426bbb78d9 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Deny access to this computer from the network
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
index 3705d5c84b..33371b5594 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 0ac36ebd-5e28-4b6a-9b4e-8924c6ecf44b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Deny log on as a batch job
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
index ae1ff7ad09..e93b14011b 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: f1114964-df86-4278-9b11-e35c66949794
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Deny log on as a service
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
index c29d301d15..16aac6c38f 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 00150e88-ec9c-43e1-a70d-33bfe10434db
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Deny log on locally
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
index 5ba0488e44..e618426e9d 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Deny log on through Remote Desktop Services
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
index b9c5b91f0b..1c8ec83ad6 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 1d403f5d-ad41-4bb4-9f4a-0779c1c14b8c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Devices: Allow undock without having to log on
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
index 63a755d174..4a2d451bd1 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: d1b42425-7244-4ab1-9d46-d68de823459c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Devices: Allowed to format and eject removable media
diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
index 6b2c51d931..15e9f97f5d 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: ab70a122-f7f9-47e0-ad8c-541f30a27ec3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Devices: Prevent users from installing printer drivers
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index 45bae7d793..14b745deaf 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 8b8f44bb-84ce-4f18-af30-ab89910e234d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Devices: Restrict CD-ROM access to locally logged-on user only
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
index f0de6a47fe..0b64be01ad 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 92997910-da95-4c03-ae6f-832915423898
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Devices: Restrict floppy access to locally logged-on user only
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
index 42e3ec17e1..6708f52037 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 198b12a4-8a5d-48e8-a752-2073b8a2cb0d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain controller: Allow server operators to schedule tasks
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
index 933e46f0a1..ba471b4b00 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: fe122179-7571-465b-98d0-b8ce0f224390
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain controller: LDAP server signing requirements
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
index 0115f58fc6..7a2193fd9c 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 5a7fa2e2-e1a8-4833-90f7-aa83e3b456a9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain controller: Refuse machine account password changes
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
index 065ea3434c..9c02ea6441 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: 4480c7cb-adca-4f29-b4b8-06eb68d272bf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain member: Digitally encrypt or sign secure channel data (always)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
index 0540ffa16a..cc788fbe2b 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 73e6023e-0af3-4531-8238-82f0f0e4965b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain member: Digitally encrypt secure channel data (when possible)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
index e0127d72d7..5d0ee13652 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: a643e491-4f45-40ea-b12c-4dbe47e54f34
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain member: Digitally sign secure channel data (when possible)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
index af37ad2e44..16e25c74bf 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 1f660300-a07a-4243-a09f-140aa1ab8867
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/27/2019
+ms.technology: mde
 ---
 
 # Domain member: Disable machine account password changes
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
index 1c74391497..ff2d29cc14 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 0ec6f7c1-4d82-4339-94c0-debb2d1ac109
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/29/2020
+ms.technology: mde
 ---
 
 # Domain member: Maximum machine account password age
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
index 9660f69829..544c028497 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain member: Require strong (Windows 2000 or later) session key
diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index 1968ce5913..cd3439ae58 100644
--- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Enable computer and user accounts to be trusted for delegation
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
index 43ed37c3fc..796779c714 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 8b2ab871-3e52-4dd1-9776-68bb1e935442
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Enforce password history
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
index ac0af26a19..71615ceabb 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 5891cb73-f1ec-48b9-b703-39249e48a29f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Enforce user logon restrictions
diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
index fb56241385..e6585a09a3 100644
--- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
+++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 63129243-31ea-42a4-a598-c7064f48a3df
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Force shutdown from a remote system
diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
index d6a7cf2241..40e5ca7ef1 100644
--- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c0e1cd80-840e-4c74-917c-5c2349de885f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Generate security audits
diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
index 3f70c13716..7ad1fc41a6 100644
--- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
@@ -4,8 +4,7 @@ description: Describes steps to configure a security policy setting on the local
 ms.assetid: 63b0967b-a9fe-4d92-90af-67469ee20320
 ms.reviewer: 
 ms.author: dansimp
-
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 # Configure security policy settings
 
diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
index 1d241529ee..c341629510 100644
--- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 4cd241e2-c680-4b43-8ed0-3b391925cec5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Impersonate a client after authentication
diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
index 1225e25cd9..4473a058bb 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: b742ad96-37f3-4686-b8f7-f2b48367105b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Increase a process working set
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index 5d4835f444..1cd8ae7179 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: fbec5973-d35e-4797-9626-d0d56061527f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 2/6/2020
+ms.technology: mde
 ---
 
 # Increase scheduling priority
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index c9e784c755..eb88a41772 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Display user information when the session is locked
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
index dbb2b2c45b..dc34342e33 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
@@ -1,7 +1,7 @@
 ---
 title: Interactive logon Don't display last signed-in (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Interactive logon: Don't display last signed-in
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
index 47257f0e50..e209f6f824 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 04e2c000-2eb2-4d4b-8179-1e2cb4793e18
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 # Interactive logon: Do not require CTRL+ALT+DEL
 
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
index 84ae5e963d..dc75f23f03 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@@ -2,9 +2,9 @@
 title: Interactive logon Don't display username at sign-in (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.reviewer:
+ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Don't display username at sign-in
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
index 384e9959b1..ea490bea9a 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, management, and security consider
 ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Machine account lockout threshold
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
index 07e009dc0e..b42c080ea0 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, management, and sec
 ms.assetid: 7065b4a9-0d52-41d5-afc4-5aedfc4162b5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/18/2018
+ms.technology: mde
 ---
 
 # Interactive logon: Machine inactivity limit
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
index 61a261c4bd..554fcc6d63 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Message text for users attempting to log on
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
index bf4611c235..3f2be2aad0 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: f2596470-4cc0-4ef1-849c-bef9dc3533c6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Message title for users attempting to log on
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index ebfbd65b83..f1248b1825 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, Interactiv
 ms.assetid: 660e925e-cc3e-4098-a41e-eb8db8062d8d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/27/2018
+ms.technology: mde
 ---
 
 # Interactive logon: Number of previous logons to cache (in case domain controller is not available)
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
index b98d74a6bb..0eada407ca 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -1,10 +1,10 @@
 ---
-title:  Interactive log-on prompt user to change password before expiration (Windows 10)
+title: Interactive log-on prompt user to change password before expiration (Windows 10)
 description: Best practices and security considerations for an interactive log-on prompt for users to change passwords before expiration.
 ms.assetid: 8fe94781-40f7-4fbe-8cfd-5e116e6833e9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive log on: Prompt the user to change passwords before expiration
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
index 216de3c43e..e08474cde8 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
@@ -4,7 +4,7 @@ description: Best practices security considerations, and more for the policy set
 ms.assetid: 97618ed3-e946-47db-a212-b5e7a4fc6ffc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Require Domain Controller authentication to unlock workstation
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index 33b628cb5e..1235ce1f89 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c6a8c040-cbc7-472d-8bc5-579ddf3cbd6c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Require smart card - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
index 3c4204523c..822699cbe5 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: 61487820-9d49-4979-b15d-c7e735999460
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Interactive logon: Smart card removal behavior
diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
index b99dec5d92..4dde3dafa0 100644
--- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
@@ -4,7 +4,7 @@ description: Describes the Kerberos Policy settings and provides links to policy
 ms.assetid: 94017dd9-b1a3-4624-af9f-b29161b4bf38
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Kerberos Policy
diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
index d80474a5ab..ece23d6a1b 100644
--- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 66262532-c610-470c-9792-35ff4389430f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Load and unload device drivers
diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
index 9c53d5bb73..9f512271e5 100644
--- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
+++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: cc724979-aec0-496d-be4e-7009aef660a3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Lock pages in memory
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
index 7ad5326697..e4997ab361 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 4eaddb51-0a18-470e-9d3d-5e7cd7970b41
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Log on as a batch job
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
index 7539cb89c0..a170ea805c 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: acc9a9e0-fd88-4cda-ab54-503120ba1f42
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Log on as a service
diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
index cec2f34a4c..057b9c3219 100644
--- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
+++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 4b946c0d-f904-43db-b2d5-7f0917575347
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Manage auditing and security log
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
index 2ba4e7f98c..4c5b767250 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 484bf05a-3858-47fc-bc02-6599ca860247
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Maximum lifetime for service ticket
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
index d4fc263448..4298be4ed3 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: f88cd819-3dd1-4e38-b560-13fe6881b609
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Maximum lifetime for user ticket renewal
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
index 46cd7ecb25..c9f03e275f 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: bcb4ff59-334d-4c2f-99af-eca2b64011dc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Maximum lifetime for user ticket
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
index 5eacf443c4..18d09c4627 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 2d6e70e7-c8b0-44fb-8113-870c6120871d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Maximum password age
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
index 880ce8d6ab..98e58336ac 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: ba2cf59e-d69d-469e-95e3-8e6a0ba643af
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Maximum tolerance for computer clock synchronization
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
index 457ba6494f..f2c0e59130 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
@@ -5,13 +5,14 @@ ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.date: 06/28/2018
+ms.technology: mde
 ---
 
 # Microsoft network client: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
index 0eb20f0245..3fca806b68 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the security policy setting
 ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
index 7bfb786b1e..df04135ddb 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 8227842a-569d-480f-b43c-43450bbaa722
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Microsoft network server: Amount of idle time required before suspending session
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
index 473585fba5..bf80e3d066 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
@@ -4,7 +4,7 @@ description: Learn about the security policy setting, Microsoft network server A
 ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Microsoft network server: Attempt S4U2Self to obtain claim information
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
index 2e7b8cc704..aa8327994b 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/21/2018
+ms.technology: mde
 ---
 
 # Microsoft network server: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
index d763e077ca..c63ba1fa9c 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: 48b5c424-9ba8-416d-be7d-ccaabb3f49af
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Microsoft network server: Disconnect clients when logon hours expire
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
index f45ef84792..934085e4f4 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 18337f78-eb45-42fd-bdbd-f8cd02c3e154
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Microsoft network server: Server SPN target name validation level
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
index 9995735537..177a7d0222 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
@@ -5,13 +5,14 @@ ms.assetid: 91915cb2-1b3f-4fb7-afa0-d03df95e8161
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.date: 11/13/2018
+ms.technology: mde
 ---
 
 # Minimum password age
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index ae21ed863f..c14de4b2fc 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 3d22eb9a-859a-4b6f-82f5-c270c427e17e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Minimum password length
diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
index 9775374e5e..baa5e9c04b 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 3e5a97dd-d363-43a8-ae80-452e866ebfd5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Modify an object label
diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
index 7ad95e9f59..5022db6039 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 80bad5c4-d9eb-4e3a-a5dc-dcb742b83fca
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Modify firmware environment values
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
index 0b21eb13c9..b78e43e706 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
 ms.assetid: 0144477f-22a6-4d06-b70a-9c9c2196e99e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Allow anonymous SID/Name translation
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
index b679530985..23a4d0c815 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the security policy setting
 ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Do not allow anonymous enumeration of SAM accounts and shares
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
index e957638eb9..3243d8261b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 6ee25b33-ad43-4097-b031-7be680f64c7c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Do not allow anonymous enumeration of SAM accounts
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index 3668aaef4c..b22b8e05fe 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the security policy setting
 ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Do not allow storage of passwords and credentials for network authentication
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
index 6ea98c4a06..816f4d78b1 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Let Everyone permissions apply to anonymous users
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
index ca8b104079..bb01d6c117 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
@@ -4,7 +4,7 @@ description: Describes best practices, security considerations and more for the
 ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Named Pipes that can be accessed anonymously
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
index a221329ce9..078753c170 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
@@ -4,7 +4,7 @@ description: Describes best practices, location, values, and security considerat
 ms.assetid: 3fcbbf70-a002-4f85-8e86-8dabad21928e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Remotely accessible registry paths and subpaths
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
index 62e028051b..ab9370f9dd 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
 ms.assetid: 977f86ea-864f-4f1b-9756-22220efce0bd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Remotely accessible registry paths
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
index 7f2010f35f..9fea7c3077 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: e66cd708-7322-4d49-9b57-1bf8ec7a4c10
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Restrict anonymous access to Named Pipes and Shares
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index c93ec93b11..fdcc0c6faf 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -1,7 +1,7 @@
 ---
 title: Network access - Restrict clients allowed to make remote calls to SAM
 description: Security policy setting that controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
@@ -11,6 +11,7 @@ ms.date: 09/17/2018
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Network access: Restrict clients allowed to make remote calls to SAM
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
index 1fbdd1c98d..125d609e61 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations, and more for t
 ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Shares that can be accessed anonymously
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
index 8ae8bcfd3d..359010211d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 0b3d703c-ea27-488f-8f59-b345af75b994
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network access: Sharing and security model for local accounts
diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
index 4ac7af5f3c..69ecb0c119 100644
--- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
@@ -4,7 +4,7 @@ description: Network List Manager policies are security settings that configure
 ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network List Manager policies
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
index 4d792d0457..40a53c2736 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
@@ -4,7 +4,7 @@ description: Location, values, policy management, and security considerations fo
 ms.assetid: c46a658d-b7a4-4139-b7ea-b9268c240053
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Allow Local System to use computer identity for NTLM
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
index 2a4db2ba09..3f67d9dfbf 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 5b72edaa-bec7-4572-b6f0-648fc38f5395
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Allow LocalSystem NULL session fallback
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index 14f67ae3d2..716b1da171 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -4,7 +4,7 @@ description: Best practices for the Network Security Allow PKU2U authentication
 ms.assetid: e04a854e-d94d-4306-9fb3-56e9bd7bb926
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Allow PKU2U authentication requests to this computer to use online identities
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
index 51a84cfb6f..d6813adc8f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -4,7 +4,7 @@ description: Best practices, location, values and security considerations for th
 ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Configure encryption types allowed for Kerberos
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 32ad4fc2b7..23140d7b81 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Do not store LAN Manager hash value on next password change
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
index 9abafe6715..d82ba2d356 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: 64d5dde4-58e4-4217-b2c4-73bd554ec926
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Force logoff when logon hours expire
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
index 8cf1d1ef2a..90ab68bf7a 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
 ms.assetid: bbe1a98c-420a-41e7-9d3c-3a2fe0f1843e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: LAN Manager authentication level
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
index 2e91b3b1b6..deb400f637 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management and security co
 ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: LDAP client signing requirements
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index 5a6ed1a602..7da3832813 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, Network se
 ms.assetid: 89903de8-23d0-4e0f-9bef-c00cb7aebf00
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 07/27/2017
+ms.technology: mde
 ---
 
 # Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index aa05ac30a3..fd5bcf7731 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -4,7 +4,7 @@ description: Best practices and security considerations for the policy setting,
 ms.assetid: c6a60c1b-bc8d-4d02-9481-f847a411b4fc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index f45e969f85..4f61542115 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 9b017399-0a54-4580-bfae-614c2beda3a1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index 190741c9b6..ad33075c6d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 2f981b68-6aa7-4dd9-b53d-d88551277cc0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Add server exceptions in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index 573acd03e5..466fe77336 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
 ms.assetid: 37e380c2-22e1-44cd-9993-e12815b845cf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Audit incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 872e3aaf36..595f2d660a 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Audit NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index 2b0c20bc29..1c4ca789c3 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index a88bb90887..947f4ab587 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index 582a95f107..1a547615d6 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index c1ccd042f6..c40865f9da 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Password must meet complexity requirements
diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index 4e9a967608..d0a560e42b 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -4,7 +4,7 @@ description: An overview of password policies for Windows and links to informati
 ms.assetid: aec1220d-a875-4575-9050-f02f9c54a3b6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Password Policy
diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
index 185ef547a9..44ce6c881a 100644
--- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: b6990813-3898-43e2-8221-c9c06d893244
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Perform volume maintenance tasks
diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
index 3ea61190ff..fc3af3e372 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c0963de4-4f5e-430e-bfcd-dfd68e66a075
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Profile single process
diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
index c39e1de1d2..37a46be943 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Profile system performance
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
index ac9b2c0104..8d560cc318 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Recovery console: Allow automatic administrative logon
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 0fb4445f92..2d90c0a80f 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Recovery console: Allow floppy copy and access to all drives and folders
diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
index a19803baed..099396d96b 100644
--- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
+++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Remove computer from docking station - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
index 6b6b9fbf97..497b00f4d5 100644
--- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
+++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Replace a process level token
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index d4c0f55aa6..7dd3bc674f 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/02/2018
+ms.technology: mde
 ---
 
 # Reset account lockout counter after
diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
index edb41ef508..56932252a4 100644
--- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Restore files and directories - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
index 5836257990..58e86eb700 100644
--- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: Provides information about the advanced security audit policy setti
 ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Advanced security audit policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index 46dbab8860..b31d7a38cd 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -5,13 +5,14 @@ ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.date: 06/28/2018
+ms.technology: mde
 ---
 
 # Security Options
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
index a129a83f56..690b97fddb 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
@@ -4,7 +4,7 @@ description: This reference of security settings provides information about how
 ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Security policy settings reference
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index a8bd08c42d..1e283c3673 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -4,7 +4,7 @@ description: This reference topic describes the common scenarios, architecture,
 ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
index 368f3b722b..1b5d5a161d 100644
--- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
+++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Shut down the system - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index 49cf09a6db..5f9aec2590 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Shutdown: Allow system to be shut down without having to log on
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
index b3e5bb9c6c..b556412de2 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a
 ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/01/2017
+ms.technology: mde
 ---
 
 # Shutdown: Clear virtual memory pagefile 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
index a8d2183e51..996a278b07 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
+ms.technology: mde
 ---
 
 # SMBv1 Microsoft network client: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 47483249d7..6b4331de2f 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
+ms.technology: mde
 ---
 # SMBv1 Microsoft network client: Digitally sign communications (if server agrees)
 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
index dffc41d41d..0c427716aa 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the  security
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
+ms.technology: mde
 ---
 
 # SMB v1 Microsoft network server: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 45e242b7fc..032bb6d057 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
 ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
+ms.technology: mde
 ---
 
 # SMBv1 Microsoft network server: Digitally sign communications (if client agrees)
diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
index 8541cc65f4..fa3693209f 100644
--- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
+++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Store passwords using reversible encryption
diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
index 576180c4a9..04d2c905ec 100644
--- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
+++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Synchronize directory service data
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index fd0f6851b0..0ab38e9139 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # System cryptography: Force strong key protection for user keys stored on the computer
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index b3c9f04138..9994949948 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/16/2018
+ms.technology: mde
 ---
 
 # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index f2b1daed5b..7d3fdb17cd 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
 ms.assetid: 340d6769-8f33-4067-8470-1458978d1522
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # System objects: Require case insensitivity for non-Windows subsystems
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index 7e622b901f..731ff816b1 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System obj
 ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links)
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
index af6a91841d..05dc5f7a16 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # System settings: Optional subsystems
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index d261330b49..85d1c3a9c8 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System set
 ms.assetid: 2380d93b-b553-4e56-a0c0-d1ef740d089c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # System settings: Use certificate rules on Windows executables for Software Restriction Policies
diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
index be428efa89..45985b786a 100644
--- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: cb8595d1-74cc-4176-bb15-d97663eebb2d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Take ownership of files or other objects
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index c55c11df6a..3a71b45166 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2017
+ms.technology: mde
 ---
 
 # User Account Control: Admin Approval Mode for the Built-in Administrator account
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index 6c3bb8ace6..09f6411652 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -4,7 +4,7 @@ description: Best practices and more for the policy setting, User Account Contro
 ms.assetid: fce20472-3c93-449d-b520-13c4c74a9892
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index 5b6f5b139e..82939414e0 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, User Accou
 ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/08/2017
+ms.technology: mde
 ---
 
 # User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index 659b235720..de0490479f 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations, and more for t
 ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Behavior of the elevation prompt for standard users
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index 2fd36ac32f..be33709e17 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the security policy setting
 ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Detect application installations and prompt for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 014e882384..62665872ff 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: 64950a95-6985-4db6-9905-1db18557352d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Only elevate executables that are signed and validated
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index e9d0d85e91..06e3831a67 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -4,7 +4,7 @@ description: Learn about best practices and more for the policy setting, User Ac
 ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Only elevate UIAccess applications that are installed in secure locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index fb06a1c928..da3fbca962 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Run all administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index 8d3f8b2d1b..6b34c92be1 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 77a067db-c70d-4b02-9861-027503311b8b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Switch to the secure desktop when prompting for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index 8fb6f6ead6..e8bf2f6497 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the policy set
 ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Account Control: Virtualize file and registry write failures to per-user locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index 03d0a20cf4..9ac1afcf08 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -4,7 +4,7 @@ description: Provides an overview and links to information about the User Rights
 ms.assetid: 99340252-60be-4c79-b0a5-56fbe1a9b0c5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # User Rights Assignment
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index 58051a41aa..db7887046c 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -5,13 +5,14 @@ ms.assetid: 733263E5-7FD1-45D2-914A-184B9E3E6A3F
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dulcemontemayor
 ms.date: 02/28/2019
 ms.localizationpriority: medium
+ms.technology: mde
 ---
 
 # Use Windows Event Forwarding to help with intrusion detection
diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md
index 5ce47adcb7..2e7e17d540 100644
--- a/windows/security/threat-protection/windows-10-mobile-security-guide.md
+++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md
@@ -6,13 +6,14 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 keywords: data protection, encryption, malware resistance, smartphone, device, Microsoft Store
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, mobile
 ms.localizationpriority: medium
 author: dulcemontemayor
 ms.date: 10/13/2017
+ms.technology: mde
 ---
 # Windows 10 Mobile security guide
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 7ec755da77..9a6947372a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -1,9 +1,9 @@
 ---
 title: Allow LOB Win32 Apps on Intune-Managed S Mode Devices (Windows 10)
 description: Using WDAC supplemental policies, you can expand the S mode base policy on your Intune-managed devices.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 10/30/2019
+ms.technology: mde
 ---
 
 # Allow Line-of-Business Win32 Apps on Intune-Managed S Mode Devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index fd016ed909..1a451b7545 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -1,9 +1,9 @@
 ---
 title: Allow COM object registration in a WDAC policy (Windows 10)
 description: You can allow COM object registration in a Windows Defender Application Control policy.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/21/2019
+ms.technology: mde
 ---
 
 # Allow COM object registration in a Windows Defender Application Control policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index f762644195..aafd72be3d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to update your existi
 ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Add rules for packaged apps to existing AppLocker rule-set
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
index 8730c6c545..28e35129ba 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals provides links to specific procedur
 ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
+ms.technology: mde
 ---
 
 # Administer AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
index f7a0f16873..04a1ea12ad 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@@ -4,7 +4,7 @@ description: This topic for IT professional describes AppLocker’s basic archit
 ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker architecture and components
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
index 277bc78753..3e9ab04bfc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
@@ -4,7 +4,7 @@ description: This article for the IT professional lists the functions and securi
 ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker functions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index b7d7885b7f..b7dcbcddd8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -4,7 +4,7 @@ description: This topic provides a description of AppLocker and can help you dec
 ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/16/2017
+ms.technology: mde
 ---
 
 # AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index e92450d695..60bc44e368 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals introduces the concepts and describ
 ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index d723d9a054..960362fe53 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional introduces the design and planni
 ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker design guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
index 3e660d6659..897753b906 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists the various application co
 ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker policy use scenarios
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
index de1860a1a6..0ffdf6a6e0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the process dependenci
 ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker processes and interactions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
index f289a40fe7..56d2fcb24d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists the settings used by AppLo
 ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker settings
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
index 031ce25230..db60e0f7bc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
@@ -4,7 +4,7 @@ description: This overview topic for IT professionals provides links to the topi
 ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # AppLocker technical reference
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
index 2dd978d52b..8995d1c8cf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to set AppLocker poli
 ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/08/2018
+ms.technology: mde
 ---
 
 # Configure an AppLocker policy for audit only
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
index 36cce5baec..1f3d8928cf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to enable the A
 ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Configure an AppLocker policy for enforce rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
index dfb7c8814a..fea958441d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to specify whic
 ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Add exceptions for an AppLocker rule
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
index a3a2d593bb..9b81e3d6fe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the steps to create an
 ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Configure the AppLocker reference device
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index 488a8cc411..610728b4d6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -5,7 +5,7 @@ ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
 ms.reviewer: 
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/02/2018
+ms.technology: mde
 ---
 
 # Configure the Application Identity service
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index 619e173000..e7c76c7e98 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -4,7 +4,7 @@ description: This article for IT professionals shows how to create an AppLocker
 ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create a rule for packaged apps
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index f7689c76f7..c68870383e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
 ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create a rule that uses a file hash condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
index 728693dc35..fd4ebfd86a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
 ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create a rule that uses a path condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 5a875b4b84..f7f9061767 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals shows how to create an AppLocker ru
 ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create a rule that uses a publisher condition
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
index 4bf66b9c31..8e818f8d12 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to create a sta
 ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create AppLocker default rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index 24ab242eb1..9d57825f8a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -4,7 +4,7 @@ description: This topic describes the process of gathering app usage requirement
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create a list of apps deployed to each business group
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
index 4cb2f24434..d0a53377ec 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -4,7 +4,7 @@ description: This overview topic for the IT professional describes the steps to
 ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create Your AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
index 6d75ecfc99..dd866880d3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes what you need to know
 ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Create Your AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index a63318645f..80c31abf85 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -4,7 +4,7 @@ description: This article for IT professionals describes the steps to delete an
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/09/2020
+ms.technology: mde
 ---
 
 # Delete an AppLocker rule
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 65374479fc..bd480092c0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to deploy AppLo
 ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Deploy AppLocker policies by using the enforce rules setting
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
index 058e736230..64f60860f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the tasks that should
 ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Deploy the AppLocker policy into production
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
index e03376d487..fdeb9db2dc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -4,7 +4,7 @@ description: This overview topic describes the process to follow when you are pl
 ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Determine the Group Policy structure and rule enforcement
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index 099c30bac7..a0770cfdb3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to use AppLocker l
 ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Determine which apps are digitally signed on a reference device
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index dd86101ae7..516f7eaff2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -4,7 +4,7 @@ description: Determine which applications to control and how to control them by
 ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Determine your application control objectives
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index f87c93e451..4f89790b1c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -5,7 +5,7 @@ ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
 ms.reviewer: 
 ms.author: dansimp
 ms.pagetype: security
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Display a custom URL message when users try to run a blocked app
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index be5c338598..aec41fda97 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
 ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # DLL rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 0e40237b7b..7c80353023 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -4,7 +4,7 @@ description: This planning topic describes what you need to investigate, determi
 ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -15,6 +15,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.pagetype: security
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Document the Group Policy structure and AppLocker rule enforcement
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
index c43cf96fee..64318e0bd7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@@ -4,7 +4,7 @@ description: This planning topic describes the app information that you should d
 ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Document your app list
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
index 9f6e032b66..1000876fbf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -4,7 +4,7 @@ description: Learn how to document your AppLocker rules and associate rule condi
 ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Document your AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
index 03b04a1190..9865b4a5d9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps required to mod
 ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Edit an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
index 028a8237bc..9fba4220b8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to edit a publi
 ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Edit AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
index 575de45499..33f8fc5205 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to enable the D
 ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Enable the DLL rule collection
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
index b396db1cfb..977c71d0cf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to enforce applicatio
 ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Enforce AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
index ffdc7ace8c..13e0194acf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
 ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Executable rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
index 0443b67c6b..6f17980018 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to export an Ap
 ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Export an AppLocker policy from a GPO
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
index 6856386f4a..a2c2fda488 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to export an Ap
 ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Export an AppLocker policy to an XML file
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
index b4adeb4b33..6e4827d32a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional provides links to topics about A
 ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # How AppLocker works
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
index eaa7c7aa78..572410407e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to import an AppLocke
 ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Import an AppLocker policy from another computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
index ac5ac53cd5..10cdc3f2c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to import an Ap
 ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Import an AppLocker policy into a GPO
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 3e7f0169c7..67545f9094 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -4,7 +4,7 @@ description: Learn how to maintain rules within AppLocker policies. View common
 ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
index e33dc7ed87..fc27d49a00 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
@@ -4,7 +4,7 @@ description: Learn concepts and lists procedures to help you manage packaged app
 ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Manage packaged apps with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 47c7db9884..ffe44d7fae 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to merge AppLoc
 ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Merge AppLocker policies by using Set-ApplockerPolicy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
index f40ead0fc0..7567707461 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to manually mer
 ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Merge AppLocker policies manually
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index d0aa573b21..56d201be4e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to monitor app usage
 ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Monitor app usage with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
index d669f7c890..e050d78690 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how to optimize AppLocker
 ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Optimize AppLocker performance
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index 1057121e64..5889dda71b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker rule collection for packaged app
 ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/13/2017
+ms.technology: mde
 ---
 
 # Packaged apps and packaged app installer rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 35e51ee350..7bdb71f127 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -4,7 +4,7 @@ description: This topic for describes the decisions you need to make to establis
 ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Plan for AppLocker policy management
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
index 9e6a10f475..462a865a4f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to force an upd
 ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Refresh an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index 1d132ac242..acabab7d69 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -4,7 +4,7 @@ description: This deployment topic for the IT professional lists the requirement
 ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Requirements for deploying AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index 42347224a4..0b4fd786bf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional lists software requirements to u
 ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Requirements to use AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
index a87df1bc69..da19e309e8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes steps to run the wizard t
 ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Run the Automatically Generate Rules wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
index 1854e961d1..db4968297c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
 ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Script rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
index 02e8dd5393..92928f7068 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the security considera
 ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Security considerations for AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
index 4daacad66d..174e5d8a77 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
@@ -4,7 +4,7 @@ description: This topic lists resources you can use when selecting your applicat
 ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Select the types of rules to create
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index 00511d0f23..fd78e7c563 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes the steps to test an AppL
 ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Test an AppLocker policy by using Test-AppLockerPolicy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
index 6306c10479..2027085b0e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
@@ -4,7 +4,7 @@ description: This topic discusses the steps required to test an AppLocker policy
 ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Test and update an AppLocker policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
index 974a0000cc..51d801a909 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the tools available to
 ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Tools to use with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
index 0cd67f03d8..cbd1b7c62e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
@@ -4,7 +4,7 @@ description: This topic describes the AppLocker enforcement settings for rule co
 ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understand AppLocker enforcement settings
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index a8bfeff845..95dcad5fe6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -4,7 +4,7 @@ description: Review some common considerations while you are planning to use App
 ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/13/2017
+ms.technology: mde
 ---
 
 # Understand AppLocker policy design decisions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index ce6f6d4292..5350f5c843 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how application contro
 ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understand AppLocker rules and enforcement setting inheritance in Group Policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
index 5e0c80b55d..0f909bdf3d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@@ -4,7 +4,7 @@ description: This planning and deployment topic for the IT professional describe
 ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understand the AppLocker policy deployment process
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index f9cdae7831..941aa4f30d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -4,7 +4,7 @@ description: This topic explains the differences between allow and deny actions
 ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker allow and deny actions on rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
index 02228d1867..e9e449b52e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
@@ -4,7 +4,7 @@ description: This topic for IT professional describes the set of rules that can
 ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker default rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
index cbb7806a6b..041eee8f69 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
@@ -4,7 +4,7 @@ description: This topic describes how AppLocker rules are enforced by using the
 ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker rule behavior
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
index 0392b51405..319c895fd9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
@@ -4,7 +4,7 @@ description: This topic explains the five different types of AppLocker rules use
 ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker rule collections
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
index 44c123c7a2..8dfb91c58e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes the three types of App
 ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker rule condition types
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
index 9420c1f20f..eb3084b691 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
@@ -4,7 +4,7 @@ description: This topic describes the result of applying AppLocker rule exceptio
 ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding AppLocker rule exceptions
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index b0e028c79d..7a8bfc63d1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker file hash rule condition, the adv
 ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding the file hash rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index 95863340c0..057a3dabde 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker path rule condition, the advantag
 ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding the path rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 73bd0d992a..8636e3b8dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic explains the AppLocker publisher rule condition, what co
 ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Understanding the publisher rule condition in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index f051177f0c..72eea2c6c1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -1,9 +1,9 @@
 ---
-title: "Use a reference device to create and maintain AppLocker policies (Windows 10)"
+title: Use a reference device to create and maintain AppLocker policies (Windows 10)
 description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Use a reference device to create and maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 4e49ccf26f..b6018803fb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes concepts and procedures t
 ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Use AppLocker and Software Restriction Policies in the same domain
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 58edb0059e..65ade4ae02 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals describes how each AppLocker Window
 ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Use the AppLocker Windows PowerShell cmdlets
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index 78c04357c6..7895373d6e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -4,7 +4,7 @@ description: This topic lists AppLocker events and describes how to use Event Vi
 ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Using Event Viewer with AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index 1dd5197ddd..5e34495965 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes how to use Software Re
 ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Use Software Restriction Policies and AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index eab62e36b7..5e8f5b2efb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -4,7 +4,7 @@ description: This topic for the IT professional describes what AppLocker is and
 ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # What Is AppLocker?
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
index 50fff5a7b2..77b78c5a84 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
@@ -4,7 +4,7 @@ description: This topic describes the file formats and available default rules f
 ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Windows Installer rules in AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
index 2bde016bc2..276960c4b0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
@@ -4,7 +4,7 @@ description: This topic for IT professionals provides links to procedural topics
 ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
 ms.reviewer: 
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/21/2017
+ms.technology: mde
 ---
 
 # Working with AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index 0ddb19159b..67910704f3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -5,7 +5,7 @@ ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
 ms.reviewer: 
 manager: dansimp
 ms.author: macapara
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ author: dansimp
 ms.localizationpriority: medium
 msauthor: v-anbic
 ms.date: 08/27/2018
+ms.technology: mde
 ---
 
 # Working with AppLocker rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
index c5f703e0aa..c35dfc5108 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
@@ -1,9 +1,9 @@
 ---
 title: Audit Windows Defender Application Control policies (Windows 10)
 description: Audits allow admins to discover apps that were missed during an initial policy scan and to identify new apps that were installed since the policy was created.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Audit Windows Defender Application Control policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
index b7f98f9949..91186d9798 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
@@ -1,9 +1,9 @@
 ---
 title: Configure a WDAC managed installer (Windows 10)
 description: Explains how to configure a custom Manged Installer.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 08/14/2020
+ms.technology: mde
 ---
 
 # Configuring a managed installer with AppLocker and Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index da15b10af4..f3b993cbc0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -1,9 +1,9 @@
 ---
 title: Create a code signing cert for Windows Defender Application Control  (Windows 10)
 description: Learn how to set up a publicly-issued code signing certificate, so you can sign catalog files or WDAC policies internally.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 02/28/2018
+ms.technology: mde
 ---
 
 # Optional: Create a code signing cert for Windows Defender Application Control  
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
index d755422a84..37cb5bd513 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@@ -1,9 +1,9 @@
 ---
 title: Create a WDAC policy for fixed-workload devices using a reference computer (Windows 10)
 description: To create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within your organization, follow this guide.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Create a WDAC policy for fixed-workload devices using a reference computer
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 8b4a0fa4ff..bec0d684e1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -1,10 +1,10 @@
 ---
 title: Create a WDAC policy for fully-managed devices (Windows 10)
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
-keywords:  security, malware
+keywords: security, malware
 ms.topic: conceptual
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/20/2019
+ms.technology: mde
 ---
 
 # Create a WDAC policy for fully-managed devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index 89cecfc78b..85a6d9cfdc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -1,10 +1,10 @@
 ---
 title: Create a WDAC policy for lightly-managed devices (Windows 10)
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
-keywords:  security, malware
+keywords: security, malware
 ms.topic: conceptual
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/15/2019
+ms.technology: mde
 ---
 
 # Create a WDAC policy for lightly-managed devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 3abf426167..9dd3b2efa3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -1,9 +1,9 @@
 ---
 title: Deploy catalog files to support Windows Defender Application Control (Windows 10)
 description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 02/28/2018
+ms.technology: mde
 ---
 
 # Deploy catalog files to support Windows Defender Application Control
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 31c3deaf6b..d52c5a2d88 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -1,9 +1,9 @@
 ---
 title: Use multiple Windows Defender Application Control Policies  (Windows 10)
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/13/2020
+ms.technology: mde
 ---
 
 # Use multiple Windows Defender Application Control Policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
index 9151364753..4246d0b428 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
@@ -1,9 +1,9 @@
 ---
 title: Deploy WDAC policies via Group Policy (Windows 10)
 description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 02/28/2018
+ms.technology: mde
 ---
 
 # Deploy Windows Defender Application Control policies by using Group Policy
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 651222522b..8eb3de7a42 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -1,9 +1,9 @@
 ---
 title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10)
 description: You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 04/29/2020
+ms.technology: mde
 ---
 
 # Deploy Windows Defender Application Control policies by using Microsoft Intune
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index 9b387d559d..a84b17e822 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -1,9 +1,9 @@
 ---
 title: Disable Windows Defender Application Control policies  (Windows 10)
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Disable Windows Defender Application Control policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
index 9d9abf86c3..86bf4600dd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@@ -1,9 +1,9 @@
 ---
 title: Enforce Windows Defender Application Control (WDAC) policies (Windows 10)
 description: Learn how to test a Windows Defender Application Control (WDAC) policy in enforced mode by following these steps in an elevated Windows PowerShell session.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Enforce Windows Defender Application Control policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 444430a762..b464707f61 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -1,9 +1,9 @@
 ---
 title: Understanding Application Control event IDs (Windows 10)
 description: Learn what different Windows Defender Application Control event IDs signify.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 3/17/2020
+ms.technology: mde
 ---
 
 # Understanding Application Control events
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index 455177e5c9..6ee1d70486 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -1,9 +1,9 @@
 ---
 title: Understanding Application Control event tags (Windows 10)
 description: Learn what different Windows Defender Application Control event tags signify.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 8/27/2020
+ms.technology: mde
 ---
 
 # Understanding Application Control event tags
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
index 293ed79adc..e6ce58fcd0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@@ -1,10 +1,10 @@
 ---
 title: Example WDAC base policies (Windows 10)
 description: When creating a WDAC policy for an organization, start from one of the many available example base policies.
-keywords:  security, malware
+keywords: security, malware
 ms.topic: article
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/15/2019
+ms.technology: mde
 ---
 
 # Windows Defender Application Control example base policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 638d0f40cd..bf9cd09f77 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -1,9 +1,9 @@
 ---
 title: Feature Availability
 description: Compare WDAC and AppLocker feature availability.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: deniseb
 manager: dansimp
 ms.date: 04/15/2020
 ms.custom: asr
+ms.technology: mde
 ---
 
 # WDAC and AppLocker feature availability
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
index 0c2cbcf366..4d5cd8178f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@@ -1,9 +1,9 @@
 ---
 title: Manage packaged apps with WDAC  (Windows 10)
 description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/29/2020
+ms.technology: mde
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control 
diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
index 8437b48c3c..97f364c353 100644
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
@@ -1,9 +1,9 @@
 ---
 title: Merge Windows Defender Application Control policies (Windows 10)
 description: Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. Learn how with this guide.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Merge Windows Defender Application Control policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 620cfbcd0b..33c5abdbce 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -1,9 +1,9 @@
 ---
 title: Microsoft recommended block rules (Windows 10)
-description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.  
-keywords:  security, malware
+description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 04/09/2019
+ms.technology: mde
 ---
 
 # Microsoft recommended block rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 7d56cdbe9e..3c8a72ac23 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -1,9 +1,9 @@
 ---
 title: Microsoft recommended driver block rules (Windows 10)
-description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.  
-keywords:  security, malware, kernel mode, driver
+description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
+keywords: security, malware, kernel mode, driver
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 10/15/2020
+ms.technology: mde
 ---
 
 # Microsoft recommended driver block rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index b64d307ca9..13d6752759 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -1,9 +1,9 @@
 ---
 title: Plan for WDAC policy management (Windows 10)
 description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 02/21/2018
+ms.technology: mde
 ---
 
 # Plan for Windows Defender Application Control lifecycle policy management
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
index 1e729211c5..ed001ad80e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -1,9 +1,9 @@
 ---
 title: Query Application Control events with Advanced Hunting (Windows 10)
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 12/06/2018
+ms.technology: mde
 ---
 
 # Querying Application Control events centrally using Advanced hunting  
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 134df74024..b692c51861 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -1,9 +1,9 @@
 ---
 title: Understand WDAC policy rules and file rules (Windows 10)
 description: Learn how Windows Defender Application Control provides control over a computer running Windows 10 by using policies that include policy rules and file rules.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 03/04/2020
+ms.technology: mde
 ---
 
 # Understand WDAC policy rules and file rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
index 91a81e3359..936314d342 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios (Windows 10)
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 03/01/2018
+ms.technology: mde
 ---
 
 # Windows Defender Application Control deployment in different scenarios: types of devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index ae0cd53f63..9443134723 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -1,10 +1,10 @@
 ---
 title: Understand Windows Defender Application Control policy design decisions  (Windows 10)
-description: Understand Windows Defender Application Control policy design decisions. 
-keywords:  security, malware
+description: Understand Windows Defender Application Control policy design decisions.
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 manager: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 ms.date: 02/08/2018
+ms.technology: mde
 ---
 
 # Understand Windows Defender Application Control policy design decisions 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index f49176ee48..8e289e4bf3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -1,9 +1,9 @@
 ---
 title: Use code signing to simplify application control for classic Windows applications (Windows 10)
 description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Use code signing to simplify application control for classic Windows applications
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index 766037be4b..4703d016ee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -4,7 +4,7 @@ description: You can sign code integrity policies with the Device Guard signing
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ author: jsuther1974
 ms.reviewer: isbrahm
 manager: dansimp
 ms.date: 02/19/2019
+ms.technology: mde
 ---
 
 # Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index f5a09fc5c6..c951c3b825 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -1,9 +1,9 @@
 ---
 title: Use signed policies to protect Windows Defender Application Control against tampering  (Windows 10)
-description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. 
-keywords:  security, malware
+description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10.
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Use signed policies to protect Windows Defender Application Control against tampering
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index fc7de322fe..5392e5253b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -5,7 +5,7 @@ keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.date: 05/03/2018
+ms.technology: mde
 ---
 
 # Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
index 5490ef7a77..9670e64011 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
@@ -1,9 +1,9 @@
 ---
 title: Windows Defender Application Control and .NET Hardening (Windows 10)
 description: Dynamic Code Security is an application control feature that can verify code loaded by .NET at runtime.
-keywords:  security, malware
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 08/20/2018
+ms.technology: mde
 ---
 
 # Windows Defender Application Control and .NET hardening 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index 5b14874133..089a7ea67f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -3,7 +3,7 @@ title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windo
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 03/10/2020
+ms.technology: mde
 ---
 
 # Authorize reputable apps with the Intelligent Security Graph (ISG) 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
index d6810894b4..c3397bfba4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@@ -1,9 +1,9 @@
 ---
 title: Authorize apps deployed with a WDAC managed installer (Windows 10)
-description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager. 
-keywords:  security, malware
+description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager.
+keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 08/14/2020
+ms.technology: mde
 ---
 
 # Authorize apps deployed with a WDAC managed installer
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 9fe4c819a1..03f0eb6f0d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
 description: Compare Windows application control technologies.
 keywords: security, malware, allow-list, block-list
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: deniseb
 manager: dansimp
 ms.date: 09/30/2020
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Windows Defender Application Control and AppLocker Overview
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
index f911c0979d..46ef9319e7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control Wizard Base Policy Creation
 description: Creating new base application control policies with the Microsoft Windows Defender Application (WDAC) Wizard.
 keywords: allow listing, block listing, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 10/14/2020
+ms.technology: mde
 ---
 
 # Creating a new Base Policy with the Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
index f75e4aeaea..bca81708e6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control Wizard Supplemental Policy Creation
 description: Creating supplemental application control policies with the WDAC Wizard.
 keywords: allowlisting, blocklisting, security, malware, supplemental policy
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 10/14/2020
+ms.technology: mde
 ---
 
 # Creating a new Supplemental Policy with the Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
index e8e812e434..2b94c7f004 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
@@ -3,7 +3,7 @@ title: Editing Windows Defender Application Control Policies with the Wizard
 description: Editing existing base and supplemental policies with the Microsoft WDAC Wizard.
 keywords: allowlisting, blocklisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 10/14/2020
+ms.technology: mde
 ---
 
 # Editing existing base and supplemental WDAC policies with the Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
index 1b7d604a49..ec6e988048 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control Wizard Policy Merging Operation
 description: Merging multiple policies into a single application control policy with the Microsoft WDAC Wizard.
 keywords: allowlisting, blocklisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 10/14/2020
+ms.technology: mde
 ---
 
 # Merging existing policies with the WDAC Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
index 0232249e8a..cf315b6c1f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control Wizard
 description: Microsoft Defender Application Control Wizard (WDAC) Wizard allows users to create, edit, and merge application control policies in a simple to use Windows application.
 keywords: allowlisting, blocklisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 10/14/2020
+ms.technology: mde
 ---
 
 # Windows Defender Application Control Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index 0484518b2a..68c0aa549e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -1,9 +1,9 @@
 ---
 title: Planning and getting started on the Windows Defender Application Control deployment process (Windows 10)
-description: Learn how to gather information, create a plan, and begin to test initial code integrity policies for a Windows Defender Application Control deployment. 
+description: Learn how to gather information, create a plan, and begin to test initial code integrity policies for a Windows Defender Application Control deployment.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 05/16/2018
+ms.technology: mde
 ---
 
 # Planning and getting started on the Windows Defender Application Control deployment process
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
index bcddc618db..0f0e3e388f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control design guide (Windows 10)
 description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows 10 devices.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: dansimp
 manager: dansimp
 ms.topic: conceptual
 ms.date: 02/20/2018
+ms.technology: mde
 ---
 
 # Windows Defender Application Control design guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index b91a1efb4b..8a7fec062e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -3,7 +3,7 @@ title: Managing and troubleshooting Windows Defender Application Control policie
 description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 03/16/2020
+ms.technology: mde
 ---
 
 # Windows Defender Application Control operational guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index e6c525c383..5c7a82ef8a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -3,7 +3,7 @@ title: Application Control for Windows
 description: Application Control restricts which applications users are allowed to run and the code that runs in the system core.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.author: deniseb
 manager: dansimp
 ms.date: 05/26/2020
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Application Control for Windows
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
index 3179f10cb2..967180e8e6 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
@@ -3,7 +3,7 @@ title: Account protection in the Windows Security app
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
 keywords: account protection, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide, Windows Defender SmartScreen, SmartScreen Filter, Windows SmartScreen
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
index bbfe0a7bd0..d6c1337545 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
@@ -3,7 +3,7 @@ title: App & browser control in the Windows Security app
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
 keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # App and browser control
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index 45a707db18..5924c85165 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -3,7 +3,7 @@ title: Customize Windows Security contact information
 description: Provide information to your employees on how to contact your IT department when a security issue occurs
 keywords: wdsc, security center, defender, notification, customize, contact, it department, help desk, call, help site
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Customize the Windows Security app for your organization
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index ca606e3a6b..de163e7707 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -3,7 +3,7 @@ title: Device & performance health in the Windows Security app
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
 keywords: wdsc, windows update, storage, driver, device, installation, battery, health, status
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
index 26a2da094f..8df410f1f3 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
@@ -3,7 +3,7 @@ title: Device security in the Windows Security app
 description: Use the Device security section to manage security built into your device, including virtualization-based security.
 keywords: device security, device guard, wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 10/02/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Device security
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
index 4886c28f4d..e8003f20a2 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
@@ -3,7 +3,7 @@ title: Family options in the Windows Security app
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options are not intended for business environments.
 keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
index 7a394abba3..5cf74d9fdf 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -3,7 +3,7 @@ title: Firewall and network protection in the Windows Security app
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
 keywords: wdsc, firewall, windows defender firewall, network, connections, domain, private network, publish network, allow firewall, firewall rule, block firewall
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index e4ee0c83a3..1a7d13e733 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -3,7 +3,7 @@ title: Hide notifications from the Windows Security app
 description: Prevent Windows Security app notifications from appearing on user endpoints
 keywords: defender, security center, app, notifications, av, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 07/23/2020
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Hide Windows Security app notifications
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index 63e2d82171..28d50127b4 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -3,7 +3,7 @@ title: Virus and threat protection in the Windows Security app
 description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
 keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index b22eec75f4..7925fe31dc 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -3,7 +3,7 @@ title: Manage Windows Security in Windows 10 in S mode
 description: Learn how to manage Windows Security settings in Windows 10 in S mode. Windows 10 in S mode is streamlined for tighter security and superior performance.
 keywords: windows 10 in s mode, windows 10 s, windows 10 s mode, wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,6 +13,7 @@ ms.author: dansimp
 ms.date: 04/30/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # Manage Windows Security in Windows 10 in S mode
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 7f5c78c55f..174e3b1ec8 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -3,7 +3,7 @@ title: The Windows Security  app
 description: The Windows Security app brings together common Windows security features into one place
 keywords: wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows
 search.product: eADQiWindows 10XVcnh
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.author: dansimp
 ms.date: 10/02/2018
 ms.reviewer: 
 manager: dansimp
+ms.technology: mde
 ---
 
 # The Windows Security app
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
index e389280262..8b55c05b3e 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -6,13 +6,14 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.date: 03/01/2019
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md
index 00caa4505d..bb47f523e4 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -7,13 +7,14 @@ manager: dansimp
 ms.author: deniseb
 author: denisebmsft
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 ms.date: 03/01/2019
 ms.custom: asr
+ms.technology: mde
 ---
 
 
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
index 5dd9dc063d..662de15893 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
@@ -2,7 +2,7 @@
 title: System Guard Secure Launch and SMM protection (Windows 10)
 description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows 10 devices.
 search.appverid: met150
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,6 +12,7 @@ ms.date: 12/28/2020
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # System Guard Secure Launch and SMM protection
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 32918a0147..9995f497a4 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -4,7 +4,7 @@ description: Learn how to add production devices to the membership group for a z
 ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Add Production Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 6bfc87a6c3..30d809e60c 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -4,7 +4,7 @@ description: Learn how to add devices to the group for a zone to test whether yo
 ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Add Test Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index b9c0f35fc2..0345da06fe 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -4,7 +4,7 @@ description: Use sample template files import an XML file containing customized
 ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Appendix A: Sample GPO Template Files for Settings Used in this Guide
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 663f7ba800..08a9798526 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -4,7 +4,7 @@ description: Learn how to use Group Policy Management MMC to assign security gro
 ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/02/2019
+ms.technology: mde
 ---
 
 # Assign Security Group Filters to the GPO
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index f8bce090ea..76378c3a0f 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -4,7 +4,7 @@ description: Protect the devices in your organization from unwanted network traf
 ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index 274baf82d2..a8e18add00 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -1,10 +1,8 @@
 ---
 title: Best practices for configuring Windows Defender Firewall
 description: Learn about best practices for configuring Windows Defender Firewall
-
 keywords: firewall, best practices, security, network security, network, rules, filters,
-
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +11,9 @@ author: schmurky
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: article
-
+ms.technology: mde
 ---
 
 # Best practices for configuring Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index 81e8194d88..50e2f66e16 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -4,7 +4,7 @@ description: Learn about GPOs to create that must align with the group you creat
 ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Boundary Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 849fd51e8b..0e67454be2 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -4,7 +4,7 @@ description: Learn how a boundary zone supports devices that must receive traffi
 ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index 45b1bdfe0f..1b369d6c5e 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -4,7 +4,7 @@ description: This example uses a fictitious company to illustrate certificate-ba
 ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Certificate-based Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index 38ec0654bb..7c427d50e7 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Explore the methodology behind Certificate-based Isolation Policy D
 ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Certificate-based isolation policy design
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
index d953de0a48..cbea6cabc0 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -4,7 +4,7 @@ description: Learn how to convert a rule from request to require mode and apply
 ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Change Rules from Request to Require Mode
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
index 8d1a5f6710..a3164b6f45 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -1,10 +1,10 @@
 ---
 title: Checklist Configuring Basic Firewall Settings (Windows 10)
-description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall. 
+description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall.
 ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Basic Firewall Settings
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 9bc976625b..2ecb358ade 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -4,7 +4,7 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Rules for an Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index bb381856b4..c07a12c977 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -4,7 +4,7 @@ description: Checklist Configuring Rules for Servers in a Standalone Isolated Se
 ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index 4a8272c0a4..e10ef7fc18 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -4,7 +4,7 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Rules for the Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index b9406909c6..180c4f2168 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -4,7 +4,7 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Rules for the Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index dce673dded..2bccefd09c 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -4,7 +4,7 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Configuring Rules for the Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index 4bea4169a2..d2ba4b5a27 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -4,7 +4,7 @@ description: Learn to deploy firewall settings, IPsec settings, firewall rules,
 ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Creating Group Policy Objects
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index 4b04bec98e..834016bd7b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -4,7 +4,7 @@ description: Use these tasks for creating inbound firewall rules in your GPOs fo
 ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Creating Inbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index 4b03a9a468..b20cb735f9 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -4,7 +4,7 @@ description: Use these tasks for creating outbound firewall rules in your GPOs f
 ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Creating Outbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index 49d318d5fe..4a4c525867 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -4,7 +4,7 @@ description: Checklist for when creating rules for clients of a Standalone Isola
 ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index 2fec691406..1aa6060a8c 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -1,10 +1,10 @@
 ---
 title: Checklist Implementing a Basic Firewall Policy Design (Windows 10)
-description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation. 
+description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation.
 ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Implementing a Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 6e7e1f12f2..52c11e99ed 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Use these references to learn about using certificates as an authen
 ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Implementing a Certificate-based Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index f9ac702f70..1261adcbb9 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Use these references to learn about the domain isolation policy des
 ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Implementing a Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 5428613f80..1d53748cc1 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Use these tasks to create a server isolation policy design that is
 ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Checklist: Implementing a Standalone Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index 547685f707..e6fd6b4090 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -4,7 +4,7 @@ description: Learn how to configure authentication methods for devices in an iso
 ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure Authentication Methods
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 886c851257..41b2b78f6c 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -4,7 +4,7 @@ description: Learn how to configure the data protection settings for connection
 ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure Data Protection (Quick Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index c619cda63c..cfc3364fe7 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -4,7 +4,7 @@ description: Learn how to configure Group Policy to automatically enroll client
 ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Configure Group Policy to Autoenroll and Deploy Certificates
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index 7666bdc174..f1b75a3291 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -4,7 +4,7 @@ description: Learn how to configure the main mode key exchange settings used to
 ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure Key Exchange (Main Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index ca7c77dfd2..561ea0f380 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -4,7 +4,7 @@ description: Learn how to configure rules to add encryption algorithms and delet
 ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure the Rules to Require Encryption
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index 8cb54165e1..4c82249ccd 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -4,7 +4,7 @@ description: Learn how to configure Windows Defender Firewall with Advanced Secu
 ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure the Windows Defender Firewall with Advanced Security Log
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index 927053f40c..7ff2117797 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -5,13 +5,14 @@ ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.date: 07/30/2018
+ms.technology: mde
 ---
 
 # Configure the Workstation Authentication Certificate Template
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index e7e888bcdb..200675b11a 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -4,7 +4,7 @@ description: Configure Windows Defender Firewall with Advanced Security to suppr
 ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 65704e92f5..8af8ad2d89 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -4,7 +4,7 @@ description: Learn how to confirm that a Group Policy is being applied as expect
 ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: securit
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Confirm That Certificates Are Deployed Correctly
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index 51ecd3fcb2..4020fab006 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -4,7 +4,7 @@ description: Learn how to make a copy of a GPO by using the Active Directory Use
 ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Copy a GPO to Create a New GPO
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index 35f885a1ee..3511ad7f7f 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -4,7 +4,7 @@ description: Learn how to create a security group for the computers that are to
 ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create a Group Account in Active Directory
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index b2cef93530..e6e1e18867 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -4,7 +4,7 @@ description: Learn how to use the Active Directory Users and Computers MMC snap-
 ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Create a Group Policy Object
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index bdcad85769..35cb8d066a 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -4,7 +4,7 @@ description: Learn how to create rules that exempt devices that cannot communica
 ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Authentication Exemption List Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
index 38155aa557..8d9c8d6a87 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
@@ -4,7 +4,7 @@ description: Create a new rule for Windows Defender Firewall with Advanced Secur
 ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Authentication Request Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index 914c035aa9..c56953f28c 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -4,7 +4,7 @@ description: Learn how to allow inbound ICMP traffic by using the Group Policy M
 ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Inbound ICMP Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 89db14ccae..05df6a67cc 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -4,7 +4,7 @@ description: Learn to allow traffic on specific ports by using the Group Policy
 ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Inbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index c2d887fe0d..a47d50ae43 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -4,7 +4,7 @@ description: Learn how to allow inbound traffic to a program or service by using
 ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Inbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index db459ab562..a463162a4d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -4,7 +4,7 @@ description: Learn to block outbound traffic on a port by using the Group Policy
 ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Outbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
index d1211abf11..fe0b68eb1d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -4,7 +4,7 @@ description: Use the Windows Defender Firewall with Advanced Security node in th
 ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create an Outbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index e44f10923b..59cb4d71cb 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -4,7 +4,7 @@ description: Learn how to allow RPC network traffic by using the Group Policy Ma
 ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Create Inbound Rules to Support RPC
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index 9b88cddfe3..51e3460b93 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -4,7 +4,7 @@ description: Learn how to use Intune to create rules in Windows Defender Firewal
 ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
+ms.technology: mde
 ---
 
 # Create Windows Firewall rules in Intune
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index ebcd8943b9..e2a1224d61 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -4,7 +4,7 @@ description: Learn how to use WMI filters on a GPO to make sure that each GPO fo
 ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/25/2017
+ms.technology: mde
 ---
 
 # Create WMI Filters for the GPO
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index 95428bb9b0..68a9281a43 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -4,7 +4,7 @@ description: Answer the question in this article to design an effective Windows
 ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Designing a Windows Defender Firewall with Advanced Security Strategy
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index b4f3c5a658..89fca32581 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -4,7 +4,7 @@ description: Learn how to define the trusted state of devices in your enterprise
 ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Determining the Trusted State of Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index 6ed3a0bf2a..e8f37ee452 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -4,7 +4,7 @@ description: Learn how to document the zone placement of devices in your design
 ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Documenting the Zones
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index bdc9a665db..0e7f47576b 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -4,7 +4,7 @@ description: This example uses a fictitious company to illustrate domain isolati
 ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Domain Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index ab6c8e4327..6c13157e59 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Learn how to design a domain isolation policy, based on which devic
 ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
index 8882aa43b5..0a1b0212b6 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
@@ -4,7 +4,7 @@ description: Learn the rules for Windows Defender Firewall with Advanced Securit
 ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Enable Predefined Inbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index 92491a2ab8..28e4f8649e 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -4,7 +4,7 @@ description: Learn to deploy predefined firewall rules that block outbound netwo
 ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Enable Predefined Outbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index 33338e8b52..9dc32a7f67 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -4,7 +4,7 @@ description: Learn how to add a device to an encryption zone by adding the devic
 ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Encryption Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index 715a2eef02..3fba99acba 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -4,7 +4,7 @@ description: Learn how to create an encryption zone to contain devices that host
 ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 8ac067b11e..2f7a20377f 100644
--- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -4,7 +4,7 @@ description: Evaluating Windows Defender Firewall with Advanced Security Design
 ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Evaluating Windows Defender Firewall with Advanced Security Design Examples
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index 5b87eef36e..38c6fd67c7 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -4,7 +4,7 @@ description: Learn how to add exemptions for any network traffic that uses the I
 ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Exempt ICMP from Authentication
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index eb4909a401..b923df309c 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -4,7 +4,7 @@ description: Learn about reasons to add devices to an exemption list in Windows
 ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Exemption List
diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
index 7ef38e690b..e890a72528 100644
--- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
@@ -3,16 +3,17 @@ title: Filter origin audit log improvements
 description: Filter origin documentation audit log improvements
 ms.reviewer: 
 ms.author: v-bshilpa
-ms.prod: w10
+ms.prod: m365-security
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: normal
 author: Benny-54
 manager: dansimp
 ms.collection: 
-- m365-security-compliance
-- m365-initiative-windows-security
+  - m365-security-compliance
+  - m365-initiative-windows-security
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Filter origin audit log improvements
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index 8a214a169f..faa8a0d788 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -4,7 +4,7 @@ description: In this example, a Group Policy Object is linked to the domain cont
 ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Firewall GPOs
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index ca7bc12d6f..8c8fb36ee5 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -4,7 +4,7 @@ description: This example features a fictitious company and illustrates firewall
 ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Basic Firewall Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
index c5ebe7fbf7..cb36df4ddd 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
@@ -3,16 +3,17 @@ title: Troubleshooting Windows Firewall settings after a Windows upgrade
 description: Firewall settings lost on upgrade
 ms.reviewer: 
 ms.author: v-bshilpa
-ms.prod: w10
+ms.prod: m365-security
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: Benny-54
 manager: dansimp
 ms.collection: 
-- m365-security-compliance
-- m365-initiative-windows-security
+  - m365-security-compliance
+  - m365-initiative-windows-security
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshooting Windows Firewall settings after a Windows upgrade
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index 56c50d121a..35ed36b193 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -4,7 +4,7 @@ description: Learn about gathering Active Directory information, including domai
 ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Gathering Information about Your Active Directory Deployment
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index dc11219314..97aed509bc 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -4,7 +4,7 @@ description: Learn how to gather info about your network infrastructure so that
 ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Gathering Information about Your Current Network Infrastructure
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index 0d8532e07e..1e9b7fee54 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -4,7 +4,7 @@ description: Learn what information to gather about the devices in your enterpri
 ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Gathering Information about Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index 44b471961b..8d8f65a0a5 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -4,7 +4,7 @@ description: Learn about additional information you may need to gather to deploy
 ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Gathering Other Relevant Information
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index 3d79b04f30..fbdf23f73f 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -4,7 +4,7 @@ description: Collect and analyze information about your network, directory servi
 ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Gathering the Information You Need
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index ca757eeba4..4ea713f793 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -4,7 +4,7 @@ description: This example GPO supports devices that are not part of the isolated
 ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # GPO\_DOMISO\_Boundary
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index 7ca03d22e7..7c81975bea 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -9,12 +9,13 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # GPO\_DOMISO\_Encryption\_WS2008
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index 3cba8b312c..7799c8484f 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -4,7 +4,7 @@ description: Learn about the settings and rules in this example GPO, which is au
 ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # GPO\_DOMISO\_Firewall
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
index bc1c471475..c5c16902b2 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -4,7 +4,7 @@ description: Author this GPO by using the Windows Defender Firewall with Advance
 ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Clients
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index de34b9c3ad..a7e5651251 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -4,7 +4,7 @@ description: Author this GPO by using the Windows Defender Firewall wit
 ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Servers
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 96725d8ff3..738e348ccd 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -4,7 +4,7 @@ description: Identifying Your Windows Defender Firewall with Advanced Security (
 ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Identifying Windows Defender Firewall with Advanced Security implementation goals 
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index 841c88ae5d..7b95852c3d 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -4,7 +4,7 @@ description: Implementing Your Windows Defender Firewall with Advanced Security
 ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Implementing Your Windows Defender Firewall with Advanced Security Design Plan
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index a07f984898..878839f37f 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -4,7 +4,7 @@ description: Learn about GPOs for isolated domains in this example configuration
 ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Isolated Domain GPOs
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index 90b121b86e..1b9d83e173 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -4,7 +4,7 @@ description: Learn about the isolated domain, which is the primary zone for trus
 ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index 169d59a2df..bfd7f19f0a 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -1,7 +1,7 @@
 ---
 title: Isolating Microsoft Store Apps on Your Network (Windows 10)
 description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.topic: conceptual
 ms.date: 10/13/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Isolating Microsoft Store Apps on Your Network
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index 9f710aa000..7759669531 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -4,7 +4,7 @@ description: Learn how to link a GPO to the Active Directory container for the t
 ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Link the GPO to the Domain
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 314389955f..ee043c54a0 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,10 +1,10 @@
 ---
 title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10)
-description:  Mapping your implementation goals to a Windows Firewall with Advanced Security design
+description: Mapping your implementation goals to a Windows Firewall with Advanced Security design
 ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 #  Mapping your implementation goals to a Windows Firewall with Advanced Security design
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 9a78732eb3..2f2ec6ad54 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -4,7 +4,7 @@ description: Learn how to modify GPO filters to apply to a different zone or ver
 ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Modify GPO Filters to Apply to a Different Zone or Version of Windows
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index 63c6cbf6d2..7046b6230b 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -4,7 +4,7 @@ description: Learn how to open the Group Policy Management Console to IP Securit
 ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Open the Group Policy Management Console to IP Security Policies
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index ae4136db06..5c3d340ea4 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -4,7 +4,7 @@ description: Group Policy Management of Windows Firewall with Advanced Security
 ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Group Policy Management of Windows Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index 134a6bb928..2c7d2f500b 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -4,7 +4,7 @@ description: Group Policy Management of Windows Defender Firewall with Advanced
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/02/2017
+ms.technology: mde
 ---
 
 # Group Policy Management of Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index 3d67c96d9d..1b99cfae07 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -4,7 +4,7 @@ description: Learn how to open the Windows Defender Firewall with Advanced Secur
 ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Open Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index b2b2a0467b..0f8b7c455f 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -4,7 +4,7 @@ description: Learn how a device unable to join an Active Directory domain can st
 ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Certificate-based Authentication
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index 5a7fcb44a2..af5214261c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -4,7 +4,7 @@ description: Learn how to use information you have gathered to make decisions ab
 ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Domain Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 831200cf48..0f0993409e 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -4,7 +4,7 @@ description: Learn how to use security group filtering and WMI filtering to prov
 ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Planning GPO Deployment
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 22f031c902..7899c1c091 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -4,7 +4,7 @@ description: Learn how to plan a group policy deployment for your isolation zone
 ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Group Policy Deployment for Your Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index cef2c16969..c4fff5ce81 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -4,7 +4,7 @@ description: Learn about planning isolation groups for the zones in Microsoft Fi
 ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Isolation Groups for the Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index 5cb6ff075c..57d452edac 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -4,7 +4,7 @@ description: Learn how to implement a network access group for users and devices
 ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Network Access Groups
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index b1af014fa5..a89145ab4a 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -4,7 +4,7 @@ description: Learn how to restrict access to a server to approved users by using
 ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Planning Server Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index 5a8cd1a017..ce989c23c6 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -4,7 +4,7 @@ description: Learn how to design a basic policy for Windows Defender Firewall wi
 ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Planning Settings for a Basic Firewall Policy
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 80b776ca44..8bb1208626 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -4,7 +4,7 @@ description: Learn about planning Group Policy Objects for your isolation zones
 ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Planning the GPOs
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index 74dacfe608..7dabf87126 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -4,7 +4,7 @@ description: Use the design information in this article to plan for the deployme
 ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Planning to Deploy Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 29b25a7dd2..437bb3fbeb 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -4,7 +4,7 @@ description: After you gather the relevant information, select the design or com
 ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Planning Your Windows Defender Firewall with Advanced Security Design
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index 643f41ab14..e301390ef9 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -4,7 +4,7 @@ description: Refer to this summary of procedures for Windows Defender Firewall w
 ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Procedures Used in This Guide
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index a05d8eb5a3..233776996f 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -4,7 +4,7 @@ description: Learn how running a host-based firewall on every device in your org
 ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Protect devices from unwanted network traffic 
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md
index 6cce740d60..be83308889 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/threat-protection/windows-firewall/quarantine.md
@@ -6,7 +6,7 @@ author: Benny-54
 manager: dansimp
 ms.assetid: 
 ms.reviewer: 
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/17/2020
+ms.technology: mde
 ---
 
 # Quarantine behavior
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index a79aedce9d..81a548b4ee 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -4,7 +4,7 @@ description: Windows Defender Firewall with Advanced Security allows you to requ
 ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Require Encryption When Accessing Sensitive Network Resources
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index 117070ef88..a50232fe28 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -4,7 +4,7 @@ description: Restrict access to devices and users that are members of domain gro
 ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Restrict Access to Only Specified Users or Computers
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index 27007f7718..d7de7d8963 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -4,7 +4,7 @@ description: Windows Defender Firewall with Advanced Security enables you to iso
 ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Restrict access to only trusted devices
diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index 92f54d794a..a9a24aa516 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -4,7 +4,7 @@ description: Create a firewall rule to access isolated servers running Windows S
 ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Restrict Server Access to Members of a Group Only
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index 5ded02bd51..d074ada7fc 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -1,7 +1,7 @@
 ---
 title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
 description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Securing End-to-End IPsec connections by using IKEv2
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index 8286d47f26..bb23429112 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -4,7 +4,7 @@ description: Learn about required GPOs for isolation zones and how many server i
 ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Server Isolation GPOs
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index daba2b5e2c..0e2b6ce11e 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -4,7 +4,7 @@ description: Learn about server isolation policy design in Windows Defender Fire
 ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
+ms.technology: mde
 ---
 
 # Server Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index d5c4333424..f4d452b4cf 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -4,7 +4,7 @@ description: Learn about server isolation policy design, where you assign server
 ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 00bdfd5630..ca95cee02b 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -1,19 +1,19 @@
 ---
 title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
-
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 manager: dansimp
 ms.collection: 
-- m365-security-compliance
-- m365-initiative-windows-security
+  - m365-security-compliance
+  - m365-initiative-windows-security
 ms.topic: troubleshooting
+ms.technology: mde
 ---
 
 # Troubleshooting UWP App Connectivity Issues
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index 0b72885c6e..b6a468447e 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -4,7 +4,7 @@ description: Turn on Windows Defender Firewall with Advanced Security and Config
 ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 0449d6b01f..6a77eda3f7 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -1,7 +1,7 @@
 ---
 title: Understand WFAS Deployment (Windows 10)
 description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Understanding the Windows Defender Firewall with Advanced Security Design Process
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index a7178f39fe..113c3c0cc2 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -4,7 +4,7 @@ description: Learn how to confirm that network traffic is being protected by IPs
 ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Verify That Network Traffic Is Authenticated
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 4daaa5d367..c21749b77b 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows 10)
 description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,6 +14,7 @@ ms.topic: conceptual
 ms.date: 08/17/2017
 ms.reviewer: 
 ms.author: dansimp
+ms.technology: mde
 ---
 
 # Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index ddb0304065..9a3954cc03 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -4,7 +4,7 @@ description: Use this guide to deploy Windows Defender Firewall with Advanced Se
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/17/2017
+ms.technology: mde
 ---
 
 # Windows Defender Firewall with Advanced Security deployment overview
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 98fe19379f..e1a438412f 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -4,7 +4,7 @@ description: Learn about common goals for using Windows Defender Firewall with A
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
 ms.reviewer: 
 ms.author: dansimp
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/05/2017
+ms.technology: mde
 ---
 
 # Windows Defender Firewall with Advanced Security design guide
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 00b1374150..e3becc881c 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Defender Firewall with Advanced Security (Windows 10)
 description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,6 +15,7 @@ ms.topic: conceptual
 ms.date: 10/21/2020
 ms.reviewer: 
 ms.custom: asr
+ms.technology: mde
 ---
 
 # Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index d5041fcb44..3bcba3890f 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -1,7 +1,7 @@
 ---
 title: Common Criteria Certifications
 description: This topic details how Microsoft supports the Common Criteria certification program.
-ms.prod: w10
+ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
@@ -11,6 +11,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.date: 3/20/2019
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Common Criteria Certifications
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index eb25e2cf9c..1ea2225ff6 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox architecture
 description: 
-ms.prod: w10
+ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
@@ -11,6 +11,7 @@ ms.topic: article
 ms.localizationpriority: 
 ms.date: 
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Windows Sandbox architecture
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 637aa964d9..6eb53f8e15 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox configuration
 description: 
-ms.prod: w10
+ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
@@ -11,6 +11,7 @@ ms.topic: article
 ms.localizationpriority: medium
 ms.date: 
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Windows Sandbox configuration
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index ce384ca8d4..81f95a98be 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -1,7 +1,7 @@
 ---
-title: Windows Sandbox 
+title: Windows Sandbox
 description: 
-ms.prod: w10
+ms.prod: m365-security
 audience: ITPro
 author: dansimp
 ms.author: dansimp
@@ -11,6 +11,7 @@ ms.topic: article
 ms.localizationpriority: 
 ms.date: 
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Windows Sandbox 
diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index a0f657a331..1dff3c58b3 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -2,7 +2,7 @@
 title: Windows security baselines
 description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server, and Microsoft 365 Apps for enterprise.
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Windows security baselines
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index 6bb4c84d76..dc04dd3986 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -2,7 +2,7 @@
 title: Get support for Windows security baselines
 description: Find answers to frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics.
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Get Support
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 32282b709b..43cab9aa77 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -2,7 +2,7 @@
 title: Microsoft Security Compliance Toolkit 1.0 Guide
 description: This article describes how to use the Security Compliance Toolkit in your organization
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/26/2018
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Microsoft Security Compliance Toolkit 1.0
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index c5be88f4ea..6f6dcedfad 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -2,7 +2,7 @@
 title: Windows security baselines guide
 description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server 2016, and Office 2016.
 keywords: virtualization, security, malware
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
@@ -13,6 +13,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
+ms.technology: mde
 ---
 
 # Windows security baselines

From 6b129e368cc8e97a8680dbbed15979b112de427b Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 21 Jan 2021 20:52:24 +0200
Subject: [PATCH 157/396] 1

---
 .../find-machine-info-by-ip.md                | 95 -------------------
 .../find-machines-by-tag.md                   | 82 ++++++++++++++++
 2 files changed, 82 insertions(+), 95 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
deleted file mode 100644
index b94742b61d..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
+++ /dev/null
@@ -1,95 +0,0 @@
----
-title: Find device information by internal IP API
-description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP.
-keywords: ip, apis, graph api, supported apis, find device, device information
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Find device information by internal IP API
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
-
-[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
-
-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-Find a device by internal IP.
-
->[!NOTE]
->The timestamp must be within the last 30 days.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Machine.Read.All | 'Read all machine profiles'
-Application | Machine.ReadWrite.All | 'Read and write all machine information'
-
-## HTTP request
-```
-GET /api/machines/find(timestamp={time},key={IP})
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful and machine exists - 200 OK.
-If no machine found - 404 Not Found.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61')
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-
-The response will return a list of all devices that reported this IP address within sixteen minutes prior and after the timestamp. 
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
-    "value": [
-        {
-            "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb",
-            "computerDnsName": "",
-            "firstSeen": "2017-07-06T01:25:04.9480498Z",
-            "osPlatform": "Windows10",
-…
-}
-```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
new file mode 100644
index 0000000000..d076dc226e
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@@ -0,0 +1,82 @@
+---
+title: Find devices by tag API
+description: Find all devices that contain specifc tag 
+keywords: apis, supported apis, get, device, find, find device, by tag, tag
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Find devices by tag API
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
+## API description
+Find [Machines](machine.md) by [Tag](machine-tags.md).
+
+
+## Limitations
+1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
+
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Machine.Read.All |	'Read all machine profiles'
+Application |	Machine.ReadWrite.All |	'Read and write all machine information'
+Delegated (work or school account) | Machine.Read | 'Read machine information'
+Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
+
+>[!Note]
+> When obtaining a token using user credentials:
+> - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+> - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+> - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+
+## HTTP request
+```
+GET /api/machines/findbytag(tag='{tag}')
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK with list of the machines in the response body.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
+```

From 704a3a87252a456ce34bc8242c86ddec26dbdb1c Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Thu, 21 Jan 2021 21:30:59 +0200
Subject: [PATCH 158/396] add info about network boundary

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8880
---
 .../md-app-guard-overview.md                                     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 98150e0f15..0c47055df2 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -52,3 +52,4 @@ Application Guard has been created to target several types of devices:
 | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide |
 | [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
 |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
+|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|

From ac2d63462d8d096c5e9fd0aeead6a1839214af29 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 21 Jan 2021 21:48:12 +0200
Subject: [PATCH 159/396] 1

---
 .../find-machines-by-tag.md                   |   2 +-
 .../import-ti-indicators.md                   | 141 ++++++++++++++++++
 .../post-ti-indicator.md                      |   5 +-
 3 files changed, 145 insertions(+), 3 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
index d076dc226e..c077f850b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@@ -79,4 +79,4 @@ Here is an example of the request.
 
 ```
 GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
-```
+```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
new file mode 100644
index 0000000000..acc7328e9d
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@@ -0,0 +1,141 @@
+---
+title: Import Indicators API
+description: Learn how to use the Import batch of Indicator API in Microsoft Defender Advanced Threat Protection.
+keywords: apis, supported apis, submit, ti, indicator, update
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Import Indicators API
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
+## API description
+Submits or Updates batch of [Indicator](ti-indicator.md) entities.
+<br>CIDR notation for IPs is not supported.
+
+## Limitations
+1. Rate limitations for this API are 30 calls per minute.
+2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant. 
+
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Ti.ReadWrite |	'Read and write Indicators'
+Application |	Ti.ReadWrite.All |	'Read and write All Indicators'
+Delegated (work or school account) |	Ti.ReadWrite |	'Read and write Indicators'
+
+
+## HTTP request
+```
+POST https://api.securitycenter.microsoft.com/api/indicators/import
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+Content-Type | string | application/json. **Required**.
+
+## Request body
+In the request body, supply a JSON object with the following parameters:
+
+Parameter |	Type	| Description
+:---|:---|:---
+Indicators | List<[Indicator](ti-indicator.md)> | List of [Indicators](ti-indicator.md). **Required**
+
+
+## Response
+- If successful, this method returns 200 - OK response code with a list of import results per indicator, see example below.
+- If not successful: this method return 400 - Bad Request. Bad request usually indicates incorrect body.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+POST https://api.securitycenter.microsoft.com/api/indicators/import
+```
+```json
+{
+	"Indicators":
+	[
+		{
+            "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
+            "indicatorType": "FileSha1",
+            "title": "demo",
+            "application": "demo-test",
+            "expirationTime": "2021-12-12T00:00:00Z",
+            "action": "Alert",
+            "severity": "Informational",
+            "description": "demo2",
+            "recommendedActions": "nothing",
+            "rbacGroupNames": ["group1", "group2"]
+        },
+        {
+            "indicatorValue": "2233223322332233223322332233223322332233223322332233223322332222",
+            "indicatorType": "FileSha256",
+            "title": "demo2",
+            "application": "demo-test2",
+            "expirationTime": "2021-12-12T00:00:00Z",
+            "action": "Alert",
+            "severity": "Medium",
+            "description": "demo2",
+            "recommendedActions": "nothing",
+            "rbacGroupNames": []
+        }
+	]
+}
+```
+
+**Request**
+
+Here is an example of the request.
+
+```json
+{
+    "value": [
+        {
+            "id": "2841",
+            "indicator": "220e7d15b011d7fac48f2bd61114db1022197f7f",
+            "isFailed": false,
+            "failureReason": null
+        },
+        {
+            "id": "2842",
+            "indicator": "2233223322332233223322332233223322332233223322332233223322332222",
+            "isFailed": false,
+            "failureReason": null
+        }
+    ]
+}
+```
+
+## Related topic
+- [Manage indicators](manage-indicators.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index ac9c3929ea..433f0a15eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -32,7 +32,7 @@ ms.topic: article
 
 ## API description
 Submits or Updates new [Indicator](ti-indicator.md) entity.
-<br>CIDR notation for IPs is supported.
+<br>CIDR notation for IPs is not supported.
 
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
@@ -90,7 +90,8 @@ Here is an example of the request.
 
 ```
 POST https://api.securitycenter.microsoft.com/api/indicators
-Content-type: application/json
+```
+```json
 {
     "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
     "indicatorType": "FileSha1",

From 08ff136c0d20cf3c6c98780e6f136920d362f91d Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 21 Jan 2021 21:48:50 +0200
Subject: [PATCH 160/396] 2

---
 .../microsoft-defender-atp/import-ti-indicators.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
index acc7328e9d..822e0f9985 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@@ -114,9 +114,9 @@ POST https://api.securitycenter.microsoft.com/api/indicators/import
 }
 ```
 
-**Request**
+**Response**
 
-Here is an example of the request.
+Here is an example of the response.
 
 ```json
 {

From a15ce903b64117ad1e661ee07d142b6f2bd7d205 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Thu, 21 Jan 2021 11:50:31 -0800
Subject: [PATCH 161/396] updating azure ad registered FAQ

---
 .../identity-protection/hello-for-business/hello-faq.yml  | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 4a1e132499..4b52f4852d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -51,11 +51,13 @@ sections:
           
           The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
           
-      - question: How does Windows Hello for Business work with Azure AD workplace registered devices?
+      - question: How does Windows Hello for Business work with Azure AD registered devices?
         answer: |
-          On Azure AD workplace registered devices, a user will be asked to provision a Windows Hello for Business key if the feature is enabled by mobile device management policy. If the user has an existing Windows Hello container for use with their local or Microsoft connected account, the Windows Hello for Business key will be enrolled in their existing container and will be protected using their exiting gestures.
+          On Azure AD registered devices, a user will be asked to provision a Windows Hello for Business key if the feature is enabled by mobile device management policy. If the user has an existing Windows Hello container for use with their local or Microsoft connected account, the Windows Hello for Business key will be enrolled in their existing container and will be protected using their exiting gestures.
 
-          If a user has signed into their Azure AD workplace registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
+          If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
+
+          For more information please read [Azure AD registered devices](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register).
 
       - question: I have Windows Server 2016 domain controller(s), so why is the Key Admins group missing?
         answer: |

From 8f1150a12f25a24568016709705f1c62e43855f1 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 21 Jan 2021 22:10:40 +0200
Subject: [PATCH 162/396] 1

---
 windows/security/threat-protection/TOC.md                      | 2 ++
 .../threat-protection/microsoft-defender-atp/machine.md        | 1 +
 .../threat-protection/microsoft-defender-atp/ti-indicator.md   | 3 ++-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 4fd85c48d2..af35c57f47 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -550,6 +550,7 @@
 ####### [Get security recommendations](microsoft-defender-atp/get-security-recommendations.md)
 ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
 ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
+####### [Find machines by tag](microsoft-defender-atp/find-machines-by-tag.md)
 ####### [Get missing KBs](microsoft-defender-atp/get-missing-kbs-machine.md)
 ####### [Set device value](microsoft-defender-atp/set-device-value.md)
 
@@ -576,6 +577,7 @@
 ###### [Indicators]()
 ####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
 ####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
+####### [Import Indicators](microsoft-defender-atp/import-ti-indicators.md)
 ####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
 ####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 53bdfe131c..f4952472cd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -44,6 +44,7 @@ Method|Return Type |Description
 [Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID.
 [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine.
 [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP.
+[Find machines by tag](find-machines-by-tag.md) | [machine](machine.md) collection | Find machines by [Tag](machine-tags.md).
 [Get missing KBs](get-missing-kbs-machine.md) | KB collection | Get a list of missing KBs associated with the machine ID
 [Set device value](set-device-value.md)| [machine](machine.md) collection | Set the [value of a device](tvm-assign-device-value.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
index 39a5774d5c..1b6bef4976 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@@ -35,7 +35,8 @@ ms.topic: article
 Method|Return Type |Description
 :---|:---|:---
 [List Indicators](get-ti-indicators-collection.md) | [Indicator](ti-indicator.md) Collection | List [Indicator](ti-indicator.md) entities.
-[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
+[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submit or update [Indicator](ti-indicator.md) entity.
+[Import Indicators](import-ti-indicators.md) | [Indicator](ti-indicator.md) Collection | Submit or update [Indicators](ti-indicator.md) entities.
 [Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
 
 

From 544c3c53ee7ae950290838dedfa6121e7da41a6d Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Thu, 21 Jan 2021 12:35:36 -0800
Subject: [PATCH 163/396] Update .openpublishing.redirection.json

redirect for deleted file
---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 0cf060785e..7bcd7f8d15 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -15110,6 +15110,11 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis",

From 4d281e31d100e182c94040de6bbde8ee1a8202b9 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 21 Jan 2021 12:54:14 -0800
Subject: [PATCH 164/396] Update waas-delivery-optimization.md

Add Edge browser support to content type table.
---
 windows/deployment/update/waas-delivery-optimization.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index de5f866595..7337c717c1 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b
     - Office installations and updates
     - Xbox game pass games
     - MSIX apps (HTTP downloads only)
-    - Edge browser installations and updates
+    - Edge browser installs and updates
 
 ## Requirements
 
@@ -90,7 +90,8 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | Win32 apps for Intune | 1709 |
 | Xbox game pass games | 2004 |
 | MSIX apps (HTTP downloads only) | 2004 |
-| Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |
+| Configuration Manager Express updates | 1709 + Configuration Manager version 1711 |
+| Edge browser installs and updates | 1809 |
 
 > [!NOTE]
 > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).

From b8078c2d2404edc569729cc56bb00dd69dc58353 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Thu, 21 Jan 2021 13:31:18 -0800
Subject: [PATCH 165/396] updating azure ad registered FAQ

---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 4b52f4852d..ae0af27fe6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -57,6 +57,8 @@ sections:
 
           If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
 
+          It is possible to Azure AD register a domain joined device. If the domain joined device has a convenience PIN, login with the convenience PIN will no longer work. This configuration is not supported by Windows Hello for Business. 
+
           For more information please read [Azure AD registered devices](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register).
 
       - question: I have Windows Server 2016 domain controller(s), so why is the Key Admins group missing?

From 2d8706bf704047afbe459fe02e162cc84a557d88 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 21 Jan 2021 16:01:06 -0800
Subject: [PATCH 166/396] Corrected "ms.technology: windows" to "ms.technology:
 mde"

This update or correction resolved build errors in PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/4589
---
 .../microsoft-defender-atp/automated-investigations.md          | 2 +-
 .../microsoft-defender-atp/automation-levels.md                 | 2 +-
 .../configure-automated-investigations-remediation.md           | 2 +-
 .../manage-atp-post-migration-configuration-manager.md          | 2 +-
 .../manage-atp-post-migration-group-policy-objects.md           | 2 +-
 .../microsoft-defender-atp/manage-atp-post-migration-intune.md  | 2 +-
 .../manage-atp-post-migration-other-tools.md                    | 2 +-
 .../microsoft-defender-atp/manage-atp-post-migration.md         | 2 +-
 .../mcafee-to-microsoft-defender-migration.md                   | 2 +-
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 .../switch-to-microsoft-defender-onboard.md                     | 2 +-
 .../switch-to-microsoft-defender-prepare.md                     | 2 +-
 .../switch-to-microsoft-defender-setup.md                       | 2 +-
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 781676ba34..4233bcca90 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -5,7 +5,7 @@ keywords: automated, investigation, detection, source, threat types, id, tags, d
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
index 1a1fc25199..e17539d14a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
@@ -5,7 +5,7 @@ keywords: automated, investigation, level, defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
index ee4a6acd7e..c7e2f8158e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
@@ -5,7 +5,7 @@ keywords: configure, setup, automated, investigation, detection, alerts, remedia
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
index a6b368617d..12ff88f1d9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
@@ -5,7 +5,7 @@ keywords: post-migration, manage, operations, maintenance, utilization, Configur
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
index ea79eeab2e..d5af8e2cf2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
@@ -5,7 +5,7 @@ keywords: post-migration, manage, operations, maintenance, utilization, PowerShe
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index 0acb66ee5a..4ac73497e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -5,7 +5,7 @@ keywords: post-migration, manage, operations, maintenance, utilization, intune,
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
index d719b716b1..9280a33aee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
@@ -5,7 +5,7 @@ keywords: post-migration, manage, operations, maintenance, utilization, PowerShe
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index 5c0b3182cf..2cb0d3548e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -5,7 +5,7 @@ keywords: post-migration, manage, operations, maintenance, utilization, windows
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 8ccb856a54..9f65ae6e85 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index e003046028..f703c93219 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index e877489dac..8108d9e245 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 5801957ef9..bf07f58bcb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
index 0f1c89ca89..2a3c2f472f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index c54aa06438..a49d62bf03 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index 1753949339..639bbd689d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index c16c24adb2..7f20e3e024 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 12fa37277d..9ba924e18a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 371303c14f..4d58af47fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 0e99e17b94..8648a57da9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -5,7 +5,7 @@ keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
-ms.technology: windows
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From 63ed3c92e22d2030cf7eb4918c71a2bcf5947f23 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Thu, 21 Jan 2021 16:52:46 -0800
Subject: [PATCH 167/396] Add troubleshooting for DC certs from 3rd party CAs

---
 .../hello-deployment-issues.md                | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 4dece74866..96f5181b12 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -45,6 +45,39 @@ After the initial logon attempt, the user's Windows Hello for Business public ke
 
 To resolve this behavior, upgrade Windows Server 2016 and 2019 domain controllers to with the latest patches. For Windows Server 2016, this behavior is fixed in build 14393.4104 ([KB4593226](https://support.microsoft.com/help/4593226)) and later. For Windows Server 2019, this behavior is fixed in build 17763.1637 ([KB4592440](https://support.microsoft.com/help/4592440)).
 
+## Azure AD Joined Device Access to On-Premises Resources Using Key Trust and Third-Party Certificate Authority (CA)
+
+Applies to:
+
+- Azure AD joined key trust deployments
+- Third-party certificate authority (CA) issuing domain controller certificates
+
+Windows Hello for Business uses smart card based authentication for many operations. Smart card has special guidelines when using a third-party CA for certificate issuance, some of which apply to the domain controllers. Not all Windows Hello for Business deployment types require these configurations. Accessing on-premises resources from an Azure AD Joined device does require special configuration when using a third-party CA to issue domain controller certificates.
+
+For more information, read [Guidelines for enabling smart card logon with third-party certification authorities](
+https://support.microsoft.com/topic/a34a400a-51d5-f2a1-c8c0-7a6c9c49cb78).
+
+### Identifying On-premises Resource Access Issues with Third-Party CAs
+
+This issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client will fail to place a TGS_REQ request when a user attempts to access a resource. On the client, this can be observed in Kerberos event logs:
+
+    The Kerberos client received a KDC certificate that does not have a matched domain name.
+    Expected Domain Name: ad.contoso.com
+    Error Code: 0xC000006D
+
+See [How to enable Kerberos event logging](https://docs.microsoft.com/troubleshoot/windows-server/identity/enable-kerberos-event-logging#enable-kerberos-event-logging-on-a-specific-computer) for information on enabling Kerberos logs on a client device.
+
+### Resolving On-premises Resource Access Issue with Third-Party CAs
+
+To resolve this issue, domain controller certificates need to be updated so the certificate subject contains directory path of the server object (distinguished name).
+Example Subject: CN=DC1 OU=Domain Controller, DC=ad, DC=contoso, DC=com
+
+Alternatively, you can set the subject alternative name (SAN) of the domain controller certificate to contain the server object's fully qualified domain name and the NETBIOS name of the domain.
+Example Subject Alternative Name:
+dns=dc1.ad.contoso.com
+dns=ad.contoso.com
+dns=ad
+
 ## Key Trust Authentication Broken for Windows Server 2019
 
 Applies to:

From 1e96248e32a1da6172b1b24587481405dba6c81c Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Thu, 21 Jan 2021 20:01:51 -0800
Subject: [PATCH 168/396] Update waas-delivery-optimization.md

Add Dynamic updates support
---
 windows/deployment/update/waas-delivery-optimization.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 7337c717c1..599fd37ab1 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -62,10 +62,11 @@ For information about setting up Delivery Optimization, including tips for the b
     - DOMaxUploadBandwidth
     
 - Support for new types of downloads:
-    - Office installations and updates
+    - Office installs and updates
     - Xbox game pass games
     - MSIX apps (HTTP downloads only)
     - Edge browser installs and updates
+    - Dynamic updates
 
 ## Requirements
 
@@ -92,6 +93,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | MSIX apps (HTTP downloads only) | 2004 |
 | Configuration Manager Express updates | 1709 + Configuration Manager version 1711 |
 | Edge browser installs and updates | 1809 |
+| Dynamic updates | 1903 |
 
 > [!NOTE]
 > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).

From f7b513116952b788788b1856b6fc3ed945558a00 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:14:46 -0800
Subject: [PATCH 169/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 2242561c26..1083895ed8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/21/2021
+ms.date: 01/22/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

From cc97ce85b1d8549daebc662e47e134c7f1df2b32 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:27:52 -0800
Subject: [PATCH 170/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 95 +++++++++++++++++--
 1 file changed, 89 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 1083895ed8..0a7de859a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,15 +31,98 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives can include:
-- [Reviewing your threat protection settings and making adjustments where needed](#review-your-threat-protection-settings);
-- [Defining exclusions, such as for antivirus and other endpoint protection features](#review-or-define-exclusions-for-microsoft-defender-for-endpoint);
-- [Classifying false positives in your endpoint protection solution](#classify-a-false-positive-or-false-negative);
-- [Submitting files for further analysis](#submit-a-file-for-analysis); and
-- [Verifying that the applications your organization is using are properly signed](#confirm-your-software-uses-ev-code-signing).
+In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
+
+1.	Reviewing and classifying alerts
+2.	Reviewing remediation actions that were taken
+3.	Reviewing and defining exclusions
+4.	Submitting an entity for analysis
+5.	Reviewing your threat protection settings
 
 If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 
+## Review and classify alerts
+
+If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. And, you can classify alerts as false positives as needed. 
+
+Managing your alerts and classifying false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
+
+### Determine whether an alert is accurate
+
+Before you classify or suppress an alert, determine whether the alert is accurate, a false positive, or benign.
+1. Go to the Microsoft Defender Security Center (https://securitycenter.windows.com) and sign in.
+2.	In the navigation pane, choose **Alerts queue**.
+3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
+4.	Take one of the following steps:   
+   - If the alert is accurate, assign and investigate the alert further.
+   - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. 
+   - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert.
+
+### Classify an alert as a false positive
+
+Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue.
+
+1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2.	Select **Alerts queue**, and then select an alert that is a false positive.
+3.	For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
+4.	In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
+
+> [!TIP]
+> For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts). And, if your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 
+
+### Suppress an alert
+
+If you have alerts that are either false positives or are for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center.
+
+1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2.	In the navigation pane, select **Alerts queue**.
+3.	Select an alert that you want to suppress to open its **Details** pane.
+4.	In the **Details** pane, choose the ellipsis (**...**), and then choose **Create a suppression rule**.
+5.	Specify all the settings for your suppression rule, and then choose **Save**.
+
+> [!TIP]
+> Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule).
+
+## Review remediation actions
+
+[Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, can be taken on entities that are detected as threats. Several types of remediation actions can occur automatically through automated investigation and Microsoft Defender Antivirus. Examples of such actions include:   
+- Quarantine a file
+- Remove a registry key
+- Kill a process
+- Stop a service
+- Disable a driver
+- Remove a scheduled task
+
+Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone.
+
+### Review completed actions
+
+1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 
+2. Select the **History** tab. 
+3. Select an item to view more details about the remediation action that was taken.
+
+If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. Remediation actions that you can undo include the following:
+- Isolate device
+- Restrict code execution
+- Quarantine a file
+- Remove a registry key
+- Stop a service
+- Disable a driver
+- Remove a scheduled task
+
+### To undo an action   
+
+1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2. On the **History** tab, select an action that you want to undo.
+3.	In the flyout pane, select **Undo**. (If the action cannot be undone with this method, you will not see an **Undo** button.)
+
+### To undo multiple actions at one time
+
+1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2.	On the **History** tab, select the actions that you want to undo.
+3.	In the pane on the right side of the screen, select **Undo**.
+
+
 ## Review your threat protection settings
 
 Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:

From a5c3e6656d506074a70daafa4d2842b74139b586 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:29:36 -0800
Subject: [PATCH 171/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 130 +++++++++---------
 1 file changed, 66 insertions(+), 64 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 0a7de859a9..4f8b62add6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -122,6 +122,72 @@ If you find that a remediation action was taken automatically on an entity that
 2.	On the **History** tab, select the actions that you want to undo.
 3.	In the pane on the right side of the screen, select **Undo**.
 
+## Review or define exclusions for Microsoft Defender for Endpoint
+
+An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
+
+To define exclusions across Microsoft Defender for Endpoint, perform the following tasks:
+- [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
+- [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint)
+
+Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
+
+The procedures in this section describe how to define exclusions and indicators.
+
+### Exclusions for Microsoft Defender Antivirus
+
+In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions; however, you can use other methods, such as Group Policy as well.
+
+> [!TIP]
+> Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
+
+#### Use Microsoft Endpoint Manager to manage antivirus exclusions (for existing policies)
+
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-create-a-new-antivirus-policy-with-exclusions)).
+3. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
+4. Expand **Microsoft Defender Antivirus Exclusions** and then specify your exclusions.
+5. Choose **Review + save**, and then choose **Save**.
+
+#### Use Microsoft Endpoint Manager to create a new antivirus policy with exclusions
+
+1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
+2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
+3. Select a platform (such as **Windows 10 and later**, **macOS**, or **Windows 10 and Windows Server**).
+4. For **Profile**, select **Microsoft Defender Antivirus exclusions**, and then choose **Create**.
+5. Specify a name and description for the profile, and then choose **Next**.
+6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.
+7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
+8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
+9. On the **Review + create** tab, review the settings, and then choose **Create**.
+
+### Indicators for Microsoft Defender for Endpoint
+
+[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
+
+To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
+
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
+- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+
+Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
+
+- [Learn more about indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
+- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
+- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
+- [Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
+
+> [!TIP]
+> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
+
+| Indicator type | Prerequisites | Notes  |
+|----|----|---|
+|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version  must be 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
+| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
+| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
+
+
 
 ## Review your threat protection settings
 
@@ -192,70 +258,6 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
-## Review or define exclusions for Microsoft Defender for Endpoint
-
-An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
-
-To define exclusions across Microsoft Defender for Endpoint, perform the following tasks:
-- [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
-- [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint)
-
-Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
-
-The procedures in this section describe how to define exclusions and indicators.
-
-### Exclusions for Microsoft Defender Antivirus
-
-In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions; however, you can use other methods, such as Group Policy as well.
-
-> [!TIP]
-> Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
-
-#### Use Microsoft Endpoint Manager to manage antivirus exclusions (for existing policies)
-
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus**, and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-create-a-new-antivirus-policy-with-exclusions)).
-3. Choose **Properties**, and next to **Configuration settings**, choose **Edit**.
-4. Expand **Microsoft Defender Antivirus Exclusions** and then specify your exclusions.
-5. Choose **Review + save**, and then choose **Save**.
-
-#### Use Microsoft Endpoint Manager to create a new antivirus policy with exclusions
-
-1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
-2. Choose **Endpoint security** > **Antivirus** > **+ Create Policy**. 
-3. Select a platform (such as **Windows 10 and later**, **macOS**, or **Windows 10 and Windows Server**).
-4. For **Profile**, select **Microsoft Defender Antivirus exclusions**, and then choose **Create**.
-5. Specify a name and description for the profile, and then choose **Next**.
-6. On the **Configuration settings** tab, specify your antivirus exclusions, and then choose **Next**.
-7. On the **Scope tags** tab, if you are using scope tags in your organization, specify scope tags for the policy you are creating. (See [Scope tags](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags).)
-8. On the **Assignments** tab, specify the users and groups to whom your policy should be applied, and then choose **Next**. (If you need help with assignments, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/device-profile-assign).)
-9. On the **Review + create** tab, review the settings, and then choose **Create**.
-
-### Indicators for Microsoft Defender for Endpoint
-
-[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
-
-To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
-
-- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
-- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
-- [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
-
-Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
-
-- [Learn more about indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
-- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
-- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
-- [Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
-
-> [!TIP]
-> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
-
-| Indicator type | Prerequisites | Notes  |
-|----|----|---|
-|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version  must be 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
-| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
-| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
 
 ## Classify a false positive or false negative
 

From 4cb7b0ff725dc24fdb77c1f92523830eada4333f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:49:02 -0800
Subject: [PATCH 172/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 111 ++++++++----------
 1 file changed, 47 insertions(+), 64 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4f8b62add6..cb0ee4077d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,7 +33,7 @@ ms.custom: FPFN
 
 In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
 
-1.	Reviewing and classifying alerts
+1.	[Reviewing and classifying alerts](#review-and-classify-alerts)
 2.	Reviewing remediation actions that were taken
 3.	Reviewing and defining exclusions
 4.	Submitting an entity for analysis
@@ -47,10 +47,12 @@ If your security operations team see an alert that was triggered because somethi
 
 Managing your alerts and classifying false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 
+
 ### Determine whether an alert is accurate
 
 Before you classify or suppress an alert, determine whether the alert is accurate, a false positive, or benign.
-1. Go to the Microsoft Defender Security Center (https://securitycenter.windows.com) and sign in.
+
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
 4.	Take one of the following steps:   
@@ -60,7 +62,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 
 ### Classify an alert as a false positive
 
-Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue.
+Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the **Alerts queue**.
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	Select **Alerts queue**, and then select an alert that is a false positive.
@@ -110,13 +112,13 @@ If you find that a remediation action was taken automatically on an entity that
 - Disable a driver
 - Remove a scheduled task
 
-### To undo an action   
+### Undo an action
 
 1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select an action that you want to undo.
 3.	In the flyout pane, select **Undo**. (If the action cannot be undone with this method, you will not see an **Undo** button.)
 
-### To undo multiple actions at one time
+### Undo multiple actions at one time
 
 1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2.	On the **History** tab, select the actions that you want to undo.
@@ -163,7 +165,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 ### Indicators for Microsoft Defender for Endpoint
 
-[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
+[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
 To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
 
@@ -171,23 +173,52 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-Your security team can create indicators for files, IP addresses, URLs, domains, and certificates. Use the following resources to create or manage indicators in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)): 
+Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
-- [Learn more about indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators)
-- [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)
-- [Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)
-- [Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)
+| Indicator type | Prerequisites | Notes  |
+|----|----|---|
+|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
+| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
+| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
 
-| Indicator type | Prerequisites | Notes  |
-|----|----|---|
-|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version  must be 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
-| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint must be enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Your antimalware client version must be 4.18.1906.x or later. <p>Your devices must be running Windows 10, version 1709 or later <p>Custom network indicators must be turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
-| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Your antimalware client version must be 4.18.1901.x or later. <p>Your devices must be running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Your virus and threat protection definitions must be up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
+## Submit a file for analysis
 
+You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. After you sign in at the submission site, you can track your submissions.
 
+### Submit a file for analysis
+
+If you have a file that was either wrongly detected as malicious or was missed, follow these steps to submit the file for analysis.
+
+1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
+2. Visit the Microsoft Security Intelligence submission site ([https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission)), and submit your file(s).
+
+### Submit a fileless detection for analysis
+
+If something was detected as malware based on behavior, and you don’t have a file, you can submit your Mpsupport.cab file for analysis. You can get the .cab file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool.
+
+1.	Go to ` C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`, and then run ** MpCmdRun.exe** as an administrator.
+2.	Type `mpcmdrun.exe -GetFiles`, and then press **Enter**.
+   A .cab file is generated that contains various diagnostic logs. The location of the file is specified in the output of the command prompt. By default, the location is `C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab`.
+3.	Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
+4.	Visit the Microsoft Security Intelligence submission site ([https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission)), and submit your .cab files.
+
+### What happens after a file is submitted?
+
+Your submission is immediately scanned by our systems to give you the latest determination even before an analyst starts handling your case. It’s possible that a file might have already been submitted and processed by an analyst. In those cases, a determination is made quickly.
+
+For submissions that were not already processed, they are prioritized for analysis as follows:
+
+- Prevalent files with the potential to impact large numbers of computers are given a higher priority.
+- Authenticated customers, especially enterprise customers with valid [Software Assurance IDs (SAIDs)](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx), are given a higher priority.
+- Submissions flagged as high priority by SAID holders are given immediate attention.
+
+To check for updates regarding your submission, sign in at the [Microsoft Security Intelligence submission site](https://www.microsoft.com/wdsi/filesubmission). 
+
+> [!TIP]
+> To learn more, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide#how-does-microsoft-prioritize-submissions).
 
 ## Review your threat protection settings
 
@@ -258,54 +289,6 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
-
-## Classify a false positive or false negative
-
-As alerts are triggered, if you see something that was detected as malicious or suspicious that should not be, you can suppress alerts for that entity and classify alerts as false positives. Managing your alerts and classifying false positives helps to train your threat protection solution. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
-
-### Suppress an alert
-
-You can suppress an alert in the Microsoft Defender Security Center.
-
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2. In the navigation pane, select **Alerts queue**. 
-3. Select an alert that you want to suppress to open its **Details** pane.
-4. In the **Details** pane, choose the ellipsis (`...`), and then choose **Create a suppression rule**.
-5. Specify all the settings for your suppression rule, and then choose **Save**. 
-
-> [!TIP]
-> Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule).
-
-### Classify an alert as a false positive
-
-Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue. 
-
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2. Select **Alerts queue**, and then select an alert that is a false positive.
-3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
-4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
-
-> [!TIP]
-> - For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
-> - If your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 
-
-## Submit a file for analysis
-
-You can submit files, such as false positives or false negatives, to Microsoft for analysis. Microsoft security researchers analyze all submissions. After you sign in at the submission site, you can track your submissions.
-
-1. Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
-
-2. Visit the Microsoft Security Intelligence submission ([https://www.microsoft.com/wdsi/filesubmission](https://www.microsoft.com/wdsi/filesubmission)), and submit your file(s).
-
-## Confirm your software uses EV code signing
-
-As explained in the blog, [Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives), digital signatures help to ensure the software integrity. The reputation of digital certificates also plays a role in whether software is considered suspicious or not a threat. By using a reputable certificate, developers can reduce the chances of their software being detected as malware. Extended validation (EV) code signing is a more advanced version of digital certificates and requires a more rigorous vetting and authentication process.
-
-Want to learn more? See the following resources:
-
-- [Microsoft Security Blog: Partnering with the industry to minimize false positives](https://www.microsoft.com/security/blog/2018/08/16/partnering-with-the-industry-to-minimize-false-positives/)
-- [Get a code signing certificate](https://docs.microsoft.com/windows-hardware/drivers/dashboard/get-a-code-signing-certificate)
-
 ## Still need help?
 
 If you still need help after working through all the steps in this article, your best bet is to contact technical support.

From 5b04617b295d16a1106326c79c481534acd475fe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:50:56 -0800
Subject: [PATCH 173/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index cb0ee4077d..69d5634efb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -19,7 +19,7 @@ ms.collection:
 - m365-security-compliance 
 - m365initiative-defender-endpoint 
 ms.topic: conceptual
-ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree
+ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree, jcedola
 ms.custom: FPFN
 ---
 
@@ -34,10 +34,10 @@ ms.custom: FPFN
 In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
 
 1.	[Reviewing and classifying alerts](#review-and-classify-alerts)
-2.	Reviewing remediation actions that were taken
-3.	Reviewing and defining exclusions
-4.	Submitting an entity for analysis
-5.	Reviewing your threat protection settings
+2.	[Reviewing remediation actions that were taken](#review-remediation-actions)
+3.	[Reviewing and defining exclusions](#review-or-define-exclusions-for-microsoft-defender-for-endpoint)
+4.	[Submitting an entity for analysis](#submit-a-file-for-analysis)
+5.	[Reviewing your threat protection settings](#review-your-threat-protection-settings)
 
 If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 

From af20c1f8c8f7088cdd22e4c189ab37f64fcfc0f4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:53:42 -0800
Subject: [PATCH 174/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 69d5634efb..dd7dfd3caa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -103,7 +103,7 @@ Other actions, such as starting an antivirus scan or collecting an investigation
 2. Select the **History** tab. 
 3. Select an item to view more details about the remediation action that was taken.
 
-If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. Remediation actions that you can undo include the following:
+If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo the following remediation actions:
 - Isolate device
 - Restrict code execution
 - Quarantine a file
@@ -178,7 +178,7 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 | Indicator type | Prerequisites | Notes  |
 |----|----|---|
 |Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
-| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
+| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
 | Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
 
 > [!TIP]

From 5596fcc20ce34f2ef0ec31a0c5f2112e18140cd4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:54:20 -0800
Subject: [PATCH 175/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index dd7dfd3caa..977f0216f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -4,8 +4,8 @@ description: Learn how to handle false positives or false negatives in Microsoft
 keywords: alert, exclusion, defender atp, false positive, false negative
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: w10
-ms.technology: windows
+ms.prod: m365-security
+ms.technology: mde
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From 384d221117fb45f3da607eb5d2c907d3284f4c6e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:58:11 -0800
Subject: [PATCH 176/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md     | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 977f0216f7..820e4412bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -175,11 +175,11 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 
 Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
-| Indicator type | Prerequisites | Notes  |
-|----|----|---|
-|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes. |
-| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).) | Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) |
-| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |
+| Indicator type | Prerequisites |
+|:----|:----|
+|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
+| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From e06f4cba036a2a9599136aff2de740050b8168ac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:59:20 -0800
Subject: [PATCH 177/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 820e4412bb..81d6258ac3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -177,8 +177,8 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 | Indicator type | Prerequisites |
 |:----|:----|
-|Files <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> [Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file). <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
-| IP addresses and URLs <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain) <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
+| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
 | Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 
 > [!TIP]

From 5912f7dd084c88e5e4b1af9e08edbecbdb101b71 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 20:59:45 -0800
Subject: [PATCH 178/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 81d6258ac3..9e6d2a7b81 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -179,7 +179,7 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 |:----|:----|
 |**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
 | **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| Certificates <p>`.CER` or `.PEM` file extensions are supported. <p>[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates) <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
+| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From bfee91e04c29c9cb209372e135e9a521d8109666 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 21:00:49 -0800
Subject: [PATCH 179/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9e6d2a7b81..6f17620125 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -177,7 +177,7 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 | Indicator type | Prerequisites |
 |:----|:----|
-|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a couple of minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
+|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p> Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
 | **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
 | **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 

From da2f03ef717aa23a0e3a86c7f81ee598a4ba9ddf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 21:04:10 -0800
Subject: [PATCH 180/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 21 +++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 6f17620125..2896e64818 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,21 +33,20 @@ ms.custom: FPFN
 
 In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
 
-1.	[Reviewing and classifying alerts](#review-and-classify-alerts)
-2.	[Reviewing remediation actions that were taken](#review-remediation-actions)
-3.	[Reviewing and defining exclusions](#review-or-define-exclusions-for-microsoft-defender-for-endpoint)
-4.	[Submitting an entity for analysis](#submit-a-file-for-analysis)
-5.	[Reviewing your threat protection settings](#review-your-threat-protection-settings)
+1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
+2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
+3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions-for-microsoft-defender-for-endpoint)
+4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
+5.	[Reviewing your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
 
 If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 
-## Review and classify alerts
+## Part 1: Review and classify alerts
 
 If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. And, you can classify alerts as false positives as needed. 
 
 Managing your alerts and classifying false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 
-
 ### Determine whether an alert is accurate
 
 Before you classify or suppress an alert, determine whether the alert is accurate, a false positive, or benign.
@@ -85,7 +84,7 @@ If you have alerts that are either false positives or are for unimportant events
 > [!TIP]
 > Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule).
 
-## Review remediation actions
+## Part 2: Review remediation actions
 
 [Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, can be taken on entities that are detected as threats. Several types of remediation actions can occur automatically through automated investigation and Microsoft Defender Antivirus. Examples of such actions include:   
 - Quarantine a file
@@ -124,7 +123,7 @@ If you find that a remediation action was taken automatically on an entity that
 2.	On the **History** tab, select the actions that you want to undo.
 3.	In the pane on the right side of the screen, select **Undo**.
 
-## Review or define exclusions for Microsoft Defender for Endpoint
+## Part 3: Review or define exclusions for Microsoft Defender for Endpoint
 
 An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
@@ -184,7 +183,7 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
 
-## Submit a file for analysis
+## Part 4: Submit a file for analysis
 
 You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. After you sign in at the submission site, you can track your submissions.
 
@@ -220,7 +219,7 @@ To check for updates regarding your submission, sign in at the [Microsoft Securi
 > [!TIP]
 > To learn more, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide#how-does-microsoft-prioritize-submissions).
 
-## Review your threat protection settings
+## Part 5: Review and adjust your threat protection settings
 
 Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 

From 21b877a8f0c60800a12928292c28c5fb344975d0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 21:08:15 -0800
Subject: [PATCH 181/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 2896e64818..8061a0af30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -176,9 +176,9 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 | Indicator type | Prerequisites |
 |:----|:----|
-|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled. <p> Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
-| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)| Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. |Microsoft Defender Antivirus with cloud-based protection is enabled ([Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
+|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later. <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
+| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From 88a45ee671d150a2c6f0450362b878debfd7df74 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 21:09:24 -0800
Subject: [PATCH 182/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8061a0af30..5b2bb0e35f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -178,7 +178,7 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 |:----|:----|
 |**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later. <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
 | **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running one of the following versions of Windows:<br/>- Windows 10, version 1703 or later<br/>- Windows Server 2016<br/>- Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
+| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From 616ad2ad31e4cbb6c8c9511d36dc7a7aff9150b9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 21 Jan 2021 21:10:00 -0800
Subject: [PATCH 183/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5b2bb0e35f..b7016cc7ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -37,7 +37,7 @@ In endpoint protection, a false positive is an entity, such as a file or a proce
 2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
 3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions-for-microsoft-defender-for-endpoint)
 4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
-5.	[Reviewing your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
+5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
 
 If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 

From 7314f0dc114c77be6ad51885a82d2bda31189ef8 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Fri, 22 Jan 2021 11:43:37 +0200
Subject: [PATCH 184/396] 1

---
 .../find-machine-info-by-ip.md                | 96 -------------------
 1 file changed, 96 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
deleted file mode 100644
index b00bf9017d..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Find device information by internal IP API
-description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP.
-keywords: ip, apis, graph api, supported apis, find device, device information
-search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.technology: mde
----
-
-# Find device information by internal IP API
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
-
-[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
-
-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-Find a device by internal IP.
-
->[!NOTE]
->The timestamp must be within the last 30 days.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Machine.Read.All | 'Read all machine profiles'
-Application | Machine.ReadWrite.All | 'Read and write all machine information'
-
-## HTTP request
-```
-GET /api/machines/find(timestamp={time},key={IP})
-```
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful and machine exists - 200 OK.
-If no machine found - 404 Not Found.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61')
-Content-type: application/json
-```
-
-**Response**
-
-Here is an example of the response.
-
-The response will return a list of all devices that reported this IP address within sixteen minutes prior and after the timestamp. 
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
-    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines",
-    "value": [
-        {
-            "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb",
-            "computerDnsName": "",
-            "firstSeen": "2017-07-06T01:25:04.9480498Z",
-            "osPlatform": "Windows10",
-…
-}
-```

From 36c2c65cd728ce4e98098f23554b8acf27f1a4da Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Fri, 22 Jan 2021 09:57:40 -0800
Subject: [PATCH 185/396] updating logging information for 3rd party CA SSO
 issue

---
 .../hello-for-business/hello-deployment-issues.md | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 96f5181b12..2c22e05685 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -59,14 +59,23 @@ https://support.microsoft.com/topic/a34a400a-51d5-f2a1-c8c0-7a6c9c49cb78).
 
 ### Identifying On-premises Resource Access Issues with Third-Party CAs
 
-This issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client will fail to place a TGS_REQ request when a user attempts to access a resource. On the client, this can be observed in Kerberos event logs:
+This issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client will fail to place a TGS_REQ request when a user attempts to access a resource. On the client, this can be observed in the Kerberos operation event log under **Application and Services/Microsoft/Windows/Security-Kerberos/Operational**. These logs are default disabled. The failure event for this case will include the following information:
+
+    Log Name:      Microsoft-Windows-Kerberos/Operational
+    Source:        Microsoft-Windows-Security-Kerberos
+    Event ID:      107
+    GUID:          {98e6cfcb-ee0a-41e0-a57b-622d4e1b30b1} 
+    Task Category: None
+    Level:         Error
+    Keywords:      
+    User:          SYSTEM
+    Description:
 
     The Kerberos client received a KDC certificate that does not have a matched domain name.
+    
     Expected Domain Name: ad.contoso.com
     Error Code: 0xC000006D
 
-See [How to enable Kerberos event logging](https://docs.microsoft.com/troubleshoot/windows-server/identity/enable-kerberos-event-logging#enable-kerberos-event-logging-on-a-specific-computer) for information on enabling Kerberos logs on a client device.
-
 ### Resolving On-premises Resource Access Issue with Third-Party CAs
 
 To resolve this issue, domain controller certificates need to be updated so the certificate subject contains directory path of the server object (distinguished name).

From cce30db3faa820a68826c9c532b23c8d07ae4659 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 12:42:42 -0800
Subject: [PATCH 186/396] Update microsoft-defender-antivirus-compatibility.md

---
 ...microsoft-defender-antivirus-compatibility.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index bac2466090..c39700cab2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: tewchen, pahuijbr, shwjha
 manager: dansimp
-ms.date: 01/11/2021
+ms.date: 01/22/2021
 ms.technology: mde
 ---
 
@@ -34,7 +34,7 @@ Microsoft Defender Antivirus is automatically enabled and installed on endpoints
 
 ## Antivirus and Microsoft Defender for Endpoint
 
-The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender for Endpoint.
+The following table summarizes what happens with Microsoft Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender for Endpoint. 
 
 
 | Windows version   | Antimalware protection  | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state     |
@@ -76,20 +76,22 @@ See [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antiviru
 
 ## Functionality and features available in each state
 
-The table in this section summarizes the functionality and features that are available in each state. 
+The table in this section summarizes the functionality and features that are available in each state. The table is designed to be informational only. It is intended to describe the features & capabilities that are actively working or not, according to whether Microsoft Defender Antivirus is in active mode, in passive mode, or is disabled/uninstalled. 
 
 > [!IMPORTANT]
-> The following table is informational, and it is designed to describe the features & capabilities that are turned on or off according to whether Microsoft Defender Antivirus is in Active mode, in Passive mode, or disabled/uninstalled. Do not turn off capabilities, such as real-time protection, if you are using Microsoft Defender Antivirus in passive mode or are using EDR in block mode. 
+> Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning, if you are using Microsoft Defender Antivirus in passive mode or you are using EDR in block mode. 
 
 |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
 |--|--|--|--|--|--|
 |Active mode <br/><br/>  |Yes |No |Yes |Yes |Yes |
-|Passive mode  |No |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
+|Passive mode  |No |No* |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
 |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
 |Automatic disabled mode  |No |Yes |No |No |No |
 
-- In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
+\* When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is turned on and is in passive mode.
+
+- In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
+- In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
 - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items.
 - When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
 

From 81f83025b6d15dadd7fb8ab916da68c82fa61ed4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 12:44:33 -0800
Subject: [PATCH 187/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index c39700cab2..8c855a644e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -88,7 +88,7 @@ The table in this section summarizes the functionality and features that are ava
 |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
 |Automatic disabled mode  |No |Yes |No |No |No |
 
-\* When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is turned on and is in passive mode.
+\* When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
 
 - In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
 - In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
@@ -106,13 +106,13 @@ The table in this section summarizes the functionality and features that are ava
    If you uninstall the non-Microsoft antivirus product, and use Microsoft Defender Antivirus to provide protection to your devices, Microsoft Defender Antivirus will return to its normal active mode automatically.
 
 > [!WARNING]
-> Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
+> Do not disable, stop, or modify any of the associated services that are used by Microsoft Defender Antivirus, Microsoft Defender for Endpoint, or the Windows Security app. This recommendation includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and processes. Manually modifying these services can cause severe instability on your devices and can make your network vulnerable. Disabling, stopping, or modifying those services can also cause problems when using non-Microsoft antivirus solutions and how their information is displayed in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
 
 
 ## See also
 
 - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
-- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md)
+- [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server-2016.md)
 - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md)
 - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
 - [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about)

From d4e8437e7a5181c54ba7f8709188f6ed805b459d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 12:47:24 -0800
Subject: [PATCH 188/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 8c855a644e..6407748cb0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Antivirus compatibility with other security products
-description: Get an overview of what to expect from Microsoft Defender Antivirus with other security products and the operating systems you are using.
-keywords: windows defender, next-generation, atp, advanced threat protection, compatibility, passive mode
+description: What to expect from Microsoft Defender Antivirus with other security products and the operating systems you are using.
+keywords: windows defender, next-generation, antivirus, compatibility, passive mode
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: m365-security
@@ -40,7 +40,7 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 | Windows version   | Antimalware protection  | Microsoft Defender for Endpoint enrollment | Microsoft Defender Antivirus state     |
 |------|------|-------|-------|
 | Windows 10  | A third-party product that is not offered or developed by Microsoft | Yes  | Passive mode  |
-| Windows 10  | A third-party product that is not offered or developed by Microsoft | No   | Automatic disabled mode     |
+| Windows 10  | A third-party product that is not offered or developed by Microsoft | No   | Automatically disabled mode     |
 | Windows 10  | Microsoft Defender Antivirus | Yes  | Active mode | 
 | Windows 10  | Microsoft Defender Antivirus | No   | Active mode |
 | Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes  | Active mode<sup>[[1](#fn1)]</sup> |

From 9d3b79c092795b58c610ccb6db325a0b277b0688 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 12:50:13 -0800
Subject: [PATCH 189/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 6407748cb0..6bea08e495 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -84,7 +84,7 @@ The table in this section summarizes the functionality and features that are ava
 |State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
 |--|--|--|--|--|--|
 |Active mode <br/><br/>  |Yes |No |Yes |Yes |Yes |
-|Passive mode  |No |No* |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
+|Passive mode  |No* |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
 |[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
 |Automatic disabled mode  |No |Yes |No |No |No |
 

From e3c367848245ca9557b88173045e4e48905b0919 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 12:51:01 -0800
Subject: [PATCH 190/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md    | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 6bea08e495..eda61a27e0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -90,13 +90,17 @@ The table in this section summarizes the functionality and features that are ava
 
 \* When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
 
-- In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
-- In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
-- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items.
-- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
 
 ## Keep the following points in mind
 
+- In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
+
+- In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode.
+
+- When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it can still detect and remediate malicious items.
+
+- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
+
 - If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. [The service requires common information sharing from Microsoft Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
 
 - When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the protection offered by a non-Microsoft antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. Automatic re-enabling helps to ensure that antivirus protection is maintained on your devices. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.

From e44ab03b1935f888964e832040823e6c46a6e5ee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:01:43 -0800
Subject: [PATCH 191/396] Update microsoft-defender-antivirus-compatibility.md

---
 ...icrosoft-defender-antivirus-compatibility.md | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index eda61a27e0..f83f0d7c2b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -81,14 +81,17 @@ The table in this section summarizes the functionality and features that are ava
 > [!IMPORTANT]
 > Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning, if you are using Microsoft Defender Antivirus in passive mode or you are using EDR in block mode. 
 
-|State |[Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) |
-|--|--|--|--|--|--|
-|Active mode <br/><br/>  |Yes |No |Yes |Yes |Yes |
-|Passive mode  |No* |No |Yes |Only during [scheduled or on-demand scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus) |Yes |
-|[EDR in block mode enabled](../microsoft-defender-atp/edr-in-block-mode.md)  |No |No |Yes |Yes |Yes |
-|Automatic disabled mode  |No |Yes |No |No |No |
+| |Active mode |Passive mode |EDR in block mode |Disabled/uninstalled |
+|:---|:---|:---|:---|:---|
+| [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No <sup>[[3](#fn3)]<sup> | No | No |
+| [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | No | Yes |
+| [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
+|  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | Sometimes <sup>[[4](#fn4)]<sup> | Yes | No |
+| [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
 
-\* When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
+(<a id="fn3">2</a>) When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
+
+(<a id="fn4">4</a>) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans.
 
 
 ## Keep the following points in mind

From eade25b1aa6e279284484dbd59a956909da2bef0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:05:38 -0800
Subject: [PATCH 192/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index f83f0d7c2b..d9c129f8d8 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -89,7 +89,7 @@ The table in this section summarizes the functionality and features that are ava
 |  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | Sometimes <sup>[[4](#fn4)]<sup> | Yes | No |
 | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
 
-(<a id="fn3">2</a>) When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
+(<a id="fn3">3</a>) When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
 
 (<a id="fn4">4</a>) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans.
 

From 69ccbd231161f4b00dfa6d945a6bca2f9cad1e56 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:06:07 -0800
Subject: [PATCH 193/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index d9c129f8d8..4786157c84 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -81,7 +81,7 @@ The table in this section summarizes the functionality and features that are ava
 > [!IMPORTANT]
 > Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning, if you are using Microsoft Defender Antivirus in passive mode or you are using EDR in block mode. 
 
-| |Active mode |Passive mode |EDR in block mode |Disabled/uninstalled |
+|Protection |Active mode |Passive mode |EDR in block mode |Disabled/uninstalled |
 |:---|:---|:---|:---|:---|
 | [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No <sup>[[3](#fn3)]<sup> | No | No |
 | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | No | Yes |

From a82b066840ebfe0dd73fd90f77299510156229d9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:06:42 -0800
Subject: [PATCH 194/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 4786157c84..431f0cce09 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -86,7 +86,7 @@ The table in this section summarizes the functionality and features that are ava
 | [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No <sup>[[3](#fn3)]<sup> | No | No |
 | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | No | Yes |
 | [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
-|  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | Sometimes <sup>[[4](#fn4)]<sup> | Yes | No |
+|  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note <sup>[[4](#fn4)]<sup> | Yes | No |
 | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
 
 (<a id="fn3">3</a>) When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.

From 707451815b8aadc582daed8fde478e077e2c0f68 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:08:02 -0800
Subject: [PATCH 195/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 431f0cce09..eec4d1ce3b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -81,7 +81,7 @@ The table in this section summarizes the functionality and features that are ava
 > [!IMPORTANT]
 > Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning, if you are using Microsoft Defender Antivirus in passive mode or you are using EDR in block mode. 
 
-|Protection |Active mode |Passive mode |EDR in block mode |Disabled/uninstalled |
+|Protection |Active mode |Passive mode |EDR in block mode |Disabled or uninstalled |
 |:---|:---|:---|:---|:---|
 | [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No <sup>[[3](#fn3)]<sup> | No | No |
 | [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | No | Yes |

From 244dc8bbb5d5464dea2fe6390c906766bc36e622 Mon Sep 17 00:00:00 2001
From: Carmen Forsmann <cmforsmann@live.com>
Date: Fri, 22 Jan 2021 13:09:33 -0800
Subject: [PATCH 196/396] Update waas-delivery-optimization.md

Add link to Dynamic Updates blog post.
---
 windows/deployment/update/waas-delivery-optimization.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 599fd37ab1..bbafcf8b44 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -66,7 +66,7 @@ For information about setting up Delivery Optimization, including tips for the b
     - Xbox game pass games
     - MSIX apps (HTTP downloads only)
     - Edge browser installs and updates
-    - Dynamic updates
+    - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) 
 
 ## Requirements
 
@@ -93,7 +93,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
 | MSIX apps (HTTP downloads only) | 2004 |
 | Configuration Manager Express updates | 1709 + Configuration Manager version 1711 |
 | Edge browser installs and updates | 1809 |
-| Dynamic updates | 1903 |
+| [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847) | 1903 |
 
 > [!NOTE]
 > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](https://docs.microsoft.com/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910).

From 62bdf47af2aaa078aef65dd8d7f8286ca2e24bc6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:23:59 -0800
Subject: [PATCH 197/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index eec4d1ce3b..91f14d18e0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -89,7 +89,7 @@ The table in this section summarizes the functionality and features that are ava
 |  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note <sup>[[4](#fn4)]<sup> | Yes | No |
 | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
 
-(<a id="fn3">3</a>) When Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode.
+(<a id="fn3">3</a>) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. However, if [Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) (Endpoint DLP) is configured and in effect, protective actions are enforced. Endpoint DLP works with real-time protection and behavior monitoring. 
 
 (<a id="fn4">4</a>) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans.
 

From f00f02304d0c69739960d08e511e56e7e405140d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:35:40 -0800
Subject: [PATCH 198/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md         | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 91f14d18e0..7a74769372 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -43,14 +43,14 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 | Windows 10  | A third-party product that is not offered or developed by Microsoft | No   | Automatically disabled mode     |
 | Windows 10  | Microsoft Defender Antivirus | Yes  | Active mode | 
 | Windows 10  | Microsoft Defender Antivirus | No   | Active mode |
-| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes  | Active mode<sup>[[1](#fn1)]</sup> |
-| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No  | Must be set to passive mode (manually)<sup>[[1](#fn1)]<sup>  |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | Yes  | Active mode <sup>[[1](#fn1)]</sup> |
+| Windows Server, version 1803 or newer, or Windows Server 2019 | A third-party product that is not offered or developed by Microsoft | No  | Must be set to passive mode (manually) <sup>[[1](#fn1)]<sup>  |
 | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus  | Yes |         Active mode  |
 | Windows Server, version 1803 or newer, or Windows Server 2019 | Microsoft Defender Antivirus | No  | Active mode |
 | Windows Server 2016 | Microsoft Defender Antivirus | Yes | Active mode |
 | Windows Server 2016 | Microsoft Defender Antivirus | No | Active mode |
-| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
-| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually)<sup>[[2](#fn2)]<sup> |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | Yes | Must be disabled (manually) <sup>[[2](#fn2)]<sup> |
+| Windows Server 2016 | A third-party product that is not offered or developed by Microsoft | No | Must be disabled (manually) <sup>[[2](#fn2)]<sup> |
 
 (<a id="fn1">1</a>)  On Windows Server, version 1803 or newer, or Windows Server 2019, Microsoft Defender Antivirus does not enter passive mode automatically when you install a non-Microsoft antivirus product. In those cases, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-on-windows-server-2016.md#need-to-set-microsoft-defender-antivirus-to-passive-mode) to prevent problems caused by having multiple antivirus products installed on a server.
 

From 99e5ed848cfe0fd4aec8adcd57b8f85e02c0f637 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:45:39 -0800
Subject: [PATCH 199/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index b7016cc7ba..0a4832febe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -43,7 +43,7 @@ If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/w
 
 ## Part 1: Review and classify alerts
 
-If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. And, you can classify alerts as false positives as needed. 
+If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
 
 Managing your alerts and classifying false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 
@@ -54,7 +54,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
-4.	Take one of the following steps:   
+4.	Take one of the following steps: <br/>   
    - If the alert is accurate, assign and investigate the alert further.
    - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. 
    - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert.
@@ -294,4 +294,9 @@ If you still need help after working through all the steps in this article, your
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2. In the upper right corner, select the question mark (**?**), and then select **Microsoft support**.
-3. In the Support Assistant window, describe your issue, and then send your message. From there, you can open a service request.  
\ No newline at end of file
+3. In the Support Assistant window, describe your issue, and then send your message. From there, you can open a service request.  
+
+## See also
+
+[Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)
+ 
\ No newline at end of file

From f508a1704b5862d2f228eaeef81762e2134cc59d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:47:49 -0800
Subject: [PATCH 200/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 0a4832febe..a05b00432f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -54,10 +54,10 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
-4.	Take one of the following steps: <br/>   
-   - If the alert is accurate, assign and investigate the alert further.
-   - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. 
-   - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert.
+4.	Take one of the following steps:   <br/>   
+    - If the alert is accurate, assign and investigate the alert further.
+    - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. 
+    - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert.
 
 ### Classify an alert as a false positive
 

From f143d389fc4fe91e7feccc6d6986f9642b7b5443 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:56:42 -0800
Subject: [PATCH 201/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index a05b00432f..e21d65054d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. The process of addressing false positives/negatives includes:
+In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include:
 
 1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
 2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
@@ -39,7 +39,7 @@ In endpoint protection, a false positive is an entity, such as a file or a proce
 4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
 5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
 
-If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use this article as a guide to take action. This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
+This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
 
 ## Part 1: Review and classify alerts
 
@@ -55,18 +55,21 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
 4.	Take one of the following steps:   <br/>   
-    - If the alert is accurate, assign and investigate the alert further.
-    - If the alert is a false positive, proceed to classify the alert as a false positive, and then suppress the alert. Also, create an indicator for Microsoft Defender for Endpoint. 
-    - If the alert is accurate but benign (unimportant), classify the alert as a true positive, and then suppress the alert.
 
-### Classify an alert as a false positive
+    | Alert status | What to do |
+    |:---|:---|
+    | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
+    | The alert is a false positive | Proceed to [classify the alert](#classify-an-alert) as a false positive, and then [suppress the alert](#suppress-an-alert). <p> Also, create an indicator for Microsoft Defender for Endpoint. |
+    | The alert is accurate but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
 
-Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the **Alerts queue**.
+### Classify an alert
+
+Your security team can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**.
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	Select **Alerts queue**, and then select an alert that is a false positive.
 3.	For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
-4.	In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
+4.	In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.)
 
 > [!TIP]
 > For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts). And, if your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 

From 87cbe724737cf5cd54d6bb7393c150d0ef345b2e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 13:59:31 -0800
Subject: [PATCH 202/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index e21d65054d..ebf9e149f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -179,9 +179,9 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 | Indicator type | Prerequisites |
 |:----|:----|
-|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later. <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features). | 
-| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** | Network protection in Defender for Endpoint is enabled in block mode. ([Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later. <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later. <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date. | 
+|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
+| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From 7117e088936828f936875166dc99f7d0e6ee140b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:02:08 -0800
Subject: [PATCH 203/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ebf9e149f7..5d5c8cd439 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -177,11 +177,11 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 
 Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
-| Indicator type | Prerequisites |
+| Indicator | Prerequisites |
 |:----|:----|
-|**Files** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes. <p> **[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
-| **IP addresses and URLs** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) <p>**[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **Certificates** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC.<p>**[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
+|**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
+| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+| **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From 313ba03c26e01250398b81e165f00a3eace1f715 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:02:39 -0800
Subject: [PATCH 204/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 5d5c8cd439..68985360e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -178,7 +178,7 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
 | Indicator | Prerequisites |
-|:----|:----|
+|:----:|:----:|
 |**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
 | **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
 | **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 

From 5fe58051f530f67580c42bea28161217a1c1387e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:07:15 -0800
Subject: [PATCH 205/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 68985360e9..cecea25f5e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -76,7 +76,7 @@ Your security team can classify an alert as a false positive or a true positive
 
 ### Suppress an alert
 
-If you have alerts that are either false positives or are for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center.
+If you have alerts that are either false positives or that are true positives but are for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. 
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, select **Alerts queue**.

From 8960bc4e9c0b881a801a4e8f8ecb19e442b5494f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:07:51 -0800
Subject: [PATCH 206/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index cecea25f5e..d5976bd76c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -178,7 +178,7 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, your secu
 Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
 | Indicator | Prerequisites |
-|:----:|:----:|
+|:----|:----|
 |**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
 | **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
 | **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 

From f386ac4af4d8b6e9ae82cd3a12dd8112b92ccfb8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:10:31 -0800
Subject: [PATCH 207/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d5976bd76c..3342692fc9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -302,4 +302,5 @@ If you still need help after working through all the steps in this article, your
 ## See also
 
 [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)
- 
\ No newline at end of file
+
+[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) 
\ No newline at end of file

From 28794addaf76195c266a81fbc9f42834482621b8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:17:17 -0800
Subject: [PATCH 208/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 3342692fc9..56ef4f1e45 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -59,8 +59,8 @@ Before you classify or suppress an alert, determine whether the alert is accurat
     | Alert status | What to do |
     |:---|:---|
     | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
-    | The alert is a false positive | Proceed to [classify the alert](#classify-an-alert) as a false positive, and then [suppress the alert](#suppress-an-alert). <p> Also, create an indicator for Microsoft Defender for Endpoint. |
-    | The alert is accurate but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
+    | The alert is a false positive | 1. Proceed to [classify the alert](#classify-an-alert) as a false positive, and then [suppress the alert](#suppress-an-alert). <p> 2. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <p> 3. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
+    | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
 
 ### Classify an alert
 

From aabbcc4e3710334f83029829595e8bbd8d3f0749 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:18:46 -0800
Subject: [PATCH 209/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 56ef4f1e45..4cc8fd34a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -45,7 +45,7 @@ This article also includes information about [what to do if you still need help]
 
 If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
 
-Managing your alerts and classifying false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
+Managing your alerts and classifying true/false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 
 ### Determine whether an alert is accurate
 

From 223f0f72df48f4d2163e19aa778a881ea8767469 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:21:00 -0800
Subject: [PATCH 210/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 4cc8fd34a3..48f1a3208e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -54,7 +54,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
-4.	Take one of the following steps:   <br/>   
+4.	Depending on the alert status, take the steps described in the following table:   <br/>   
 
     | Alert status | What to do |
     |:---|:---|

From e4a721f0618a51e419046ab3d179b42160e08574 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:26:14 -0800
Subject: [PATCH 211/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 48f1a3208e..20fe6f78d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -227,7 +227,7 @@ To check for updates regarding your submission, sign in at the [Microsoft Securi
 Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
 
 - [Cloud-delivered protection](#cloud-delivered-protection)
-- [Remediation for potentially unwanted apps](#remediation-for-potentially-unwanted-applications-pua) (PUA)
+- [Remediation for potentially unwanted applications](#remediation-for-potentially-unwanted-applications)
 
 ### Cloud-delivered protection
 

From 9dafcb23f50b744dbc973442916eb7e335bbb52f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 22 Jan 2021 14:32:47 -0800
Subject: [PATCH 212/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 20fe6f78d4..195c784c4e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -201,7 +201,7 @@ If you have a file that was either wrongly detected as malicious or was missed,
 
 If something was detected as malware based on behavior, and you don’t have a file, you can submit your Mpsupport.cab file for analysis. You can get the .cab file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool.
 
-1.	Go to ` C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`, and then run ** MpCmdRun.exe** as an administrator.
+1.	Go to ` C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`, and then run `MpCmdRun.exe` as an administrator.
 2.	Type `mpcmdrun.exe -GetFiles`, and then press **Enter**.
    A .cab file is generated that contains various diagnostic logs. The location of the file is specified in the output of the command prompt. By default, the location is `C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab`.
 3.	Review the guidelines here: [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).

From f22675ab6af56193c9f671f3963ecee865bf57c4 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Fri, 22 Jan 2021 17:29:45 -0800
Subject: [PATCH 213/396] Restructuring Windows Hello for Business Docks

---
 windows/security/identity-protection/TOC.md   |   2 +-
 .../feature-multifactor-unlock.md             |   4 +-
 .../hello-deployment-guide.md                 |  43 ++++---
 .../hello-for-business/hello-features.md      |  57 ---------
 .../hello-how-it-works-tech-deep-dive.md      |  49 --------
 .../hello-for-business/hello-how-it-works.md  |  31 +++--
 .../hello-identity-verification.md            |  33 ++---
 .../hello-planning-guide.md                   |  28 +++--
 .../hello-for-business/index.yml              | 113 ++++++++++++++++++
 .../hello-for-business/toc.md                 |   4 +-
 .../hello-for-business/toc.yml                |  18 +++
 windows/security/identity-protection/index.md |   2 +-
 12 files changed, 213 insertions(+), 171 deletions(-)
 delete mode 100644 windows/security/identity-protection/hello-for-business/hello-features.md
 delete mode 100644 windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
 create mode 100644 windows/security/identity-protection/hello-for-business/index.yml
 create mode 100644 windows/security/identity-protection/hello-for-business/toc.yml

diff --git a/windows/security/identity-protection/TOC.md b/windows/security/identity-protection/TOC.md
index 7f7f58c2b8..16e55efb95 100644
--- a/windows/security/identity-protection/TOC.md
+++ b/windows/security/identity-protection/TOC.md
@@ -18,7 +18,7 @@
 #### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md)
 #### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md)
 
-## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
+## [Windows Hello for Business](hello-for-business/index.yml)
 
 ## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
 ### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 215c86beea..da9b1c7c1e 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -1,5 +1,5 @@
 ---
-title: Multifactor Unlock
+title: Multi-factor Unlock
 description: Learn how Windows 10 offers multifactor device unlock by extending Windows Hello with trusted signals. 
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor
 ms.prod: w10
@@ -16,7 +16,7 @@ localizationpriority: medium
 ms.date: 03/20/2018
 ms.reviewer: 
 ---
-# Multifactor Unlock
+# Multi-factor Unlock
 
 **Applies to:**
 -   Windows 10
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index f3f064b1d1..95b07dfe0d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Hello for Business Deployment Guide
+title: Windows Hello for Business Deployment Overview
 description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -13,28 +13,35 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/29/2018
+ms.date: 01/21/2021
 ms.reviewer: 
 ---
-# Windows Hello for Business Deployment Guide
+# Windows Hello for Business Deployment Overview
 
 **Applies to**
--   Windows 10, version 1703 or later
+
+- Windows 10, version 1703 or later
 
 Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair.
 
-This deployment guide is to guide you through deploying Windows Hello for Business, based on the planning decisions made using the Planning a Windows Hello for Business Deployment Guide. It provides you with the information needed to successfully deploy Windows Hello for Business in an existing environment.
+This deployment overview is to guide you through deploying Windows Hello for Business. Your first step should be to use the Passwordless Wizard in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup) or the [Planning a Windows Hello for Business Deployment](hello-planning-guide.md) guide to determine the right deployment model for your organization.
+
+Once you've chosen a deployment model, the deployment guide for the that model will provide you with the information needed to successfully deploy Windows Hello for Business in your environment.
+
+> [!NOTE]
+> Read the [Windows Hello for Business Deployment Prerequisite Overview](hello-identity-verification.md) for a summary of the prerequisites for each different Windows Hello for Business deployment model.
 
 ## Assumptions
 
-This guide assumes that baseline infrastructure exists which meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have: 
-* A well-connected, working network
-* Internet access
-* Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
-* Proper name resolution, both internal and external names
-* Active Directory and an adequate number of domain controllers per site to support authentication
-* Active Directory Certificate Services 2012 or later
-* One or more workstation computers running Windows 10, version 1703
+This guide assumes that baseline infrastructure exists which meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have:
+
+- A well-connected, working network
+- Internet access
+- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning
+- Proper name resolution, both internal and external names
+- Active Directory and an adequate number of domain controllers per site to support authentication
+- Active Directory Certificate Services 2012 or later
+- One or more workstation computers running Windows 10, version 1703
 
 If you are installing a server role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain. This document provides guidance to install and configure the specific roles on that server.  
 
@@ -46,15 +53,17 @@ Windows Hello for Business has three deployment models: Cloud, hybrid, and on-pr
 
 Hybrid deployments are for enterprises that use Azure Active Directory. On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
 
-The trust model determines how you want users to authenticate to the on-premises Active Directory: 
-* The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and have an adequate number of 2016 domain controllers in each site to support authentication. 
-* The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. 
-* The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
+The trust model determines how you want users to authenticate to the on-premises Active Directory:
+
+- The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and have an adequate number of 2016 domain controllers in each site to support authentication.
+- The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today.
+- The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 
 > [!NOTE]
 > RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 
 Following are the various deployment guides and models included in this topic:
+
 - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
 - [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)
 - [Azure AD Join Single Sign-on Deployment Guides](hello-hybrid-aadj-sso.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md
deleted file mode 100644
index d35d4dea64..0000000000
--- a/windows/security/identity-protection/hello-for-business/hello-features.md
+++ /dev/null
@@ -1,57 +0,0 @@
----
-title: Windows Hello for Business Features
-description: Consider additional features you can use after your organization deploys Windows Hello for Business. 
-ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
-ms.reviewer: 
-keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, PIN Reset, Dynamic Lock, Multifactor Unlock, Forgot PIN, Privileged credentials
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security, mobile
-audience: ITPro
-author: mapalko
-ms.author: mapalko
-manager: dansimp
-ms.collection: M365-identity-device-management
-ms.topic: article
-localizationpriority: medium
-ms.date: 11/27/2019
----
-# Windows Hello for Business Features
-
-**Applies to:**
-
-- Windows 10
-
-Consider these additional features you can use after your organization deploys Windows Hello for Business.
-
-## Conditional access
-
-Azure Active Directory provides a wide set of options for protecting access to corporate resources. Conditional access provides more fine grained control over who can access certain resources and under what conditions. For more information see [Conditional Access](hello-feature-conditional-access.md).
-
-## Dynamic lock
-
-Dynamic lock uses a paired Bluetooth device to determine user presence and locks the device if a user is not present. For more information and configuration steps see [Dynamic Lock](hello-feature-dynamic-lock.md). 
-
-## PIN reset
-
-Windows Hello for Business supports user self-management of their PIN. If a user forgets their PIN, they have the ability to reset it from Settings or the lock screen. The Microsoft PIN reset service can be used for completing this reset without the user needing to enroll a new Windows Hello for Business credential. For more information and configuration steps see [Pin Reset](hello-feature-pin-reset.md).
-
-## Dual Enrollment
-
-This feature enables provisioning of administrator Windows Hello for Business credentials that can be used by non-privileged accounts to perform administrative actions. These credentials can be used from the non-privileged accounts using **Run as different user** or **Run as administrator**. For more information and configuration steps see [Dual Enrollment](hello-feature-dual-enrollment.md).
-
-## Remote Desktop
-
-Users with Windows Hello for Business certificate trust can use their credential to authenticate to remote desktop sessions over RDP. When authenticating to the session, biometric gestures can be used if they are enrolled. For more information and configuration steps see [Remote Desktop](hello-feature-remote-desktop.md).
-
-## Related topics
-
-- [Windows Hello for Business](hello-identity-verification.md)
-- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-- [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
deleted file mode 100644
index 0e03beb9e3..0000000000
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: How Windows Hello for Business works - Technical Deep Dive
-description: Deeply explore how Windows Hello for Business works, and how it can help your users authenticate to services.
-keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, works 
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-audience: ITPro
-author: mapalko
-ms.author: mapalko
-manager: dansimp
-ms.collection: M365-identity-device-management
-ms.topic: article
-localizationpriority: medium
-ms.date: 08/19/2018
-ms.reviewer: 
----
-# Technical Deep Dive
-
-**Applies to:**
--   Windows 10
-
-Windows Hello for Business authentication works through collection of components and infrastructure working together.  You can group the infrastructure and components in three categories:
-- [Registration](#registration)
-- [Provisioning](#provisioning)
-- [Authentication](#authentication)
-
-## Registration
-
-Registration is a fundamental prerequisite for Windows Hello for Business.  Without registration, Windows Hello for Business provisioning cannot start.  Registration is where the device **registers** its identity with the identity provider.  For cloud and hybrid deployments, the identity provider is Azure Active Directory and the device registers with the Azure Device Registration Service (ADRS).  For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS). 
-
-[How Device Registration Works](hello-how-it-works-device-registration.md)
-
-
-## Provisioning
-
-Provisioning is when the user uses one form of authentication to request a new Windows Hello for Business credential.  Typically the user signs in to Windows using user name and password.  The provisioning flow requires a second factor of authentication before it will create a strong, two-factor Windows Hello for Business credential.<br>
-After successfully completing the second factor of authentication, the user is asked to enroll biometrics (if available on the device) and create PIN as a backup gesture.  Windows then registers the public version of the Windows Hello for Business credential with the identity provider.<br>
-For cloud and hybrid deployments, the identity provider is Azure Active Directory and the user registers their key with the Azure Device Registration Service (ADRS).  For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the user registers their key with the enterprise device registration service hosted on the federation servers.<br>
-Provision can occur automatically through the out-of-box-experience (OOBE) on Azure Active Directory joined devices, or on hybrid Azure Active Directory joined devices where the user or device is influenced by Windows Hello for Business policy settings.  Users can start provisioning through **Add PIN** from Windows Settings.  Watch the [Windows Hello for Business enrollment experience](hello-videos.md#windows-hello-for-business-user-enrollment-experience) from our [Videos](hello-videos.md) page.
-
-[How Windows Hello for Business provisioning works](hello-how-it-works-provisioning.md)
-
-## Authentication
-
-Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment.  With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN.  PIN is the most common gesture and is available on most computers and devices.  Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.  The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device.  It is user provided entropy when performing operations that use the private portion of the credential.
-
-[How Windows Hello for Business authentication works](hello-how-it-works-authentication.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 528c1b6fe8..60d7c90219 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -19,7 +19,7 @@ ms.reviewer:
 
 **Applies to**
 
--   Windows 10
+- Windows 10
 
 Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords.  Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you.  For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices.  Windows Hello for Business also works for domain joined devices.
 
@@ -28,20 +28,37 @@ Watch this quick video where Pieter Wigleven gives a simple explanation of how W
 
 ## Technical Deep Dive
 
-Windows Hello for Business is a distributed system that uses several components to accomplish device registration, provisioning, and authentication. Use this section to gain a better understanding of each of the components and how they support Windows Hello for Business.
+Windows Hello for Business is a distributed system that uses several components to accomplish device registration, provisioning, and authentication. Use this section to gain a better understanding of each of the categories and how they support Windows Hello for Business.
 
-Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning and authentication work.
+### Device Registration
+
+Registration is a fundamental prerequisite for Windows Hello for Business.  Without registration, Windows Hello for Business provisioning cannot start. Registration is where the device **registers** its identity with the identity provider. For cloud and hybrid deployments, the identity provider is Azure Active Directory and the device registers with the Azure Device Registration Service (ADRS). For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS).
+
+For more information read [how device registration works](hello-how-it-works-device-registration.md).
+
+### Provisioning
+
+Provisioning is when the user uses one form of authentication to request a new Windows Hello for Business credential. Typically the user signs in to Windows using user name and password. The provisioning flow requires a second factor of authentication before it will create a strong, two-factor Windows Hello for Business credential.
+
+Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning works.
 
 > [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
+
+For more information read [how provisioning works](hello-how-it-works-provisioning.md).
+
+### Authentication
+
+Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment. With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN. PIN is the most common gesture and is available on most computers and devices. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential.
+
+Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works.
+
 > [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek]
 
-- [Technology and Terminology](hello-how-it-works-technology.md)
-- [Device Registration](hello-how-it-works-device-registration.md)
-- [Provisioning](hello-how-it-works-provisioning.md)
-- [Authentication](hello-how-it-works-authentication.md)
+For more information read [how authentication works](hello-how-it-works-authentication.md).
 
 ## Related topics
 
+- [Technology and Terminology](hello-how-it-works-technology.md)
 - [Windows Hello for Business](hello-identity-verification.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 4d3512719a..d53a57bff1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Hello for Business (Windows 10)
-description: Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. 
+title: Windows Hello for Business Deployment Prerequisite Overview
+description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
 ms.reviewer: 
 keywords: identity, PIN, biometric, Hello, passport
@@ -15,29 +15,14 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 05/05/2018
+ms.date: 1/22/2021
 ---
 
-# Windows Hello for Business
+# Windows Hello for Business Deployment Prerequisite Overview
 
-In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.</br>
-Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.
+This article lists the infrastructure requirements for the different deployment models for Windows Hello for Business.
 
-Windows Hello addresses the following problems with passwords:
-
-- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
-- Server breaches can expose symmetric network credentials (passwords).
-- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
-- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).
-
-> | | | |
-> | :---: | :---: | :---: |
-> | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
- 
-
-## Prerequisites
-
-### Cloud Only Deployment
+## Cloud Only Deployment
 
 * Windows 10, version 1511 or later
 * Microsoft Azure Account
@@ -46,9 +31,9 @@ Windows Hello addresses the following problems with passwords:
 * Modern Management (Intune or supported third-party MDM), *optional*
 * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
 
-### Hybrid Deployments
+## Hybrid Deployments
 
-The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process. 
+The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
 
 | Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed | 
 | --- | --- | --- | --- |
@@ -76,7 +61,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
 > Reset above lock screen - Windows 10, version 1709, Professional</br>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
-### On-premises Deployments
+## On-premises Deployments
 
 The table shows the minimum requirements for each deployment.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 265aa7219d..22519b0b31 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -19,13 +19,15 @@ ms.reviewer:
 # Planning a Windows Hello for Business Deployment
 
 **Applies to**
--   Windows 10
+
+- Windows 10
 
 Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure.
 
 This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs.
 
-If you have an Azure tenant, you can use our online, interactive Passwordless Wizard which walks through the same choices instead of using our manual guide below. The Passwordless Wizard is available in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup).
+> [!Note]
+>If you have an Azure tenant, you can use our online, interactive Passwordless Wizard which walks through the same choices instead of using our manual guide below. The Passwordless Wizard is available in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup).
 
 ## Using this guide
 
@@ -38,12 +40,13 @@ This guide removes the appearance of complexity by helping you make decisions on
 Read this document and record your decisions on the worksheet. When finished, your worksheet has all the necessary information for your Windows Hello for Business deployment.
 
 There are six major categories you need to consider for a Windows Hello for Business deployment.  Those categories are:
-*   Deployment Options
-*   Client
-*   Management
-*   Active Directory
-*   Public Key Infrastructure
-*   Cloud
+
+- Deployment Options
+- Client
+- Management
+- Active Directory
+-Public Key Infrastructure
+- Cloud
 
 ### Baseline Prerequisites
 
@@ -58,13 +61,16 @@ The goal of Windows Hello for Business is to enable deployments for all organiza
 There are three deployment models from which you can choose: cloud only, hybrid, and on-premises.
 
 ##### Cloud only
+
 The cloud only deployment model is for organizations who only have cloud identities and do not access on-premises resources.  These organizations typically join their devices to the cloud and exclusively use resources in the cloud such as SharePoint, OneDrive, and others.  Also, because these users do not use on-premises resources, they do not need certificates for things like VPN because everything they need is hosted in Azure.
 
 ##### Hybrid
+
 The hybrid deployment model is for organizations that: 
-* Are federated with Azure Active Directory
-* Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
-* Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
+
+- Are federated with Azure Active Directory
+- Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
+- Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
 
 > [!Important]
 > Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.</br>
diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
new file mode 100644
index 0000000000..98c1dc8fc0
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -0,0 +1,113 @@
+### YamlMime:Landing
+
+title: Windows Hello for Business documentation
+summary: Learn how to manage and deploy Windows Hello for Business.
+
+metadata:
+  title: Windows Hello for Business documentation
+  description: Learn how to manage and deploy Windows Hello for Business.
+  ms.prod: w10
+  ms.topic: landing-page
+  author: mapalko
+  manager: dansimp
+  ms.author: mapalko
+  ms.date: 01/22/2021
+  ms.collection: M365-identity-device-management
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card
+  - title: About Windows Hello For Business
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: Windows Hello for Business Overview
+            url: hello-overview.md
+      - linkListType: concept
+        links:
+          - text: Passwordless Strategy
+            url: passwordless-strategy.md
+          - text: Why a PIN is better than a password
+            url: hello-why-pin-is-better-than-password.md
+          - text: Windows Hello biometrics in the enterprise
+            url: hello-biometrics-in-enterprise.md
+          - text: How Windows Hello for Business works
+            url: hello-how-it-works.md
+        -linkListType: learn
+        links: 
+          - text: Technical Deep Dive - Device Registration
+            url: hello-how-it-works-device-registration.md 
+          - text: Technical Deep Dive - Provisioning
+            url: hello-how-it-works-provisioning.md
+          - text: Technical Deep Dive - Authentication
+            url: hello-how-it-works-authentication.md
+          - text: Technology and Terminology
+            url: hello-how-it-works-technology.md
+          - text: Frequently Asked Questions (FAQ)
+            url: hello-faq.yml
+
+  # Card
+  - title: Configure and manage Windows Hello for Business
+    linkLists:
+      - linkListType: concept
+        links:
+          - text: Windows Hello for Business Deployment Overview
+            url: hello-deployment-guide.md
+          - text: Planning a Windows Hello for Business Deployment
+            url: hello-planning-guide.md
+          - text: Deployment Prerequisite Overview
+            url: hello-identity-verification.md
+      - linkListType: how-to-guide
+        links:
+          - text: Hybrid Azure AD Joined Key Trust Deployment
+            url: hello-hybrid-key-trust.md
+          - text: Hybrid Azure AD Joined Certificate Trust Deployment
+            url: hello-hybrid-cert-trust.md
+          - text: On-premises SSO for Azure AD Joined Devices
+            url: hello-hybrid-aadj-sso.md
+          - text: On-premises Key Trust Deployment
+            url: hello-deployment-key-trust.md
+          - text: On-premises Certificate Trust Deployment
+            url: hello-deployment-cert-trust.md
+      - linkListType: learn
+        links:
+          - text: Manage Windows Hello for Business in your organization
+            url: hello-manage-in-organization.md
+          - text: Windows Hello and password changes
+            url: hello-and-password-changes.md
+          - text: Prepare people to use Windows Hello
+            url: hello-prepare-people-to-use.md
+
+  # Card
+  - title: Windows Hello for Business Features
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Conditional Access 
+            url: hello-feature-conditional-access.md
+          - text: PIN Reset
+            url: hello-feature-pin-reset.m
+          - text: Dual Enrollment
+            url: hello-feature-dual-enrollment.md
+          - text: Dynamic Lock
+            url: hello-feature-dynamic-lock.md
+          - text: Multi-factor Unlock
+            url: feature-multifactor-unlock.md
+          - text: Remote Desktop
+            url: hello-feature-remote-desktop.md
+
+  # Card
+  - title: Windows Hello for Business Troubleshooting
+    linkLists:
+      - linkListType: concept
+        links:
+          - text: Known Deployment Issues
+            url: hello-deployment-issues.md
+          - text: Errors During PIN Creation
+            url: hello-errors-during-pin-creation.md
+
+      
+  
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
index b046ac97ee..77e08dfd22 100644
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ b/windows/security/identity-protection/hello-for-business/toc.md
@@ -1,6 +1,6 @@
 # [Windows Hello for Business](hello-identity-verification.md)
 
-## [Password-less Strategy](passwordless-strategy.md)
+## [Passwordless Strategy](passwordless-strategy.md)
 
 ## [Windows Hello for Business Overview](hello-overview.md)
 ## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
@@ -10,7 +10,7 @@
 ### [Conditional Access](hello-feature-conditional-access.md)
 ### [Dual Enrollment](hello-feature-dual-enrollment.md)
 ### [Dynamic Lock](hello-feature-dynamic-lock.md)
-### [Multifactor Unlock](feature-multifactor-unlock.md)
+### [Multi-factor Unlock](feature-multifactor-unlock.md)
 ### [PIN Reset](hello-feature-pin-reset.md)
 ### [Remote Desktop](hello-feature-remote-desktop.md)
 
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
new file mode 100644
index 0000000000..dd48cc97b4
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -0,0 +1,18 @@
+- name: Windows Hello for Business documentation
+  href: index.yml
+- name: Overview
+  items:
+  - name: Windows Hello for Business Overview
+    href: hello-overview.md
+- name: Concepts
+  items:
+  - name:
+    href: 
+- name: How-to Guides
+  items:
+  - name:
+    href: 
+- name: Reference
+  items:
+  - name:
+    href: 
\ No newline at end of file
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index f57abc302f..dd87cded73 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -31,5 +31,5 @@ Learn more about identity and access management technologies in Windows 10 and
 | [Virtual Smart Cards](virtual-smart-cards/virtual-smart-card-overview.md) | Provides information about deploying and managing virtual smart cards, which are functionally similar to physical smart cards and appear in Windows as smart cards that are always-inserted. Virtual smart cards use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. |
 | [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
 | [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
-| [Windows Hello for Business](hello-for-business/hello-identity-verification.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
+| [Windows Hello for Business](hello-for-business/index.yml) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
 | [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |

From 7a3c2bf326fd2ee9fb14527cac612e996625ad1e Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Fri, 22 Jan 2021 17:32:22 -0800
Subject: [PATCH 214/396] fixing new line

---
 .../security/identity-protection/hello-for-business/index.yml  | 3 ---
 .../security/identity-protection/hello-for-business/toc.yml    | 3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
index 98c1dc8fc0..c26699645a 100644
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -108,6 +108,3 @@ landingContent:
             url: hello-deployment-issues.md
           - text: Errors During PIN Creation
             url: hello-errors-during-pin-creation.md
-
-      
-  
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index dd48cc97b4..2c20b2052d 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -15,4 +15,5 @@
 - name: Reference
   items:
   - name:
-    href: 
\ No newline at end of file
+    href: 
+    
\ No newline at end of file

From 56837ef515082a92bd6802b9fc828a86251c2d06 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Sat, 23 Jan 2021 19:07:52 +0100
Subject: [PATCH 215/396] Update install-vamt.md

adding link to ADK, removing specific version to ease maintenance of this page as we would have to update it at least once a year.
---
 windows/deployment/volume-activation/install-vamt.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 6b18acd8ae..c2737b30a4 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -49,8 +49,8 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 ### Install VAMT using the ADK
 
-1. Download and open the [Windows 10, version 1903 ADK](https://go.microsoft.com/fwlink/?linkid=2086042) package.
-Reminder: There won't be new ADK release for 1909.
+1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
+It is recommended to uninstall and install the latest version of ADK if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database. 
 2. Enter an install location or use the default path, and then select **Next**.
 3. Select a privacy setting, and then select **Next**.
 4. Accept the license terms.

From 539a6ec83a1a5072f7482874fc5bf4a27fb51021 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Sat, 23 Jan 2021 19:29:08 +0100
Subject: [PATCH 216/396] Update install-vamt.md

spellings / corrections
---
 windows/deployment/volume-activation/install-vamt.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index c2737b30a4..3c482e49b3 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -49,8 +49,8 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 ### Install VAMT using the ADK
 
-1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
-It is recommended to uninstall and install the latest version of ADK if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database. 
+1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
+It is recommended to uninstall ADK and install the latest version, if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database. 
 2. Enter an install location or use the default path, and then select **Next**.
 3. Select a privacy setting, and then select **Next**.
 4. Accept the license terms.

From b7ac564fd79b1e104204a9c2155adb1968e9e98e Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 14:30:32 +0200
Subject: [PATCH 217/396] 1

---
 .../microsoft-defender-atp/find-machines-by-tag.md  | 13 ++++++++++---
 .../get-discovered-vulnerabilities.md               |  4 ++++
 .../microsoft-defender-atp/get-domain-statistics.md |  7 ++++++-
 .../microsoft-defender-atp/get-file-statistics.md   |  7 ++++++-
 .../microsoft-defender-atp/get-ip-statistics.md     |  7 ++++++-
 .../get-missing-kbs-machine.md                      |  6 +++++-
 .../get-security-recommendations.md                 |  4 ++++
 .../microsoft-defender-atp/import-ti-indicators.md  |  2 +-
 8 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
index c077f850b8..e34e5962d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@@ -32,7 +32,7 @@ ms.topic: article
 
 ## API description
 Find [Machines](machine.md) by [Tag](machine-tags.md).
-
+<br>```startswith``` query is supported. 
 
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
@@ -56,7 +56,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 ## HTTP request
 ```
-GET /api/machines/findbytag(tag='{tag}')
+GET /api/machines/findbytag?tag={tag}&useStartsWithFilter={true/false}
 ```
 
 ## Request headers
@@ -65,6 +65,13 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+tag | String | The tag name. **Required**.
+useStartsWithFilter | Boolean | When set to true, the search will find all devices with tag name that starts with the given tag in the query. Defaults to false. **Optional**.
+
 ## Request body
 Empty
 
@@ -78,5 +85,5 @@ If successful - 200 OK with list of the machines in the response body.
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
+GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
index 773a35d073..258209f10d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@@ -30,8 +30,12 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
+## API description
 Retrieves a collection of discovered vulnerabilities related to a given device ID.
 
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
+
 ## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index dda241406d..3720025ad9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -62,6 +62,11 @@ Header | Value
 :---|:---
 Authorization | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -77,7 +82,7 @@ If successful and domain exists - 200 OK, with statistics object in the response
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
+GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index 45c0c7f97f..ac9da34d73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -62,6 +62,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -77,7 +82,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
+GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
index e720d2f338..5ba7c77cd7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@@ -63,6 +63,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -78,7 +83,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
 Here is an example of the request.
 
 ```http
-GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
+GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
index 9ac01f22cf..abb4bd89f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@@ -30,7 +30,11 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
-Retrieves missing KBs (security updates) by device ID
+## API description
+Retrieves missing KBs (security updates) by device ID.
+
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
 
 ## HTTP request
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
index 1d2dfe41dd..f08ce4f926 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@@ -31,8 +31,12 @@ ms.technology: mde
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
+## API description
 Retrieves a collection of security recommendations related to a given device ID.
 
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
+
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
index 822e0f9985..8e33f2ae5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@@ -37,7 +37,7 @@ Submits or Updates batch of [Indicator](ti-indicator.md) entities.
 ## Limitations
 1. Rate limitations for this API are 30 calls per minute.
 2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant. 
-
+3. Maximum batch size for one API call is 500.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)

From b54bd97a85d313c549533a537de4f5dcc35b61ea Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 14:57:21 +0200
Subject: [PATCH 218/396] 2

---
 .../add-or-remove-machine-tags.md                    |  6 ++++--
 .../collect-investigation-package.md                 |  4 +++-
 .../get-alert-related-domain-info.md                 |  4 +---
 .../get-alert-related-files-info.md                  |  4 +---
 .../get-alert-related-ip-info.md                     |  4 +---
 .../get-alert-related-machine-info.md                |  4 +---
 .../get-alert-related-user-info.md                   |  4 +---
 .../microsoft-defender-atp/get-domain-statistics.md  |  4 +---
 .../microsoft-defender-atp/get-file-information.md   |  4 +---
 .../microsoft-defender-atp/get-file-statistics.md    |  4 +---
 .../get-investigation-collection.md                  |  4 +---
 .../microsoft-defender-atp/get-ip-statistics.md      |  4 +---
 .../microsoft-defender-atp/get-kbinfo-collection.md  |  7 ++-----
 .../microsoft-defender-atp/get-machine-by-id.md      |  4 +---
 .../get-machine-log-on-users.md                      |  4 +---
 .../get-machineaction-object.md                      |  6 ++----
 .../get-machineactions-collection.md                 |  6 ++----
 .../microsoft-defender-atp/get-machines.md           |  4 +---
 .../get-machinesecuritystates-collection.md          |  7 ++-----
 .../microsoft-defender-atp/get-package-sas-uri.md    |  8 ++------
 .../get-ti-indicators-collection.md                  | 12 ++++--------
 .../microsoft-defender-atp/get-user-information.md   |  7 ++-----
 .../initiate-autoir-investigation.md                 |  8 +++++---
 .../microsoft-defender-atp/isolate-machine.md        | 10 ++++++----
 .../microsoft-defender-atp/offboard-machine-api.md   |  6 ++++--
 .../restrict-code-execution.md                       |  9 +++++----
 .../microsoft-defender-atp/run-advanced-query-api.md | 12 +++++++-----
 .../microsoft-defender-atp/run-av-scan.md            |  6 ++++--
 .../stop-and-quarantine-file.md                      |  6 ++++--
 .../microsoft-defender-atp/unisolate-machine.md      |  6 ++++--
 .../unrestrict-code-execution.md                     |  6 ++++--
 .../microsoft-defender-atp/update-alert.md           |  5 +++--
 32 files changed, 82 insertions(+), 107 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index c9987f3a99..2a992e5e4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -90,9 +90,11 @@ If successful, this method returns 200 - Ok response code and the updated Machin
 
 Here is an example of a request that adds machine tag.
 
-```http
+```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
-Content-type: application/json
+```
+
+```json
 {
   "Value" : "test Tag 2",
   "Action": "Add"
diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index ee50396e37..7c823acfd6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -83,7 +83,9 @@ Here is an example of the request.
 
 ```
 POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Collect forensics due to alert 1234"
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
index 9347365103..aaa3ab921d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
index 80dfa7de59..705b9284db 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
index b241dd2b72..02701c84db 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",    
 	"value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index e4850f8d55..a5e59345c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -88,9 +88,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
     "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index ea89e7158c..a256a1f597 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
     "id": "contoso\\user1",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index 3720025ad9..dd3331b476 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookB
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
 	"host": "example.com",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
index 736c3298e2..019f1385c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
 	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index ac9da34d73..cf1898803a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
     "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
index 47662456ae..cca2597b98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/investigations
 
 Here is an example of the response:
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
index 5ba7c77cd7..bc04301ab1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBac
 Here is an example of the response.
 
 
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
     "ipAddress": "10.209.67.177",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
index f108cdfbf6..0eeced010e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@@ -61,18 +61,15 @@ If successful - 200 OK.
 
 Here is an example of the request.
 
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/KbInfo
-Content-type: application/json
 ```
 
 **Response**
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
     "@odata.count": 271,
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index ceac9cc0ed..0a6ff20f30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
 
 
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
     "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
index f4730dce02..3e9b901fac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
 
 
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
index 35d7343116..9520bd1379 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@@ -77,7 +77,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
 ```
 
@@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
     "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
index 11bd89fa3b..d910d3beda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@@ -82,7 +82,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
 
 Here is an example of the request on an organization that has three MachineActions.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions
 ```
 
@@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index ad2331e5ab..42a179a64f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -92,9 +92,7 @@ GET https://api.securitycenter.microsoft.com/api/machines
 
 Here is an example of the response.
 
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
index 9565ba0014..9d1e0ef235 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@@ -60,9 +60,8 @@ If successful - 200 OK.
 
 Here is an example of the request.
 
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
-Content-type: application/json
 ```
 
 **Response**
@@ -70,9 +69,7 @@ Content-type: application/json
 Here is an example of the response.
 Field *id* contains device id and equal to the field *id** in devices info. 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
     "@odata.count":444,
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
index ccd17fea22..2683556f81 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@@ -73,19 +73,15 @@ If successful, this method returns 200, Ok response code with object that holds
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
-
 ```
 
 **Response**
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
-
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
     "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
index 58cb3f78a5..5a5ea5a354 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@@ -78,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
 
 Here is an example of a request that gets all Indicators
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators
 ```
 
@@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
     "value": [
@@ -141,7 +139,7 @@ Content-type: application/json
 
 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```
 
@@ -149,9 +147,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
index 7a7e85e081..d4d47fa618 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@@ -64,9 +64,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1
-Content-type: application/json
 ```
 
 **Response**
@@ -74,9 +73,7 @@ Content-type: application/json
 Here is an example of the response.
 
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
     "id": "user1",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
index dfb9ea34c6..caa8fb231b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Investigatio
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
-Content-type: application/json
+```
+
+```json
 {
-  "Comment": "Test investigation",
+  "Comment": "Test investigation"
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index 00d02c3bfe..67f0760774 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -90,13 +90,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```console
+```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Isolate machine due to alert 1234",
-  “IsolationType”: “Full” 
+  "IsolationType": "Full" 
 }
 ```
 
-- To unisolate a device, see [Release device from isolation](unisolate-machine.md).
+- To release a device from isolation, see [Release device from isolation](unisolate-machine.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
index 8eef870362..df8552d5a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@@ -87,9 +87,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Offboard machine by automation"
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
index fb99be0444..a78424ca79 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@@ -83,14 +83,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution 
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Restrict code execution due to alert 1234"
 }
 
 ```
 
-- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).
-
+- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 88fddcc27b..195101b45a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -35,10 +35,10 @@ ms.technology: mde
 1. You can only run a query on data from the last 30 days.
 2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant:
-   - API calls: Up to 15 calls per minute
-   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day
+   - API calls: Up to 45 calls per minute.
+   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
-5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
+5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. 
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@@ -82,9 +82,11 @@ Request
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
-Content-type: application/json
+```
+
+```json
 {
 	"Query":"DeviceProcessEvents  
     | where InitiatingProcessFileName =~ 'powershell.exe'
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index dda698fd60..aac2826f29 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -91,9 +91,11 @@ If successful, this method returns 201, Created response code and _MachineAction
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan 
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Check machine for viruses due to alert 3212",
   “ScanType”: “Full”
diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
index 26a77dc157..6ab096b9f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
   "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
index 2ddc0fa5f4..9d41281585 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Unisolate machine since it was clean and validated"
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
index c8b9276441..41934f0380 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@@ -82,9 +82,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
-Content-type: application/json
+```
+
+```json
 {
   "Comment": "Unrestrict code execution since machine was cleaned and validated"
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index 4f6423b15e..d2f3515f96 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -91,10 +91,11 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in
 
 Here is an example of the request.
 
-```
+```http
 PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442
-Content-Type: application/json
+```
 
+```json
 {
     "status": "Resolved",
 	"assignedTo": "secop2@contoso.com",

From f803e252caab050a81ec70c30fd0ae8fb48684ef Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 15:46:51 +0200
Subject: [PATCH 219/396] 1

---
 .../collect-investigation-package.md                       | 2 +-
 .../microsoft-defender-atp/create-alert-by-reference.md    | 3 ++-
 .../microsoft-defender-atp/delete-ti-indicator-by-id.md    | 2 +-
 .../microsoft-defender-atp/find-machines-by-ip.md          | 2 +-
 .../microsoft-defender-atp/find-machines-by-tag.md         | 2 +-
 .../get-alert-related-domain-info.md                       | 2 +-
 .../microsoft-defender-atp/get-alert-related-files-info.md | 2 +-
 .../microsoft-defender-atp/get-alert-related-ip-info.md    | 2 +-
 .../get-alert-related-machine-info.md                      | 2 +-
 .../microsoft-defender-atp/get-alert-related-user-info.md  | 2 +-
 .../threat-protection/microsoft-defender-atp/get-alerts.md | 4 ++--
 .../microsoft-defender-atp/get-all-recommendations.md      | 2 +-
 .../get-all-vulnerabilities-by-machines.md                 | 2 +-
 .../microsoft-defender-atp/get-all-vulnerabilities.md      | 2 +-
 .../microsoft-defender-atp/get-cvekbmap-collection.md      | 7 ++-----
 .../microsoft-defender-atp/get-device-secure-score.md      | 2 +-
 .../get-discovered-vulnerabilities.md                      | 4 ++--
 .../microsoft-defender-atp/get-domain-statistics.md        | 2 +-
 .../microsoft-defender-atp/get-exposure-score.md           | 2 +-
 .../microsoft-defender-atp/get-file-information.md         | 2 +-
 .../microsoft-defender-atp/get-file-related-alerts.md      | 2 +-
 .../microsoft-defender-atp/get-file-related-machines.md    | 2 +-
 .../microsoft-defender-atp/get-file-statistics.md          | 2 +-
 .../microsoft-defender-atp/get-installed-software.md       | 2 +-
 .../microsoft-defender-atp/get-ip-related-alerts.md        | 2 +-
 .../get-machine-group-exposure-score.md                    | 2 +-
 .../microsoft-defender-atp/get-machines-by-software.md     | 3 +--
 .../get-machines-by-vulnerability.md                       | 2 +-
 .../microsoft-defender-atp/get-missing-kbs-machine.md      | 2 +-
 .../microsoft-defender-atp/get-missing-kbs-software.md     | 2 +-
 .../microsoft-defender-atp/get-recommendation-by-id.md     | 2 +-
 .../microsoft-defender-atp/get-recommendation-machines.md  | 2 +-
 .../microsoft-defender-atp/get-recommendation-software.md  | 2 +-
 .../get-recommendation-vulnerabilities.md                  | 2 +-
 .../microsoft-defender-atp/get-security-recommendations.md | 4 ++--
 .../microsoft-defender-atp/get-software-by-id.md           | 3 +--
 .../get-software-ver-distribution.md                       | 3 +--
 .../microsoft-defender-atp/get-software.md                 | 2 +-
 .../microsoft-defender-atp/get-user-related-alerts.md      | 2 +-
 .../microsoft-defender-atp/get-user-related-machines.md    | 2 +-
 .../microsoft-defender-atp/get-vuln-by-software.md         | 3 +--
 .../microsoft-defender-atp/get-vulnerability-by-id.md      | 2 +-
 .../microsoft-defender-atp/import-ti-indicators.md         | 3 ++-
 .../microsoft-defender-atp/isolate-machine.md              | 2 +-
 .../microsoft-defender-atp/post-ti-indicator.md            | 3 ++-
 .../microsoft-defender-atp/run-av-scan.md                  | 2 +-
 .../microsoft-defender-atp/update-alert.md                 | 2 +-
 47 files changed, 54 insertions(+), 58 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index 7c823acfd6..dea6142742 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -81,7 +81,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index ac6a1ed6be..91a38d3f42 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -96,9 +96,10 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
 ```
+
 ```json
 {
 	"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index c4921c50f4..127f52cd7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -73,6 +73,6 @@ If Indicator with the specified id was not found - 404 Not Found.
 
 Here is an example of the request.
 
-```
+```http
 DELETE https://api.securitycenter.microsoft.com/api/indicators/995
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 5a461d731b..d9ebb6559c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -80,6 +80,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
index e34e5962d8..5bb4e7756f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@@ -84,6 +84,6 @@ If successful - 200 OK with list of the machines in the response body.
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
index aaa3ab921d..c84308bef0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@@ -77,7 +77,7 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
index 705b9284db..015b98dba0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@@ -77,7 +77,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
index 02701c84db..602a1fd1c4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@@ -78,7 +78,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index a5e59345c3..60d47669c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -79,7 +79,7 @@ If successful and alert and device exist - 200 OK. If alert not found or device
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
index a256a1f597..2afbe73739 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@@ -78,7 +78,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index 918af17cc7..eb0067b2ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -88,7 +88,7 @@ If successful, this method returns 200 OK, and a list of [alert](alerts.md) obje
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts
 ```
 
@@ -152,7 +152,7 @@ Here is an example of the response.
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
index 9be5af6b31..6548493ea9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
index 73cc542fda..0126da149d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
@@ -72,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
index 17f9e97ef1..00ade14700 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
index 41df827074..3264cc7d76 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@@ -61,18 +61,15 @@ If successful and map exists - 200 OK.
 
 Here is an example of the request.
 
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/CveKbMap
-Content-type: application/json
 ```
 
 **Response**
 
 Here is an example of the response.
 
-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
     "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
     "@odata.count": 4168,
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
index b18413a57e..2edded89ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
@@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/configurationScore
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
index 258209f10d..760ce4ddb9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@@ -71,7 +71,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
 ```
 
@@ -79,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
 
 Here is an example of the response.
 
-```
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index dd3331b476..13a3f3f28f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -81,7 +81,7 @@ If successful and domain exists - 200 OK, with statistics object in the response
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
index c06627a36f..0288816bb4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
@@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/exposureScore
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
index 019f1385c7..37b4c39da7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@@ -76,7 +76,7 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
index dd23bde922..1ef694df96 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
index 981b5352e4..c0de4442c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index cf1898803a..ab8b12267d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -81,7 +81,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
index 1d74c52f25..9effa5d7a6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
@@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
index ec0bd5533a..d4f66c71d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@@ -79,6 +79,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
index f7ea61feb1..6f54986e33 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
@@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
index cbcb0e0b06..b2f9da0734 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
 ```
 
@@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi
 Here is an example of the response.
 
 ```json
-
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
index 35a821c812..bf4208cd36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
index abb4bd89f5..d3c13ddae1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@@ -62,7 +62,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
index 4c037b678e..3b53dabe02 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
@@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
index d752962405..5548416186 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
index 7d46d6e6fe..fa448849b7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
index 4f144b37e3..0fcdc3e55a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software 
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
index 6c606f3bfc..e4a52ff2a7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
index f08ce4f926..2581a14cb0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@@ -70,7 +70,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
 ```
 
@@ -79,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
 Here is an example of the response.
 
 
-```
+```json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
index da3f09fb2d..58ff771315 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 ```
 
@@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 Here is an example of the response.
 
 ```json
-
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
     "id": "microsoft-_-edge",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
index c707f59ef2..897e0c91a7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
 ```
 
@@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr
 Here is an example of the response.
 
 ```json
-
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
index 95e59d134f..b070207ed0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
@@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
index 7705c00e4b..341e56d35d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@@ -81,6 +81,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1/alerts
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
index 7cab2321b4..b91c080c8e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@@ -82,6 +82,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1/machines
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
index c60ff31fdb..762572746a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities 
 ```
 
@@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulne
 Here is an example of the response.
 
 ```json
-
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
     "value": [
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
index e8cc9c8257..441ac6bf08 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
@@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
index 8e33f2ae5c..ae63ad7d4b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@@ -79,9 +79,10 @@ Indicators | List<[Indicator](ti-indicator.md)> | List of [Indicators](ti-indica
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/indicators/import
 ```
+
 ```json
 {
 	"Indicators":
diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index 67f0760774..15f0c9b691 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -90,7 +90,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
index c5bedda425..f019e3a9d3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@@ -89,9 +89,10 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
 
 Here is an example of the request.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/indicators
 ```
+
 ```json
 {
     "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
index aac2826f29..68a10a5e99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@@ -98,7 +98,7 @@ POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2
 ```json
 {
   "Comment": "Check machine for viruses due to alert 3212",
-  “ScanType”: “Full”
+  "ScanType": "Full"
 }
 ```
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
index d2f3515f96..a19d0d51e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@@ -103,4 +103,4 @@ PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_213
     "determination": "Malware",
     "comment": "Resolve my alert and assign to secop2"
 }
-```
+```
\ No newline at end of file

From c8dde0220a6429f0e4fa375709c1b642f5ec4a98 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 16:17:49 +0200
Subject: [PATCH 220/396] 5

---
 .../threat-protection/microsoft-defender-atp/investigation.md   | 2 +-
 .../threat-protection/microsoft-defender-atp/machine.md         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
index 6afbbec900..64b309d544 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
@@ -40,7 +40,7 @@ Represent an Automated Investigation entity in Defender for Endpoint.
 Method|Return Type |Description
 :---|:---|:---
 [List Investigations](get-investigation-collection.md) | Investigation collection | Get collection of Investigation
-[Get single Investigation](get-investigation-collection.md) | Investigation entity | Gets single Investigation entity.
+[Get single Investigation](get-investigation-object.md) | Investigation entity | Gets single Investigation entity.
 [Start Investigation](initiate-autoir-investigation.md) | Investigation entity | Starts Investigation on a device.
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index c0cfd906a5..896f5ca654 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -62,7 +62,7 @@ version | String | Operating system Version.
 osBuild | Nullable long | Operating system build number.
 lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
 lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
-healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
+healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". 
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.

From 5823e24e7ac6d543273fdbf8963a454ad921f8d6 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 16:50:27 +0200
Subject: [PATCH 221/396] 3

---
 .../microsoft-defender-atp/run-advanced-query-api.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 195101b45a..1f52029bfe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -36,7 +36,7 @@ ms.technology: mde
 2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant:
    - API calls: Up to 45 calls per minute.
-   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day.
+   - Execution time: 10 minutes of running time every hour and 3 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
 5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. 
 

From 963bbb8f93de94590c0ed5948d0a965dd92d304e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 25 Jan 2021 21:09:14 +0500
Subject: [PATCH 222/396] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index af35c57f47..122083cfeb 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -114,6 +114,7 @@
 ##### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
 ##### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md)
 ##### [Import, export, and deploy exploit protection configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
+##### [Troubleshoot exploit protection mitigations](microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md)
 ##### [Exploit protection reference](microsoft-defender-atp/exploit-protection-reference.md )
 
 #### [Network protection]()

From 463b8b0f8cf8d6b1066728d21cb4b34138608a98 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Mon, 25 Jan 2021 10:13:26 -0600
Subject: [PATCH 223/396] Update security-compliance-toolkit-10.md

Removed 1709 as we dont support it any longer and pulled it from the DLC
---
 .../security/threat-protection/security-compliance-toolkit-10.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index fd8ba1f7f9..509869f9e5 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -34,7 +34,6 @@ The Security Compliance Toolkit consists of:
     - Windows 10 Version 1903 (May 2019 Update)
     - Windows 10 Version 1809 (October 2018 Update)
     - Windows 10 Version 1803 (April 2018 Update)
-    - Windows 10 Version 1709 (Fall Creators Update)
     - Windows 10 Version 1607 (Anniversary Update)
     - Windows 10 Version 1507
 

From f8e3f311ae43ba2b3c195b8c4a5c48b54c9c4869 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 25 Jan 2021 21:17:00 +0500
Subject: [PATCH 224/396] Update mandatory-settings-for-wip.md

---
 .../mandatory-settings-for-wip.md                               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index eb25f0556d..bf2e926154 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -28,7 +28,7 @@ This list provides all of the tasks and settings that are required for the opera
 |Task|Description|
 |----|-----------|
 |Add at least one app to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics.|
-|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the **Manage the WIP protection mode for your enterprise data** section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
+|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage the WIP protection mode for your enterprise data](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|
 |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.|

From b9cae92b5b8afb1f57771f5120df16ddfed3079a Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Mon, 25 Jan 2021 10:57:53 -0800
Subject: [PATCH 225/396] updating toc to toc.yml and updating nesting to match
 restructuring of documentation

---
 .../hello-for-business/index.yml              |   4 +-
 .../hello-for-business/toc.md                 |  72 ----------
 .../hello-for-business/toc.yml                | 132 +++++++++++++++++-
 3 files changed, 127 insertions(+), 81 deletions(-)
 delete mode 100644 windows/security/identity-protection/hello-for-business/toc.md

diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
index c26699645a..4035fa1cd7 100644
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -89,7 +89,7 @@ landingContent:
           - text: Conditional Access 
             url: hello-feature-conditional-access.md
           - text: PIN Reset
-            url: hello-feature-pin-reset.m
+            url: hello-feature-pin-reset.md
           - text: Dual Enrollment
             url: hello-feature-dual-enrollment.md
           - text: Dynamic Lock
@@ -102,7 +102,7 @@ landingContent:
   # Card
   - title: Windows Hello for Business Troubleshooting
     linkLists:
-      - linkListType: concept
+      - linkListType: how-to-guide
         links:
           - text: Known Deployment Issues
             url: hello-deployment-issues.md
diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md
deleted file mode 100644
index 77e08dfd22..0000000000
--- a/windows/security/identity-protection/hello-for-business/toc.md
+++ /dev/null
@@ -1,72 +0,0 @@
-# [Windows Hello for Business](hello-identity-verification.md)
-
-## [Passwordless Strategy](passwordless-strategy.md)
-
-## [Windows Hello for Business Overview](hello-overview.md)
-## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-## [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
-
-## [Windows Hello for Business Features](hello-features.md)
-### [Conditional Access](hello-feature-conditional-access.md)
-### [Dual Enrollment](hello-feature-dual-enrollment.md)
-### [Dynamic Lock](hello-feature-dynamic-lock.md)
-### [Multi-factor Unlock](feature-multifactor-unlock.md)
-### [PIN Reset](hello-feature-pin-reset.md)
-### [Remote Desktop](hello-feature-remote-desktop.md)
-
-## [How Windows Hello for Business works](hello-how-it-works.md)
-### [Technical Deep Dive](hello-how-it-works.md#technical-deep-dive)
-#### [Device Registration](hello-how-it-works-device-registration.md)
-#### [Provisioning](hello-how-it-works-provisioning.md)
-#### [Authentication](hello-how-it-works-authentication.md)
-#### [Technology and Terminology](hello-how-it-works-technology.md)
-
-## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md)
-
-## [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-
-## [Windows Hello for Business Deployment Guide](hello-deployment-guide.md)
-
-### [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
-#### [Prerequisites](hello-hybrid-key-trust-prereqs.md)
-#### [New Installation Baseline](hello-hybrid-key-new-install.md)
-#### [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
-#### [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
-#### [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
-#### [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
-
-### [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)
-#### [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
-#### [New Installation Baseline](hello-hybrid-cert-new-install.md)
-#### [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
-#### [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings.md)
-#### [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
-
-### [Azure AD Join Single Sign-on Deployment Guides](hello-hybrid-aadj-sso.md)
-#### [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](hello-hybrid-aadj-sso-base.md)
-#### [Using Certificates for AADJ On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md)
-
-### [On Premises Key Trust Deployment](hello-deployment-key-trust.md)
-#### [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
-#### [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
-#### [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)
-##### [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-#### [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
-
-### [On Premises Certificate Trust Deployment](hello-deployment-cert-trust.md)
-#### [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-#### [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-#### [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-#### [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md)
-#### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
-
-## [Windows Hello and password changes](hello-and-password-changes.md)
-## [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-
-## [Windows Hello for Business Frequently Asked Questions (FAQ)](hello-faq.yml)
-### [Windows Hello for Business Videos](hello-videos.md)
-
-## Windows Hello for Business Troubleshooting
-### [Known Deployment Issues](hello-deployment-issues.md)
-### [Errors during PIN creation](hello-errors-during-pin-creation.md)
-### [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 2c20b2052d..65d8c83904 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -5,15 +5,133 @@
   - name: Windows Hello for Business Overview
     href: hello-overview.md
 - name: Concepts
+  expanded: true
   items:
-  - name:
-    href: 
+  - name: Passwordless Strategy
+    href: passwordless-strategy.md
+  - name: Why a PIN is better than a password
+    href: hello-why-pin-is-better-than-password.md
+  - name: Windows Hello biometrics in the enterprise
+    href: hello-biometrics-in-enterprise.md
+  - name: How Windows Hello for Business works
+    href: hello-how-it-works.md
+  - name: Technical Deep Dive
+    items:
+    - name: Device Registration
+      href: hello-how-it-works-device-registration.md 
+    - name: Provisioning
+      href: hello-how-it-works-provisioning.md
+    - name: Authentication
+      href: hello-how-it-works-authentication.md
 - name: How-to Guides
   items:
-  - name:
-    href: 
+  - name: Windows Hello for Business Deployment Overview
+    href: hello-deployment-guide.md
+  - name: Planning a Windows Hello for Business Deployment
+    href: hello-planning-guide.md
+  - name: Deployment Prerequisite Overview
+    href: hello-identity-verification.md
+  - name: Prepare people to use Windows Hello
+    href: hello-prepare-people-to-use.md
+  - name: Deployment Guides
+    items:
+    - name: Hybrid Azure AD Joined Key Trust
+      items: 
+      - name: Hybrid Azure AD Joined Key Trust Deployment
+        href: hello-hybrid-key-trust.md
+      - name: Prerequisites
+        href: hello-hybrid-key-trust-prereqs.md
+      - name: New Installation Baseline
+        href: hello-hybrid-key-new-install.md
+      - name: Configure Directory Synchronization
+        href: hello-hybrid-key-trust-dirsync.md
+      - name: Configure Azure Device Registration
+        href: hello-hybrid-key-trust-devreg.md
+      - name: Configure Windows Hello for Business settings
+        href: hello-hybrid-key-whfb-settings.md
+      - name: Sign-in and Provisioning
+        href: hello-hybrid-key-whfb-provision.md
+    - name: Hybrid Azure AD Joined Certificate Trust
+      items: 
+      - name: Hybrid Azure AD Joined Certificate Trust Deployment
+        href: hello-hybrid-cert-trust.md
+      - name: Prerequisites
+        href: hello-hybrid-cert-trust-prereqs.md
+      - name: New Installation Baseline
+        href: hello-hybrid-cert-new-install.md
+      - name: Configure Azure Device Registration
+        href: hello-hybrid-cert-trust-devreg.md
+      - name: Configure Windows Hello for Business settings
+        href: hello-hybrid-cert-whfb-settings.md
+      - name: Sign-in and Provisioning
+        href: hello-hybrid-cert-whfb-provision.md
+    - name: On-premises SSO for Azure AD Joined Devices
+      items: 
+      - name: On-premises SSO for Azure AD Joined Devices Deployment 
+        href: hello-hybrid-aadj-sso.md
+      - name: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business
+        href: hello-hybrid-aadj-sso-base.md
+      - name: Using Certificates for AADJ On-premises Single-sign On
+        href: hello-hybrid-aadj-sso-cert.md
+    - name: On-premises Key Trust
+      items: 
+      - name: On-premises Key Trust Deployment
+        href: hello-deployment-key-trust.md
+      - name: Validate Active Directory Prerequisites
+        href: hello-key-trust-validate-ad-prereq.md
+      - name: Validate and Configure Public Key Infrastructure
+        href: hello-key-trust-validate-pki.md
+      - name: Prepare and Deploy Windows Server 2016 Active Directory Federation Services
+        href: hello-key-trust-adfs.md
+      - name: Validate and Deploy Multi-factor Authentication (MFA) Services
+        href: hello-key-trust-validate-deploy-mfa.md
+      - name: Configure Windows Hello for Business policy settings
+        href: hello-key-trust-policy-settings.md
+    - name: On-premises Certificate Trust
+      items: 
+      - name: On-premises Certificate Trust Deployment
+        href: hello-deployment-cert-trust.md
+      - name: Validate Active Directory Prerequisites
+        href: hello-cert-trust-validate-ad-prereq.md
+      - name: Validate and Configure Public Key Infrastructure
+        href: hello-cert-trust-validate-pki.md
+      - name: Prepare and Deploy Windows Server 2016 Active Directory Federation Services
+        href: hello-cert-trust-adfs.md
+      - name: Validate and Deploy Multi-factor Authentication (MFA) Services
+        href: hello-cert-trust-validate-deploy-mfa.md
+      - name: Configure Windows Hello for Business policy settings
+        href: hello-cert-trust-policy-settings.md
+    - name: Managing Windows Hello for Business in your organization
+       href: hello-manage-in-organization.md
+  - name: Windows Hello for Business Features
+    items:
+    - name: Conditional Access 
+      href: hello-feature-conditional-access.md
+    - name: PIN Reset
+      href: hello-feature-pin-reset.md
+    - name: Dual Enrollment
+      href: hello-feature-dual-enrollment.md  
+    - name: Dynamic Lock
+      href: hello-feature-dynamic-lock.md
+    - name: Multi-factor Unlock
+      href: feature-multifactor-unlock.md
+    - name: Remote Desktop
+      href: hello-feature-remote-desktop.md
+  - name: Troubleshooting
+    items:
+    - name: Known Deployment Issues
+      href: hello-deployment-issues.md
+    - name: Errors During PIN Creation
+      href: hello-errors-during-pin-creation.md
+    - name: Event ID 300 - Windows Hello successfully created
+      href: hello-event-300.md
+    - name: Windows Hello and password changes
+      href: hello-and-password-changes.md
 - name: Reference
   items:
-  - name:
-    href: 
-    
\ No newline at end of file
+  - name: Technology and Terminology
+    href: hello-how-it-works-technology.md
+  - name: Frequently Asked Questions (FAQ)
+    href: hello-faq.yml
+  - name: Windows Hello for Business videos
+    href: hello-videos.md

From 9d7d199078b9917f52ea02e07840f65cb861b886 Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Mon, 25 Jan 2021 11:18:44 -0800
Subject: [PATCH 226/396] fixing issues with toc.yml and index.yml

---
 .../security/identity-protection/hello-for-business/index.yml   | 2 +-
 windows/security/identity-protection/hello-for-business/toc.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
index 4035fa1cd7..4282b8e701 100644
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -36,7 +36,7 @@ landingContent:
             url: hello-biometrics-in-enterprise.md
           - text: How Windows Hello for Business works
             url: hello-how-it-works.md
-        -linkListType: learn
+      - linkListType: learn
         links: 
           - text: Technical Deep Dive - Device Registration
             url: hello-how-it-works-device-registration.md 
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 65d8c83904..8a29bb7d81 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -102,7 +102,7 @@
       - name: Configure Windows Hello for Business policy settings
         href: hello-cert-trust-policy-settings.md
     - name: Managing Windows Hello for Business in your organization
-       href: hello-manage-in-organization.md
+      href: hello-manage-in-organization.md
   - name: Windows Hello for Business Features
     items:
     - name: Conditional Access 

From 28dedc57f594e67d556975d66849129bc3307241 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 12:35:49 -0800
Subject: [PATCH 227/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 195c784c4e..85158c1cb2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/22/2021
+ms.date: 01/25/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -38,12 +38,14 @@ In endpoint protection, a false positive is an entity, such as a file or a proce
 3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions-for-microsoft-defender-for-endpoint)
 4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
 5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
+6. [Getting help if you still have issues with false positives/negatives](#still-need-help)
 
-This article also includes information about [what to do if you still need help](#still-need-help) after taking the recommended steps to address false positives/negatives in your environment.
+> [!IMPORTANT]
+> This article is intended for security operators and administrators.
 
 ## Part 1: Review and classify alerts
 
-If your security operations team see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
+If you see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
 
 Managing your alerts and classifying true/false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 

From 4562ca67bd6db40e1773e49f74f9839efde54300 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 12:39:33 -0800
Subject: [PATCH 228/396] Update defender-endpoint-false-positives-negatives.md

---
 ...defender-endpoint-false-positives-negatives.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 85158c1cb2..8e5c202978 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -136,7 +136,8 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi
 - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
 - [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint)
 
-Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
+> [!NOTE]
+> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
 
 The procedures in this section describe how to define exclusions and indicators.
 
@@ -169,20 +170,20 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 ### Indicators for Microsoft Defender for Endpoint
 
-[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, your security operations team can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
+[Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, your security team can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
+To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-Your security team can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
+You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
 
-| Indicator | Prerequisites |
+| Indicator type and considerations | Prerequisites |
 |:----|:----|
-|**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action <p>Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
-| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs <p>IP is supported for all three protocols <p>Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+|**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action. Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
+| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs. IP is supported for all three protocols. Only external IPs can be added to the indicator list; indicators cannot be created for internal IPs.<p>For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
 | **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
 
 > [!TIP]

From 5928b1b0cfbd5d7b5630ea698680f7f63aeaa643 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 12:42:43 -0800
Subject: [PATCH 229/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md   | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8e5c202978..084f8103db 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -183,15 +183,15 @@ You can create indicators for files, IP addresses, URLs, domains, and certificat
 | Indicator type and considerations | Prerequisites |
 |:----|:----|
 |**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action. Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
-| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs. IP is supported for all three protocols. Only external IPs can be added to the indicator list; indicators cannot be created for internal IPs.<p>For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection).)<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. <p>A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. <p>Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
+| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs. IP is supported for all three protocols. Only external IPs can be added to the indicator list; indicators cannot be created for internal IPs.<p>For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
+| **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
 
 ## Part 4: Submit a file for analysis
 
-You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. After you sign in at the submission site, you can track your submissions.
+You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. When you sign in at the submission site, you can track your submissions.
 
 ### Submit a file for analysis
 
@@ -202,7 +202,7 @@ If you have a file that was either wrongly detected as malicious or was missed,
 
 ### Submit a fileless detection for analysis
 
-If something was detected as malware based on behavior, and you don’t have a file, you can submit your Mpsupport.cab file for analysis. You can get the .cab file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool.
+If something was detected as malware based on behavior, and you don’t have a file, you can submit your `Mpsupport.cab` file for analysis. You can get the .cab file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool.
 
 1.	Go to ` C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`, and then run `MpCmdRun.exe` as an administrator.
 2.	Type `mpcmdrun.exe -GetFiles`, and then press **Enter**.
@@ -294,6 +294,10 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 8. On the **Applicability Rules** tab, specify the OS editions or versions to include or exclude from the policy. For example, you can set the policy to be applied to all devices certain editions of Windows 10. Then choose **Next**.
 9. On the **Review + create** tab, review your settings, and, and then choose **Create**.
 
+### Automated investigation and remediation
+
+
+
 ## Still need help?
 
 If you still need help after working through all the steps in this article, your best bet is to contact technical support.

From 2309a9407d18e11647f246145b695b5374280108 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 13:14:30 -0800
Subject: [PATCH 230/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 084f8103db..f8d93d2f54 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -296,7 +296,39 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 ### Automated investigation and remediation
 
+[Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
+Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. Examples of remediation actions include sending a file to quarantine, stopping a service, removing a scheduled task, and more. (See [Remediation actions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#remediation-actions).) 
+
+All remediation actions, whether pending or completed, can be viewed in the Action Center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)). If necessary, your security operations team can undo a remediation action. And, you can set or change your level of automation.
+
+### Review actions that were taken
+
+1. Go to the Action Center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2. Select the **History** tab. 
+3. Select an item to view more details about that remediation action. 
+
+### Undo remediation actions
+
+If you’ve determined that a device or a file is not a threat, you can undo remediation actions that were taken, whether those actions were taken automatically or manually. You can undo actions, such as isolating a device, restricting code execution, quarantining a file, removing a registry key, stopping a service, and more. 
+
+1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2. Select the **History** tab.
+3. Select the actions that you want to undo.
+4. In the pane on the right side of the screen, select **Undo**.
+
+> [!TIP]
+> To learn more about remediation actions, see [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#remediation-actions).
+
+### Review and if needed, edit your automation level
+
+AIR capabilities in Defender for Endpoint are configured to one of several [levels of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels). 
+
+- *Full automation* (recommended) means remediation actions are taken automatically on artifacts determined to be malicious.
+- *Semi-automation* means some remediation actions are taken automatically, but other remediation actions await approval before being taken. 
+- *No automated response* (not recommended) means automated investigations do not run on your organization's devices, and no remediation actions are taken or pending as a result of automated investigation. 
+
+To review your AIR configuration and learn more about automation levels, see [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation) and the [Levels of automation table](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels#levels-of-automation).
 
 ## Still need help?
 

From 27efc5c2bc073c2823d0882dc57c7c9f1f0b8cf6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 13:16:18 -0800
Subject: [PATCH 231/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f8d93d2f54..24e9fbf78e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -328,11 +328,13 @@ AIR capabilities in Defender for Endpoint are configured to one of several [leve
 - *Semi-automation* means some remediation actions are taken automatically, but other remediation actions await approval before being taken. 
 - *No automated response* (not recommended) means automated investigations do not run on your organization's devices, and no remediation actions are taken or pending as a result of automated investigation. 
 
-To review your AIR configuration and learn more about automation levels, see [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation) and the [Levels of automation table](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels#levels-of-automation).
+To review your AIR configuration and learn more about automation levels, see:
+- [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation)
+- [Levels of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels#levels-of-automation)
 
 ## Still need help?
 
-If you still need help after working through all the steps in this article, your best bet is to contact technical support.
+If you have worked through all the steps in this article and still need help, your best bet is to contact technical support.
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2. In the upper right corner, select the question mark (**?**), and then select **Microsoft support**.

From 708066fb3779d7e195bc664c7dd7ee24cab311e9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 13:21:09 -0800
Subject: [PATCH 232/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 24e9fbf78e..695656e24e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -231,6 +231,7 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the
 
 - [Cloud-delivered protection](#cloud-delivered-protection)
 - [Remediation for potentially unwanted applications](#remediation-for-potentially-unwanted-applications)
+- [Automated investigation and remediation](#automated-investigation-and-remediation)
 
 ### Cloud-delivered protection
 

From dd563409f25933ff6510d5d4c2a062857ced65e4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 13:29:24 -0800
Subject: [PATCH 233/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 34 ++-----------------
 1 file changed, 3 insertions(+), 31 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 695656e24e..d201884712 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -299,39 +299,11 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. Examples of remediation actions include sending a file to quarantine, stopping a service, removing a scheduled task, and more. (See [Remediation actions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#remediation-actions).) 
+Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. 
 
-All remediation actions, whether pending or completed, can be viewed in the Action Center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)). If necessary, your security operations team can undo a remediation action. And, you can set or change your level of automation.
-
-### Review actions that were taken
-
-1. Go to the Action Center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
-2. Select the **History** tab. 
-3. Select an item to view more details about that remediation action. 
-
-### Undo remediation actions
-
-If you’ve determined that a device or a file is not a threat, you can undo remediation actions that were taken, whether those actions were taken automatically or manually. You can undo actions, such as isolating a device, restricting code execution, quarantining a file, removing a registry key, stopping a service, and more. 
-
-1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
-2. Select the **History** tab.
-3. Select the actions that you want to undo.
-4. In the pane on the right side of the screen, select **Undo**.
-
-> [!TIP]
-> To learn more about remediation actions, see [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation#remediation-actions).
-
-### Review and if needed, edit your automation level
-
-AIR capabilities in Defender for Endpoint are configured to one of several [levels of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels). 
-
-- *Full automation* (recommended) means remediation actions are taken automatically on artifacts determined to be malicious.
-- *Semi-automation* means some remediation actions are taken automatically, but other remediation actions await approval before being taken. 
-- *No automated response* (not recommended) means automated investigations do not run on your organization's devices, and no remediation actions are taken or pending as a result of automated investigation. 
-
-To review your AIR configuration and learn more about automation levels, see:
+- [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels)
 - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation)
-- [Levels of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels#levels-of-automation)
+
 
 ## Still need help?
 

From 995a3ed9aa6c99a38ad8714908adb25b3b8e16c0 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 25 Jan 2021 13:38:04 -0800
Subject: [PATCH 234/396] Update initiate-autoir-investigation.md

---
 .../microsoft-defender-atp/initiate-autoir-investigation.md      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
index caa8fb231b..5617ebcae7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@@ -92,3 +92,4 @@ POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2
 {
   "Comment": "Test investigation"
 }
+```

From 3abff941ef1a32cac37e1abe0cf9fee91dc35f7f Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 25 Jan 2021 13:39:46 -0800
Subject: [PATCH 235/396] Update get-software-by-id.md

---
 .../microsoft-defender-atp/get-software-by-id.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
index 58ff771315..43ed0055bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@@ -1,6 +1,6 @@
 ---
 title: Get software by Id
-description: Retrieves a list of exposure scores by device group.
+description: Retrieves a list of sofware by ID.
 keywords: apis, graph api, supported apis, get, software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security

From 68d2209f6732092de9cfbad01bf0e1686feb07f3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 13:55:09 -0800
Subject: [PATCH 236/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md         | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d201884712..9707bf3e13 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -101,6 +101,9 @@ If you have alerts that are either false positives or that are true positives bu
 
 Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone.
 
+> [!TIP]
+> See [Review remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).
+
 ### Review completed actions
 
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 
@@ -301,8 +304,8 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. 
 
-- [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels)
-- [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation)
+- [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then 
+- [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation).
 
 
 ## Still need help?

From 2c2052341de9a76ccc675be197d8f9e4b88a4cec Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 14:01:18 -0800
Subject: [PATCH 237/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9707bf3e13..573ce0cf3f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -302,7 +302,7 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions can occur automatically or only upon approval by your security operations team. 
+Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. 
 
 - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then 
 - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation).

From 18bbbe6262a11c530e44a23e596395aaa921f787 Mon Sep 17 00:00:00 2001
From: Jeff Gilbert <jeffgilb@users.noreply.github.com>
Date: Mon, 25 Jan 2021 17:58:10 -0500
Subject: [PATCH 238/396] Update create-wip-policy-using-intune-azure.md

Updated per request from PM (dereka).
---
 .../create-wip-policy-using-intune-azure.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index f36275b6ba..19f213f47f 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -444,7 +444,7 @@ To stop Windows from automatically blocking these connections, you can add the `
 For example: 
 
 ```console
-URL <,proxy>|URL <,proxy>/*AppCompat*/
+URL <,proxy>|URL <,proxy>|/*AppCompat*/
 ```
 
 When you use this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.

From 2e2653dbb8763aa1004865b394c8bbae887b2adf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 25 Jan 2021 15:13:56 -0800
Subject: [PATCH 239/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 573ce0cf3f..9e49265a2f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -205,7 +205,7 @@ If you have a file that was either wrongly detected as malicious or was missed,
 
 ### Submit a fileless detection for analysis
 
-If something was detected as malware based on behavior, and you don’t have a file, you can submit your `Mpsupport.cab` file for analysis. You can get the .cab file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool.
+If something was detected as malware based on behavior, and you don’t have a file, you can submit your `Mpsupport.cab` file for analysis. You can get the *.cab* file by using the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) tool on Windows 10.
 
 1.	Go to ` C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`, and then run `MpCmdRun.exe` as an administrator.
 2.	Type `mpcmdrun.exe -GetFiles`, and then press **Enter**.

From 285c15d89bcdbc854e1d7bd5fe8c1de59454cf6a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 25 Jan 2021 17:12:21 -0800
Subject: [PATCH 240/396] Update
 windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/web-content-filtering.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
index b6d259a0f2..87f0151c05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md
@@ -54,7 +54,7 @@ Before trying out this feature, make sure you have the following requirements:
 - Access to Microsoft Defender Security Center portal
 - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.
 
-If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device.  Chrome, Firefox, Brave and Opera are currently 3rd party browsers in which the feature is enabled. 
+If Windows Defender SmartScreen isn't turned on, Network Protection will take over the blocking. It requires [enabling Network Protection](enable-network-protection.md) on the device. Chrome, Firefox, Brave, and Opera are currently 3rd party browsers in which this feature is enabled.
 
 ## Data handling
 

From a053a44b874e6005f1de3527aa9602cb8990fd0c Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Tue, 26 Jan 2021 10:31:42 +0200
Subject: [PATCH 241/396] 1

---
 windows/security/threat-protection/TOC.md     |  1 +
 .../api-release-notes.md                      | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index de8090f455..3b1c804e62 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -526,6 +526,7 @@
 
 ##### [Microsoft Defender for Endpoint APIs Schema]()
 ###### [Supported Microsoft Defender for Endpoint APIs](microsoft-defender-atp/exposed-apis-list.md)
+###### [Release Notes](microsoft-defender-atp/api-release-notes.md)
 ###### [Common REST API error codes](microsoft-defender-atp/common-errors.md)
 ###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
new file mode 100644
index 0000000000..4a650a2e4d
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -0,0 +1,35 @@
+---
+title: API release notes
+description: Release notes for anything that is new in the API.
+keywords: apis, mdatp api, updates, notes, release
+search.product: eADQiWindows 10XVcnh
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.technology: mde
+---
+
+# Release Notes
+
+## 2.2.4
+
+- test 1 
+
+## 2.2.3
+
+- test2
+- test3
+
+## 2.1.58
+
+- fix: test4
+- fix: test5
+- add: test6

From 3745db7676eb331faffe66aeb76d1fe77c4eb107 Mon Sep 17 00:00:00 2001
From: Guillaume Aubert <44520046+gaubert-ms@users.noreply.github.com>
Date: Tue, 26 Jan 2021 10:55:11 +0100
Subject: [PATCH 242/396] Update passwordless-strategy.md

Missing "System" in GPO path
---
 .../hello-for-business/passwordless-strategy.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index dd1b6b18e0..87e71bc747 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -216,7 +216,7 @@ The policy name for these operating systems is **Interactive logon: Require Wind
 When you enable this security policy setting, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card.
 
 #### Excluding the password credential provider
-You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > Logon**
+You can use Group Policy to deploy an administrative template policy setting to the computer. This policy setting is found under **Computer Configuration > Policies > Administrative Templates > System > Logon**
 ![HideCredProvPolicy](images/passwordless/00-hidecredprov.png)
 
 The name of the policy setting is **Exclude credential providers**. The value to enter in the policy to hide the password credential provider is **60b78e88-ead8-445c-9cfd-0b87f74ea6cd**.

From 7d9fbb1011a636246f5b8ee1eeda47b309177d71 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 26 Jan 2021 17:28:49 +0500
Subject: [PATCH 243/396] Update network-protection.md

---
 .../microsoft-defender-atp/network-protection.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index 7fd98bd981..0cf3df8758 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -45,7 +45,7 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network
 
 ## Requirements
 
-Network protection requires Windows 10 Pro, Enterprise E3, E5, and Microsoft Defender AV real-time protection.
+Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender AV real-time protection.
 
 Windows 10 version | Microsoft Defender Antivirus
 -|-

From 930fc4dc29b48afbc9db8b7dc0d2a7c8eb9cd62b Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 26 Jan 2021 17:32:17 +0500
Subject: [PATCH 244/396] Update troubleshoot-np.md

---
 .../threat-protection/microsoft-defender-atp/troubleshoot-np.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index 4bfdccfe50..82fcbb7ca7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -45,7 +45,7 @@ There are four steps to troubleshooting these problems:
 Network protection will only work on devices with the following conditions:
 
 >[!div class="checklist"]
-> * Endpoints are running Windows 10 Enterprise edition, version 1709 or higher (also known as the Fall Creators Update).
+> * Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher.
 > * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
 > * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
 > * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled.

From 74cb283b850d34b520e224c3427a835072f062bd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 08:56:15 -0800
Subject: [PATCH 245/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9e49265a2f..d895dbaa84 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/25/2021
+ms.date: 01/26/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -35,7 +35,7 @@ In endpoint protection, a false positive is an entity, such as a file or a proce
 
 1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
 2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
-3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions-for-microsoft-defender-for-endpoint)
+3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions)
 4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
 5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
 6. [Getting help if you still have issues with false positives/negatives](#still-need-help)
@@ -131,7 +131,7 @@ If you find that a remediation action was taken automatically on an entity that
 2.	On the **History** tab, select the actions that you want to undo.
 3.	In the pane on the right side of the screen, select **Undo**.
 
-## Part 3: Review or define exclusions for Microsoft Defender for Endpoint
+## Part 3: Review or define exclusions
 
 An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 

From 9570f49f975fab39c28c729a2aaa0ecef3cfe3d6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:08:43 -0800
Subject: [PATCH 246/396] crosslinking

---
 .../antivirus-false-positives-negatives.md                 | 7 ++++++-
 .../microsoft-defender-antivirus-compatibility.md          | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
index 099dbc450f..e99e915192 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 06/08/2020
+ms.date: 01/26/2021
 ms.reviewer: shwetaj
 manager: dansimp
 audience: ITPro
@@ -35,6 +35,9 @@ What if something gets detected wrongly as malware, or something is missed? We c
 - [Create an "Allow" indicator to prevent a false positive from recurring](#create-an-allow-indicator-to-prevent-a-false-positive-from-recurring)
 - [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned)
 
+> [!TIP]
+> This article focuses on false positives in Microsoft Defender Antivirus. If you want guidance for Microsoft Defender for Endpoint, which includes next-generation protection, endpoint detection and response, automated investigation and remediation, and more, see [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md).
+
 ## Submit a file to Microsoft for analysis
 
 1. Review the [submission guidelines](../intelligence/submission-guide.md).
@@ -76,3 +79,5 @@ To learn more, see:
 [What is Microsoft Defender for Endpoint?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection)
 
 [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+
+[Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 7a74769372..ad505f776b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -122,4 +122,5 @@ The table in this section summarizes the functionality and features that are ava
 - [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server-2016.md)
 - [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md)
 - [Configure Endpoint Protection](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure)
+- [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md)
 - [Learn about Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about)

From 79733d6899e099c607c3c2cfac9b538d7ed473e0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:10:21 -0800
Subject: [PATCH 247/396] Update automated-investigations.md

---
 .../microsoft-defender-atp/automated-investigations.md           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 4233bcca90..93e3809c2a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -93,5 +93,6 @@ All remediation actions, whether pending or completed, can be viewed in the [Act
 ## See also
 
 - [PUA protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)
+- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
 - [Automated investigation and response in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
 - [Automated investigation and response in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)

From c067a53cca66b8ef72f63d94c56a31f155531c38 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:11:50 -0800
Subject: [PATCH 248/396] Update helpful-resources.md

---
 .../helpful-resources.md                       | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
index 7d275ab90b..fd973e1a2a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
@@ -29,31 +29,31 @@ ms.technology: mde
 Access helpful resources such as links to blogs and other resources related to  Microsoft Defender for Endpoint.
 
 ## Endpoint protection platform
--   [Top scoring in industry
+- [Top scoring in industry
     tests](https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests)
 
--   [Inside out: Get to know the advanced technologies at the core of Defender for Endpoint next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/)
+- [Inside out: Get to know the advanced technologies at the core of Defender for Endpoint next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/)
 
--   [Protecting disconnected devices with Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341)
+- [Protecting disconnected devices with Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341)
 
--   [Tamper protection in Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
+- [Tamper protection in Defender for Endpoint](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
 
 ## Endpoint Detection Response
 
--   [Incident response at your fingertips with Defender for Endpoint live response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894)
+- [Incident response at your fingertips with Defender for Endpoint live response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894)
 
 ## Threat Vulnerability Management
 
--   [Defender for Endpoint Threat & Vulnerability Management now publicly
+- [Defender for Endpoint Threat & Vulnerability Management now publicly
     available!](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977)
 
 ## Operational
 
--   [The Golden Hour remake - Defining metrics for a successful security
+- [The Golden Hour remake - Defining metrics for a successful security
     operations](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/The-Golden-Hour-remake-Defining-metrics-for-a-successful/ba-p/782014)
 
--   [Defender for Endpoint Evaluation lab is now available in public preview
+- [Defender for Endpoint Evaluation lab is now available in public preview
     ](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-Evaluation-lab-is-now-available-in-public/ba-p/770271)
 
--   [How automation brings value to your security
+- [How automation brings value to your security
     teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297)

From 8c381211d597a1727bfdf4afcb05e1874ec85404 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:13:01 -0800
Subject: [PATCH 249/396] Update helpful-resources.md

---
 .../microsoft-defender-atp/helpful-resources.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
index fd973e1a2a..88e26c2252 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
@@ -57,3 +57,5 @@ Access helpful resources such as links to blogs and other resources related to
 
 - [How automation brings value to your security
     teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297)
+
+- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
\ No newline at end of file

From e3fb119c6451ff8e454050d406126460f245ef88 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:14:47 -0800
Subject: [PATCH 250/396] Update manage-atp-post-migration.md

---
 .../microsoft-defender-atp/manage-atp-post-migration.md      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index 2cb0d3548e..efb39aa306 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -18,7 +18,7 @@ ms.collection:
   - M365-security-compliance
   - m365solution-scenario
 ms.topic: conceptual
-ms.date: 09/22/2020
+ms.date: 01/26/2021
 ms.reviewer: chventou
 ---
 
@@ -43,3 +43,6 @@ The following table lists various tools/methods you can use, with links to learn
 |**[Group Policy Objects in Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy)** |[Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs). <br/><br/>See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-atp-post-migration-group-policy-objects.md). |
 |**[PowerShell, WMI, and MPCmdRun.exe](manage-atp-post-migration-other-tools.md)** |*We recommend using Microsoft Endpoint Manager (which includes Intune and Configuration Manager) to manage threat protection features on your organization's devices. However, you can configure some settings, such as Microsoft Defender Antivirus settings on individual devices (endpoints) with PowerShell, WMI, or the MPCmdRun.exe tool.*<br/><br/>You can use PowerShell to manage Microsoft Defender Antivirus, exploit protection, and your attack surface reduction rules. See [Configure Microsoft Defender for Endpoint with PowerShell](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-powershell).<br/><br/>You can use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus and exclusions. See [Configure Microsoft Defender for Endpoint with WMI](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-windows-management-instrumentation-wmi).<br/><br/>You can use the Microsoft Malware Protection Command-Line Utility (MPCmdRun.exe) to manage Microsoft Defender Antivirus and exclusions, as well as validate connections between your network and the cloud. See [Configure Microsoft Defender for Endpoint with MPCmdRun.exe](manage-atp-post-migration-other-tools.md#configure-microsoft-defender-for-endpoint-with-microsoft-malware-protection-command-line-utility-mpcmdrunexe). |
 
+## See also
+
+- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
\ No newline at end of file

From 92f0b61c0674ae8e52cab1d67873b1ad9594da14 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:23:40 -0800
Subject: [PATCH 251/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md             | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d895dbaa84..217c0ca4ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -307,6 +307,9 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi
 - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then 
 - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation).
 
+> [!TIP]
+> We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. 
+
 
 ## Still need help?
 

From 66e207e995f7d51a6d0f8f2e0301d2c609cfc185 Mon Sep 17 00:00:00 2001
From: Peter Lewis <peter@peterlew.is>
Date: Tue, 26 Jan 2021 17:28:04 +0000
Subject: [PATCH 252/396] fix title

fix title which omitted full wording (replace "Set up Microsoft c for macOS device groups in Jamf Pro" with "Set up Microsoft Defender for Endpoint for macOS device groups in Jamf Pro")
---
 .../microsoft-defender-atp/mac-jamfpro-device-groups.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
index 3b011e3606..73dc882a2c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md
@@ -20,7 +20,7 @@ ms.topic: conceptual
 ms.technology: mde
 ---
 
-# Set up Microsoft c for macOS device groups in Jamf Pro
+# Set up Microsoft Defender for Endpoint for macOS device groups in Jamf Pro
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 

From 99ddcfab0a6114688c9433efb418c6f987d0a1c8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 09:31:20 -0800
Subject: [PATCH 253/396] Update auto-investigation-action-center.md

---
 .../microsoft-defender-atp/auto-investigation-action-center.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
index e929d6e210..0fb359840a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@@ -170,3 +170,6 @@ When you click on the pending actions link, you'll be taken to the Action center
 
 - [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide)
  
+## See also
+
+- [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
\ No newline at end of file

From cf5684d08b22e3cc90316984028b006030ded975 Mon Sep 17 00:00:00 2001
From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com>
Date: Tue, 26 Jan 2021 19:07:58 +0100
Subject: [PATCH 254/396] Update
 windows/deployment/volume-activation/install-vamt.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 windows/deployment/volume-activation/install-vamt.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 3c482e49b3..8fc4fde224 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -50,7 +50,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 ### Install VAMT using the ADK
 
 1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
-It is recommended to uninstall ADK and install the latest version, if you use a previous version. Existing data of VAMT is maintained in the respective VAMT database. 
+   If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
 2. Enter an install location or use the default path, and then select **Next**.
 3. Select a privacy setting, and then select **Next**.
 4. Accept the license terms.

From 0ee619b4fcec0cb7011e5cf4f1e882a75be2b3b0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 10:22:42 -0800
Subject: [PATCH 255/396] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index 0304cdd397..75f4bba554 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -15,7 +15,7 @@ ms.localizationpriority: medium
 ms.custom: 
   - next-gen
   - edr
-ms.date: 01/07/2021
+ms.date: 01/26/2021
 ms.collection: 
   - m365-security-compliance
   - m365initiative-defender-endpoint
@@ -70,7 +70,7 @@ The following image shows an instance of unwanted software that was detected and
 |Requirement  |Details  |
 |---------|---------|
 |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). |
-|Operating system     |One of the following versions: <br/>- Windows 10 (all releases) <br/>- Windows Server 2016 or later         |
+|Operating system     |One of the following versions: <br/>- Windows 10 (all releases) <br/>- Windows Server, version 1803 or newer <br/>- Windows Server 2019         |
 |Windows E5 enrollment     |Windows E5 is included in the following subscriptions: <br/>- Microsoft 365 E5 <br/>- Microsoft 365 E3 together with the Identity & Threat Protection offering <br/><br/>See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide&preserve-view=true#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans).       |
 |Microsoft Defender Antivirus  |Microsoft Defender Antivirus must be installed and running in either active mode or passive mode. (You can use Microsoft Defender Antivirus alongside a non-Microsoft antivirus solution.) [Confirm Microsoft Defender Antivirus is in active or passive mode](#how-do-i-confirm-microsoft-defender-antivirus-is-in-active-or-passive-mode). |
 |Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that [cloud-delivered protection is enabled](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). |

From 2b73b1d9c583dce0361b9cf4c9f953519d6b4f79 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:00:16 -0800
Subject: [PATCH 256/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md        | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 217c0ca4ff..9c411725bb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,9 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include:
+In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. 
+
+If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include:
 
 1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
 2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
@@ -40,8 +42,8 @@ In endpoint protection, a false positive is an entity, such as a file or a proce
 5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
 6. [Getting help if you still have issues with false positives/negatives](#still-need-help)
 
-> [!IMPORTANT]
-> This article is intended for security operators and administrators.
+> [!NOTE]
+> This article is intended as guidance for security operators and security administrators who are using [Microsoft Defender for Endpoint](microsoft-defender-advanced-threat-protection.md).
 
 ## Part 1: Review and classify alerts
 

From 17d43cfd5707c0b32a5c96b5370503a93beed655 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:10:26 -0800
Subject: [PATCH 257/396] Update network-protection.md

---
 .../microsoft-defender-atp/network-protection.md       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index 0cf3df8758..2a2ebcab64 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -45,13 +45,13 @@ You can also use [audit mode](audit-windows-defender.md) to evaluate how Network
 
 ## Requirements
 
-Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender AV real-time protection.
+Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection.
 
-Windows 10 version | Microsoft Defender Antivirus
--|-
-Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled
+| Windows 10 version | Microsoft Defender Antivirus |
+|:---|:---|
+| Windows 10 version 1709 or later | [Microsoft Defender AV real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled |
 
-After you have enabled the services, you may need to configure your network or firewall to allow the connections between the services and your endpoints.  
+After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your endpoints.  
 
 - .smartscreen.microsoft.com
 - .smartscreen-prod.microsoft.com

From 8bfa5fd4bf9e6d15aea12d0cd09f0628b01bac3a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:14:51 -0800
Subject: [PATCH 258/396] Update troubleshoot-np.md

---
 .../microsoft-defender-atp/troubleshoot-np.md | 38 ++++++++++---------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index 82fcbb7ca7..79cdbc3b60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 audience: ITPro
 author: dansimp
 ms.author: dansimp
-ms.date: 03/27/2019
+ms.date: 01/26/2021
 ms.reviewer: 
 manager: dansimp
 ms.technology: mde
@@ -24,14 +24,13 @@ ms.technology: mde
 
 **Applies to:**
 
-* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-* IT administrators
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- IT administrators
 
 When you use [Network protection](network-protection.md) you may encounter issues, such as:
 
-* Network protection blocks a website that is safe (false positive)
-* Network protection fails to block a suspicious or known malicious website (false negative)
+- Network protection blocks a website that is safe (false positive)
+- Network protection fails to block a suspicious or known malicious website (false negative)
 
 There are four steps to troubleshooting these problems:
 
@@ -45,11 +44,11 @@ There are four steps to troubleshooting these problems:
 Network protection will only work on devices with the following conditions:
 
 >[!div class="checklist"]
-> * Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher.
-> * Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Microsoft Defender AV to disable itself](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
-> * [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
-> * [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled.
-> * Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**).
+> - Endpoints are running Windows 10 Pro or Enterprise edition, version 1709 or higher.
+> - Endpoints are using Microsoft Defender Antivirus as the sole antivirus protection app. [See what happens when you are using a non-Microsoft antivirus solution](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
+> - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
+> - [Cloud-delivered protection](../microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md) is enabled.
+> - Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**).
 
 ## Use audit mode
 
@@ -61,9 +60,9 @@ You can enable network protection in audit mode and then visit a website that we
    Set-MpPreference -EnableNetworkProtection AuditMode
    ```
 
-1. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
+2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
 
-1. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.
+3. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.
    
    If network protection is not blocking a connection that you are expecting it should block, enable the feature.
 
@@ -75,6 +74,8 @@ You can enable network protection in audit mode and then visit a website that we
 
 If you've tested the feature with the demo site and with audit mode, and network protection is working on pre-configured scenarios, but is not working as expected for a specific connection, use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
 
+See [Address false positives/negatives in Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives).
+
 ## Exclude website from network protection scope
 
 To allow the website that is being blocked (false positive), add its URL to the [list of trusted sites](https://blogs.msdn.microsoft.com/asiatech/2014/08/19/how-to-add-web-sites-to-trusted-sites-via-gpo-from-dc-installed-ie10-or-higher-ie-version/). Web resources from this list bypass the network protection check.
@@ -89,16 +90,17 @@ When you report a problem with network protection, you are asked to collect and
    cd c:\program files\windows defender
    ```
 
-1. Run this command to generate the diagnostic logs:
+2. Run this command to generate the diagnostic logs:
 
    ```PowerShell
    mpcmdrun -getfiles
    ```
 
-1. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.
+3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.
 
 ## Related topics
 
-* [Network protection](network-protection.md)
-* [Evaluate network protection](evaluate-network-protection.md)
-* [Enable network protection](enable-network-protection.md)
+- [Network protection](network-protection.md)
+- [Evaluate network protection](evaluate-network-protection.md)
+- [Enable network protection](enable-network-protection.md)
+- [Address false positives/negatives in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives)

From 1bf91a1fd859e054e58303a537815bb4cfbe4c00 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:15:51 -0800
Subject: [PATCH 259/396] Update network-protection.md

---
 .../microsoft-defender-atp/network-protection.md       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
index 2a2ebcab64..29ed5acfbf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md
@@ -79,11 +79,11 @@ You can review the Windows event log to see events that are created when network
 
 3. This will create a custom view that filters to only show the following events related to network protection:
 
-   Event ID | Description
-   -|-
-   5007 | Event when settings are changed
-   1125 | Event when network protection fires in audit mode
-   1126 | Event when network protection fires in block mode
+   | Event ID | Description |
+   |:---|:---|
+   | 5007 | Event when settings are changed |
+   | 1125 | Event when network protection fires in audit mode |
+   | 1126 | Event when network protection fires in block mode |
 
 ## Related articles
 

From e2f432e0a8799480ccf021609a4e9d178d294237 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:28:01 -0800
Subject: [PATCH 260/396] Update md-app-guard-overview.md

---
 .../md-app-guard-overview.md                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 0c47055df2..576fd34c27 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 12/17/2020
+ms.date: 01/27/2021
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr

From e6fb1e9cee0ae3f6ba9216514805cddc6a1c70f6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 12:28:24 -0800
Subject: [PATCH 261/396] Update md-app-guard-overview.md

---
 .../md-app-guard-overview.md                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index 576fd34c27..1187818d92 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -52,4 +52,4 @@ Application Guard has been created to target several types of devices:
 | [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide |
 | [Microsoft Defender Application Guard for Microsoft Office](https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
 |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
-|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/en-us/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|
+|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](https://docs.microsoft.com/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|

From 2cbc3d3d36c30cbefa068412a6d603e077350e91 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 26 Jan 2021 13:00:19 -0800
Subject: [PATCH 262/396] Update
 customize-windows-10-start-screens-by-using-group-policy.md

---
 .../customize-windows-10-start-screens-by-using-group-policy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 3cd4ad2b71..ebadfd9803 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -1,5 +1,5 @@
 ---
-title: Customize Windows 10 Start and tasbkar with Group Policy (Windows 10)
+title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
 description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
 ms.reviewer: 

From 8128755e7ef4ff40de3ec3af2895bcdd7ec59206 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 13:08:23 -0800
Subject: [PATCH 263/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 39 ++++++++++++++++---
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9c411725bb..d40358edae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -183,13 +183,40 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following table:
+You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following sections:
 
-| Indicator type and considerations | Prerequisites |
-|:----|:----|
-|**[Create an indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file)** <p>Helps prevent suspected malware (or potentially malicious files) from being downloaded from the web. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. <p>The allow or block function cannot be done on a file if the file's classification exists on the device's cache prior to the allow or block action. Trusted, signed files are treated differently. Defender for Endpoint is optimized to handle malicious files. Trying to block trusted, signed files, can have performance implications. <p>Typically, file blocks are enforced within a few minutes, but can take upwards of 30 minutes.  | Microsoft Defender Antivirus with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p> Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p> [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) | 
-| **[Create an indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain)** <p>Full URL path blocks can be applied on the domain level and all unencrypted URLs. IP is supported for all three protocols. Only external IPs can be added to the indicator list; indicators cannot be created for internal IPs.<p>For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge uses [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/network-protection) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios use Network Protection for inspection and enforcement.<p>There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. <p>Only single IP addresses are supported (no CIDR blocks or IP ranges) <p>Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) <p>Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) | Network protection in Defender for Endpoint enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))<p>Antimalware client version: 4.18.1906.x or later <p>Devices are running Windows 10, version 1709 or later <p>Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   |
-| **[Create an indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)** <p>`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities). <p>The children or parent of the allow/block certificate IOCs are not included in the allow/block IoC functionality, only leaf certificates are supported.<p>Microsoft signed certificates cannot be blocked. <p>It can take up to 3 hours to create and remove a certificate IoC. | Microsoft Defender Antivirus with cloud-based protection is enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)<p>Antimalware client version: 4.18.1901.x or later <p>Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 <p>Virus and threat protection definitions are up to date | 
+#### Indicators for files
+
+When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. 
+
+Before you create indicators for files, make sure the following requirements are met:
+- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)
+- Antimalware client version is 4.18.1901.x or later 
+- Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 
+- The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) 
+
+#### Indicators for IP addresses, URLs, or domains
+
+When you [create an "allow" indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain), it helps prevent the sites or IP addresses your organization uses from being blocked.
+
+Before you create indicators for IP addresses, URLs, or domains, make sure the following requirements are met:
+- Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))
+- Antimalware client version is 4.18.1906.x or later 
+- Devices are running Windows 10, version 1709, or later 
+
+Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   
+
+#### Indicators for application certificates 
+
+When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that you organization uses from being blocked.
+
+`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities).  
+
+Before you create indicators for application certificates, make sure the following requirements are met:
+- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)
+- Antimalware client version is 4.18.1901.x or later 
+- Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 
+- Virus and threat protection definitions are up to date  
 
 > [!TIP]
 > When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 

From 9462c60ab32a5b72766646a6d88d2259a6688024 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 13:12:57 -0800
Subject: [PATCH 264/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md            | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index d40358edae..a055c2e2f7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -208,9 +208,7 @@ Custom network indicators are turned on in the Microsoft Defender Security Cente
 
 #### Indicators for application certificates 
 
-When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that you organization uses from being blocked.
-
-`.CER` or `.PEM` file extensions are supported. A valid leaf certificate is a signing certificate that has a valid certification path and must be chained to the Root Certificate Authority (CA) trusted by Microsoft. Alternatively, a custom (self-signed) certificate can be used as long as it's trusted by the client (Root CA certificate is installed under the Local Machine Trusted Root Certification Authorities).  
+When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported.   
 
 Before you create indicators for application certificates, make sure the following requirements are met:
 - Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)

From 474099df034bf4f0f31aa59f9e6095a7d3208864 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 13:14:30 -0800
Subject: [PATCH 265/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index a055c2e2f7..f327f3bbc5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -329,7 +329,7 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization, as well as other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. 
+Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. 
 
 - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then 
 - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation).

From 2c8970880b66249c95bf2beea131184d0857517f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 13:19:51 -0800
Subject: [PATCH 266/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md           | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f327f3bbc5..f32e43f1a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -183,7 +183,10 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-You can create indicators for files, IP addresses, URLs, domains, and certificates, as described in the following sections:
+You can create indicators for:
+- [Files](#indicators-for-files)
+- [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains)
+- [Application certificates](#indicators-for-application-certificates)
 
 #### Indicators for files
 

From d572315a16f509b1a726b333916bf1bd4ef6f822 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 13:21:16 -0800
Subject: [PATCH 267/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f32e43f1a9..89da6e7ecf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -211,7 +211,7 @@ Custom network indicators are turned on in the Microsoft Defender Security Cente
 
 #### Indicators for application certificates 
 
-When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates)**, it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported.   
+When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates), it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported.   
 
 Before you create indicators for application certificates, make sure the following requirements are met:
 - Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)

From 76d679eb5918639eca7dc1cde370ef7ae0d35f22 Mon Sep 17 00:00:00 2001
From: Samantha Robertson <samanro@microsoft.com>
Date: Tue, 26 Jan 2021 14:54:57 -0800
Subject: [PATCH 268/396] Adding art for false positive/negatives for Denise

---
 ...fender-endpoint-false-positives-negatives.md |   8 ++++++++
 .../images/false-positives-indicators.png       | Bin 0 -> 14102 bytes
 .../images/false-positives-overview.png         | Bin 0 -> 27939 bytes
 .../images/false-positives-step-diagram.png     | Bin 0 -> 19014 bytes
 4 files changed, 8 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 89da6e7ecf..43eebf368e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,8 +33,13 @@ ms.custom: FPFN
 
 In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. 
 
+![Definition of false positive and negatives in Windows Defender for Endpoints](images/false-positives-overview.png)
+
 If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include:
 
+![Steps to address false positives and negatives](images/false-positives-step-diagram.png)
+
+
 1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
 2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
 3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions)
@@ -184,10 +189,13 @@ To specify entities as exclusions for Microsoft Defender for Endpoint, you can c
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
 You can create indicators for:
+
 - [Files](#indicators-for-files)
 - [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains)
 - [Application certificates](#indicators-for-application-certificates)
 
+![Indicator types diagram](images/false-positives-indicators.png)
+
 #### Indicators for files
 
 When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png
new file mode 100644
index 0000000000000000000000000000000000000000..733db3cb46935defdc17fb312d25c927ea95f178
GIT binary patch
literal 14102
zcmc(`X*^q7^fw+{)zZ=lEk%dhDvAzTHAQvOQq(-vaI0FOi7_H1p<JC5ZH+ZWsi-kk
zLsUp;OG;`CqJo$sQc{U2iSWdI-afDXpWpv^UgYePbM`rB?X}nXuD!o&?-zHi&G$$v
zNdo|YJ-2UNw*vsg*G1<`J9mhVgwNl^Ma8b5Tdtu1fXx2wpIF~0Y6Ac`3b=jU%poFY
zVH8}h?U>70g38aFzxVoC@atzg;+>Rp9_D;me|`FrW+r?>LgmH*XykCF*qu`yjaM?S
zr+#cd+Guv+wuFk$+AF@eUZTb1^}Duh*WELBj_x@jt2Z3-CcNHwguJt0tUZt}G!mM!
zDjnqnzni)%4e2%^izbhp7fKz=N(cE=QBhZ9xfSlUE#_J2?)&=NCsSrIa-!nZPBGy2
z<>P;Cx2XB~-f;<0dE)B-uQz{~`HZ|1Y?8@?DB?Iayoj~Q?`>x@gcB1?K5T1jdd&vO
z*uq$Dk-lZ8-xP`Cy)V5lHhPt<X1J?CSV+|W#={!>gDWyNdQENA)mHAwYKkho>PVk2
z2p#oedkQ?X*VovaD;SKF=z1p3HoUjw%S2$_E!rlRu8nM(SNedL<a>?AkNEmsV9MUi
z+Kg_CZbB!h001#>hU~;P9|jY*gqKX~ofS*8HW$ui=gErR^HZ&GPE-I+d}eB|&mW&0
zoOa*rPGRPB13xWRn@6wE+Wqv4Almbs0ys=H`p0x2v<0Mem@#Y$)XClII6<w@GUU8|
zWP=HK#~-bMB(|ksD(G(L!G)Db`1}-BZ>W<UJs~D{P-_q0HY3x%lHc9{HV~}A%8R;b
zm5(HAP(sN3Vko^;*Hhq5d*5AiuQw#X12Vbu+N>|g!~&}ZBuuq<Sv9cxId^INF5S&<
z(}K;U^!LboA%mBy5NO^7S7o2}YbvU|V?l#QuQx*Bsh{7x6}6|XA&pf~c%@tTjiLt#
z8&`^}kJ#re{np2O>{+Ziv`7Q#B~~P{VHfibL#HOkx=U6gzvmm+x#g%a5Ua&0&A97|
zO5FL7LgUrXHTQ(yS2U9so)Y1W^{=w&(R~dGYF-GxsQY7ns-4-4FF@jIvfR6Sf9AxG
zTdh4wj>}oywQYUPD6N4Tj~Gids^psO?wD-;>+bV^6^r+{1);erlC^JHPdtQ|cUn<o
zl7Whcvxo;r%-zOT*ueL}hq-U*+Ru51b@TOX8r}aHPCqnaKKuy6T)PB^ci7L&*s5*O
z0~8Osp}D6P1B=ehA{V}jEW%sMtpq^VZiMG&U@96g3bb2hc@hM>o?kc39_;SO-BEm^
zP8J^z41Z$VGoSB5?v1y|3eRmfU+B#RAZHg1&RwRS7pe%q4?-#m!;j@d+t{rDlVT>E
z`nOm4X)qr$GB$J{s{jq~Keu*imbN#8@g}~nCMtzNrm~@J!UJ4Fg}Z{N%}&*JVgz@R
z{jr{e`(>YJUzjz;3NZj2nRCDSqwkj}>#QAF(j8L?`2L0?5<QjL>(W6}jc(Z3(REnk
zkCLWL%a-5`Px?Z4D*~pU8+K(ahZFBG2J@utrA#d(Dn8~V^xSto(yhid<24BiqnpVc
zqMnv^(rhM9wG<BuJ)-XF?SK}+`8(>*4LzP;eDBR&-HPBeEFO1@)_x8S<=A$+>YEdU
z0^AI&f}9Ieln2{4dJk;{u_jot3&V!A)n^&K`e#MXtLlb(Y>Lj8LNI>a*d@~K+zta-
zg7{6Tm++o4qF_g|^bujMum#2IdeZPC0+@W%r~0pVYi!iRQTqIFiqwy#<N4tepL-Pq
zZ$&Pj5dgb%aD)^?EKzo#ZT?wp)yuf4*TIav>hZ$Z->xw`|B4sIM@dX%vZZE8acXhi
zlB2TM*G%hqQG4iT60{k-*NMUF?T0?LUAe?Ap!_Wt?vr0O^Buoy>3x4qOnM~ug2bCx
zUq*G`LBW>(3eg#`IF7F|ZTwlUUGxl7`>OAw!F<vO87)Zxujjo;TZjB)2;z746lP+~
zKD1@ihdANbfPGG{vv5BIVh*9i-~^a_NN`rhLhv8?Plol5uS<2VoRoh42p&_PlSi)*
z(99x^uuXlhJv0<rT%)PP4c|zw`$fy&^118P!Hqap?CbAh9qk3X<S#cSg5$@&agSS^
z$6W(D7maoxv+A5k&2<<B?|@t@vp{=q&nPj6592GjUK?;y1*o`@wSO<;+C$9KDz+8e
zwL=D}fHPyU-!d>VXC-;4z51U08qv%=5srVNAC*A#Dm!r}_N}ayUpu9lIdGoqZItx8
zu-OIK>Jv2Ln=AbwTgO<>W7L`>BWBu6TYfm~%4~H7!~UvSI2V+p{pX@U_vT=-6}z!h
zw_^jY5x5F#<?$Mbp@g#u-B(3gdJLuY6-DC%%N~h$^h@3>?Eju&n<ftKoC5xV>#K<>
zoS}NV|EY?I{BdzL6ivM#x&m;?F#|qGXzh)w<UPLx8ou#V%2m{<PHNigenkXsHIOE%
z6EkzX+5Cj$YUEy#vjDy|U#k-p&Ch#c|L+H_&tPh$hhS*iCYmq*e-|L6=OMTw6fGDD
z`_m#7dPYpr##9)_U%^J3td&nRN_eMUXy$0oH<H0_G1!!7Qj$t`ZKU^%b^&0#QDU!c
z7l4d=1wiW<{-=ijQ<PR%e4(CqG$rG~jKoHEAmPh;Vchg0o^8!Wt>GyQ;M$j3-pZOf
zaOs7W71!wlGQV-FMGn<dzcQ?!B?pN40TrH~hQ48)ZIw@Oc<J8up$^FxbOxeABS%@D
z89*V^CK;&a)PhMYpv1?nC+HIDFEbpSJ<?E{T(phs+i$W)XPVeZwz~|!>Rbo)o17_v
zLwV$-!KPJqvA;0#YI*!KY6*;&D><QEuC!vFByEYLhPF0ZsEPk@L$ayw&wDxK>85!{
zY-v~VOIK2_B5}R7S5>|PHbdkbGqtgxaPn`VGdO4Iq-(t^L#Jm7V|RhE^UodgIqVel
z#<WEdNFKo>dwB-rP*9#>W7E*yHBks}ryD+;b!`K^3x>O)Ub#QjNmjI=6^A-ACU&Xk
zoaNow($!RZ_`<8rUlibOi6K8+^_2V|n+lW!W|bTtc=2&V)opLguhs<SwhB|e+DZm7
z#oZa%n&WUO{=L6958#5*y1pUYDvn+Eol0}|{8ERu5Ja4AP*paF4osVWUL_g9<s=3o
ze89J*>oRin4be4$v#x9=!ahj3TVJZ)=efJZ(p8XP<WDImFj_#P0?{zwUShd^CV<%g
zc3>H9?F^OPZPz`hg-cI!)A5O!NbjnP8_@PE&WoI%9@o*<LZxFWf(Lz#{JH&u`%Dw$
z{eap!`Zm#(C6b>5$Gk(C^)TNu3m3s{?bkjKGc`^9e?MMz^o32tD`K)C4KD`E<<DaP
zfu0Vyk6l4|>&HKqbPX&^sUbeOcuhmAHz8$f0kEdY1`d4Eqs#baj~=o(730=4<V4J<
zE3;9d9qiVtz$>u&C*w0Qmy>}sKVXEig`i9W1)^=%`O5Wri*M|gRBE{D^rS?gRcUmU
zvS3Q-!p~*}D7hbXG?-UcJzF(nhc457hjJDxoMElG_1L@R1zw9Zs@Vv@Hie(>L^H?3
zi$?2I-0Egu;8?k*JO=!QOC6UWakDRka-)3=o^JhktVBaVDx}c=U9f>g;Vj5M5!9hv
zzC-N--%EHJsf91u``gYXoOyoIq6TE(nat?aN~%jRx6zf~u%ZlWK9Jf0rd`$@gH({s
z?C4JIi66dH>^thz02ZJI7q6fD!^|42Y;nlJYBc*xZ`d9Cq#;@9esbsSf4qoHt3Wq0
zzOn31Is2kbxy*nj;+JoR6$<82OuT4AZTRS5K9A=c4<eKFjiaZ->LC}mD$^14!->HO
z?8?@a(@k!9jHOl91+TqDNlULdW}tz!GmuC2k8Km6c7E@YmtwcVJxPd<or>J|3g7&i
zI=F|_{j&N>mM^vH@;APzZT@LkNG9C@MY`WJ_$zMLAMW_)fcIF5t5Q#;zrq@)R8mwv
zc4xWOA&!Ew!ar$h;O@;I?OFRNb$u-U^h;qkqIuovEs#<-XU+wU8vfDqU?s;p(ZcIv
zdW<zsuecg}(@yVc0RN7;0;23%NZ-kb-yCch#a(oo<lkXZ+b5i^3+JlsJYnt1<>_|h
zJIsv|`R^rn^Z7318O7+Lm^S%}B(-i<Y}3MIm0lAQkJM~!{0i|0xO}Lrh*Gu+bw6=s
z#HK@^EpSavtXmdbEhdMD@4@6aWso*2J3!bnjX#$0PfP3ojvd6R9mhaf>SI!sv{bnw
z?~#>!^f!A?R<$#cKfqdr(Hl+|3k&!Iis6Lyv)cCLzDP>VnczRH6@Pr{%|LT-lUs5+
zV<iHAMCv=D=X@=qRcyXvnlqRfSJdd}Ix}+`xmcWM_+25LWXQ)K)Lkzyh)*aT>baZM
zopt|^5Zj$bM?L&XTjXLDh<@&U%ZNUP7r!s#6dn4C!7WWSy>=-RV9NF>)ta~jyj@cm
zcDGIXdrMda;5H?$Mc5kFye@4^@zJX1f4KzJ2>u5<)5>Nx_s7QpDPpA(6tVch!fr$i
z4*X2k0_nwk&Rw2J-=}S^?tJEqV>>>+Up;HEB1I1pRsJ_}rhI0A(_lH~4UO0;2FZYL
zyPKWSx$E)%i+IvVWIBd~NeWguQ2Qop83~KNJ3OqTI&d}1>j&O@t-+FF_sqgpzEn#|
zY6n?KwW}g~ak8g24R!*wNZC1lbGLJi&RSz~!x3dGCM>2%FO@)5&kXreg#2AIFPkp$
z^U&osCpxAXdz0C7j@dk*C@p)7r1bB)bqcq8kC9=tC2SWILfUbW&1fXdxhu}-q2mO0
z5_v3Fw7TarvUvr~H*L_F=Dc(-k=45a=}ck{tdbTuqe;UTZW}^!pCa)1?+U<&mQ~go
zo<AgD^aa1{ZklbvKlfD|?%DAhbKEuxjQbhE0%)E_Ug%gPnwg_wPyNyYd_XJmPLO(y
z9k;uD*&@yP$P0Bjo!Y6XT{#$SL#r0#y*#bhAGoh7x8}UVislZKk;6|v56M!ronu|^
zYwx*aVT;P{QB(!PM^p8O?#T|`i<pm=@;eEZta1<ZiN{Pip<CUn2|Zm}{*o?5M)tgq
ze@j2N`_@{h`Q)HmpruEo1*O5^B`~};k=%GI5%*2y-|*TudRlS~m&Csdr(X^}xl8pq
zp;*i?d#<~mvb!Y}@7q@MQrYXs^R{OMnmF;4Cq$Z*5;r0;>!k@dwpNC6R(fDSNz(0j
zeu0gL!+!jpG(T6u9Bn6?iZFtX%w_&m)9J>Ql@O9WS}hbakoP~-xjZTyzJCZtXI9Hi
zU7C;L?H%oknn~=~F&ZCM*m+1vQEKZoSh1GyGC^q(d&=e-9qd1xbVF8d-pR)KXX%{7
zdS~dyaN_J91(FyztFE%vM6K6pFIBUqkrUMNJN<5%iefN9M={wj54l+HI9O3=wcXy*
zvk1j2jE>JwufM{5LrN8uC1T*|H)9ZJn8~G(F?IOfJ}A#4Rzp`bTSsV{{Lr@?&(PJ!
zj4EdN?7n*BR))^_@;f%aV*gqpb?N;wuhJ3h!gj=Ip0hh3#aKGFGL+wYGuYC&xUp&R
zele$yQGvRTYk04;e60>V65ot_)Zh@FMUux08s5qL20B*-!>zP^Ag;^WQ2O8iAOHB7
zR#BbB$-3jv1vEQWzfNZ$R)Bc72`R~+%M$hQA}q&n%z)-+W*lgxnCuT-J;d7V4X)%?
zUh1TSOAkWNuo?%}Ocd}0I!+EnhnVQ7)yVOIq{+_@)Ae)<_j&JBIJ};CZfCH5W<*98
z!u(|Tf!pzhZ7={Qv`W-r1)*lp6t{G4=#Pp{!$A}9pwH;ibx#;+8S){xTA}+x(z(9R
z4GM#tV^-Yb?1z+ETZ-UZ_`sQ^>ep^WodW0xX!Dr9UXo#RGLqNdH|xHDGILs3g+6ZY
zGn;w#Smk*`^do1&jWTgdR(Q0h{C+~NvfxEYehAuk%?nJE#VyVSI-Xj*#v*K#9zyhv
zOI!l}ObZpmq+FA${J>nW*CuKId$Ov?89qx}s6ARJ0uU~ARL(<sa!B%6$ClIUkKOmT
zM%H&<NdYP*TbIT4AG({0DUrD~-xD+rIU4*x1NRCS47-vmRb>~B>Q_CQNc#}d?0d_(
z8uP{G#Fdmv(oJiUMb-`|@3~&@@wgH_Ml<%oW3%URp{92amsIwmdX1Nk{HeZpE@(w1
z>0_WrD)-vw$_v7gYtp0=0glDR@cYT9p(z>zqf3<_N~p3&>f}2Yov!^SX6`qBdJ{G%
zvhfr<L!>OJ(!+|m6q1Wp{mYE&_eC?H31}LfCJpO<>enxZ%5u64iuC^emB1VfMO@KZ
zrT?ZCU#u*vGgi3*Il0_E%l7k>B)C1wSXlpI4*WbgpDuT<7|Oen94PZs>q_^OT7^58
zIlcA>)$USqCG_mH%+cIC7SwWh+&@de0L|wn7OCzpJZu?q9wp6*^5t6dl_GSl-5gS+
zGh*G*0hES&L3nv8YnhkN79gl_+W@O&_}o6{d%s#4`?J2kbcg5Q?xo#?FA*|Nb|RI;
zvcg2}Lg1FLLD5FHI`GIdhMDuq>(CiIz(@M3v7zlkE&zDyq7AU|z1mOf3100+SEMMy
zF%;;H31}($AMU=f9mV?er<Yx>EKFX7-4fcBuW#5Kne%Z{efJ~rsb?KtPo%!q1@csU
z;>Xsr@Qul56WsHdR8_hAZ<8T2!ZP0y#0xUVQv4Z&R_TFX1-D)Lcy*}C$DD-#8U)0<
zY)(fk+~!=a3q>nxTugl8;qGj81omaw?iIqd2+aPhVx=4U!%NoAJrFb!j7wdwb{nG-
z=rt8q@M`&mQM~@buj)sO?w&^M$@)$dt00a{_-52Lal&J-kqbA(;+xle#H;uaLb;xH
zv+$IAakU<*Htp$|Wx=Tt=`0&cNKMkPp4t>IqElnHd#2oBCZZ=9!#wipT2I>L%gHT?
z?u$OSSA7I7BNBCGD<BHmMQyME;W?-&WM8>(;+UkpZ*(|Z(R@DmacbXdIV>~3jGQ^O
zRB6vt(JHFJfHL&dk~LoS*;`(toP8Jk1&#vcMKCT$+b^9-_vo5#=zpK5-i;fM+JB$G
zE5HVLI9S>&m?-fC`z+|XP1JnLoW51aQynyeyPg>s^~gL!F?f~?ez}K_NLRXlsJM4e
z4019fbx&T;qv6Kw*;@r7M(**AY}=)Doznu(@5AMiOXczp><zPZR3GK07i(X1*wiSy
zE9`+#36$EI>sEV?oeT8$kTF3Pf)<B&-nI1FC?{9hT3)-eWgJ&hDdyxpPF-2=G)2Sq
ze*PtfQuFY7{41<Qu3TIk;Vq+V*P5^x)|>DBOO7MkvX}A-vh&ZA8F!}`Q$BDV@JUk^
zos<In(CqUZ)V98EMy<nN_Fzb~B`F}hC3|D#yn9bSiV@Y8*{mMIZO<wr{!g>Y|2bkf
zWUtWy5kbUTY+zL`uTLch`ZaY&jdA;!#b_W;C^}k;<{oFG_ScMyn2T2}xv;T!i(eS3
zt0#B<5wQbpliBo*Q)a;b{pa7KYX9-oC$7CF*6#c7fxTv%gEzKW>$7%$@!Su5dmtP0
zv?ua+73tE+_cUCf4e3be&*qTbE=VG;Gq5kk252y6QZ&H>lmjJsA@e20pK*0N#W%$6
z25nWNg^%s`mrCaV)G|#a*OVlpesmdg?<DQ^KDv{GQ)t*`fgg*7QGXf!CrsVW*o}%O
zI))PYI_J%g1b@f;y__F+`FhNa!y$?pi3Crz=Gpi7uJwIQdty|>21Eij8}FS?Ru&PT
zkKZ1{#j;278Ma|DPfq+$(-q&4%!WR<gtiCIw4Z&~e0dM@VD411DN52#tU1h@z)8dY
zPE(6o{e63zIxt)xk83CGJJ#&=DRFl&6M+8bycpn$vgG=`h!f{tZZp<rbws*smcG37
z{XoKtq4Iq-1=r+E!p;|@H^|5~x$paAVQnyz+U{NfE%wwUQVcLeK_=CbYb|<rQsRH_
zO|dovaW2>x?o#9h(ZIOTI%!v_#~NH6b&=LQjEj3tI;+B`-z<;E$%UhKdMW<3+dbjP
ze}wMK%lx@QbyMkOcGKF}m^S}PfgBL<isWM>4F9a{9L*MCJXG#O0)*c>ePIi5NLG@E
zjcC;xbmKh%`n7m{dZvbo;7~GdR+c1shSHI1OHW+^0XoDPHHz2Bl1szNhGG#pkmt)^
zUQ>N{hu=jveFtgUYF{pt%X{m&`A*PBP9DvxM3H6s_R-K*vtrrPWnM!6;o1P|aEI3x
zpIV$jST1V){;|>-HzJx$J*$~6R4n)|86~oUhx5wRev+qLKcHD68JN-~WSd&TfXfd2
zA!RgLHDZ|>(9#6Tirp%sZ^SP1O{2Z{|Dms|t6Rq+0c7r!+SX;{HXq_87^V(ZaI*p`
zZ!3Bsf+Jb(^ekDU-=8G<3Xg7`)P>(}5G>+<xzD{4(K%<Y%!h;yLZeN0jn5QNRZVtH
zTlRmA9&CSxiH81OU8a!o-i6V5y~|Mm1xxK!EOH@$f*)I{l!%SO&zF|<y?d1RP6z+{
z^JEy5I?>rX7pJgsa#--QZaGE0!IxK^wBb>jSh6JINFKa@0i5{vK;N-vM?UvJ0Yir*
znbLzZ;NpeA75vhoNvp3vP;xoCf%|+J4dLI2M1%zYY5u_Kl1WC$Mv1%Zg|_nM%uO30
z6OVGCgC7Eg!6X%Z(7;xQGvTdj<lOsqJud)a@&NksQM1S=@`W?`TH+fg?Si)6s~w3D
zR80FA$y#A~88aX>@8=_htT{Q<pEzc#E^6s2Rm?lw{|)g%O>-G^b5O8F|2qh4%i6qw
zHHh3lo-o@qhk4eQxK(Mq35-d!XEiMhRh{rat_(0=UFdQV+!3<r+`P3r4NSy@j8`TC
zb94(F7)5K~_0`CGjY8)Vl66Eb>h0Zy{56r1Kjw)VSzR8&qB00VHBXn(*C%A*s~>6!
zAXNaj2)MTTs~c6fezt-?S|&%h{9|hsM?_wUL1VfZp!GZXdqj4<`?>1d0h<rrTWv(z
z1^AD;7pmn0abL37@#a9-{y$|bS-BB$Zm~C#J=T;m;~6m#Kkz2x4i~ZA`(e~x*gykX
zil=lw1)%1!cU-qOL2k>6zg*UVd=P5n^{2a((jWiuO}~^{v%j5lHgUs?rG{zR_#J(Y
zckkQ%OB$WUQh@`CYRw4YFSPL2FsFY{aiSY%;G+2`v~OA9zasU}EQWa9D6d*q$SOoL
zYrY<kEt3nnz7^rkvXj{`9&PtCY`$8*0<?--(-{`|S>>Tq+h{ELUC~=i*-U2hEmVaR
zE?A93yR5XhPiH?q{8R=Ilh{ixSrmD2`*{daxH@^Q+Muaw(4u0qzkBW_Ai90IgPCYJ
zlWMQP|C&I9;KB0Mvd!Ygfr9FGCvP#mbfJL0wRzh)S4YUacxtl(H)hE5P?X}itShN*
z>p%qC%`tPnjwh8gs}m4}O1eZ(GM~a?BpEGcZp?veRb?*}R~js7*9As=Q<n8>d9-|F
zc{^t*Q2-zwoc0pVDuxX|ujGmiU2dvyYC&enX7fZqgposxOR!Wi1LRMYjhqgs+|2AK
zygxE}OSo2T-g8(?)X;^^kjWS77!kOYTwbWeFDm_Bl^CiwZJKC-Uh_pQs*s9FdHjW8
zcYn)GA<^Le`8%@-m5ng){B3h%b(5fW%b^p^v5jj@?A*qhjuw2w_?&rQEtG|VFuHQ3
z{#ut_gvV*~y$`AY4jq!5uVOcPBA|<)XZnzTJ)fo#kFs>TjPg9>&b*F|SZOj{9rB@8
zTo;ShsE;PQkG-uV@aLgurrD?n05eDb_59Cxmv;;g4a~OT*X{rXg^DU}BYQn|e{}Co
zgqc>Y{(9yay8QQ?)F&5d4smk@TdXFWGiQo$X#K+quur140gq)yei}rw2kzShCA;?C
zc+~#z@G0)|6CH8`+Se#SxqwT_f(frMif-SO2%9-i-H=X^*%d&l%x6N#+NM6J3@?jZ
zdNO0kYLM!ic|<(t5iLB-YQsCjazp@3TK;+>8o$U>TA`}flgfAg$#|Up&v~frryu{E
z6Wg5<E0!1=+Dk>9+qJhJy*bY|`MkJL<KINw_|354FR)-xvcXynByixbv!)H}C?VR^
z;7c=b%~#jT{Bg7szxSF=5ezXuwvB+d)uN`j?cksPIpNSYx<gF1;!`$P{EMh;#wIR0
z^REMu&sW<_4T3)h&lh6HH+Qx*NnJ`)eVr`VE|G90hWLPtxZT<!rFKVA**oF6kSRaS
z@SkEx0NS33>^R-vyD#N#wkTpAQWr-6t`w@H5h3Rb%n|$K0N&7TJC!~?I%<EnVq6Ij
zBN~AyKECj*e&i=qV(!tqZiZ-Vk_d=yIW#HC{AWHbYnr=gUX-B*yVbyt2HGKD@khW_
zbT<G%p>caHK<LkNdj0=A6b)WJ?FyTSo_+V|?Mk!4MDwNy`kOA@s~Efe{uo4;IFlju
zAoga9&)>#BUjjr~6z>*Q!I0WP=lo-kK$ESzpVdNF&U_a6FW``zNMO<Z>;DZ!Vnk7U
zJLP@z-|dG0hxYxyy?JLu<aQuh9XMsH(B9hMqz7yin)oh^tc^QJq}7a6b{Q~o!dfI1
zcSov&lz}THHqb0*c!jZ4n>7Q9g1}5RvpeGZLh$~Y<fqqZ`C!+YOsdEHOPxz@kGzR3
zf324ufnGHS?xX!=<$s$!y&!;33?0%}(dUj3xt^ZwJO&yqN`DaAQ_a<odMeO<TZgb_
z!0A)(7_Gd<44j`P&H>eVJiTJOuZMAg^y%oINeUZJ+;29Y)0OUjHnu<EpLa0t#@|=m
z#Rw=sIpKYVe)fx-uXrb#)#{Js9?WU}R&4aJ;TC0U)1>c4PH_`Amwg6;)wwmGxxl+m
zO+&b$5?r}?!EJ|`+kp17jBXNWt?gwvn|f2YXoSk}jATwnBTZ4dWBVNLs^IKdof(Yf
zNY!Gk_;mefPovd~M4i5=Ren+$VQOVAngP9&G0VMiC2!1*z~B|JTURpr+!{Pol@)T(
z{9XbVXdgM5i;GaV-eRrygwMbjS*w;BM1S~Ob|9l78QbU4Vr*(`bB~Z5*FS-1Zd-5U
z0!2?5%=%DBHQh^fNTuYZ;mss6H3Yi5HrK}xa&eTAu-TQ&#e^O=HMJz$D@__(INx&u
z8x_>~{9>5@RM)mK^@JIB7e-k7o3_?yBFEB=<pO-6KWTQk6THbwU+$Hr$uHHPUg$O+
zO_(?Nw7XFHPe2;DKWr~feiQ!B0Xb<KO8ak#Y6s>tQUYnGUqp0zkt&{K+{9b;Be<Mx
zCA1XrvN@K_(7lCBV3kEYCjC8g?51|%s?f!cD*ZOov%74o7Q&9JmkWr`D#;JKQtCS`
z7!-3Z3DT6@Ukg^20Miyn@st&+m+7y{4P#2h04<P+d@IKbXI)rG(5kGzf1ci{Pd9GY
zXSn8I(AC|*sL@Tr#8c%{^j}{>84t!Rb-p|RkL5rVSqki0swaMM<|L--1x~bLC6Y5^
z;N4$mSRwmY*cql%Es(m}FOKNMf;GU{!I>~tbcHi3bTa@|L1sASjos5Ardn%%BO7sk
zoRHgTmnK_e2}ffX#e>i>IHO|W0OLtI+qcek6XZ2tTxN$F;C!edt{`WMlAG*QTQ~j~
zcSK?BdHXWx;XrSnutug!=opD_312`K`n(T&G7$EPx{6B<O%oVmpt3ko$I;UiV7kH1
zX_X{63YDH-3|?BoPPu^kI4gxd?yMi=H}_~&<ujV5eKkL|XKGi?DXrz?=7>svTBCN=
zZ)&5JFVsGFA6$hn2hw!6FM0+0y`SqsGNUqzojUWy5mI(VT4ip&?skUHk+FL6n;Ke=
z!_LkdRW?r5xD^#LOZR$+&BKs`>6>;Z`@-$Qe&y+KGdN`RSed^W@w)dpSM4c|R}AKC
zkI|NqR<Qh`eh!ugofIu%0r#F)@isgS((J#kUL*5rNPJ?e*3>`V{sYL(2~2CdBDgCs
zCsk}FizRBA%sjy`T9P<UXgtTBz+a~(Z|bZ}EQc*PSJ*G(R|Dx^ah7Vf;Aav~F@tLn
z=jIhO1FN}L$t8~UhUk@CH`g?7{A=C%+^0IsPA<7(#1NQUY?!g^iYnLaMs(Hx?1L@i
zF`#G?c##u?PVdDfgSWkCKP3+%Fr$?kmloO33XOwMnYtXLm>Rd3De@)ep(Wr?@<E|W
zvdO|)J)4#!@+50Y3~j|}-sMzkm`N8t^$|ob_*z=sG0z};j)up$dxnpzDc>Yd9Sm3D
z9dX#a0eRj3Wq!S)!t-(Ig`c#t?p$@SZvZGd@|`s<*@U$3+J%n*FQac_P8vJ49qUdO
z#noF*pg(`Txy1_X#?qlNMNcivS;4Izi5Jo7l=MwP+AZn=^L(@hv1T(Ofn4!7IR4>?
zS1mh$$4BMSYlRcWD=)BDZ<%Jzel0AyYe|W1VcPMb98!!I8KRYw(}e-M`;K`n4Tb#U
zT9%)+T1BAgHFa<Bjj?xYk{zFGfh&LWe^Aq+y-4|8yB3IUMJ$=ft!c&KT3^ya-=(>s
zcD!2uccUYOnBQ;5jEVf9){<q=FQ8Xe%}k&bWzC=GNKVNi6th`5UHI2<6CS@-R&rNm
zbXG?pkYr?6r9-;~zd#21X@+uYpc)7G<yxvV5Ap?l@wW8Mdkc7E(hP=EuZ<0$4>Y9h
z0AH&pA9-HirQ^%GxyC3}c2vx*OamX3`;PfaB(H_mT9BOog$OxocnmQ>%xO3eBaR`9
z(hyLssErqt;Z%Z`=Fp=(yUPRKW0(*Prx@%^N$quz-2|;TXubhl_FeHd;aUnt^0RJ1
zLy+Y&cHT5S)L9O<gT&*2-f+AG-#v;rzL#oG4J4_t<-8tKr6aUWiF3CpdQ3b|vI<Bw
z_RP~+9u|icoxG&bUuOog-PEf+I?L3yf}y@hYAptOon?&NII1eAS$!XOFt9pf;%R~%
ztOC<`OIvVq);Yttz11jucFJ_tJZnb|<la)9HxN<YhN2KCqw%ZpYf;Q0?FGtZFHm&$
zJj*R1l43CE-~}~M=Wx#GU<WUlF=ENbkyxi_oC>*0*^{6)%rT@t)zcPmRs@iU6350=
zm=*M<qR7sq1s7~!8fs4;=!u~!K5K&vpW7Gx!A018?>IwsV6Ly)-GiZ*8N=e^^(IT-
zL-Y$UJo}SGM4686#;|nfp(AMoHc02Y9<oqK#XI%LLTXXn?ASBV(>eF~0kpb##6Bgq
zF|z=x1uL{aS}8MP7lZ9a!cKH$*pStJhbihhdM?3tj;{2r<*?rf9;CaKUnFJ}GnWKQ
zPcFiq-2TN$_4Eph@KjMW3?I=Z!(A-gvw#v)Y(tYbY;TZqnl2&W5Sksd_nt+dLkAWS
z&DtohMF}=u%oGh4&a8J8b~&o(5@?JX&1AgO4=X`Ys#mQ@tvY!fy7ZH;I2(8K@KG^n
zVnG@T#R>H!y;%b(4l4pz{YenYInQA_#<wgZCJCgX>(O-%MtUI^b<>J*ow@Ndqqtl6
zDwDAiS^HQ8?G|2fu7q6md(qVG=17|kT!jJk`3JE+Fj{CK*EHBMk1;H~?f%Pc7!7am
z*wll<-9Y&8g<;%bQxT2xi%ODrzE{QmUES@umMB`Y0jF<5x&<B~?I%-+!cgG~)dpzF
zn@(Bth+3#kp|5;NpMp2u(X})+f-T<5HnmeqGUohf59=(ZuQVYkAh+a&v8JfeNIf=k
zZ4`IOgEF}xQ0l|deIh4U=c28;GaPAo+hOoL)|8su=b24R_wvNmktwOD-f+X@<<LzY
zL+ul!(_VnevDrey#^6%F1$KD>CZ5iDHeK#WObwiHIeGQnY;VX79+udYyh6m0;ROpp
zW357WT3uxr>da*0@2D{`4A+iS({<pL#LVt9$rp|fz^WjvZD&N>XmlMD-B}MX`2Fcy
zUy_PZI>FN;tySs~KPZ56oS#%tnmDca5C>zA)jaCX`@$H1m<u}uti8-%{HyIr$c{k=
zYT3mRiAe7$1?bq!At^P$U3pTAE;K+4P@Wezqz;Htl9QA1Zp`Xh0<ue+=Z8W(!eWk%
z4;sYWD9jN{PyTP^3?Ne3AqM;Gp2?a1L*EG%7lTzz#%XJk7nO@v;Pu$`s25MG{3DSo
zjS&%AChG^N24w!lk&L>4kAbB$e`ACz`dqgdpgPzjVdC%|H3ac8raN<l>q!(hYnt{O
zR8*KDA9AA)*7e4vul(E8){#s70aTLzKE;+@@m26CmOe!&Jp%Z2$p5<S6=K>=nImN_
zHRG&&7WZZ++&*Y*&2jw;{ESaoD0#t{F3qC;p}Zt!`Bg~8%;Yz!B#VZ-OBcTuR31kO
za_D#b__V+`Kk27R2d@a%6Cb<XL=<Kb6^ofMFzO+p8vfr1Pi=d%0{q_ZAXFiku)90^
zs<Vj3p0@Cas@ZH5yh?u${!=#}U1U4uYSgJfDO*mn=B%%NG2Rkc7$YpeWXUST4VO_e
zLt03nhh}k?4U%)75x|Ft*=o8=o#|c5LiR?`m|y{Kg<Yd-<~)LLW~{;p$tKb0MqQ)=
z&!wM`G)kFt-#N7zXsDj+RCF7(eBPgA6w}&{&zZls;{F_pY71%cO<)mR9+8OI^P8B+
zVh33blcnnQa47M`U?4Pc#<~LdlH6xpYe-bMHofe6=7Nv$`<2$u27|OJ>n@hD6*V&V
z5|#=L^vs}kM3P+cW_=Cip01~_9aD0MVLQ3gul8mBoS!T>mJ`NlP4OfKxH09wxurKm
z_%*l%s(fPQ+iO)e^sM7iUlIbHnbAmRuD<~u#?Jd$mSSwWt7&(U6{tI7-xs{~NS<2&
zk^P{)^_S%Rl7tuO?-8QB)LTuf;hQsWGA1^9lGEw^R8Q7R9u~dP^^#-73g0{}N8>MP
zm<&T^lDWs|5XO7VK*L`KfBM7y4YIm<C3@@JArlMosUMaBaI6p`ET1Z@Bd)lPkcQQf
zTtc1c{m6~jw2ky&V`AU(2G~$N?IE(#Ik~K$_go2_QgdJ8lQAK5KGNMcvCAqqL-X1)
zzRNjxO*0$6Bi;%cZB=r_PDO!|fBq}TF)|fpMPX>dHbxOm5C`sOW19>^Q{AbCzKvj{
zrXV$Z=KYj1GF{hs^r+*YA$U=tWWj#Tk1exMhWR{3t61nu=G=nk(;bubTJ<y0W=REw
z5*Jt72cDD?ePZbSUe4V4aYdCJLvLiyd{l52)!8CWHWKGQzjo*-AFuO$IMy6z=MRTe
z_!)|&T1%a@zzr70o?|44;q0PlD}^A>XVwU>B|Nn5CZ)FAO%>lWxQngF`~Y#UOfO-t
zFSeD}=-w}Tse5U;@T(Os%~`=hU9xNQrCAF$=^Dco9Id5R>opZj)n^9?3a$Rr6v#;3
z1Y385M5rS%Bn7H2I=NAXQlmenBY*l5m4gtK;R{y{$km2LA-9-82{@&;`zDooUyN;C
zr*|aVnXp4n2fp?%;|kjLzKIR)RFjAhtpP58d0?h?kPbi`%F|XfQmd0p?~NJKPlqZ7
zlI2pEapeb(;9h8F5n?-`9+lSDbI)q}H5iXfri^*)X)r$OW|@%wegz+2T@lkC`KTT1
zW;pqx5?U5yH&H6?bAt6;&;~o@a0|rai-Ngv9cVW~icG3yXQpv5%tmI)TCK3xk+2ER
zOA(R2E9vb0gNs-7bMeTI1Ppty;}|YnQ0$~%I%4ZuXs8uf{&7ItgSFuXAE+_O!YtTE
zj-EVc#WjL-pONcpTN&)&SJGlymF~o-;qTT*y>$OHI`DxdQNQSn#;Cu;o`wDqgu7?$
zF!n^Zmf5dWu*)1ygA53h3lzKe;=YA)Y5}8TDBQo7+PS6-CtKLW53T{E5brqcFy1x%
zl5KR>s^Tjo{?8_5i;D<?J-@e)7Y<oKSf(M31IDPpga(IcWdn7wGidjC$K+Ncf6y@a
zlok15E|p+ep+?<<RC?0TZ&Y<e6Z#LxJ~Ca4u9{uc)s0iPVk7z+&cbVeGZ`E=Zg`0^
zJ{9ND5&5`Mgo5YBDYxHiJ)|r3EocizFaB^8o1i%uz8>u;cE7)fW=Y)%lmDIXAo&^t
zYT}PN3sB7;v_Jh2xw4GqCcyT9)U>k7Snp_VjdlmQu57`0%W~?ik<F;b@$N^$itbVN
z`S@r5A_R9?nelyCcAL~WkGmwPS9-~V3y{;+B&QjlVcyJCejSmEEN6<Gb=kEGd6zaO
zc8+YY%R6*tCDR@4p*Dwb`ZBJgRfS+uPTQBk{C!h4*EaH;_LB|4=3`Q(bXAf<bwBS-
z-`q_g<4vp7V-s{oaFMpPmWPX<X}zjn<fW35a+3d0T>!Px>hSX>c3HW}(?;vm#2P2o
z`0BN&YYg=nXm+BzceVX7%vJxiHsOps2cQ6!?>L;+Bpt*xlaHx#>xXA3-;qHfj_q3w
zrANgIe(@yzkvH#&_AnH0K-ZK3+>0NdJvM2aa#AF<plg+7R=ImWHlCCRq?6c#eoAll
zH2>Z~xgj-VF;^h*zq5pe3ETOkn6Vx5;{qnzcQ<*um?lX2`u@%J;jy8HeW+st$6Ix-
zaL<!(iIIn#L^Z1n{7%yf$M2e=pu$q6Z*#`mbX27%;E|lKZ*MR;t$aNOTf8v3(5mb8
z$5MX8*Zdo}Rq^s%(LuuL9tNML+uZwEuT!_if1Y!|YjQ6=tN7g9lniv^>dp!>ncJ`-
z9D=IrP?<W=e_k;ABPWe(!GmNiJuEY{*n>H!M{F)kCm3%D&legKbEL+ShF5RYHU<of
z1OtR!cn<Ko=J$m~CLjfaPy6ivqInYnBkm$uu^j*qm<c(b=2B4Po2RIQcl}Yq%70El
z-}fy0Kh(DQ7V3}WS4sp_I8##VhR+}Tsc98ymO&^Z)*k7^uCN4Fx{Dl|S?<#zT|!-_
zTON?wutALT6=IpHM#NOYEpEWO4)uy_AgAFbW9Yj+hTBsD%lRK_9ae*#RVObJZFG0!
zK@};!w5+^?rc2oPJoSpvoYU))MH5-biieP`_*ld<5CONbQG<=r_f;<AS7=YdL5G7)
z_;k9n;gR)AO%HC<#;X?7Hg#w@7;N^c<O|{yl;rG|(U*bsqBQO<`bAcdWcWkZJjA^2
z`sMYlUYzj&yNhzGJ)_>LpL2^{=^Ld-`?~>thy808zp(~F?ki<2s;2h!#K%TRu?WwX
z;yP-jo(N_W8YVurdXnwWVj=n-eIpmy{An4H_^ZmTm)E5a$$OVN4w=1oOZRb3b=8Qm
zqKvx`1KvTz(9n8oB;CWcf6vL)1>Mdv@DhK-s|lPf-yfi|1bITh%A^9}1#HnW&A^{h
zULWURftFcyg#XmzPZRCDidnqLEzrVQ2>!V%iRK>q+&48*Mz3#3z8o{iUNW<j!g$n^
z6VgkZ*qAp@YWApRc!~x7?jEb@bi;^06zv|NhT&#mMQo7!Xwj+JxH>b|(yHL=dypWD
zQwjP{2c2~uqLDf6RpX@N;MVmgxY#fg7bOA7hc&tFUx^_*TnIOEVPAS{#^v7OyY`NV
ztk}D-Zu(kXcBl3#rrGnG!}hK!<r^`?UB-h(qSLd1VZ9>d{?C)K27c9-W<>e&*~{XZ
z3Q$zgnAq8l!`{4fDC#jyl;Z@h>TZ8s_J8W@38{TsQqBLy7WRU6^F(h3+`eIbz4EGe
G?EeBWzMVb*

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png
new file mode 100644
index 0000000000000000000000000000000000000000..e86ad1454deefca58b80b4c04d171bff693672e6
GIT binary patch
literal 27939
zcmd42XH-*9^fnqrL_x(uQz@dNKp-FrN=K9yr1ug!BE5#*6cOnH2_U_NmJoWcDn$Z<
z^bQJy5UL~;L%j!o_g(jX_<y(`-gm7#Yq6L$nKNh3o;`c^ex5zy>Z%HtX>ZYjK%mP?
ziZ3-mAgcEu(3wvc&I2vGiP%iw-$fTi19uRJ?)vH9nZcRBLlEc=Na^KsZSS<T=72RT
z1s{SDRm`KY$1GE2g2`qqHaA{Xm|62FR(a{?u;tQms$M7$y}th7?e_=Q8?F-H1#p>#
zhkIN;ympVXq)X|7mFs(lj~CDQcd&#CHeT1?#l7|_M>f{H6<k=HziD~W`Lu>Cq&Mdo
z6cm`B-)FQ(+!zXw;wT!KA*2=iuHe(O)Fjn())n<m_HJARCJPk#uE&LL|7yXm?_@9h
zs|jkVUpVuxCQnPt`LEKZ_?+|HzZwe<H}KJ?<sNnD)qfSUysWEd|J9-x7-audg5&<T
z4(2v_wKCw>4*{rN)Balb=0U9FXUN~>lS;SGqtQLbBkqGbCrduIn?C&+ic-p=8={15
zk2$|%{O$?ZSv20M?&$X;X8VWOqd617A}Uu(=CMixrBzZ)OQN_ZHE>7aVXO3^9z6<u
zve{~+6sY^-m_z(AoBx4wElS-_xA8+kRyy!aZG63$tHlf1S3ZgoQv8O#1)ZopgxwHt
zFUrwkU8pDjnJb8t4wPmTeaP#Ml*F{KN3B@uhW?4r%XHUF)5K}Kzhm=#{Uz@3m}AOk
zP%?WjltHiibE`Nou$fQqnh-CZKj=4M9B1QDQcUYLb>bgYoS9IWdGreL<!x3U_H&n^
z`?vM3njo+$;yL%DMbEpXv4xlN|6m#x()}K^0*hrP-0Q&Ei+ozoET4CX7oZs14pY2U
zuvU;;D1MaAT!p67J9|5m&N?4RO#bdYt}^;sNdqRY!^{)QHxpruW+><!DgPsMuA$~e
zv$zLG#~B7-X8P=p!S6L^7ndwUA+^Uyz7M+B*Vz%Kl@4^-Vw^Skju9hVdc7LwnY$j;
zaIippO|a-4)BasxahgiDi7=Nx>jdXkX%c}67>X~pUiW4+tuc05j{1?|@jSfzh8gt@
z5J-g1hxa92R>qzed!YY;bblZS6g={1j5pV}$nQBzW6;v5^ik6M8)}U?6XScl(JG@~
z>eM4Jk4&QOw8{%Dy6Y^~Ff&8G>w#Zs;kVmQb`lciRGboN1tySt67(ru2?FdnNU@Sb
zC=)VuX?R)xm9lI13IoA}7t%4IErpV}NKhgc_cq{6!f*x^@*O5y+-d_Bug7q2X4G$T
z&pGlXqefImK5P3s*+BQc1?_}bi1L&g{=A!LKl6?Ws%GwHABEMKbevK%*@UW*QN|l6
zImEmV9v?5g-=~D$*w@cfZj4(?Izm^fex94^tRBbD?^<e)(WW*Y7DX9Lx6tV1s~S<p
zwlvd=94UdSL!z#=NBs-cBxJI}dAtT)b^CL^+RyQF&yozbirFoubY?{P8*g_B+D`Uu
zhf~=)8C~mI^)#@1Ncn0)nK#{Pis@OOAT%zvu2;5kxBB&q-!q<Sb^=r*i^I3_YJS$a
zPD)5aK2Fw~^iF7m?JV5Tf?%9}1s-Topxs64Q@b=r_)5K^4(^Lj#ptT=cbnZ0!FI#)
zhCjzg`6$4Av<qq=eb(LV<U0n8Y8mt$m4q~oiQ`g_Vb>o>Fq<Bm@8?4ZcR+nA-jT=i
zIC|)N&j_8NVvRo2{(2LB(Y04ryN>KrqXv)9OvEpp>?&H)!X~4!1Lc}h!;qA+9*d?;
z&APpm6-_wPP$16n52~PwlTFLN+#y4=CS#7<@`j_eOJny`!s7R-SIAzS{#+J4_6MP2
z{QO@>kp96B`_&Fh?Mp7z{0K_2dAoJA>JNr7F;D>t%;wJXzCN`;{9O5sZ2S2hDbM@U
zoMnvV@8>Zq+8x%TLsgd9*KGMQS+Vlp*h-lp%T(RyfuQJoael`lbJDew1Z$}Sgu8Bx
zG1ILHy|fDUdVgg$tU<EEZZgeS?tDTTWb+M|FO(9nrNnf@l<@pr0p{w=3Til91k%NT
zVS?*-Y94dtTEStx4URAG*M615^B(Kgi=f7;XI^sYxwY>*H)bWQj1iyl8wF=nv}cHU
zJyYqahJFc$=dBjc7mCd$LWEw@<!mxa8oio*U2KK652|oG$oTVcRyv@U*&iqT_{#V7
z>EjYlja$LX@h3I??~-3@dyaH2kZFJ|m)LJiYmURbAK-tIp{Ky<3H4~{@w~C3Uzc!g
zCN`%hE(UFRO?+C6gHhM(10rKS5-h{pByO#Ob@x1ptSHP~sB-fv{Mgr_nkDwKeCRL2
zep(BkEffiT?({hvLAp<hS(2#G`(1}|FbwRrw_fB)>I<tWjkIPJFLE5J)Vz*7M!?+`
zWMnTTcr`7UJ=cE1aeNRo3t=7!6~~gRGX4MDTarAE8BO7Bs7Xz(^@rm`(Am7E^?ufY
zu{u1)P$PU27~_+i{IL5C^$Tcs6Z&fZ-4N1hMFch;zK$vBjpuR>i~Ad;?O%^}QPKcw
z>|E-e3CsoCCmkvjXHY-5qRuUacz$Y29*?npMf|wuLGz%G!y}Bl?_RIM(5jfqhJId_
zqW7Xi?RDf*)62fV-Rb>J&jw0b-JmcRVr=}Pc1BK9y`RHe@4d!u0uB2?TTg+LY1iY>
zL*kWOl70%!$b;sz!o#|N?<;1D`Am9kDnl`jYiTR31g-p^H}#I%J^4OM29*fZiWpds
z{J2hLI$>4zjT*CQrj3tzor@c5(0PeV5pu;Vnzs6n%D<)<^)uK+=~YlB?ohBz_%8`7
z_2A0y>M2R~+Y$rSKH~OZciRn{A_)S_MUE2H{|a?`N|rWp6-#kG;1hH$D~jbeI6X)L
zeXFnfO4mFK`nkyTwT2G2n4VqS7bjLsNn?g9&M$j&xL;UEyP2yRC-zjMrnm~~0~?KB
zCF7j5^XtWvS6~~FuAE3YJXp_!B*IA{*DJfqeJl8OL{>7_%y+m|%@2=S73+e19F_L^
zx#0ixO-WI%Jq0S-E&eA%VdC{h;YR5+T$ER)$o$TIO--596$g`!H%vEEl67A9>qO(s
zs&Z1LG7NnDcrVNU6`c@1am=Ld#AiF}GEsv-Ea#i`FXRe8fT&&*H>*$m+&!aY!{zw~
zUx9xHZ|WPV01t@8_XpVy6+z(dEGQEw_iMdizjiQpvDQt(jL#R2`r3}BMBT15q!z&}
zV{N|p%AcdI<KGB-H|jf{ftCt7Zoa}l^dWt#O*@vg18)ra^*%e?R!j0+pqOPSGjG!I
z_)`4m6q{z9;vkj&!8W=%?=tdt+(|N;PxY1zzFU7pztctbbf5HppDypA)pgJ--yn&M
zF;|RBmR#6K`_4kMk>R<smUuEuGBBGjZV1qqK0S{EeYdis*glMRM|I`SGtXf5UB30q
z)U4gIOTvgqSnJr;)V14_7^!X8e#GjA4$5+y^aYyiC(dk?QqErAI7dMDEJ31c?t5@y
z<BK;XOppa)brjNmIXT0qf%N=hKYEC@#2eeEQxVw#X?VXBSzZNedOhly+c0P*Gi`B4
zSfAD1dX0D{i?A*7OLG#}CWKt^xrUfj!Q6Jf@w*~JXDQyzKGM;sf&2Tz{t3y)sipfK
zMr$cSL)&~G@%NrO1SDqv0_>;EV|SwqS|YJO3oYZkDi$QZ*2OP0E#~$PRF|$_s9M}=
zF@gJ4q&F%4=qAsTeC!>=-Ej;iP)#g%b@i>0fuuEEp?UT|jfo04qz?vVq=in^+g~fy
z*1wC(izyl^rMtmwKCm;JE68~McJZR)RAAJMe2HQrMp(te@u?d{J9(LX{DCu%y*Q=i
zQ)SJ8=B@ZK+=p5|g9j!v!Z>v|#$8!RB`ysNb1H!Mqo;idj#5qZ=32hEq|Bk?KE2BI
zlv9hSt?s=eJ{JbK8lXhAO(t2b3O59zRf_Muj`DU_OhC9n&9y?>T#wiAAiKur2Tj{N
zjbiSGGGB9#1|oiS+|4l5&TYvRqtl`Md9d)vR0Y33yizqcckGOgAu|%5`%rm4-V|Yo
z0rP4(G9`rnZmhb^b4K%STJ89N^CTS>s_{ebNqSO4O&z!1N}9ik)eX21fv!Nm2;Inx
z{`9KyQdaVK%{+T>{Thrsw{*INLEli!p@MU<g4No``zg}N`O0-&edY7bi?J<6=w)y4
zJBW}3<EEGDN^;TAW9Ke~hy>CnFNWrb*Bor<7OVa}kw{m(@;X}8ikchlk?96IJm%?2
z{prt*)WaB|(w(_J+2KYaiHfrcwPxOnh-dTFThn~&4|DuqPOeEN520odD>8d|3xx|s
z^~gC%BD-#i*yzKIOqNY+XP$(lv7A4FzFZyOL$1{O>j>%b2j?|>4B-+pDehuL?qO)_
zYC#c*^LH8+TYD;HwmKzp`GA<<QV1Jy<s|T3LojDTBX^B!_c@lcZojJ!Pz-l}lmi+D
zV!3|g&`Sdn)LgvF(;?6R^$q>uZ*&@)1ZNNQ<OqR4mie|Jl=qSMfu>6gd_d?y*Y0Q3
zS9#|W(9o7614JdsRE{O;6~{hjnE0{p8o5t9GBP27JqQ#Q9{vBHg);v`T!f3crx25t
zMfz{boit4UM`Eb|;l=;Qqq~A1DeE(hUPG@zpwXy>uGoT-k`mN~BcfW6*o^l=^pk7A
zI<wd9j2ba(M*Z(vC@}tM5c%m4%xgxN(zGO8Dk{goMy4o3>aE<?V4J>Uizi@{t%xr=
zCcUwE$N5~2qh(K)pewA;KFyL6YdxR`9Rh({_tU<f5HpW~h|;gmJ>zk>5ouScw{>ut
zsy6QL=Ym)JPVP9uSnKi5Y>$x5_dO_cVmf^_<A@q#LoHYA#$NfOr6y<I(=b`^0(-#r
zz&5y*1TOeU+8=8TbaP_+L@JJ1B}nbndkn}iqe5utRS{3%kSXr4)_ruV*u{eWz1EYX
z?c=@HAd+n)w)xLjx}ntB?R+KU)nG9sZz_Gj@{0ujJ=j?Jt1;B8Vs!(4*@4(MGS3~o
zM_hM!x_;jDHAx!SFsn|Jr%-{~u70|ECls1^15CZoZ~gov7r$)DaWKC4_z7PwLi8TB
zBNO@q!+pF_dbzXz!tERQif~w?XL|hcPuI^g?){Rv4fHy-r2*^q;-R+ot{IFYp&MVE
zgAS&^(P%YMrqB(A%R;?9VvEAgUIBQv4^*d$%W`hTs?eQb=KhfpQ?25LRKCl=`kzSC
z!}-NJSgMui(4)p+o-`PEJ>w>_W_kB>V-cRPCc^c3?bwEbz{VQ1Kp=5_d;N#K{SF*j
zX&O!jch+${qDNCqG~EUMjmFdUWO&5AL^%(tA>l3KZo>(#W8+7OBVUNb+LEiN{iyY?
z8~%_;EY=>&5n$xmadTCk*x`?~8l#M}8*@Cm61wAq@3vjssD%r4?2kMgbyiK79w>R1
zU+POf`YllpL9f&mV~gi;n~m{}4(Y60O+612Yx{`$Mf`*()sM7vTDfYw8{ByD%{-+#
zZi_@+Ny1&9K)6b;bCE>xBur;^>N{ayV}Es{vq|X`5^1~h^FlqJkq==rb?)$WuJ@Q}
z&{6w!n>`sG&2snBYkvXPnC(Vnlo+S3#2R$@8Rk>*&^@}mzHUvgSs#K5RwGP_Eq$+v
zAerF4KU&>laxyghj#wtOBnUIUn~Qp)f_#n)C-X%9Qjj9Wb;I{dg|?l$e>EL$ahz-|
zCgU_+7p=+RYW^1DO<1pjF-W1RK&?bg^a+3}ta%<@>p+*;?oUC|i#d?>#-{7Ot4+6!
z;^DKdh>x_g*q258g(`(k+f#%cBO;G<gsEef;~fj@9~*_d;1Pus&rghDGhs;PbUkr&
z?tLwcX@GI7sN-Uyzui;l3!#Z02G$Ods8y}5l$AP<O=5~B;Lnqm)1<hRJ&~+F>BQMV
zXE3{6W&G-&-`}S8GLT8do&)*OIwQ`iFi|Cuu|})C=3#`M*4}h@JHa@{%4I4XLTnjR
z-bv2y|DNyp6z#8LeX)n;6nr`#BF4!cy-NU_QlKT?D<6qsq19ir`*gIMJo?hrVk6Ms
z-sD}yk1EBQfH8!##g&C~8&yOjwpMIpYwx>3Ju&DIW!O1M>mqy*;S7GIi^y$?pM%zt
zQ8DJd&U|BvQ-7!G8gGT_OqTZzU;IHxUJ1Hg`}<j#V5`Z_hCf&eFCHo~zdGa7A1+iF
zh0rsyWmMq1edKun;m;VpuQgSHP7t33M;H-OC!Jwzwe@>Y?i0sVfiC=lM4kWrf<?D9
zsZ!DJD7Tf#PSXCmrmBWWlFC$*m(ND~;iBTP_lX#Ur=xOofse$a8sITId%4Uv`2_&b
zg*<0FFCdf?^G>`<1#4RLtx43BLtNa*$Y_c%d`(lK1ELN!y*G<;Id)c-ovW)vtEMb?
zDM;j~!fdZ-dOYPrKIf5!<A-ey;jX%&WY+E$m*)QXz3WaP8_T-Y-3>LGTw1qN7Gn~Z
zrjKf&`6BS?-C4g)zq!=ey_P){J}B)yRAG<Vb2|+iPv)mOi8D`L-0tDu^-0sg5AWO@
zksme45U&`=Q(b=%Pp?aJ3LaiMAIoaQ*-N;RSh$)e4BMRBIM+Gg7m&wLd;{g|WlZ*9
z?Z2xli>#L2l4sWE!8n%C)tp7@jydp_YSu5AFNL=%H@s%Iw$;7aP$dAbfj7gv&|mrN
zMy4Os2fU(U<&wkP2ZZZqmg5LR8#BZ*ysoE%@~jtM)&1Sn%~oFIZ{uhgKZTDoa$3c8
z<Ge6QSW3!X{XH(@h^!0_Jrf`NZe<B1+8RfLrcTlTj2DC3wdzn*v~1xOl$gcJuW|Sw
z#E^^Crs`AEx})=yCsFI+82RJ;$NCba7=gU+`4Amm_gC(Q$*(U{j}|uq`fSo(=pe_u
zqZb@Q2DNBrBj4r~g=UxjUA5Ak^jvjsh?v@V7b%Z!=se_&Mb*EF@AmOBDtnjfKR%fD
zuE*J9AU(9fbNIejlimtn-vD(zHfCzt?-3---adS#V)-MiXCc5bQeSmSB>x1`(-f%e
zs*BV@{IJ$a={K~PC8+i)(_%3?>p8{j=t-C<>5JVdWE=eacVD>J4@a>W&BQA8w@e9t
z&fYadR@zw^LSy*uSJ3*FU(0@m@%E{f3_w%iW1{)NQl(ciFmN~<M}NT<Z#+Erk1MrQ
zcMi3H1&uZl3^6STy|W_!%TdK+GNLxpDB1Y1itYVS&x|G^x|Mb$luy_sTPt0e&<u9f
z_*{c-D(*!Jl*SYuA_sLR{C4E3FNTt*wUeS@u}J0)&edKFcb`Aw1jJ3*WTXf;iZ+Mx
zkP<n>N}p)Ynru~IV^%ksHH{Nz_KefIQj_f2YcArowz}Pz^=Pnmv5u3;i=Xal7tf_N
zxM`*ZF4avpF2WNDsxbrs-T=v`^CAK&{Xg?P$HM%}3_V#z-4@&VuCL8DrxsHszkLyQ
zr37BSK2_@s(rm-9N(cJeI(cOtZx;+jKb=*CeUYE%r*GKcx{&&o!Ino#^Xinh5NP{L
zN$qUIC%5+hK=PkwN=$g^3{BndoYB4bA4o1kw|16qOuK)RTHj0Gn!&7lZKCqw`gFa!
zW8_hJ7rU}ehR+h{{uuz3LXF%vCl53|Tk8Ch|5o-wnN{AU4EU&lz0q2%1nD~{@6>Y*
zmTI#;1z~|uGS7_joW9W9{%GxJ!}p+Fn;=gRz&!xr83*t~uxgs;tp!Cvhb9`MnGfsN
zHcN#!KdeN`PqDt~e{wp^Kj3~jcsC=#ZS-}e!>MQeO<lT;*5?bI$)}7RjExTM9sB94
zy7ysTPxXSO2HeP{-W}jXlYERF;D<+oLa&;IDsmbV7!}U!%iu;DXLqpMDPv8quTRys
z9<6WtweI;PI2-(4#8K+|0{~ERsKs>CyG#55Vd%->0bn&8xk_wv-_(EPRV~nKFd^db
z!>)mAmK>>k!UCe}5q8W&V=cSY3D4$Ej`uPd2!6BVjBe*J4ex-}X}uN_Qj4^6v>6ms
zQ93a-yIZsFo#vF%5QP&f+MYy2VoTzA1l%*->zjxw&K5z!py0UR9>D*{Ajo~<&N+8r
zfP-~I?qx*p=>eJWGCuyUwF2(bN5YX2fguc0DVBF%DLlSIWlZ^6q<);3|KC50O^7Ev
zYMNj3vJ8p_Yx|U4<1aOOuBUv@l29}W4OhH4v~z`n496q&R0kzpe#z{2K5cnauNsj)
z|8t8s1&4w@NY|=gO_TDu34|uzKxm@x-a`H({YvN$#n~BUy012;ym>r7m(L+}td?MT
ze4a(9LbZF4D=&E(aJ34!;bH<E%9+lA<kTBnN@GoUe&^4JyFObJ{ed+?wGFxv>4Q~V
z{Bu@@x)L4yc!B&Qz@2PiDX{ufL0Co5bQdnfsrk>}D0mNNfo&cdup2>8O}ZL-5J#){
z_(F0Y8ll7UQJ>}vsFMnk3j$kZFp5k25a@?!oDYJA2q#C%gAX_T`Hq%s=$$hUCXZrK
zrLe8RZRH@+QzFXdM6qFm*(5o`uk&${9m{=9i@ZWbjmXim2g;^R`6XwEmV8YUN|$*e
z4QF;LcvrN<9@f;<7<P}-s0cOhHE*WZP2l9TaXAcMALto@K;y3fc1id9XPb-(QCEYb
zz=fr6#QxT1WZ+Rjrntto6=T%&(XRz!!-@Zs0GAW;Q2)^vuLq;w`cE1;R7$6YBqf98
z+>ds~oQ;a|5Q<8+jqeH=8w<Thc;X$gd%}+V)-Cd*)!E!SDni|2yh#R)1gPyxzz(uJ
ztcyB}xu$vE)a#qq16<bMU&ldlQa*%l#JG3%%kUHY_{%eh!9ud`r86HsFbeV9cXQvC
zedwsp!XsTF$jjcStjlSi%#7Z8_lROF{ln&!)@sUtFa?)W^BQ`-!(MOb3H)A3g5|)I
z?nP=>QhkWn@lI(_GZGGPA0ku?vcbZ#kgSU1aJ_XY%lRw3V*}SU&pss629by{>3oqH
z?iU0ZtZpJIP(Oa7ylt<T8|7WH8(`)U)U>L)ZlmR0ue@>#hJGTM^z#iieSUaaGJUKI
z9h_fOfwI4k?h{q5e-Ay+mM}lU#SxI}R+P}4x@8oIX9j^fyZ;52$y|g+ug&~!P;XoI
zi?A9h!0wg8&uJdcOMLM<T6G^1Xto$@C+US^LQ<r?cQ<Dn13FrLCO#)nLSX=S$HLwf
z%V9ccT%#7WKSb=j?VQI5n4aynf7Z~#>I!Gutu2n@b#iSe62BRC%8Ie|_z))w)RtI|
zk5f&a)t}NopgZq+xZ7^IjD^G&Y)Tw1D!ntQI*5|rQwxjJ{5x$U?JiWHp4pi1RB+l?
z(5dX|S<IQt6OP#YxuX?&)$7|u)YgH?$188U>>l5t{zIM%^zh@n<vMz^|CRJ1y+Far
zY2++_g$a=JFZ;cdAoq(r_7*Sc`pRr2PX`2C@hC)N%rB8s=2p-XP(S&IB?bVU0JYTt
z)={4d;yZBD{UYUC*9iq-S$~`7^r0wv07KBHdH@b#GM1R)j+peltFp)8zds(UzJB_9
zFkrW@yrJ?9aKriy(HSYt?TVc?voHg3pZ(Xy*1xqx%M<)^P1)q9;~Zv5@n(v2K&cQ_
z1#RH*+{qiU1Fy{)sm{bxTnc0c_;qCu`~hWuh)Ww-B9%^&TZd^+l%?xe5&YmXrqh`Q
zpHB3~=?)wk!+H~IG?$~7f`A=k^!e@F_`!5{{;vGk3d`weGO|EVfhwWphXUfxMm&d$
z>CzbOKN#*nDef3ry3-zJfCNS_@k89lP6EGJ1^xnTz!xjjK;64HDSbB%Pd5hkpkM8W
z=;6`R=Bw8KI9}Daa@L^HtB$uh_XbL5PW1QtzMTjfJX=aSUUVKbmHadQ^5)@T>%l;`
z@TC8-xZY7uc;i1Q%3PrZ6eRcPVl+d0n%Bvydy&cM3<}SkdRsvGfAhru_bF{K*X;My
z@x0mjD{Nv_Y|EI+zT)U#TU{J#Y7$%RSrI;SEdf-Y&c4R~-CD4<w~r(NC{pmnUf`QK
zfy47c2mR@=V5<LTeBk`*{^fQGDS=*`p#wZpp!|QPvvqG$gMvd{H|h!bLu%6LX91=^
zIe~`5--T1|<NwTlvs~gh{u4IDm1Hb*O`+9mZM^(wU@MFx&|9MVy3_y41$eFD+_+w&
zBmwI`)m#T5KxbU8Yc}+W64E?Qj`m8M%yu{DGF8)_#cechwuBq&nFj3OtWWh|{64UF
zzwYOG|F8@<I_I~$rj!KpG-v=0ydpl}=U{d~PgtG}z%`u`_7fv>KfUwV>R`_Fm|dQx
zW;PZSg+$I>emX5En!CyJ;4V7r>xBSQA3So(oFVL+V*d4p*)i^>lBj)-e$iQ}PYwgs
z!`Am8t%oG&XLKL2)@qM}KxJ1{S`^#EAdrIw5`f%;SZ)Dxr;^7-Pv56!mw4uyj-W%u
zF{(ko&o=wj&hVmwm6W#X(bxt%w~e;9R0-Z5#<=9z)f;hKs#_NVz-d<M$@Znqo^H)n
z8pax1LJhN9yby4<ZE+U6xF_F?$B;_G0t^$-plfc$)muLw0j?QBM0tXBM7h&QafHeZ
z;}qUbs4@Ye1`Fz9^Kuw_OD=Wp%63!ILe&-fpNjUwc|iYy;|A|iw?||#T(%5-1=UaC
zb=Qn>YN0GCJp%_-Xm(Fp>#6gI0MsZhDc2*9m1pBg`dGmUSLn~kuj87`Fg3>GwaWgC
z_ak1nfu`o~^Z721PPT3lhM=XfU=^ft(OPjI>Q_!mKKu^#fUY!N<3#5QuOEu7C&!+0
zx?-5?fc-yn4=;~PAPUv0{dPb_=!zRKSfhrV>*aTaP1Pe37=#4QSyER(Yeb$wj835X
z6V+T*5e@z#$hRe-$Kw&j62*L|tI#Xuh5tmZe-042awmB!k6Y2atb-@>BrzWsict~6
z+G9NOiYgHKkO<qAr8l+EP-U%17$a?|pbk3RFm3=I|79aHUhX9Kpm?a3TD?`7slBCq
zWN1{Po3Te#$S6^t2~KdcU>k-dWIFSjo@x^(VC4kO){1$azT%1XbbX}-PA$<gX_t!#
zpXPw8GF8{zi6)G8bZB@)BNZ&iw9=C*csk_ACit}~mV>ZY4RyP-?I#V-5WY~fXGzq?
z##a&_E&+=cLn>Nbr$xsyw%2h-^CzQ7Bb$YoQ&C+CWmAY@{cJlD0)U2E;lM}wowLg@
zOutU`?F&4g8lISa|EcTY->s_Z>guZPKFPglk9}f+06$>mgH`ZfXgG`&`%ce}YZWhj
z*zaIyOb|8~aCd-#W%_Ip7usCP;oaU}uIqE;T}rI!0h&Q9XHT`a6C8T_b`alLWBF61
z0nQQt8EuQ-V!A=`JZHEyXe8dw$lqMvw6(O^^V)!@i~MI~w&{URG6RX!Zp<SQIVyg5
z$Loeqx>A>^Jn-wzLE_dm+1{$vwLgnwLzLLHBSUOOCu#GEDLTLTLy9vFR0xgNY3?7$
zRP5X|Z8y4u-2I@F@@Tz<Ji^#rD3a<NseSj#S-;2v@y(`6od_rTfXkD+!l1PSmkiHa
zwcezHRjICkMTK?6bz7}}8{SaygO1#p6v|iT7D1v6@wNy({H$<kgRPnxPgH|0or@#x
zuJOvx;>Wxw?`zXua{&nfR%79s;@^?2It1mNe7TM%--&0U#Ws^p;YjR`h}`72nrO{J
zk)U5~Z<YRLXZfjfjJ(|?r86TVr72S1dt}xXeQdP|x2p7?0`};93`cP#Z>aBc-}gc>
z!#=}5QX2^OoP2GG)_Lx<9Q~^uOf!b?bW=Am?8!>gavFQoBkVKHW&8Q>`S^%d$-7P8
zHEi^Qju(OsV-qC)-WH+b0j(g22KqLfe=6UkH(wfltJ^ikW{a2Py-uN&XNzQcJ=gv;
z@<3bu#pJvKsg4agT0`4R%KCDNM@j|o{c849>ga9EVFis@SFsoACAZam=ffX%nq12L
z8j&*n`N_)Do{z~UpEUE=0*k#ReA#)T>v+=iM3GZ={@;}zG><=tC?YpNVm=bn1_u=c
z90||exC2@lgeR8<)T7^xMjtkkhZZ5{7hdW<cOFMOW8SBRX5933B8sBaMk?<bYHu6$
z(=~or3Q-gFY$SJW{WVzoQX1dUNoC@i#V2)R-APxhfRG#Om&#ed^VuRrtkiO=X<^5G
zhU$%Oa?Y!Lm?qT1yMy?=y$Pe8=nB5y{W{60yU;zx^hDX(skX04g8Zdb3>-NtYDeQ5
ztX@H6yGCXvBk5y&c|YL#;h)C5ST7;d%K6aq)n^O5cV<2OJ)aJH8PUaKB2^VAZsKG!
z?7UY~yvkN0R{0BVO+xW?Qoszzh1QX`CcELeHGn5B*A!Oe7?-QGdrvkb^`&sYHs7uu
z`p=kod5FVVTlPHCzw-9u&{KcKc*3~fQ^`W-X1wOoTeeXGsDA&Y$HWDWlfSzPCnvw?
zkALNzG^mb&SsmClGx7w99b=yC&tsm-)%HZ0WNlF=<U3u}G3R=b67z>5)_P$vV?ItF
zR$v);4a^ogP>a>j5Ac(gGA&>ZX3yJrsU4l+%V7K)ewnUMM%9V29a?9wOv$l{;CtbF
zMVsgSt)_~np@FLtR!NfdyvQZ1#)S>h-hFO%SV1gC_*UH@9PWOFZ59`?IIO@XmpN29
z#P-@W*CvmqYlW0YuGjh5|GM?znjv~2UZ;yu)#qn@!*k)xJu}$GyF!2BP0X{S^}TRL
z&sJuV$B~8)uNtI)TkVo1R}Sq6no+hpXHLhjg*W5bvs*OJbqbvB#jEU?Q?y6fLCCb?
zFqRglpE}lsVtb;Ew^xiDvo6za?&U1H>_@zyAlG8_Y{9dGaBOa}UdQ@DmJ>*Stj=U@
zKgDllF$8Dl*O%MJqr#)E0YP2ce9^6Mvl9~{{5tWlPEt{-=QY0CwoE+s#rm+1#%FF-
z{LCI%%s@fof?jWKtW*l%I3c8ViqupP5=Vi*-qPGcN~Dj$8%%yPn6xr-TuS|0@kG~+
z6c%>8dL}n)x)_;dK)`C(Z~pCAO|nj<A$&4^YxeBrYSx!iDI5ImYssMUHF@%bE2=QT
zDH6(C2M6%TraRH%O~<+l<+i_gsqww(3x$FPfkDcF(nFX#eL{Z;RT!801dKENu#zXZ
z0={{@1LYNC#Z!;>HB%$pch{ER3D>$kFO$`yJGQ8GAxFX|xq<Yv8kdS2z?qHswd3q;
zLE7dP>EryOp<fjHm3G>mN7dT?gtH@p2;J6B_Ld{R-ps&VUG&^KpT8djmGw{T+xPgG
z*r?P=VD5`Wd(%JdxIwtu*|3_zVS0OY+_BQOtdSv%rgbbJ>sF|X9IKT7vl+J@exlm(
zqS^!97J!thKd0f{k^7gSbUw`7LXWxmLN2P89?8l^R)p)V8RAu=*&X)hI*+t%<@IiK
znN!wNEGP@#U2Zdsy4K&I5~R}^l>zL)Tk)d-WNCMY#9jQopui<I3CTz+C3V8j(L9z;
zrb=G038PB?OE@p;P2sm<8;2>mmv>FPd!YujP#aoZ<)9QM_Bg(p6(lD6QAr_)s5Md)
zi@(ZWGvKDnoKHKFH2HR=ST+04!E1JjQZ?esy>_|lG_r%khO9kU-hM|c8XS9g{4r6-
zs6I?S=@8NP!}7<}`!9A3U%7I9f_>jWG;J#@c#<^vK74DZA9^;gTYD?R#CKr*p6Q1P
z@+-IPiqVki<C9yI(GwBcY^&{zV5s<qZu}Tk^(vjL0JmhYq!(zFqgS?D>`mEqr}ID#
z9W)y8u{iF4Rp3dEjp>Yg=SIMQ^^bH{`j12dSZx_Hb3hj$M;@`0y{a6RDa2K%53f(+
z%Qe+fueUVJ>lWxkah1lC>TJ6$_Qo|s&TUY^puKMlST%IL=iO@qi8_5bsb_}FrXD&w
zSu#;Zl;JMjE^G+aaSB6Nsh3>ZsD}Hji;cC|fyTEcB;mTo?4GSvk=Dq_&8A`e!%*sv
znj%><U1nY>-*WAcSyv&~gr({|0TjDgSxFm$a(mcJ$nZO_dDd)ODEywcYm8z_AN9xd
z>yn?=ayLit^9uBt#mwq~0si&F^>$G9*oajlTC_r<GD)1h-%`+ZVzaI*ODbaMx9|#f
zl}}GeewX`w+5_+%-LE@cPCnPb;*Jb-0#7t+zrQdB$)(Gn3S2TmSoVC-Mq3kD-;CTv
z(b)a<C&RyoD^*>)LLJtYbbS*KZWeDV&)#(n^sGAXgMtdASl}BXo{blJta<A3`UOmf
z>oz!w?FEK)go-!R9Vc3aLsH?y&MyPSHFqWu0*zJ0QaT@SHVA{UzX2njKS!{U5sh{x
zDMO#o1#^`H0R!vfbe|D#{9t)bpz)Ae6B(54YSi@_Y(oGK1Zke6<F;_eJHf&<Df0=k
z3(iVYb#QBKx4A_%LrpvefK78c;00xVdmA0l8uR4``iXb-=kWqT6zHzwTYMHxsyGJ-
zeu|$uG4DXq{5I-|+e2!miqjRx0l%m?-ZX8b*khHFOniy5Rv<-l_>jK~J?KLy!l|^s
zEJoX>y_b&ZEA>5Q4Zx);x<rc-5FKx@c$|IXtYu!w4m}tM)ntUZ-_yOsB`uLITN_>I
z=JZjgJ!3Xglq#P5%~%$2`s`e8!tPXjzw8>@Mv&a}A^va<boU*t%n%0Ig3LZUMD#4*
zp8fMd75muNX2y55q`3!h@5=aqhaNw%aVfmrsSH^+xBx1P@hHEN(o*u?(B*}@#%q+F
z`8k32W#2n4Ah1mE!X6`H(^sEz>U7i2iUZ(rZ}khz!MZ!fJ854Y+|S(QKL^r(TD){_
z7Cr`>%Dj$FQ)YQ8UTS$0OtfQcDsG-z`4nHQ^PVeHmuR1mDfLD(zFC%VcTlrQ_gyLj
z(LiIW&=BrsQj9nlwlFiB(eE_F<!lvK!Vj+a!F#37TTNodMZtDPI<EF3QwF=bA3EO3
zjz6B<bB1A@=MI;iP83`PjYb$?LS7@?FOJnG*j1%9GnbM^AN80GK;5)Q$yLL)JMt@)
zyn~_<?i#da%uC&|40ulN1UQ@q&E+JDto5nR%rB8$vgY2KXb1+zHa%L=8%j`<s%NTz
zs&><X${@Y=c%%17^?N(6u@%#XsF+FyS-7gjL$Qqjn?0?~p^*o(PiB@U2<fUZ^FKc}
z_4#p#7mOi3@LRd&nf_k*FtMtdUV(KF0JEeDJ`+SpILI2vH#z^wpEi0hny^`fO>OQ^
zc<>}dcKlu#Jx7NBr<<Uxpe0~6<n%9A$JO)Mtb8XXY*LEj+&29f`Gqt)W7x!Nn$6v@
zQNkUm`L}rvng$Eq1~jML_J#`_Z_(b9(=?YzDgE1QuvhUB>PG7X*N79DWtqM0HdWGh
z`|Cj(KTUlF`w&SK85c+(%Uk-3LAVSuy(PRNheVUiJ)DPYpB^VpOF<|LAAafVfN!Sf
zV|%7FwfFh8QV;VSHVR>v;EvOO#UIiyJb|?&K23T&YAPXMV8OoKh~0p?5ro<gb&>WX
z!IATB)2RA(9m>ZyF9OGE=LegY+{!UxOsm3Od$N#_`Is^A<qo_E${jm5*ruHkCbFj)
zLr$-yJelF`*)jBL&9j|?2N)%CH^ScJ9_sAf)IOC@?OdR^8x@G}V++PFz~~~1)xdT6
z9fB`9zK2U=&ZhvS(zG$$NXEx##td>BG!zf2ONb?Ix)v|=u*{Uo`XG!mdXm9qy!72`
z?vG40&gdy<oS+dq3=BT?xFrH2W<kr4m)T1OK27WCMAQ%~_6o@H%l)bdLFMkNhs{Di
zmB`bg4;SHl1|H4ilGPE)9z3GosWj%Ev%L;w;1L|FbG|RZN>9Rbpci(6Irl7T1!}tl
z)v*2a4WASHwegrC)2hNhq7u8&@I8xE+|UK3f;fdhhg=ET_}up^vhXDO3U2-p^n&K>
zJ=y}_1Y;k4BpRo@LvSX*=EOGr>YfM+_cUwE>7;tGuWlqIn>0x?^zDVwRQapAjiD}D
zt6%Vw1$$x9sLO!WxRfr13CVW`XN&2sU<%3EaeD?#e%w6zDqAb9Vzw(7q}UP}hrObQ
zeOCBQcLgLs*ZmOR8S!#WW+iR0x<iKT8+Q;kxWAG+Osu!2%KI%nip%GID*qeDxK}IV
z#S6uMXjl81__=jSZlOP+A&g#0;f$aTVokR5kwE?VB$6dQTX{;81>a@PU~*!aqO)ZX
zSIIcwqr;BUuV(xB=3YpTQkSx$q|T)}ZU_%+e5Ku^++u%(x<6NFhflSfh;wO-Ud1AQ
z-V-9qFpJN6wjCZKfqGkHJ)`WnnKXFxyF%|+>kYvU{F9C0Yeu2rh!gB5t`I=BP|oPt
zyGz%7vysKB7O(=BL;w+YE8z3|w6FLrA_wt_#d)R}iM}JCW%Tv1$nXh@p3bH!WnzD6
zVPA3;8lfR_6l1$>zOMcmNixN$jZ{Z|g*x-8jcw&D7Dm)MwaK+QYE*(>=OJRTh5UYH
z@=%z^)T<%CQMbfTXRWCPdE4Q14eb^Bqs_xRfd)vgulaz&-dNqpi~>lROGv4bkbE_;
zdD>K-s(w+Wb!`;{r>)gg6YO1{Y#;`O+b*|a-qvf@L5D9UQp=E*n;FFy;>QRLgE|I!
zG)C#$4PFJ<q7_W7Qon9mzG}tfbB`(VPEAhdmv@K8T7e$M)`lsTddM(|sKL>bLDq2z
zsQ^UglWN-hqO)dTO`acv<p$Ott8Thzu;IJVq(^iSFL3er7$4+a)Is(lZEC(bvW8JM
zV9jE38<R{hDb6YSF*YNhGgeR}?wT^1v@(UykWI<h6hjckuRiBoJ0n~LH!!H8?T*#F
z0D57iaX`~|!`UN!+h4?p3YyN}Z@tCs=j8h5`g)CgRrHuHTj-d7X1uWMR{MfV#cC5?
zyGz|YG$-;khmk;U1ky}E=vs+&yaq{*t5(IvpUHX#o8<b1x!=@n(vy=vbVrsQz6l!%
zU3uDRkP?~yL|e^slbj>%B(NV7iEMXQp=f-DeyIBsM!3JSKlqN%hh-$}_$iNNU#WF;
z-O(g!1S+F5^Mm(Ao?Tl<<Y1iyqw|!%2j^(xAYb=pl`^hkMPXf*13aRkQDQmjR}@h!
zGPe|1^ws1NmVP9GwDQa%<!A4I`~fP>b8}W@OLd?nB(<#j0By2UT;)91az^niD02Qk
z7}nkv51ju0K+=GvKNa);j(@nL$4u*TPNZRI{ZfkkAS%g3tkNH}8o?ZIuoO`a666T*
z>q#CeOri|D6H0B%U!($wgh6zhR!du3+*=r>X*r{=8Te1?M}o}AU#zQW0{?_?U;@|&
zJ*qVT4)Z5`Ba1;cXtLsCz{N8kqGq-=f7oS$1R;PaFq<LJ%V&7chyT7n1<HM`;ZEb8
zh`iEv^-s%(6n9)iH0YE11%k~G#;z{<Y}?gjYio@koZAI-`WMfD%zFRj?flZO8M$)m
zfJFVvBn*E3XtgE8QICn=9L!1A3*g7&ZKpJFh=tCm80Iw3OCCT$KxTryc5G`@OV@$S
zAC@oH9;z8Y@=i(hp(sEi-b$1K3Gyyhgik#H9w)WQK6}^?cq*fY$7uu!g6OyFz;Hle
zI!|j(?+}4>8N!@iIs$>z>4AncARov+Gwl6;)U%*i@{4h*)Eq^}2n%tMQ<S`dbrayS
zF&$Tc2g<IQajw0U^xFkQb^SkLx@}noP+WdKaz#?JLkang^(SiUe}i{YLvkfK!M~~K
zCCX|@t-!q@j$j5sIsu<<W$ve^J(4d1R;KPW18u!_E(2ioMpZr6CAlf)lA<Sv<Ra1k
z`WVamEsm513InGTP}(MgL(3FK2cRF}F4X{?eJ_1TdcA6B5Fq^OkAf1P?au>{{w=He
zQ^-w599XW`C&x#`L?b5yu#Y+1f7NJiC9MWgc1r$Eo!Eru3XFT6b~S4Tbik&{kZ`Jg
z)t_|ey30n+{d=GHb53JWMardsO5g4<`03RLklFMvp@uuNfQM9|7O<j4?0%TZn&wcD
z8R+Y~aC`3Ag!DDt9zG-aG}q3XNP>2OfcF<Vro@Lo^o;Roa;MKPGc$ap&W@o7oR9<x
zqz@{kZzD9ht<~MiFCGal`}JJliHw~7FyA<L1o<c7w)1a$me0l+<s$@m%wM$Oe*K&=
z_y;7KiJEa53u?B^0^EH*;5PRVv%}a8i&zac7_43Nzt4{{8k|8-%W?!AZhfA2pc{P-
zygT^E*-)2@-zBx&Y3YGLexrGB7FBR^x^y|0glt^A{ef(pRlbCp^g_)GnShdio<9}C
z>FvF``*~4HJX4i6{VyLGcP{NrdYFL2c~wq72o%f;go5|*ul!DC0`_Kz*v1XR@9!R`
zfW3hnM3vna?Y#f#pAG<-fp~0719#95X{V0%=A<>Q93-0-Qr<F~c>lKg=ELx1XW`^;
zDItIAWcOw6^vNp4ChtWlUnW3jObuq9P%;JhHc#^h2AxlKodx)S`&_^^90>P&@Jnba
z!?S>Y>5y$y^m&^>CkI3z|Eq*Atm2&138jCoMy$fD*SB)vrs4Kp<}LD{UK@!@()8nu
z^6}6RW;SUDc7<4WlrA9F^OtCU%l!QMxPoORAwM!?+^*31DCw*%N{vi4q5R*C#HBN#
zE?J6{gb_6WPE6&P+KJ_9E~F$LZV`^%@uDR%`&!aFT6ExtlXrpXwY>&%Fa)n+n|}S)
zeWyr7TWroYC;UTrWo{>5{ikC<e)8!CKP~dK0Dn&Pn;OuW#i4fF0-d=Uw}%0EFnBj_
z`R!)lUL(<O?tondAc{a{FJw4buTJ_}*xTFt>1dqvZ_(zOz!8iJPpL+1W)5XehYM~2
zw3k!!u!>-o)J%i^nepE63<*d<edGsN5unI`)h{GPVFCfn)~n&<_#kq$)gVr&D0+QI
zNei4Kf*EW1pie&*(t6O?stoX7in$nZuZ^@}$M7z8KfVB9Ga2d!o~l<hua-W)@0Frv
zVAM8$R!LtE$btqN_j_eo+AN0W24|DrB2-WXv3wsiFQE|^SkAlM7`0(P22u&jk(&Rw
zGr(pt_XCJ~f>Z0!u1U#TSlspESozh{c%gt!pvmQv^(h?$0`*Xbx;$4rlW@0=FVgIG
z9s<xLQ<Xg+`hNKcf&XuHI_YT5`@iGWBC?Ey!y*vFMo#tC^YXkM>S&{{D}e1WiSLs>
zIqY*=o2reSJhdsop8*4Qt>o4|N+7@%wUG_`GcO{2LYD3?&inVydy6-<eWexa_j_%m
zDn)QvaZT|??ri_<K;u($IOWvnC?w#VJ}@m?AHOlz8q^H7jJ9oDe`(r8LYA`n#htz-
zik;!B=uiLWJR!3O&NFeEXbB}AE0f<OqUF>-2?Rra35nfXsk1jvRM9veP0IDpPX70L
z2PypvHZP$GOmP!05d!$l66b(b`6Xw?G$5zPQsCb*>T`0xe|+cZfQk<AV1d6-flIky
z>^~jTy$H!=8(<GvZ3%v5git%>?SUe4gW>CyH~lT;Jc_td(&c|`sWi0a%1t@TEE+8a
zR;T&}oQpD?4&6zB;oe?MP{W2|0&@MqC;vK^8Dw3pk%1&kRt5BOpVY<tn}q`t_xsCH
z6FN_5#xy`IVgT2Y9Ru_h0|LJ`0LGOx)Ei($hTy0`W+M)cjwk{D-*m*&>>J;2w`V^=
z8kTdq3DH2F@UAo4m=COA)x6o~@9(f7fV51&w(PG=`hQQw$16jW#68y(lS~7B@bIT|
z{_YFHtMAS`9Q5`e^-M%5+o3DD{eRsIkb8r_j{Z@R1<tNtsF@v3OsMTrnN9s&QBBus
z&4U=QC2J8zdl6rE-cF4*JySa+Rc&IrE85lczNv6fG+>32j<nqGg}>kO9D{jX)@{+r
zBDF#53}5^Fg`+lUV5R~II@w8ei(QVsJKxW~;rc_x@mFR)vh{D|_OB3nCj6i)0Ey~e
zDZhgi@Qq0e*qyi`hrI%DCA;~lPAUE(*N|_;##F2yfoZO=Ci{<uYZ@%l4g-cW30pTG
zfy6_F?93M0!*3)6Waxy!p|jOvCgSzFnLUt3hn&M2jeL)2tX>_!nrL#2e9_T^3D;^v
zn3M1o8seHJDe4(x&s|?~V$Q7oDl+4G|ER*IKcib&VXjQfscEY-ocbknc59(aygPf9
zQS~<?J%(fD75YYv*XHcx^GEd44x}SrLb_Lm_W6~ot2e8QXkBjD-O$A3Iow3XPQE*T
z?Zdmp@b!wGJGlsMo{x?UUnSBx1wR~Av^QM3pL<m|7+!V@@K?%SEpAYDYg;7)wsSew
zF&CD&o8~qA>*BEVE6eB*fewXC-k#*?l{`L5Ehg0S@{WS;=j$tPx>i|Z=RZ36No5qQ
z)&)4O)#-I`PFP9)bZz`g6sJxaHFoO2*9o^}t9b-f)1gYsr}AJTQ;Q0=9e?^vH;CE3
z-90!G-BHbaaZEY6`0uoa?zsN>nq;N(0T#)Hf8_GEi(oJ9Q*ke$+LvxfIv|{SlSt^;
zK`l|S(ug7WjUJt?1`L@5ftA|BAq^76mpqzEsFif3QLCgFA{yhN>dIp>61u<-vk{%I
z*AIk*#7Ek|{GCi)+hn&IjzrU&4i^G$F4(S`tTd1%3&lP<Hu6gQ)HV1$t+9bwent;^
zwyaxMLA~$~)GvV5@#buNxo%(JPCo6b(Al^m->j80OZE2y%@58H!t{r}4RQPXt9LTj
zi{CnKXO<cHrf1v!7kclgvV|KeKpu<)Gn!1szaUsNWS|$BVcl?T;>6`bh8mT?>|5Xv
zRE;Qo#8=iL;s2EjK#y_>_!)4o=N;ek6$U+?_g>SkU5mF)66HFu?)!?*)r~2Y-`L*x
zQ7z|sWA1+^c>);)-EcU0I}foe#>2h!*(l;0ZRk(e?psCiMq?9r>>?A|#n$lkmQh#Z
z(nFQZY-oSQOGN*h@*Q{Wy`)WpMl!K=5Sf}jxZ|$Xuh1p%RA(e4a|i(7uT+x=WZKd>
zNF-~zUJI8WpJgp|QZp&{a0*WT^(ABq(yePp5-V;n@kt1s8a4JyU-rH|_Kg8!A8)!-
zxUCZ#(c`0Q+@LD7>@@<v*0Z^n_>J4&gy6Uk>6C`6g?(B-F81}JGzKmN6bVJ{#NRkz
ze=wSkyE7Z2L+M_fcKk^yOkXjuF!0|T?f6}l?kugROT<o}qcx|llN)_O;iHkfx??t|
z%oWtOFK6hRwIs0oB%pkMYD-&E;$Gli%J0%E!Qzj6>nI)hNouJ{;n;A2-_v`o5Yzk(
zxoc$Yo%zA?zk@Zb<sn%fk}3Au@&jVO`(g*tv{MMv!cN>T(~})jfjk6*0Q9$SmS11G
zpJa%KfahoFf`gywP1-ICnrZvq&u@9T9F-gxQ7Jaep)uOF#fSP*V0j%^eNHzPNj3Mq
z&Ik2qEA@ToRN`&v#s)z2jP~7z)<qi4`e(MuKgk{QWYw-6zA8Rk<TvkMeVey?v}v_M
zas7BZ>oT0A29Xy#D4`S@4y_JsyeDuoO}aT~dyXk9fAyek)3v+s+0GnQYM++s5Iit;
za=*}>HdmtVaK5pIr$q!B+w%=y>cIe+9a7n97kyv8!P>VzNYueUq$jL0JZLEDazX85
zpnfnJPQE|Oxv}|S?7nYY+%8{4#^NqAMY41Imi<MgNF%g5s73@Hht^KL(!R=OIz-i*
zei8LMCIZ0?mSw+OE!Qis)eu%H?<aZ7)MA!d?pR2mxz6~!j|BV9NOi>_1<w+m`!mpB
zIMfj*pnaO3C-Ca#lL%8{n~Up1=>{jt#OQg04R`AYdhfRV6XtVmkTg*iEc8yq+%x$G
z%eNG61NV3dv*Z<$4UE}f_~xkltA1VSsk^?3hG(`9aI_Z4PzZ0!KAZTS4!L@&ms<PC
zz^BAdjhjB8mw)&`eUq1`f{aO<V8Z{Pb;B{Gm&4J}zWmh{+`UqA4G|j;q41<<76e?f
zowYMkzd$GPr;REk!S<uNYEOZq%^hn2+vfW_!J33NCq2<hi8hIpscqShZeTVzWV-_E
zrnR0h7>V96cOJVML{beEH+0=DgRE7M8+i)(lB)kk4r=%czVgVF(^ED2Eh#wio|$Q&
zGHXNB=4s=zVC&G%5SfAbvBctM5`qN(#mJoD?)4KLrpE=gTpcHb?pS^gpA_HBaXAsg
zc5P=B_G^L6JE&I^>ErIStEBk+jWYQ7y>@GDqyYGfV`*$vK&juSubYNO{;8Nw$I?je
zIClE1&i&6^E%C2-5Un$B(dVx&p&-(#(tVd-eQB^S%{eq?ZrGmDrKUAMv(!}`;+Ar`
zA4XnumNb)i%J21}%m|^U9O*8Z!d@umyr<F33OByD24lAhEaJT^{nLWglO8$|Kc_-(
zO8DV)Gfv8sK}P_4h+>O<YCtkhj2DO*76~oE2_OcTt_8RgQAw%@^6BNF>+WOQ^Y6}9
zs#mwkWE!O*2EP-|3D`N;NtNSy=HHfx>?JTW6@m5Of9DTPQ3M?}$-O@ECuJ%-xOT^H
zie)?xB!5uesqsZ8W&T>1bJFk|jg^$lXF<llmB+gFVqmY28n1wxT(O4|vkbdeZQY)3
z%fO6(p**B{>Ert|1bGFH_6~$0S1g$ai&vGsXH7<Oga&xAPv%(-{C>An`#{$l*WuUb
z@A{>`{lAL)uBfKEw%drG4N*iXA_5{J5C|Y39aIp|AV^E72_PUM1f+!C6p$t$m{6oj
z2_+DulNgF9AVGRlsx$+H9+0a1JHFp{{xi-v7yrc><K!Y2S;^jOt-Z>#=6vRiDYf$R
zu<@U09Y@daaaX$poG%R&cEry`IbFCX$7`g3pluz&#C2D<Y%lh3VZXc0eo07`6a8NA
z?|s<E5*8nPFvF8p+u%!8o+O%an=|=cng5u}=Avr1`E2m01}nIe<EzzWWU9C>|L47B
z+ET?rMEUeO)6t2~-vuWOLk8TQnW}E898uMs>$}k%Om`K_;S-2i(TLL+_SrPG8C&qY
z*io7g$m=bv*QS#@iQetg7<@zb*iiAE0u?yaN_Frl^Cej<w2~M7!js1`@jng?&VERp
zvl*TBPJM#ywC_xPGhOXL?dqEPvmtpX{kv=RK(DOg9yb}lVXimgf1dsGXZ0{>kC?Sj
zgs&I<E<~blRo_{@;$=)5akIkotp!-}Zp(a((QkUXE@Of2^-5p^rNombrR?JPR7vlT
zNgAA#Im@q>?n0bPy3;Oe_xGU9$hlr>0lk+i302=&@orQGWMft|-8jIf<Wl$=y38Lz
zS|QQQTfV~t214SGKZci{(;_nwl+<YoRQvw5A66?h%%GT~;cKGLxI3+Hq`K%MK|S(#
z{p0<Y7vxZo>A;U0zgu(Ca>gGns{^FNz<W)d&;F$ETcb&bgq4RqlI1JLjUu6-_ssey
zWf)Kq3pDechVPNvS)0T<9WMKxuZcnZLsz}pzi#u;lSDFg-iQSRI`<~xDA|3<H~T4B
zalQ{_O?lk}z=QmhD^2dbsu3}A%u}N8`C;-RlA!rF4eZTkn2)lydzCJbY1osSwLShn
z&{4IWoDk&h4Xb0O>t2Y<z!8WMxwD8P$E_vRL8jN=CW~m^XSU*~1cz4kwGCYrs_kr;
zh7jK-iN|T=JI)P)y+_Qx^c#{V+KlP1is7N@C(N9<sz>n0|5a><G!BAmW{GY7y0fwY
z+5Vwmnmal1>eex?4YSoP&6-?NO^zJge1UW5G<)+aP2Hg}<M-zzI2#`v7;Z;rYWOXb
zz9l99z@dFwLpXmGt5bgP|L*0_2c%*ASt0>K`OlE{&oUj%fgY(`(Y)CWG~%jSmWAoa
zPwPS-)@IGpu;L0gvsuT5@A!?)hMd5<BvD|7Y~OeoG{70L=3I*Z0L$_3_3)bGlpx9~
zTrjEca!Xr-pU}8kgC(!zlO>)W-j>1qs%Zz%G#2)5(GBwXKuLGa=64@YTc-nXSGQxv
zs->u9jeXBuu@EKq{QWA&#&WZ1)Q9BcF-`Qc%Kmj1X>_QQ(s1pI@>8L{8ttF-I}Eo;
zn2&Xxug7b2LXTX!_WIEvTCxH5I+-XxYjuq!M3N6kvwJ>$;)m(>iJ4<kdeF319#JpD
zwY+(5vG73AQ1pWKfFnKW!rrguEAR&Qysy4fuVvBSUomH%2pA~e2uemx4{kBjXk;sg
z%$IR(5NW$=)8r$#x{arAy)yA|7`9r3H2;08D{YO+vq2SWYOM<BiYE8PF0|}8pV>g-
z)G{U4W=e&`3$i@+erZi6j<yK}kAcXPVjg*^VKk8gd{)8~C%5aCI)WM^R89!jJgr<-
zdDZW^Yd&GwWg5Ir=F*Se7#u|Ka6bydQ*I(>HZ8s4KFIdu$a*$vX|^W?wXjXPQqrdB
zpoei?V!XBX*o;28@`evJf@Nx#KVek3$KX&je{HEFn9E<8D3R;$jBHD4)b$VDy(7RP
z#eX&_oWB9as(TC6UnMw`Y}Y=RSA3Mc$gc;taQcpmc+kDtC@Y(-D*#yqH!T>gF|s*r
zy(G2Zw|WZG2r5=$cHBF^xv{)*5kt8mu|9!5a_-`B7<39O9{N7O)0H++U2z$(5-FfY
zn5+yCeX`nMh%J@g!(t9=BU4^DJo6wOqU3dAfZozA%3J#aSuq4<+Xg*9alo$S?wfDg
zDM|ORaP!e`N-D7AM63qT{8amAI0e1@(U*5aEMP&N54s;=pVO~>=ZHth(w`q2)L_Xa
z8NS{1Aj-xM{+nL1@@zCtN27-|k6Wzjh`4m*RvBM+3FV7y-@dxlbo-Q;-a46LdT7rp
zeg-7=s>{qPkmeUo_aB~9&{3v*8W6QaqbH3euGeU{%&3KoI(wGGc;%|)=Og+>+6ofz
zeae%&UGE}~^1QM_!f~5DUDV%s3pzbRFA~%4FM$@q-$j%w>m=-CSJP6a0ePyn+pJ_R
zX=f{BNYOjRQ_TyEiDQ?lx7@5S^h3!{|GF71*)Tuj);`4{fW_G*vOu-7$f4QNJ-*@P
zOrk_nuVB+c<lFa#^SfaQzSxg)3!fI(0)!@O%VkzS7Mn(_rzVvxKIN)6>!~!D%FWku
zTi|vOduQiFn-WMBkJ-Qlm>R6fbk3VrangRjBP){o24(t~!%VW!+@C#g;9E)(z9i3P
z4y|3ci{Zn;ZP?~YGCO=Xiq4eLR)>P}OPiVvyJ7FQtA4ZR=;*`$GB<0V6i6(G>WSH`
zlbi8N*q0j!Fc09#qVJ|4DJl}`_|nUm<1y!3O3UY8g;iLG_UWL=4z1tO;25DzRv;ap
zBm3+tK2N{hq1fwkY|6L2qT2a?2K8tq%cwq4rKI3k=M3BOC4#(*58R<<1<eu?q@W}{
z%{c7<)Od_Nr_~d`cB+J8QYTzXbc#9NVsULJDr+YSE{zor4>Ub)aB?{2;Jago#@J}t
zUH-InZG0+3QjIWqDU5>98a-#<znY@OAA_4^wnqdN6A<it<X3ZMhB<qAU}SycCZU|i
zJ0N(Wmb#h*|2DAyWfeKIZP<Rku;QW3icOr|`$vmM*u)}Xr%7M?;(kJAaPAArs`ISC
z5+h{0&DR(}4J6hsgCJsmBr>88Ofw!?E{b3ZX)2#}v)xp=ufP4YO&YEzV4V#_mo&JY
z(<DmHs!DDh7)Kao(7r7gYmWlt7Fu7A*S&1d(pz`%*AY}7{ffyOLr1Zg{*A4g9v^*z
zCqeX<5+B41wedQle6XyY=Tm4d{25s@lsf$#RTX==l5)<#>|4&|4yp49MM30)>tLUn
zF0<Vjku!mwDC~=(9dcPABn-7NP{WIUSM(c>)#1ojs*y&zS9TVpH5~x!vN*SxHs5+$
z8*~tNbl~S5Wu1e}wCs4RF@!S5%2>WsgwP{jyb|;EBwN_T#_nAy%b<0x;PPr`IP-pr
z%r_x~=^3x1o9Y+cZtHH>sr+j?VBx^b;87BXb$y1mWuZoQcHNKIKgsY{#-^)^Cff(Y
zG7l&kuPQfL=yJz?&GvY};g@b5Elv5>A(-hziKiG#e<n_49>vjgVghDujQRH_^Xe2D
zlWtDmx$U3z8FC4VmdCTO)!ytb^G@|OxRmU0|D#dhx0XTaf`x25EX%Lyb>rAXm98{G
z<^I!te=<sW(NH3v<Z2{=o<)~<H^dJzCNm?qSn-C=1BMue8T7abKU9>Pll<}z?PID1
zp8P(VdT#MfA=fLbkxc!vy6FxL$^EhL&w>l^It+n8|6`Y#VwJ<*NH7V=3@wa{3_P4s
z)7e`kMrCe0Tx-<USk`)jV-2dGRb@j;k5Zo4_tP)4M{p6=ndEP{k|yZq>J`+*k9Oa=
zeBrN}=8;&%FNQJ@_ukd#6Hi|#tJ=2@4`A~dUbNC$35aS4Z01f~A0-JSrSdo6`rT&$
zpwC*LNg`o}L&3D#AiQ^K@y@4P2O2+Fn+x^*w?UUdELoc1FhJu3YWkt?ur(aCJe+hj
zsqYSVSh@A^N8`#7VbH774EqehM+ot-qDMl#4ZSrSBMmvrFE;@Q5Dz*%#oS|gP1l*X
z`6@f$Z)9KLe{ItH`m}D-5zxy>OjRE;H1N4JKoW$gn?`ZA^t`x;f{R$lx-X=l#g0H)
z4QlV+0yVuZH&mb<2ZE!RQw;Yd5PLH;?<ACsMoI>hH=8loW`>yEgP6@6ZlVI9cD#(-
z>{pp#>ZV#NIfhKtRrT8s#RN>c>P+Ict=Y^eiYwuE`F%E<y;qMTnI`v}eGZc%|A-M}
z0r2CGPTVK|>IJ3M$@6920f_=HWA^z)&#u}SS8K;MxBj+bFB><2eAt$B4?<5=<f$X8
z=0di2j(`d^Vj7=B9a!yzTg{hT1cGOy9eW5I0Ds?~%|6HZS~^$ts~zt^;@8T$Sm+%?
zpJjo9czJ<j^}M-(Kyffqscc49=eGak6=DLk=uIN-eY8#+d&G8x%*3iL{9(p$gSUae
zfMN$;;j+VB8(ZL5i;dsNo9RlPH3@(lr%}u+er_;<Fh0F8NQ~O%J67FaEPvy1D01+s
zgA#$xNR~}+1}f9kpRQ$=9*yB~T`KhrGdw#}E_cu74f+A}Ev8HsHk%jLGS|sb>-gcI
za&|4?l4}n{=z+&EEN;4YJra@tmqY!Q?S0{x)0~3a0M?Kd5BSq%BuzH&T8&#Z4EYGq
zCRW{9$z&vD0fZ|ER2dpBr2&VC2KOE_q!_nDMeJ{!hdfde&exAlv=k|Qeg8<sV9!vU
zZ=|#cBwtkX0Vhe$H}+dI^&ue}46%5SuTW!PO{4t79>D=%|0Rakti(NE7YZkQ{Z^4L
zRgr?NdDe4tPlPP~gyhv5Gl1c2?!D3O%58tYD)H@${IXM`VTQ-+=k=J|E@$=YryHI`
zabq9!GW~_zLHJ`p?Vvg<mlk)!goJdU30zuH9XV~s>;p2`uMv$}JpxfqQ^!zbk=SwL
zSaumAW@JND2tvWr@}*jjxk3w_Ju@0mzl}24lezK}`h<1zyTm5Jw*cfr)cYU4B4n_9
z=1YR0@Z<aSPtV_SR&#%jZH{n1@jeL1YEwa>P!LU*PI{Vm8l!>t7Up|%8C;^}z5CVz
zVR~QoL^^=80#E{K+WQ2~?YTq@q#!VmtBg<n>i(W|lErfVLhnuQ|69(>pqLpiz%8@+
z`8!{~z@@<g1$M669NwxsK7K2!6KQ}jkyTU>_)17ZbIk>w7rz7s9@D?lL*?#q2aKPY
zydSRuC`j>#J0@K^jpf@!%=k%b21gOH6^athPS{^<%u;^=p9NHoo!xw`K%xS`P^$yL
z$Cq)#w6fK2<+dBW6aJ1*!}|~MWet8CrH6Z8ZW<j*HtbBdyIM)cWX$xqiJ_7$-P>m`
zd~#GiG38@x8qAKYXt5>1+dS*LXeobmj^_)o*9IxS>T?o2?aU`+-;@1UQ1^-zIQ@v(
z4kP_hN^aAi?YdP(LzMV>iS_>5xDLri6@*(0$D2du3lKB|Sid|BVBf03ooC3v;jv#=
zeq7dVy()(*$_5)Z4Zp0{v2b6Gw|@(mc6<B@uM9VU+%GxBve-FnTTMmNWBme_OBi)V
zAGv*03*$CCkod4vfy#dhu*q)@l?ao~)VzE5dr6DM_?oh<o9b{S3$}1}xm<<(c|}WX
zM*+JUf-1{C+$ldvF0E=&(7C4;PMnETz8;<Z`YJc%Im-U|R(`DXlRS3jf24xWY9e7C
zSHdaKr1C@|djm>3M$(KsS5rbb{?onnN@)i>04BPwlZDXO&x3N#$1|9~`WEz`U8+2?
zUz1x_Bpj$IXa<zr%OYyg%j6JaS#`k8`-bTvl?BT7pkEW2XW71on<REPUSJjsHzcHM
zIWFWX^c&l}!u<Sm|9HFT_W<PjqAAzh!>OCYJ#=<eZvziVs>iq3)xcH%`oOm-z&+~X
z8RLpkQEo$w-5@<j!tljrW8OLFyS_11Nohg*9zwF0^57##bS{3bGv>2TIak}NZ|EMs
zfuB47R*p1Vy9il7j$MI2w9}sNKTp(IZb{>t%-b~Kxvw67K<+@g!GJ|7z|58TkXh}e
zn$^P7j_xzYa|!>FM&0!<;YM(k51vdVFB-5P!}1w?pS7)xL8@YcW)J=NT*bmNKM4Nu
zD(227bs0v70G!rT`e%;YN8qs~J~8^oI~l@BkuYE;;Uqd#8A{W~fRr!f%rr^9Uh4PW
zLrE<gW!ftT9H34%e0v%w2B>#Hh-nkBQ9<`JVJ>9>bfql+Tfy_qBK91Xzuf|m&>$Wt
zKUCoFjBR=x3jFTl*WCXU1HA^~=@S1>u>v69zIX(IQUAM<g{(7#Q0GTP!U2Q<c+I?s
zT{xl@hEZQHI^6qYBpoY#GO*HVm{8?G)uRBlw$=mo?YEf$8|~rjf<PRcU{LYz`@FgU
z#E@*~vH!U)Ll=AR9}%p~@74+GKb2+p=!OW<6O+kyQkp^IfQ%L-%DAsJz|S*@r_#G`
zWnE<?I)vP5y3CjYjD_OA{hgk1A2XGXILo^T`53tW3w7A=XOAYFr3Q%dCvNOAz6><}
z|1MtqKd<!Pr1w9WB>!{a<o`<_V9dWGw;_N8(@g^m6lCJ~Z!xk_lCEwN5Fh%wGL-#e
zR%=FGbQo*a{kF4wDk*?|(#m%^>Vi!DwBOu|(-QYg5NH?)P!Q@x)vSzxzn9x;+kcmM
z!{bsX5V-S+UvC@WKeH(g8HHk>-i--sIJ)BPu&Cb@v9k04euZb&qEps#|Lc)r_!ve<
zrl(gL5C24^ERy$(2A^+MYuu(}&XM;P@%<Uz6GRA1MP3$e@RIe`!J3z_QK9oooOl_J
zFL$e4UGe_4GOA{~A=KgCdK<|!qDCV8=1-I8E0iCPfl&s;BDd|1i~&g;*N&hIbJQ<(
z-+=-&D*dzJBV#$RU`hrVh@tD4H~f(7F?tRYJGO`t4GaFh+dP}68P5pNyObw&q^d1i
zW7lp1bn5zSiPo<<aDgo~-J>hdHaXXWxq!Y`N*fo5b_DBrFS5s%d7JM+hE)QUODr{K
z6vGp$n?#o8lC6-U4x+rd9?@3R&C;Fz0o9(}FWvWpBHG8@bw}6synN>^Hd>xB8zmap
zJJCYp@G9vz%GIAnRLmi%3LQ%;w2Q4!*()@<r9;##9=R(DsXaPu^VK`kMIsbPbQP+`
zUTj<mCof}1tev}~mAfs5-3<_$+_ng!%7$Ops3$odakvLh-SZZw)+~z}qJxtuB;(rr
z9b5nSZKt9$vuHM2dy=-*s>2;5AFNxY#Z~c9y20@bNl~9fq1Ga)8Wu3JV?||mBxU<R
zak`>wwM``p*6nJl0?cvHdw3oFM_iYEG9rnwp`?alKG@+L+h7?NJ3EQLMx2D(2Hq*{
zFI5UpxsVoc?T3ccdv4=yZM<*ZuaM`>`AvLcmp;&QJub~9E93j2{b%1%9ot*LT^ITk
ziP1#CvcqVrw&K|msP+<|VRSF;DsuKjG3V~P>ly`+x_D*US7&rx>U@2?WrbWbad9-#
z#j<J9_Coin{Z#s#EJv;Kl;g<MV0m#BjJjw^igPzn33nqFOR&2nxyztYIhdqonqRdU
zZ+wzK0oQ15uoz$a6ZYh;qRZ3P&qwPwcxQ^9h9(Z9G1O8gqKIT-TXZfBjKdCBCOl9o
z*jJ#GRwS}05$ezx{TLP0sFB{npRNv4u?u|%>&k1gw^!!TV5Nh)QWle9Rm;k|O*EBE
zgt=iUl&RkV&y?U`4!yQ(54pTe^7H*R>p4|<0{DyhJiDZ|k3HO7_jrI(Km3hSTt99q
zU~c?43CL|I;Rj5KWK`)6yCS7(iqC#DMHTEJg+11Oe7pb%3Nq6BwTD}r;(3+5rU8Ae
zT6yr{p9_Dv&y=!Q{+0{9<!LS?$Nk8lHrcNL@m|Y|bQCESBh)=|A9LK@Qz<!YQy|p;
z8o2;Spo_4T7(EQNqC-Mi^lOy*?r!6Be=S8cS*(w};hF=CjId`1zhP*Qm60t5*qXk9
zt+N;GMcQxb5a&?&#k!b2FxE9l1vfM4tD?Sqn>u)1yb+*YiDa0g@f>Q1WH|Z?%~AA5
z^pJn`lOaO+kDT;RdjzSGUO~W*UJOp&&n}WEwsQiD<x<lr8r_K(`W><fbo%P&%}X8m
zq`o#Z^_luI<!}bQo<3`&{A#`~vqOk`{Bih7cb^A~-W($#?A!h&hA_PZ!WXz*h&~k?
z=Ja_)5J(~#j`Z$ly6M$VF-RA(TQ9fQA()`3WB26pC24VLy*Y-7l@h!bIA@d@XN}5T
z{9TU9FCzHp4sH8$5O&{@VtzAE<2aI<Hy(1sl?bbjY9N$BHS7hP($zBGfIH#|%eEhL
z%qT5$$YQ)%<hD)Ft$7)zaoG5zs2EKGEyO)CaROEJrZNnI18>h?8hfcyhUi~;`!dtE
z1~)BDQu>?lh>CJ?%J&U%9C?>uk%;)tu0;tS!!Eg)RDXFnJ#f=2*ia#md@-z<V&B1>
zp)?1OOjQywQl{5G#I)KH)6omxgp4u>eU`PCt?(+Mv4jlixzQB|39EMQ8Qp$Gl&-Y7
zn+P^-oFB$V@kan2TpqRUh8KgqMQiUN(nRv}XV&-Tar3q)`}aBG-?!H5e@MSg2HLYi
zCVnU^!c%cRFqfoHTdF$#P>yYHJ;ZqH&hJTybeB*VD*J4K<M&5tt1tSzE_<Eu8cFQ0
zm_yGvI65B5NnGOdd4GCQTv{v+Cg~;n_-`{IB4*qJQThcMxj!;P3(o41hfX8rFS*jQ
z*&O3Dsi#S^^Opiu9KP7tqYX{bukFg|m#^{mD~bxPh?w#5(pB!xco>}W6fV8yfKYN&
zn$DD*eJAA$j8ZDp*C4*mfll%Rq|fDy{|H#LS=j3fp0moh9lp)P9XA}KUzbaG29pN!
z@71Z<UNZO?4b>7w4HLQ6BIzqo8_YIgj<e|L1(@S^zZqJoc$?o7Xn)<x_-<Dt{eAhF
zn)Xrgxf~^TWeL$^zN*Q6T{Jb_4znrCTEc40a?#zOV5<ATAd0V%rW8!TjNC>bKJO#>
zEe?tofuYV7XYgHw3@Jd~)!r2`Gg5tqb5iNCR!JU?p?uy;3P4_Lla}v1wb`s4CyA>+
z*>TPIQ|l(ksa0BTZP`C`OaOIW&1=ZlcF#W7zw@+clXD@xuq#K+k5CvYzTIUuCS((+
z?|`I4u4KHEU~m4d`XDdN?~aH9w;T?LYC@_%jUMqi6?EqDI~EtYiJ;qCUyBoZII6Q6
z#xmZi78t;RD8>GpY>?V40dBs+FURBizC@$mBbb#nlM4?xJTx^$sr}l0*$d<ONP%>C
zV3y+fxxCgMS6m{-ry-NCdk&)>(};Ked~QF0@le6B7p)u<Uf|BS)K7UjuE*4IqsQzN
zyIuLzT;lLf<U);xcLeIYs`e8l@-VS@rrS3&%j7(Dq_*Xo`Wf8DMNw|UXS0v7jpRkS
z7lSv%ME=xNP+{GDo<dTtuki_ei7#Nasinz#+qlNe+pE}i@`2agVbh;|r-_}%Ybi#K
z7c3BhwX&V6YrY*>RC$+qC*KV1vN$fcfG%4jHAXZxbOeY5kJwuIiSZa5smP(in)7;m
zSB3W{#mIleERE02P$JyyKlN?&k<{XTLD&0lWL0i`#q%qjY2h(}%bG_4eg}iaap+xX
zSPaPLP_8Wcr{~P#%d<|q<g4#CRtAU3uZV6cU_nWq2@LBzzlHM$3D~X2izUPO3TMem
zzGZGH*2LlNmrAmcvsIgxn@!)z1EsIOpXjCAqz+&cRL$Ub_|d}O@zbWBfw+Yq4*jY_
z4m{yofH$9Y?0f}_M}t|p$?lu;?8ymom37<S_8!Mra2U8qK7@pqP;}8|_Xvgat({>y
zyY2E|KB!tY-(cn9NlkZjVJMk7KbMt!YrGhKKPmZcmY5CrmWKYn$l)D5DVh@X4x?vP
zHW69ZCv5$?N9iZB&j9<njuxx)s(l_;q<j`6cE~@}ly~^1+iC?a*1CSZT%I=Q=6ZLO
zGaNtiRZdrVL{HLu4TF>KPg)W(F`nz>Bz;lg8EcKLH~Mx`ne?SqF<f*>(BAihA(r*x
z*{20dj@9NvX57h3X#?ett@DCk>f;8)z8?MSEb$^Y;co1K?~G-C6<f(TPbtfS<-uf9
zai=r3fqLdA!MNt0A6xR1gjc7_=Y7-+m1xIn^-PBS?p$)chw8{|n0X<q=CEy$KiBf)
zEs~(S8`8qYWxjDGic3Md7t$-Zz1Ia1B#s(iUfBMj+i=nVW-hd$pi*~%%QpJ7TD94H
z5jfzfX;|@M`rLNC4cDU2t#2FIt93t&2FoL-6TX6}Pc)-8WFbIH39;)9MkGSn_3hz+
z8%2pai1uj5?=ZQf`lnOH;9}076#497w_1k}@BIy={QZp~?y%xX!&H%y=DIV=hZD{!
zt~_p2Qtc*lr`WjIJb>P7<wD%4uQPjF<5>HS`~c4>Y2?$$1IZeNB7f>t>IUUlq8;z<
zVjk9t4o79F?mlw9!3u5bj!2Ag?ytP+(!;-6evoSHcUH4_#rq=LNJ<b8Ei@^)Emsd`
zegop(d73kjFpG2eBhH^cD13sI57Rvn#n}1J(|CaZ;cv9y2KW-RQ;VvDGn<E__g6l+
zZdgnzlJwjzD|<P+Yq{Y|70A=7Y}5VT2y?b}t{IW3_fV^aR@(N;xc@W|C*UC;FRD>|
z9*z9`-Prk$J&B$h(Xs`AAgT~rB)vnyd|O4*_C|%LDj1QRHEY;_;NL5?6~-+rO*S50
z+vSa*+#miqYrjY`ve37TvpBR>j=bk(MWseA4juC9x$Scc62;T{qI~;;11&S7I~qBX
zXVBx+E%uJi;bFk%64SYEp*CpyK=LPSfp{P&abePm)VfvV`RF2oc36IZxK23TVuDSg
znNhL9?bJPw02kJBwb7r#$#`(=y^?+0GvC0Z5zDB)%BvIJ`Tk3HJ3YQEXRicB*sS+x
zutJssV;RT0A!dsh`&0<z<-jqsugh;s6M`ivd2F5*^ZlDj{H`%v&nTsBeC@;c$fZm*
zO0tkmW3C1lwqlY;>%yXWi-Qh^%1q1U2!Ltz=9nlAy`1lS{X)lkoate&klIg;L;Tna
zJm;G}R||E^Rb7vwG)@Ag$Red<x7W3ut-~s-&vMnc{0r73o`9cJ!qgOS&X2ljb!0&B
zis+cgYE3tvL!zmb#Ax5Ny~I)Mn`V*Kq=#F1JC6cuIv?u6F4151->5!4S6cjAR#j}|
zL4Kj%*;LX#Z!0k67*P`PqR8qO?}e|Q^@z&P&{eu(66Wj%1@H_hQA2a<oM`Y|9%_dq
z{RGUP&&y@D!NdXPCz_A8n6G2v&;s2K!^bj7(|+aZ`4yYZH#)TJ9gazzRWfaVTAXW|
zwR>n5weE9+HyFAMc_?Oew`64mJdH+iNqU%{wRkFs+AwM>Stfwf7rz-@o4#}ew_K0Z
z9`q1NF7s^s#4vmdF~~NcnOPM|iIYPTlnnMzVpeZ6JGM(@VHpOlPUlNyqx;()-^a5@
z7^FN&U4p`PNScL<U31^0VGiq+ErRB%(6$jwFyCs)X%(13b&B!Zp?XR)JpKCHe|Imm
zXi>;~hrM8SAt#`)Yh=jvsTtReE~Q5qb1{*ktTkVKd-B1hb@8QTmHEY0K4u*G(yNJC
zW~thz;{8u(lhnkZ(#EP0k4B27gSMN!-|sSj$R_itV;5%Cg`5(VRFL1ad2J-`+AY1f
zZc^UozTa!kjyTUzJ6<?~<7l5*yUORqosQ;jDqcg!=nrOyVI%q?V=#4<d|b0VH!1!L
zrg6vZrkllKUn`o7F2G{$6D`?;Eoj#L%`hQgje+*p0IbxdDumSsbFmKtWd!<FX|%nV
z8D_FhLFc|`k;Pr{p@NlUaEsX-8<+h$8Xc27n2=0d`B<}?dJNmR@!kHR_T(p*WUtg%
zPhYt4xGk((z{nfu_iyi_!YXIIfVnMuA>_=*47>WfThhHT_7gCf`sTMK?sb_g5&!X?
z{_<~>rmI?n3k@G7JU*Qk$}T8+(oe5*2H54u+c?WJ_~YW7;TZ9HBj9-0n!(f~2nY{!
zAFA!nsz-0if|)^A>0garGZmhV-2Q1XsMQ5Ryf*xyDPnEuv-0D*XsF{`Neh0HgkRvF
zwoFY+KctyK^-aZgYlpSok|MGHGGM>$|En=?Nq9763d+Z>8GJrB<Nk!=m1qv-=tv?W
zYd=o<O~PDoDzE&T@wRUoJE!ECip!oYrFIw&$;>{c?2PRyyL%j)h`D`IQh(pJReB`1
zZ>o1E1)PU)+4o<JT&$KJD=qJ>GZByxww>BEomUBVkvPnZajT`IuR>;CPQJd9lDg!O
ze2<QNdQ1Z@8_>M;BLF&^s-sDLqa6RsnCX!J`8nj34rzM4jKBC(;)sZC^_>9S`pDAU
zcWpmXXmfkj!L}*_&aTc$%3alE#hGH0M)j{LqjT=Ndwlfn#-z7De+S6=WD4K1Mdl5l
z7e&_RylNYe#<P2RH;;l8B7kbYK8H=M{ra*~2Qmzea5(kgW^Phy%{mQlt>C)rqml|-
z8m=AQJ>^m+;@x48N>{ZX1Az`yo}bf$SK7lG$kncnPVKtQhFhk*5cH^6o+=n0SYy2Z
zLHs5YNFo0ANnw08_O^*obNrVXygW+WQlk1m*47NFl=-VhUJlP!2++2LBHpN)wO(ll
z5UA^&7n5ERcfC?dJ|&XhKnIKu@L8tOq>{nY_1?}H+RtYpN==W6%ZST5FWPR)Ck0b~
zUzDS(pl|D{4t)gJld^&oKDB%5=IWy((tY(e_VgdHf>x>WF$)mDHw^RydIeCAJfZNZ
z?_5ztdv;6!{%oqLfEnR`O8zPTpS&-2Z~6VEB?G7Go_KBmd<wz+>;LC_T$26n390<_
V_oMWV`;0L4zNX$?g1YsK{{qVPsw4ma

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-step-diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..85a91de789201124a2fe38b75efb5a2c7d059407
GIT binary patch
literal 19014
zcmdS>XH-*P)IN$Lf++k1L5k9%6e&^^5$UKj>D^F-D2UXElz^0gs7MEqDlO6>H0eE2
zdXe5F0YVQw^aMhZ6W{lL&bRaFez^B$jO@L}8e`9_`m8yh`Rqg*8){!=<YuIyp}DH_
zOv99hhL%7r?_a(|y&|eRXsNd=@19wC)6g)n{rg@Rn+ratp}9q)qw&Q2edbQq)sfdg
zE9|gPVxQ1;8Bmb?6(I+<msitcu87;X%L+7F3*6LutY`em^R^?n&yo|+!gRM{yQ0&J
zuS`<s=Zjncw<i)J?I|t4bgxNjMkw9V_$|bI|N8}>1BKg(kJHL2S!AUD{NeoYF51Hn
zLngtS*Rpoe_$_5pCIvd=on3RgZU2D?wPDoHe;>`9wf+@8EPnXK@UL*=+U21CskjjO
z|K$oEmp`j3S24#cM*|pq?Gg&tim&ontUQO768Cc4e2cj3Y6}R&tPlt&U=YC1|A#cL
zGU`UWS;R>JV9)GGJLvJNYCc2#6bJ|sa=RcEIxw@*rgjpuglm8v!Nz$g_*82Q#|#{$
z)q1W%Nt?$%V)4?pxwnGZ%3t@B3Y;K~dK|6dnv~`Oh6SUcCNwmHQ^Fsm83LA&s!pqr
z-*E;7XdT|J9hxa7$PrrtCw@e&l6=B<mzZQ(d2rFua<(YpFGE_=!0=q_!JeRvIpreF
zJ@#j#p#|Crj%_cSTMsLDZD)`I1Y0e++O`e0Q-<QDsld1*77Y2_eu=w@ATJG#dMJC=
zm8SFA2T`J5$!)lVo}09w#}mF<U_vhDj8^^F?6J#39`c-%o?ltQbxq^rO8)wTr2CNp
zpH+MchSXr^<$$GZ+F!SxEEq+M(c8z}mEgZ`p<$xZNjeks1YkeY99<yaq)Fj0^?A8*
z8^=$b^e>(5ntKm}DDBZh)(>y%s+aeVT71?DDH<Kw7NP9W-$g6qk(eg7?}KX577F%|
zn{7qI{SoM!S&74UpBs6eh1%V>E+Zjv9{kR>tQwff<E?Xtp~gdPhwSRnDqFs8Jlp{O
zDJ};`kZ<;bV9Zu;fLac$AF@~A*;NKg{hX2ec8#R|AvKKLE(Q<mc|X(OZu>yT5Iv!}
z(~lat-X8V^2aza>>ts}NVP~Bv1$Sb0QUNt(&5^qywMDYkT&q<|9*uF;uBz$g#STO}
z)SG^RHE@X2KH_2BledD+$g^zmwiSFIcmapmZ+5E4Y}hu&=3st~mrh(di`8Djs%CGX
zFO{y_E1k9(D<<xA^;E!BCyw#fT|(HGYFs-u*hM$6_fX|&hhXWpYP}5?Wx899X(oBp
zQ}&}DF65l+E^c)i?iK?>bGF!paDixO?lC`LC5)E%-e&w9!CN}8t`K4^4MFXiPkJ^z
zIR09068<WIPiaxr^kFTI#nwC6CFyUX5?T?G<!43D3gHX@^+d4<QLl0B8rU47r3l-A
zM(Rnq?gQ|+h{Ud-V*QZFT5Hiru&Yg^Y=g~Ay(*H)H}iR>p44kWwoK@M13-(Qs+SQg
z@fH&^p(m_p<Yv0Nw266bfxiB_d~@pAV5jfSfl{dwX2O9dDF;)wqfXg8KVQf}=IyLM
zQ8ehgw3XKBYj0(;%n;@*4L!Fjbq-{<I4Q?_5ON+wg?FuIz=y1e#RmqqB#eCVoFg#!
zLod{l9D?Vutw2UgQ*k6UOlQ=Sy*w@v5(`6AYi^6$i)8uz9d+qJqBV5UnMP)e&-hEq
z)!Pjd?r2UOeS7>)Bv@witn*aQ$0Awaj}m+mdmht2+}~+vD51tRdP*Q>zbi?l|DoiH
zx$aSF2%Ihf`<)jdZG_)CgjbT@!#4Ga{RKdCqg)hms&tbV9>Mw|E489yhfDjNA>&8y
z=M`u$cywbKB6i=(FAilS@kC(==dObK5p(|gwiaX=!wGiLm9y*-sy90xSuqKn7{}Gc
zonZGq!w!!(RhvkY{Pm@U-W8?JlU<b9XuzfMb^MJGH?~bJ(x<q&<1_RbEzJiVOVLn|
z74y8rc)mAfPP}||x!~@s4@#G`DW=yb{Pe|7dnT%u)gQAzij(RYx*g1~RCs;{AHh%h
zmj%C@X%)9^$5t+{vE1E#=7T$6XUdBcRsBj(Ja$!Dsl;u)-w)*fW++(2o@ZV~f-CxA
z?iSrR<?r;4#hdXtj-RH~y;Al-O6R1bE%RfGBe4D$K@g~kQeAZe60>C8bEM$h^7qtF
za;t<SDw*@=WC_uInq@F{34!rc+7aZMcU<T1u8&^2OD;bgsUNTYt$3%3PlcE8C<DVl
z+BGvmPAj6aKUM1CJEu#D?8s%gNEQa$p{8hx+cK<l#BWKpl%IDF>C;B8N6^r`WP9^1
z*Q~DDY0?;(>EsjDlsHYXWt0pvl#O3-19*Z&4oe@!s$yQq+dObNQY|kTI_MRDvdC+t
zT^(d+(T+}9y{K)kYpT(6f|$FKtjXfgX#{3hdI1#~4k;J#HCKFlZkXL;?Moh2ZEgFE
z3inW}hmTJ{j}(-k8rTvr5#DW@!UFQ0hk%O?eKO>SDfu7NQX(frPzKZE)47KCL9_n9
z=NpDp5c+7$OhD}u4mPWOL^`1%%rdCbh^Nef4LwRaAvVJtiR)W<Yt3oz2ye^&iU-Mr
zE-CEn6vg19c2H2cKeuJSR#>xLh|RxUeuatkcl;<`HcEU|!;?Sjoob|{;rciAhZU*k
zo%in;N%js%SEyhovjWVpE0fQcgC`Zby<<Dp_T`&K;B0xe!%hDUhpc;n6*iR*WiQud
z@zX4S)-&iI2us^dsCRiFKK5DUwf3v)c|PDuX|3hhAtV3Z`&><Kn+7)ND9TC)?me=`
zrQr!*+)&ZiZ){;{L#6JuMLP)e-<KSTD8qAGpo-}6eqedtmO|~TS?}E?${pc2a*E1h
zt(L6-5*T`c=9iF!21k|>j<gA<+(l*k$(dw!G7A`XM!Vb<5%eq-Jomheh=0+WNJLkA
z4Jr8d7*F5qDNZ@z@vfG1g}?KW+eO07tlI`%+*GAo;_8TmfDUXtSDw7Vl6qDH>Is<h
z@Hu3c%}S)yPT6!@4~9)piwsR<@mkjI%6%N0Xk&XJUvj9(kK-%B76d!t6ZsPV;Cp>k
z;feHh4=Q$#zx||`S$JJUb8XVKe|?;a&I7*b6_^-e;LaiMfvctgx?w-s<tgP6v*CCZ
zF6MVmk_t_XHwhf{zulq(F{>z=0QDm%!{JZ^sU?S*)*Fkd4s`?oFlHsof?Zqjt$sr<
zU!c`Q%UcX5cSYH^M5dawv;3V>I<4R#&z5t9-|hJ7)$1Qrnq+aa$0`ut)6VV}f7Txq
z(68o#$0FW;r}6w8z?+#`p}g?kDEpb8zd){)+~UI&<(-eYu+cYOXua#?A=7y9f_Zbj
zMpd#=Z4Aric>V881h^>1g=E+AHU8V$G}eU0%x~zd#og{HkOI`24$mUID|R(Tq<Wf*
z#(I(p`?zRm^xNAfe#a{;dwr;ig9^c7ZVWg!FGsZ7#VM{~i{dsEPU)nvAl;SXPZ1_a
zMb9brsy=!%iHF>I)O|jTxC4=~Xv$%Q)ok2lndJ~!I!%K7L9nQX2Z1jxoA6zkZcO>0
z0i4Vq_Uxsv#A!}XFhGavrp)?U*<en8#2PLScKw!j6sa4AXC5{pJ%gQ~4WS4(;#=#1
zTVXzt)e3U^f2oKeepa2OSa=+`^Kmys`OSA&^v=B@1;67EN6Y}p`+Bn!%&9hUmY;es
z{+}&lrrE=^J#o8-aDbm}dlRk9&>()cG~AMp?NlabCaPC~oU<+&hh&E9@r95dC*m45
zTj9F}aVEz<@4LXmP=(QrCfcGVa6_xg8#9M>O@<8(kqTx0+*9)AbLa~7b^hP`{@uK9
zr6&^GX`eyOAbh9$RKPnPy_8tkd77DL9F+ilaFwSlR~lX7kdB;|!j2U9297Ie6Qjc}
zG@l_S7GN0>$rI1flbg$s{~OgfwHAs@WTh(<-Cn5V!WE5nS4vIapIfC~j^ZkTvt1oB
ziklQ&@=K1MDeS;^JXHqGF|+}@`i5D`#V&rAc2COl9t3VE`&Uf%xT?>!?ZJOnjp@xi
zi$c%9lIN5vWl-9E3Oj1P^NKhb9`~pA50Gol4f{3XN`C&`p8bHe({oN?$M*a!Tv@!_
zJDnj<kp?VsAMP(Z{_}rE{?7l5d|Xj0LB>Y@dvl%Qo~hr^{p4=2Y#c>T^4$Bnzm0{8
zvriLQ>K{PAkjsA*yhi88^3rle*r}91_`+JGGO2Jla*c*&p!2Eb-UXVM`=cFB*+muM
zV^q(C496EUvC!P(XL``bN%ay#fln(kUX<3Rs!j=Bpt017Shz^@>qX8iUg|oK`shQA
ze+Fzl!}40!+75Oy#FuGk9zW2prvDdK+_;v%{_jrn-(@=0fA?P>9#bFx|Bs5l?+AN~
z*JVZjr``8%ePsDpxOeN?zvz#K<|1wA|BqJKFUv|hju#rZV285)4zPKz^d>|~@$-Dt
z0r$St8%dS?ZrkE3Nm8+W6UVQT&L6m46}kH%=v&Zr36Y*SK0OwdqY?9ptjqsz)0L*n
zj5zEYQa;po|2M_A-t~(W<;U_o;-t{(f10O5XtdFh)&?`izg*>UmbejZW~5U0Q&<5Z
zd#3gnIN_2Ve74c0CzsC^e1+ys-%Y1X6KA1Q;d55~j7WNf;#j#&1E*HTVMzx|(VUW8
zQF#Wdi*Y<JCPmU_%%v!+JL_Xrf|??6yM`%{cAe)`<QQVE5-QaTP}$Hi5_n0!)vrMd
z8Zs2lJ{LL*Bk~&%DM!x~_r3>?=L7<5>vrZn=1p3I57609nK~G~-lOZmHsh~?kK!1B
zBua~vaz@6bx@YhEQtV&r`}z#<u@n*kr`G!vu#>xf;E=)t+v7o{=k*Gn0>U3%jKj|p
z>A2hZn~gbXl8wG;DZU@>2=k~mLV53|_#8K=2-^k>aqiwfYX8y^&H}sPq|Js`^4+%V
z0}z`sSU8ptk#kChMvutrnwRT^b1HUy$R9*|une6tM;{t-N`9}D^t3Wit5IKdW-~zN
z3v*$TR)4X@X33HpU6+>+M(UUmXALz&ilsMfWm$Mbl=%o5)E*MEFWZBamM7ZPvXG=B
zM`V|trY&F4Oq}dD?Se_<PRptB?d`3`gZ7$na$5`QnO?i>)<V4So@1jCbkmIK)g33l
zRga+hQD<+VgPzE>kacx{^>N76o{%2DAZ;v3))NhGC}=<&mv3lF2bcs*mfB4c$xgp}
z)X4isCk;rbZDk2uJ(eY+I;WI^-AQg&)i#ME1tP1iy;;@*;Sj{#qlOS-L+L!R(BrJ|
z=%`4ojX1<jC;*)mEWJk_+(nxHz3Y>wlceccS^KLrgc3JJes&@JVr9UIMwXbWi|4w)
zo_A;=>t@3_EJXiN@DfZMDd>5U5<-fJ{B-SL(iO)5P*(Wnzu(2hwKKm;96vf%tekG!
zg@hr44l^*bL^4;HVki<yJW1{)d4w#%#wL*=fm@}fH1-sWmcI9vw1r}OJ-VZ#Ula2x
zmLmdRIpFMn`HCxe$xPe&*)Gx%+nJwtRI6|3LnuB5<JSPT#yw(KCr`}emx<r}%IC>G
z1H;Nr+v{6^^WT7czqTz~w|UAUfV?=bByr{OT%d~apR;+Es|D{*b99!-{g}pb8CTF3
z(<{eWHo<F4RT`?QE{(m~R<jKp&bm!s)y%Ff*{TJYU;_mMO&{M1ab^!WD+)m=KE4MA
zNrUbLP9U3*=Jy=9L%(UZC%TN^ShDL4kIhS<5y+xPh}<j~y+@E=ns;v8?2jJece6Ab
z9g&T4)hV_O+^O5R2p~N6U^RvO@G`wzO&<N)Ai@(%{7{VBCILcHRSzBve_uamUp$+~
zk>+#Nlh&v8<c?6&i28=D;Nige#N8$=zq<=#arya=M!YR-OK3M1A(#-dZjfq_RPo7(
zoB2Kl0X}o-G$B_AfP4i#D;YW-wQU$^1`a&hX!GYLC0?C>*Ku`Y)_d62-{>QVrG@d^
z(S{lqEB%vkQOTmx#`u`Lgc~NjFss)J`iVodn5GE+in8U@kcHNxFI<@!*+e&(VZ(ge
z^Ue~7N!9L1pWc^_jjorq>yJECV@mKVw^k$UWesr23V#TQ_=G$Mou8{}nbpvGs5B*R
z$Yuqbg&Us+LMrwT{U5i_%b6d4AZ%h)B-<A0vH48C*+E}}Fhy~Nsgxn?w0n{B_mh1l
zj8bszGd}0qn`je5{f$WU^o$9&0+25c-nJ9t5MX@%7BNh)OXR!CH}mb&)dRuP&fxuO
zJ-<RcxwGaunbJ*x00Ypl*_t;>r@2rD@+%3@>o41hrfaGFV>4dJl|x(E*FeUn5gBUU
z9!{PfLI=sN`)<IUw<JEyqev$7mt7Zj9`LqM&&lWnjPOLDJ_Bn0wx>FD7BJ&iS0zGW
zE);(36qbu0dRNSbZvwGxE>BErMm-}_TH7GEqFKB8(o!YD5$h6rb2(G1w;69%#x!2p
z(N>6t>KjHeYsMa(O(PN4-gIwpanoAlKR5Z}oObrA_qz+vjvi$i8>dC+xlaEh_}(-q
z1X`u0a@w`S5!;73yw5%<Nvv`qDno<{W7k{azOAEzq!d9};rQ>c(y*SgDw61u^`z%p
zHE)N-?IUAnrLj-;-|vm9o@I-Qg>zK3-N3k!h)Z0^#&_9K6WlZN@ua`;9N-+^DNKMg
zb5&{Vu~)dLdpybx%+o*_!krJ<+aR$H#Rhx|c5>%GES>ZMp0(~F&yhaZ(dCV}5K6h`
z$l_E>d;v=cIrJg=WFtDaT%*NO1D2#4e9=XS5M-ywGE<C@UMvEGDbZg-C|$EZFvz@<
zZRwD+l%qaai_jdtcX}-D5!8MVTdik+0B0mhUyxEd9YCHBn1=A-yjvS~AFVJQ;8ww0
z#OonO^*_Mw8FB4y?7G-QEdi6BKWH0VSMUHr5@p%xdlL!+`(D1lg!g=uYJOdo+0KGq
zO_1@m*bmgC^!?n+St-V50dX+>tved<>vO@~-MMDq4#@_!zpgF33YTwI{AbDB{-qG_
z_~#7Bto5a0c-u1R+wBz%!A&8@pI&br8wDq^s3P)Y)iEN=b=$d(Ldeb)Rh)*$nG+Am
z$78;Re39>OOk;E0ChKl0K=^>@-tSvImMPOs^M6lE7&R>v!#=lWWm7D)t-qY)Kn*_b
zW+}>H9MIa_kPiW%le|F5z-p+%0Xv}9J`kv4T*6lif`Y(#soRFQjR)u|{PHtk&~V-r
zDheFFnJ=tqKOLol@IbQDEt_gUwPfETi&6GQXZr}%KH5=)hBQgiX3~i@-e=<l=R-JN
z<J#6htQd$<S$5Qs?s5HX<PT!`!jl>094TkDY6YScP6@~4!^;#hlM(NM6tOWycdOoE
z6S=UZ<Vh!>O&pa|d|o>Phe~tbg}xZbWd+}G0yX!zUaxCG3B>)<Jj&kw&Ej=O^@Bwl
z=uvJlbgkzu+6j$6z&TSK|98jN4Hph`eK%x1w*)myd02NWJWYs|>-2H}n;iZ6d*!A!
z!^-Q~K2e$6h$8N>OO;=aKi^Vnrw%L3El{aYmhD}@Fs(i@CYeRzCn-BT1Rj^5Wi%J}
zb-lo0UFrU2s#Zr{T-*xw)iM`%O0@b$jc@LdTia?}9qWXQ)L(xYR}-$)5kz-Z#EP>S
zw`Q@A(VS{C_Dp|=_3px7|Gqmye|#`%gx@R`5eh8cz`C0FB8Mikql@V$f}<7CE%~z-
zx%$5Ohx>uPt^>R(R#gR@7icyA9DNn70&%uIYM3Se`YQ%fKhoL%{pgI1&y3a>TLC^t
zkC44!HP1S4Js<CwXM)w$-LP$~T)h2wNk8ubSnDRAu-}Jn7E*r?K&0&{NuyR>?L+@?
zCyhp}9x?ZCPw#UGzyIp}WvIfQdFrRiWsN``L7NH`UVxRW8Xh%YB+&cLOUX@$UZ5<a
z|7(2U4oAx!#P!z-e?n5!VfwA#z<`+XlKxwn%i>SiuTIB3g_T^4E&iSNF6F*6D9+vD
z;m;7dDBmt9>d6Ka_dx4Kod-_>CYp7L7wk7~@F-c;Mcb=Gx+NHVT?ysC>9dsyGx5<s
zC9vUf=h4yzwUy#R=02eF$LwK-+wa(+5AP3~@7#4-J~1WQd<L%eS!ecyGYKk<DfC8m
zT}BL<m0Z045$6r^-OMeEn!*sLJZw%WZu5Rl<+pf5{=WROp12tl31GK}6bH3vcCf^<
ztr#RyLQWZmq`eA-k1~t_TwK6Xb-dAaOGk!XrcArh<W|@o#gQkWI#?jMVOS1Q@WVMo
z{Wjyd&2BM5F4CXrjHPXDDYvqP%G>LW8=HNKcWa(z=1h(iEj0O|vvb$RJK@UdMUo_d
zoj#b?L}K7_gkaP`=o#W94=?=70hw~=kJsLM-I;Oxy>7A%wupi}Dv-8SVBrHH%aa@x
z<eBWpSZn+pr05W?CVpKeG!S>!+Mw#!+?ss34%MDS9Rp0w1sjcrnmPwMy7Nw%?^f2+
z!h16x%*p2TT3l9U-(_TUOnk%1T4Y}Py9pmvFAhM8>B>pP$!&m03y{hk8hwk58Rksa
zMIG&@h6Ry9FwaJ_lNHj&>LO&uJ&0v9Va}a!iWIFk(GKVskP@9A5UKgD!_OJMo|tk~
zdiJl-u5hnxvnb}M&k3rxY-?(Tsi(yhXB~NIn5h=NJ@PZz>u~<F7?%ec_yS;4v7Y04
ztswD+x@2M`_bm8c&KC7&Qk{K2;?rNFqN#Gad0#9(DXr%I=ZA28ZRA@PU8a4p7+qxN
z&s^VS?fR@_Z@jFc55tFz94i>$y&02rE^)dEM4~p=H<g8VIhsO7uWoq{d5Ln@KUebq
zn1+%Jdj_3c5rP7T1~Kso-*|UAn9JYpb8Cv!N^6@hkuzmNMYp=cDdf;xK?}HH@-Jj{
zxW%{dmBe$NcMO{jinbDOYb1KV$PVkX{;fa!gED;%y<_CmM=^XQD<TpCQiYcc7Dakz
z<^9ZrASXmXMAY^4XNY{MC`=gm;o%qft$|lnHN0m(5+^%3&?mu%Cy^rgUC`L*Jl^ca
zb>7X!uL&Y)y^kH`<&1B(iMUP}yw($B#hU+j(;<_+2#2yNsX0u{Ik*GmRpXdieLq9v
z*eW&<vh$I?aLB^MC9Cx0AxomW!F^XVlOIcy!-1~*I3CJ07YbL(@LI`BKl>dged?D7
z$JwafrEXSM7Lk6J^_s%o=B!L$<D}<NrF-A#6~AAu6nX!_1oon55)b0l$nWn9A+WQO
z$$TYRA2U-9+nuuY3yL#_N5dtr_KBSG`t0^kAD{k}KJ}BSHID{6nPUggaY6^jGP?A4
zOY_HTkrBY~Wa#@O;gphEkDneurEaj7`zK~`*+G`gi$>NGJU63O<s}QxNAA-h$j6mM
z*F_B359K${zkRf1lv%&9KS?=o=?a9n6vM+X9M!x(4jpoGf9lp5Z&a$%ArvQcQX;ur
zowe;&_mnk~jJkXCoOW+HT7tz@okg{olo~G@<^i707AdWZ{>rVIf)oz99U6aAn)dt>
z<72q_)w}B6)}n}tkofR%KT|^rD&DKm_Nl%YM<JXuSX@AOP~j)oI8dR;E~}{1H?#4&
zpg~jH-<$Ot%Ez`?V%JH8m}0Q=yL?QqPBUXywIE0+w9-O-OFUVg0VDu2nTD@J#Xnx1
z8xw`!h%(a6bJGzt0fbx}w><WrdY@EPVH9;bF7_9g+-St7_2tFtolCy%f^U^lE027K
zZc8y;+JK^8G1lLYeO9pDt2&S<Jur3+T5(WSv5#SowH4xr9*yRHiwn|m6kC5_DA|9)
z7#T!=dy|$Wksw^nJ0(+T#SE=k+*|ArY2G%AmUl<jmlKFK6m*e@b>H(@LLL_c{=u~F
zvN8O|d`y;I@}iHeyb!an#iY2D&9lPI*3uKe-LhJ%h2q^a>Vg8t@mlRHn76#>nHH*_
z^B`?Sj<?GCDC{!kL-6;L&3X4aYpXSbH&1}aRxgxG-7loWapitIL+P_$^p7+#1Q;bC
z_xx0rQSQ7Wq_OM}pYmIz;E!DfXLC9b?%uZ^x?f_XqVSQRjyro%dhpqR7FlZB<@E(3
z_f5NR>nsx91@A{ppR~bGDwI;H)F8$VCQ#I9o;J`?F8_}-6z>t_yClm;e-9<~3%}qD
zrDdHq*;i%;mhLNxi%Gzr%jK>!+z;Uw323o4DEpAtZ+&px?zU=jjOf{mG3R8z9i>Yx
z2mLCn9wIHH%8#5B)<H1s8UKRO+4x5OK{va@^yIM1S*u@hZYuKBSUq4pC%n)re~9&5
zo8Ldbc<r|K`{j5$ONo8eif3l#d2aq4iXz4*RvFdW7R0guq*#FUNt@JAsjFp;3kX~h
zGG%x~*kA5ac=qeHYt8?y1^DU~3NM`envwQ8p;QWA_4awlI2o?$Et|KcnyNE9U4`PZ
zO{zGL9X6~*lK7tU#!7rL(v{qXT=p%gm5w(ZXsBf+KoW@NmuriB6~pUS&(ebe&qFdM
zMk;U?b$%J%!=#O`LDollMEtH{VDRy{15WRPge2mT*lUF{M>{GE<$Keq#d3Q6MUY<4
zpZ^Pk#Zw(B@_LPk-?2x{v|@h%j;s$z3vG-WLV1q^9=o@Eek36UF`2$0`H!}MSeuKE
z3F}_!s1?2rhJ)FWjG8zW@_E6L_r(H<kFbETXHU6HcEo$XNQ8Iwd!@ah3y}zg$s`mC
zf3M5;Lq9`&o(YAWafOX5c|K)wj`hCu^KufTSX>joBBIt5@lMo2J7Ky)0LIX{nxm7n
zGuz}{5PVu1OgS0y{&WpLpw1I2y#izJN)16BmcqD|NLvfTAenvM2WcQU9b!a1m!EU|
zh5#smNTm#Xojh5hdt~X!V#~oMMhe_fY;atuvNI$JvYN?0IAVOJt=0aYCo;2m>=zV2
z2Ry&4^wk*ItPW49ZxjA|P2y3tuu)u+F|g-vVOeJV=rzS9elPy_3oEWY2luOsDkhU9
zMyL%MAmK5{+=Qg4vhX&!#PUjhaCBq1&P}C{9!YM#Q&vvp=O9*=a#T^6N{sI3zMrXG
zGm>bbUd2s;H&I{3&Nd4c)dG4xX+~*Ier*)LA}Y<<)9|7;vf0(#nM%RkjV|e9`5#s%
z7DhNo*Li!O8HjY$PT*0g6nsqhx-la65ms%^H#3g7NEvbUd3I93(4#|asYv|6wQ8xJ
zEA`RCzWx(oVljL?ba)oHE|kacG`Zaz;72|Q=4$<T`bNskM?kmk>j?hcMA?YDhlT&h
zpKX_==F;>e)`3nJfv7uajkSxlL+UlZExPPkbtmddtaA(}#5mXTzKhztF@d4$cJviK
zf$yk3+_AB^_#z~Pe?y>uC7enL{z>N0aq4PBh~jU<Z7@I^^+z_kf(ezFupONx{U?`I
zWV>s#p8l|X@5>6^X|@N)5xIb4CX?~4$c@s<yGon_NEI+0!kAJRY)ImJ{JH|Zo|Myn
zkvnco$JHw`#){b_!Ag5#>Y_qxqh)*Ti08_+<4V4YxDr&Sm;_noYHN}=?AgLb@L+q@
zfbWXXWP*7AtH9g36uKtcfs><<$eD^<>B>@EvM?m(_QX^w%UM4VVHy!MGf}2E;TdG|
zo#lIe`75s^`<zLg$uFDJ?8)(BwruCnczv69ffs&MlM5>mQfiz_!HVm*7Y0CNublX@
zgloim-~d*Fmi^9RI6%tI<!A!V9+PwXwok{^M`aQzU)#%eHEqtjAdVcr!DjRB*2RL8
zdWJ^6HJ-~l;}aAo6&YENXX`rW5RMhNNg1=U7U`&A%Y=pg^!62K+iSJmXUBW;!?cC{
z;W6V=BY<>F&aKbXv+^37bD@VPj++p08LvAdfb%Hymq_Cmzg`X$;=Gc^QGHSR^J>_Q
zfok@bRqGZDl_GYcc@?#Zo;_A|;5k|;3s{$9s-Wj+Ttz`abEfyr{TJR<{P8z|G0}Q|
zuviW*KWpiIY0tGt9hal8@{*yrtz$^H+qRdqLsJF8?!|XG(*_*7;(T+xG}<qV&kc4q
z%alTBK^69MLir4$-_<E#tZoO6xuJZT7^DWC*S)mfRXV620@@|*Jg+m!Sbn0!9tKhT
zLO&yW(XuM5^ejWB+XV-&4%@w(&MD_s!zlJgdg#A*#N=4+V@=hl|Hd5_=@2pMM(Lg|
zTX2h>TJi7ou>#M(KuE{amGXC1W!Ch9lvt`ZALL9fWjf(F#>PYiDpHkPw28|KE=Y?6
zvK;n>R&WLCIi~8z;c34~p#LFz%A2Y2W@903EbpNVlzBWG{WH69@bx3Rzq#<a<+dYn
ze^<3DZ!m%l2`8(#%|O>>(WR}EtdFEd(tzTh>g2OlaZu-7+5n=gD^3O-+thHXKu})t
zI^8FCfw{nRr7WmgD|ln&+dLV-62~0}n^aQDA+%0`UtcSub*rLNGkghWPQFckQ@TDj
zZ_#r=9yn7yy-%v2Ye+s8Q{NO!`Ccs%rn)Cy|L52ez^S{Sq&>-MCMnIEWfe!4_MgSw
zqQ11+*VXj3yve+oe2JeU8%B{3*lN#2(|Y)=j>-L2T^K;ahd(aZ8Q>!Hxmy7%BO$(g
zFc@Hj7nhPO$B#ejBvSf!Ak2kBCPUUkDpHGOTjedo(J{LjxYAuebYKa1!qYV)<85<E
zBS<%N6z>x<>C)U$_sav-K!LR%ECS9K7^W}dt1)4@jhlZaznmdYmTv>=N=}NrN3lZ<
zk{$JHlMHojLr?0<EhtMWKUIjgJCHYLb|uE!rmi#anyP1PkX>3DP4mZ>XYV+w<}=Pj
z)u)!vyscFu!sU8Coj%=}JMl{&uWQ?ibM(X^q+`!NYG1NfG@38^bxtTK9L39zz0gv1
zoe&nx*(U53rJpd6s*GtthTThuSoMU9H5aUYxB?6v_5wFWcY1U0KZic|<(2l6C~{_S
zODMwgX^zJC^AY5+nSu;kte-5eX!cBb9^1l@Cq)JMhZ9$`5<j<A4y!%QS{@1eu-kw$
z$_U&D#76jX&qN6Pbg30;OiiEmQ)V@+EQGeyOq{;QpyK&?&#i6_mEt>!0Bm)jnb<>d
z=y~<1)N*lFeWWk$vUjaW4nr~_BjLx0?|{H9C^8-OXVes&h>=#g)_bQvC_>ZXW_=y|
zb}!4CL67>vFu?UX>FpuLC1XK%`lLcJ#eGVSkH`qVn~@URB&rTyH+$(@3}(L<g%AM<
z58V}MLPmA6avw{cQerPMWp||Fl)^^APz=FC;B?$EhYq2n6geu_`<FLX%KO`965sc)
zht=1<{howQar)Ipd0D^QP-b5&%iYNI&fW8)k7HL1Q=Tk}6`ZP5k}25&cts-C|2EI-
zEeED!Yp5!oZ8Uo2WVCzDy)@C>GKwSJE4-4~4z|j|egCW`CMzgIE*d|Xr<ibK(pB%R
z+o^gWhB}`G!zcABSZEk|Dp1j|tZ}m5DD?OVc=<;@sw*#0ypCtQQn|?*tw5Myu*jnv
zSTKLy%q$bRh97r)B{Eb0+ho!bBBZLhsZziz-@nU#k#ucS)y*v_?gP3wYspL`C1a>5
z3f>1@)_*e^Z`a}7{ARdf`k{ngup<m#J%GqC^@Q&kw*opdH%C*)zmR*;2v-4LP#J#z
zW&OzfKrBirZlQRG^zu#B&SMwVgC+A0onju+v}gjcvEsMsjrcG&0$Y}h`IXhe+i#}v
zDYvbRQ#Bu{D3_#)e0bKoMX`WEBHwI@O{wE#cHy%`DJ<`(icTKDdoun_=DB~W;kaK`
z_M$V{*u`6V%k<72u*lVdE!7@&uA<qAMeisvp5+MQ-<!^`(dRp9kyGVbEM^8^PTW>N
zep~s!1|H4KpP2ENAL497TBHx;?!n}50jE4BVn>dC%fynUX_<ugR5}F{z(sEahhlr5
zYNOHbg?|Vbe)lZ6sRj-B2A*`X-CMC>s!$BYtYvyDKhedQY=(=>%-n9sI$!BSdd;7C
zqAobAd8)R5-Pp2=LmLL)sD%c8bi1A|nxz$ITOxo0O*((@b{{y9GF$sGxvR<$9j-{U
z)k4*O->uut0WzO>=pkEN$^=^Hdp^yK0Ry)J4UH!A&*b~$!s!2gvG#d2>Pc=9IWJWM
zDxI{+zu_2AJyY|LNc!a$_Cb00r~BBCFYxW+m7`4VL?)Q>SP4!ZgxIX97&5>l=1dz@
z>`<jA6|{-imks`2C;R7K6ROP9{z48nU8fDbq($Z$6kQs^aY&^JMTYYFQT0#gk&aq_
zg&}7fiv&bk;!W_c$<UV%!RSB1dD{p>b@$5uXGE(voI3_AY5fu+m{K(j*pH(=`7qCR
z>70Rk>x^bZf6K&?hwt(*15|_Tt+8^0$?m0`hsD-qeQ_0U?-vDuATSHb|4i5PcYM%O
zKi(>0;mbZM7=jhznNjA7QXk7<Z-Ssh$RmT9FPpnMATY-KX_@<l@6}z=sJ|bAuUB0i
zs28*OT)H_+;&HQHhYv#2K2sC2`r|3o6QiF~@NP>bc-Mu?#!Yd)dh~yDw8y~=XmZ7w
zGp-rqHrMWNfU)JQZQsv#6F6%6R=&1XVrw7iKnwzw?Wc=nU*0mYH3}Y_M!!3n!;F8*
z){f$%gK+T0-s&6;aeC?u2vDnlE&Uj;_TK(mWj}fB^7AKcNP;m3|IMa5J5m|ynNFcB
z(Z2;Q2U-5d`DCGE>7ECz8sK-rhbeXI7k`XH?t*(p{fZnn0wJ^@%%P%&3wsG(z=@M^
z`Z0Rw>ARQXg1uj4zF$5M)6l9o*T$+#Z!vzm9F)dRr+P$B3pjf{PZ!K6C~c4z$)7V=
zx=X;pClfQYqB68716oR{-(48bpQQF>3J--JwO)Ahjj9g#C7ZC;OJx#sSDFZM=uY-^
zDU6<Qfwgz~^Nla$#|uVRNSAK}Q)Sm5G=DV_I0-Ag(sD%-#H(p{A_A!yX-m2#c>RE>
zf=BPIy$b;v*CS*{BNRtRxT?h}-_0>p8_YOoZeJP*JIHr5gO>ZoVt6j;3O`>9W&HT{
zc`JeX$eml27q>a0ZS9y}n!cdVlitrK^=b9kCg0=)%$UOD!Z19{ulfID@Y=i3{W$Bp
zD_LCozLa=w)J3}vnwR_u;D0%;PoVGIQ!MB62RY&D$D!#X1GLVES7-q#oYH&A+?-*a
zR+X)?X?dV3{j^M53%btLj&#mAahvyL?rIjW4)<bL3|uqHRHwGAPb>Yzs)4!$gL5`-
zIQnvPJrcj`$rW!>?`)m#k|SGOxcg|n{wnIMAqaL#EXi%xopnmabO0sq99;Al&Q79=
zh#!-pf5D8d5q>5)o5U+qWI<83OV7|<VM>{)>$pu&TkGQp;AS*OQmX+kGth}k<bD?i
zd8vLs^MGDANY#_>!W699*Rw_EKe7JRVt?){LTw@!%IWRLiUYz>D!U!gJu68wY51F5
z@KH+MPIDo|Dt4=Sr)?~MXP{>!P|?Vvbf*GIKI5>Fs=>qELMMBfSG<?n#-Wp>N$6Yj
zCGdI1XmIU~yp!7*{g{TVi8{Bpi3E68zU%AeZKxJ47C@&eA-wsab;XxEk_}R^`R53s
zc)t>b6>f8o)x(w4Bqx@ZZf!B!U?K;?w^}x79)1_g?Hb*F3^i2L<{RcKRMh1&3Q3e!
zuyGf0F^4?e38d1@96M`r4dv@9Gbtzwn3em+0|V0|cs#VW{DdntFJ92lah>}pBVu6M
zX5_RrW(YXFKbDH9{Ru=jDh8^tYX|liqVocUVY!&rU8`24N#=Cj6W2wIfNS2YmRbEZ
z(`nx>;9v?oLCNe9%2H0o_BeRv*-Lc7diC&t*0&q<-2c;~DCL<eR-FT4ic9%%LpY`W
z^gL$cp(-iy0#beg!Mo?Cpk0+Z$L7!F{*RmHby>U_!v<M$ac@=M)jpK!sW3F#xl1%|
z(Mu~y^g1%zDZ$SsY=qv57085IRJ_AV5#6IQ2QEPjQF5r}AtM&X=D7EEn-kzeR71sJ
z*3bB@b+z0Ip5|c_^8yp%N+NIz^%&!E;GqyuY^JpJ>NojWNDJTcvnOUPo9_wm8RJJ@
zsoYvT%f&{#-wingrvg?5L%~|PW__YCca72}8O8}|Dq`ra&<L013dYC>6vTPFkXSR-
zVb^3XFYAcSdi5vNrw2Y{x4K?y8+7Bt%*(~q>QAh7<@BkF!jX=UT-OKD#c3jQ*jyP@
zYF<UPBVWzt;%~V$ru$HBY$njAPrEet@3`Ml6C&@3d1u_@g|ilZCQlk7C<Ot3wI($1
z)@7W>HUNqKbiINpU^EBlq0*+-Zn_o^-+!V!-`^_PgEzHucT&fm{d5CyPY!{TO@8!I
z!EJ0Y=&8b0O^%gy-qSQEp9-&UyN$>2{?f2xO%o#F@tZ2;Qf3|B9MMWe;7nu~LJ&OO
zd5TiZ234Cp?{e>EiDY|NEi#jkn{Rt#8d(B;EyCZXpU0{>USPX#QIqp_rDD+80e<uQ
z5T-Jarkp$S<kM5`85`cPu}^uQuEx+FUxe(v+A#LH9jj=f@I8%eFBE6`*O!-<L+6#o
zFL`T|=OsUw6`ronC{D}ycK;;*HJpgsEIR-)@@2X|p$0S9iI;)~8X1y$ZSVSH*ZkMd
zCw`~!b;zY@kF=Jbj2}PIoECes9=Na-=IVoVynCS29CB6;ESQ)W?M5aqPVhi6_EKEW
zZBZPcIx^vv9{CQaR{{W@*edscy6tCc^AK}gg%s)4mQQcrIlB>0dnJ~3qpO*3?)FC(
zJ?(6w1UALb+$6&4b5mkW3A5e3Vpm#Y{p7C~kA-Zo$_=ruinK+qfLM{jFV&g%pqWt%
zapqun{kLbPHVT7X2@hr>L^KphIe)a=0gf(LJ=1IwWQ-zW<v(uqecf#x5Vs?6*BYTM
zXPr`eTY{OYJ&NjQ3`=T9^~)k&o8$*7>;`Y1+f3qL!wgxXSZAenqAJt*z*@U&;Myui
zt<XCRp)7jgnV*4n6M92K9pl}sRz{a(JfDp!lt>v_3hzxWx&S;WsCw6fw>P~I6-vCr
z`^{Sw9Uq(`#%~=|e;y6ayy#ISWixuhMy|e)s$9Egly@>D_~K3j2-p;PvTAa1*`Fqu
zrq3i&bEe8n+LU0(6^b*ByN|kKQ)Kp53*X0LQw29gD+i2sBQ0_mv=}7pTl`#rL6h$L
zy;;H7>?62u;@&jo#GvLW%MC@AqV0SMVG(<zn2jkr2zfP2i6v_1f3;@gsMA7&jIp6C
zrJ}k(OPV-d1({JD!|^Y?B~gZjZ-4VE^aeHFPx<!1fapSXA$HqD5h=pbo~Ar9<0sk{
z;BnuaQu#%>_}S^?_|j^Oyh+U<*);kf0Kz12N@}#6YL)bw{6C&WGm;(kD;l_pZ#Ce_
z=R7fSG-ES$oa{(PL2g1Psf_EmL%fRIsOn1MO2*kO0F{hOw_Lpw)>nS&oHuRtPB8~v
zu?;;Ax3KWpoLb+bkZ86{!06Ix`(Eu(A4!y)v}D^luaa+B@h#b_*9iA4)~psf?0<^V
z0@h%f*9bM8dGZqaQ*r*+2?6p0T&2;8t^=H=iOy4(vp)ejH^lDheMf?TcWMl&0?ayC
znq1+ifQoWA&J}a&@5=7%%+W+W&3@k6du4i!Fv4~D+)LT0lgT;3bn>6Ul2<E3vauCO
zvHGcPm^Twmn=0|<{<6iJi$8Xi!)a&%oSby3`ixYcgf<k(87Zx)XN%+a#AN%k6QUnm
zDW>M0v+Y+j*GlM{E&Px6@ug0}NR)}$2NwZPT-TT~@K?fF<1Vc}GcACstBiay+Y!Jz
zP-XqM2DR_=zp}<(%?peMj+31~)c#i`__N~HcF};CIzs-RWblLI#s3d9gDI{#rSZ^h
z2k&>BbN;CD?3C=|GAButi?lKx5Td+8sma^uw!s;J8Y!iBQ@uAT23;_ReubsdnELI8
z%QT#Hr!`O<#U4fZg!x(zR!x5MX+9yAkFc%2AqgORp?tebHWr5MECVCvJcvP6S!d&I
z!~Sf(GY`sMD`9W#I(_1uOvWiEsX|r=>C0Pfz&RhI+vhCjoe#LP#`c$c##0eT1(24w
z!(p|Mxj1^7L!%=nhIn41hSq>b_KX3`BT$f}1}PNHuS=Dzwf-&tXdi%+ln!#;cy;u>
zepHXNfndqBrW+JG@$*oN?cTURN9O(12)hbdQau<Ac`t8ELIjS50@NyfTeJaC**VCx
z?Ut`3_0_cqQ7?~>!jM(WwbOfIj9wcBh@UZ}kYJDIvx6Nsx)%P+!TS{QI2?cUa_>Y<
z&AJt_#nX@vrMNnw0{0W0^R7Hz7#52l&g9f)-tqK!i`dEW8OUNOx-0!x<}dLAY22xK
zfdlyB3DXlv-2syogy9OtADgw29k}~_BepYz>l5{-YS%>^HeGMB?J$1q8xjbpWLCMi
z4k6c%Gv-tltNMiN)O%lE3a%Fw7^PQGqWR#jDPSj{cNiX{NhakbMKMV={&-*aYPmbs
zWoxRu7XQs_Z*O0Vss@@!Zg$udAS)<-iKAbBLKiahcy>6uK5k&v3k$pyC{6RybHv%6
zuRr|x(S-k)zYv8gs*>y^V$~?8{cY|u)xx&EGmc#t?Rb8JhB;pz&g$3O3Qpc<JIJ>o
zgVjyy9`E1m;}I-DRpW#9K0!g(2;Ou{!S_9#uF%}mLl7UaKvV;y4klS5#S;Kn!uD)a
z&9!qDwOJ_vrj8$_>(2pABreL^GPmgtx)=sAMY9EDP=MZ9i5faR4hm7<$`ah=;#$2z
zOCur9cA6gHHUY3&$F7tppzBSf-p~B4af52$rv{5E&{bb9(;}UOb}9I|q9Qav`5|e$
zXZUTMcPA;x(?vVH{h9!cgv^0I)r9#}Ls@NQ?y>G-<k#qb%>7_()4|6FsU$fgIx$5R
zdruE3MWS1*lJ@K{Aib)xxfT5C_g$Ja2E+4d>_oPv)s>f#L`wthc7(V}k%V>pFOZ=S
z0&SSW$CZmu4E=?Rd@&n>83!0p$ln5%sWwE|w!uzRZtGMja-pL==Ub$>Hy$0*)@(mv
z!KGI6{#RFFcu)S4szrpq=22e<fFI6`Wg7`twGYIf7?>f~RIr&<Yi;&9^-2IK_?D;|
zj4gfg)?Ofur<!u@)ABcD3~ztn>a$r~$o?Z)JK{zWEPF_)GWfp4hvUZrM(wJg*WJDI
z$KSxn)i9%1xAQ|s!W)h9bm|;MtK)wGI4isX#K#4zqF&OTm^$tu`C^vmfWUP`Pn0Xf
ze`F^`$w+-+`ok~SwNBDKlcFLHR}L{_p$<sM!<^@%|7o70wG<wC%>UV}zGqhJwG!Jf
z4=j_IDcnqao;V@Osn^5uDQF+z*$K53k5kP!7O)xtob9A0N1xD|Z-oU}*fy69jRrGL
zef$NZ=_Kv#?+N`9$cZTD*FF9K*L;Jj_`@5i*Q0mMb%tPHOwJtCIN|zl5;?7&ZCc&U
ziZ2QK6}~tEsp_%%_^a|#sM^0+Ee+URu3#I+f9=T2)oA>+VH%6jyzTBmcWRbROsDe(
zrD91nS^wvxdOlvApZsp*(?WpOhKME>?)@goQ}Xip{l~LZC3>sF{@aAgXNV1fUEu|X
zq<L?JC30^E;F8DbUTR<q^JEpi7e?RM*{ID)v=%bOmN8gbUZo8Y`m34v%;;adXnD&k
z0j3y5H2?O|d!dGfBa#0Q+}i<iKU(npQTS7XD|j(5yV|u@G&d=|@CwCtM4^XOSiWzJ
z>HNjd=}1T?>A*z3by(H>&(b6Dxq@OknqLCfG=qVjFkL!?z)yc}27f|y{8_V3-ewfa
zEl%6)YG9;iER9$*67NUx%w1N!w^`KJ1sbH<Lj!`AI4xUKBYmkxbNZCT>7TE?H#g8$
z|ET|q{)6V@TyiJ_zo>0aeWWtQjut~fF?<V05{?qGy%&05qb{N1Gx29*fU~)lJBk%U
ze4)tn0xklQOw}>NNQ9Y<69yyZoutShs_omJ81w9{mXJf^vkoex-cPSIJRXOUkDBK?
z?p8F~|AX)74yuN<eNHqSCCr}piz}51C+RqVTCnmz<aOZVnMwsaWm;SF*HCfsrpS7M
zs=1p-vHf)8`s}NR)KHuxzg2rZtQWbyEs|Tyb~rSkJu3~^tljK{YA|`uV#YOYe?a`z
zl@dSFKr|-j;YBE9-Q_2>%n@hmk_3js!QZg9pVu~)2`o@;1^jYu*m3uho=Jr*s%<^#
zJ+s)}kW=mY+q<b>Nqo7NSz_)mUifp}8ti55{7}!5e@g#n+s^M~WO6u0?$<swxp=eG
ziYAFmx+=(`$Nx=KyOB(v1!gBe|5PB$t!$0X=;x7`Vz+==;a1Rof=G4<HMQ3<$X9yV
z`H~v*rRIA(vf@`0{pyzMx1r3}|D;CNU3Uj+@8H`g(JmC0VD-Gly#Ar3AKy}}`)r|T
z1Rmg$TtD6uR9hdc=e=-3S&)jdmHqIGB`NZJ;!|S?HKRNRAdLbF)J_xCbQ<OZw$g{C
zk>>|TAGum@wXFzC>lg*FU21WTsnHevB|8(iKeK^V-RmmheM0=QN`3iPx9UFiNClbs
zJT6_{w2-ULa~1z0t`yzV$9>{dZ!KRLA6AGm98w{mn8YGyXz7Brqz*(l@c$&70r(b7
zRve$w^HXSKaNGQToL@c=age-$a;x0gkD_@wW9&psOa<Tl41_sf&f*YE4To<kI3|?`
zrvqmadV!-CXwp<KpR-9EVEmlD1128;O6KZyXYaa(3_hIpfj=q>r%|~kI!3WU9@}Uf
zI(@#g<5SY7XDH*d>Hr{Gdf>~%=d@iMpiJi^>G{bm@=HWX#!K|2g7=*hSLw+1Ij7DZ
zr|(+Aip_0ZOi`%m-3AiW#5$2ZE8rS|<JpRlz%G(PM1~kl%$LXy2cOgc=ZUje)rLC|
zZ5H|f`Nu26mlR^9+9NVwr)jgh03ng8&!gDI9kh>vn|jAxn}@b~=`*zG%w?{x@f6s*
zyw#j3*0;4WvJNM|9Pk0sFPJ|9{eE}_dTy#f1(XuKfdu*ZB|CH*Rh?oq4Bhpfb}z--
z?MDIgje-vnH>g2_O(el)1&MFNWtDE(U1C2qUnwzQ2PHx+UtC<{Kp*5EYDmr1`ESek
z{!A-AX&ZCZpI(P@4;q;!^I`Q??YpV0)s=;R{|k^9u7;UagEKxdG=3a>ryc^7r5!oG
zV9IhUFqjlqi#t^k^)aD!l<D~)hE*+G6?LtA7WBO_e%%|)g)b#Jhx|l{a{r`sVMgBT
z7aZ^sA`iLw(!GtQx9G2#JdDxVT-s`h`gXqr+_e5J1f*>TVE{ZtZu=AY9O4OLx2EK>
ziefy0qm!PHA-1!h+yVqX7kEnEl{zi-4hD&Yq{r4L_Qp36Q80n?{LM1ysD2#Pd04&Y
zn40rMvt6ob<(no__~(yaEsMdGen0+A*@jLZ+W`JG9(vx1c+#O7#XI0=RQv95U5RpG
z0(4`sQoQXc%cc9kv-87YBRmF!o4vLkt^=%|)U8eT9)0-8?rx8fA}E5U)A|~L&l&Dr
zX_|Kbp|%V4WN50N#s^cy@67~ij)tVW(s3qWBKRslZfjw2d1C|`UoeM$#K9bssb(qU
zK47a!Zm|n^D}7x4O7-2(Cjyj@Oj4q>I-s+$RNY}o*h?GE^{;@5r|R6RChT<*j2YTw
zm2X!Ldk|Qhds|c>hxMGT-~!kTD7-78@`js!_2t9-_1gSFf#>NGZb|9mNhxMwh$39-
z4%ZYQQc!_qm9PQoRFM$iJOz(IY6rE+gKrfFFR*sCnZODWl1@9Db*oLIY@h2zR-dFU
zDhH*7nBTMi=7W&c{hshLb)>SiEN{5hfcnOM)4SDMdp0A!VJOQhSa@kg`g$6?-mD%(
z^TCt4^E!{m(vvdu_;y6R)NTm<_4f4W*C3;gG7rv)qHv-AN;OjMylp?PDKEU*lADy_
z(Ykx+g2T;Q#BBF|IU2(R7{QJ$y16_-%wmdHYdP==*i7#sxZlb4%s3(I69Y@dIiH>j
zEzMDw_rXJ?5bkB&SB~qh;T=>L7Z`EoJ*?7jl0Ms`U|TduXR~UB9ktUuO7=>~JK`%)
zlp9?A!PdWR!XuuFkT$=mU5V&FPVqcmMROg#F}g_?eATv-wAc~u<dgD~-#Nm{pP=#Z
z)n#`ci|!d>W=-@fuix$WJJhdRd+!1)luW3txy7X!{C_obKK@MSaU9<%NlNl7CqIg;
zOny}2xH7UIer=gZDOAqM{HXaEljZj{Y++j{>8yp3mHaxI`H|#TPDHk%W_V<NB{M&=
z-B)+_H{AUZ@6YS?{=8n#cgDw{waO!9{zXo7Xxl+d$C7$%<lgxJvJ42K*T>i*In+n|
z@UVxL)WmuaB(NdBYvqsSHxV7$I%TF_sE%JetE8?izq(;<acZ!cG;&-%*vt9JZbKE;
z2pb__d9$NJL|XF9vX<5dgSapEo&ih1WT(CUAuzTTzH5206|iW|8kWWfvXP5^tEfFy
zEymr7@CQqh*WL_+)&VQ*<=e^9gu?3xx|wzSx9k24VxX&f^`;V;OB^j2t`HILBJG98
zo6PTwTWUTgK7g2mE@Y8a)6FGcbfvg21h_j@()NPe2Hz>kuhU$EGW@(_n)B$8u)D;x
zI$Y;$lwGsAhrlY2Bc&GklG+EXjxc?8$Uyy+ajZ_u`%3t)J(k6Ho(l~83Xwipa)Ub~
zUBY}&qMK@;{*3Z+C{cWy@6$UzylWYByM=GZJnL3t9Zh{jri_oamz1v7>my0!xA^3S
zYrDGTu=d3a8a0(RKTDTEYg?z1uPTxdg%P1nhm)~N%L$J9VrHCQ0*j!Qq8m_IuH|2T
zPsM1eX%XXv<}uc(ry&9Msy~1xGA&g02w{yn+ZSxp;tKSN1I^uTbQ#yG5;$Ypa|hM2
zE_68%@U+v-2dtUu7D5$m{kikvjENZAqm&M<KBN~(Zz-T4a<Ef6`fb8;cNs6rju%wd
ze}#~fvDr4dlW9Bfl+#WGk^o^QJl?1FxnV2|u92DOhDI?=R^~CAZ*bkI0Vz>{sa6&T
zR&ARx@?GhqN`t7jw?s91zPuS;Eo=FHpQOGbRUxM@vUFB-Edm7Uhv^Y|S))%ONAAj*
zs($h$u`#h|7$z>MN!LPnSiUwm(XuMwvuwOCf8+uH%akpNC1MWLJG|#uX3nov8hz$6
zmb64)Z;tC1B>?Nc4u&MDm8@#R%?V<j4F~LjF)GkRRd~$afUOs7@`6-5th8LJ^vQ}G
z_WOXXbM1AT{3te_?UAgn^#kpZg$N*s;cLSM1OYPsVeX+awNO7t)Q&*Nwrtj!vaew_
z`rVeVk+L8S8IQi<+&cxxxgG$@nR~qXk^9j7?7UWbkc7SZDv8B@vWyq=B#oy<+9zDh
zG|hFKjpmCDX8TLPjZUeCdb<4~`}yJfd{f&_lv+KrWBkEISEA^S0l>8pgvuUMZB%GR
zPEh#%Z$J?@6cc!Y(ygWLt-p+moUV8qt+YJ$j3PtG=Z`qt+Ymg|zfOX!+{3b0!BWFd
zdA$zCP?+hP+^i1YG`WClQ+scE_8=2HG;uHlSy=W{GPYQVSJl%{$D7(T<l+axCp;92
z+V<v7+oc@h3g(R#IFnkCiHxo{;~!aRb!3NfqkL)o5WAxCK6_+nlB<Y=;srM;P;Tmw
z4dH-61L)$spn6W|>e{6Q`cbDc1(@|S8xHpBTjEQr*e0Ho4{%qWFpi>#!>uLtxmTz#
z&oQ@3V$<>TD-t6>#rd-731><?W=p2td+x)rKD`9j1P^Bef~M@H15#I(uYXKeO|R^z
zwsJy=T0Ds@5RXaQOw*J$*bMUyxCKi=WUb`-N@=@o7!gI)BWo#hF`djv&Es5syI#R`
z{8>l>Q~{`--CB^XKKXb-DyTcI74!K@)((_TkTBUI^nGqk=m(+!sOe-8WqZFW+mgt~
z`}2VR8B&w3*_49X^c!crQNweQebJ)dxlugevJJ2F<Y|C}H`DnilN5)3r#jK8p0vD2
z4yRP!DY;<nx13LG4DOibR$HutXlZmL`BA$LKDbB-aEVtF$6;TOHkkazr7>7Zf77b_
z|6_dhax0(<r(A?#XsdBb6>bbM?SCs~`e{43{(A6MaP__<V>{oPUo1knRg2<?ycGaH
zqis}$PesU~f1atTy40HL&!IYZjgg@~&mT3r%YMgHLFK0Z6VBMx!El}MB&{NC)C>Vk
P83^PEN5d*kUQGN8TyyO3

literal 0
HcmV?d00001


From f8139e4739e10a76d053cfe274ff02aa46cdf40d Mon Sep 17 00:00:00 2001
From: Samantha Robertson <samanro@microsoft.com>
Date: Tue, 26 Jan 2021 15:04:29 -0800
Subject: [PATCH 269/396] Fixing typos and updating

---
 .../images/false-positives-indicators.png     | Bin 14102 -> 15655 bytes
 .../images/false-positives-overview.png       | Bin 27939 -> 27865 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-indicators.png
index 733db3cb46935defdc17fb312d25c927ea95f178..e30347f04cfea0fcb937b7a1730202b307750fc9 100644
GIT binary patch
literal 15655
zcmd6Ohg(xi*Kfpviim=MQbnYfC`fNd=}ka-7diAMy@Ui5=>jTEy7VRiq?ZJw3(`v{
zfk+7fLMI^*0^D%U``&-x-uv8dKTk4y&n~lO&CDvlwI*8kr7HDJrkel&fLdKm=@kG#
zaYR1fyMB%Q5C73gK`w5*RWtPl0H|m$ewW7PAtV6cAwXT}xj{hYR+ihQo3SMZ5w0<Z
zTab^}*VLq{c>kyK*?0{1`_OuOtI*d4U%xFo_SJsXiWrK$nRs3NwMZdYpF2^_<@(Ua
z{X9qBv99QfSH4<GbL!89Y+0Sn*M-(_m$tX2sb27)#t%+UPAZ{whYOg+kf8<4f%?lK
zsS}$md@CGOfilDD1`S)wW{_zF0AAC!hW>r!;_U0~>%kXg=#6*nl>b!R`TtzuId+fk
zVCEcW32Li6?i%&M=EzH(fF}u=+3uhdP5U;5Bg%6L7$zh*&=&Gf7fdKA$HGFo8*;?y
z=Fis7xf_X-4m)!A`N|WA^`#nXrJ{>*301Gw=az0bTc-oHO@^KSp|hSV3AyMmz-aKX
zwvTf#X}B%@_GxdM>@KGNnOgo;VoK8|?FjK`l_z7Qll}Akhd`N&r|E2pubdTC&7XU_
zS|JCNHX=fNw|h=6UEC^<H1xSB0o+|Zpk2F1OA9M4XT#&`{Ry(QJJX5hyKytl5?nP5
zX{~Fs149bFht}MZ70I6N$9s&$<<{USxP$VLG(NoMz)Qa^F1unfV62s3K0ID?YSF^O
z9CG{<c^scA@A0CV^esW_jd0U?B_SLg<Dt-sQHZqkzKRPz6&E2Kcle^J3D%1vPn!f*
z+y_^<p-=waOv&av58B^@C7gBs4lZVhyosHYKWwNu0Vg1JnRriwvq(#CS0sm)quytm
zi`acZL5bO-huwPpMj98KoA#|AQc`^}e7NW&3=p!&kBS9eQh6kG^MFH5wm+%Jr|nAN
zRfziQqT^Gd8dBr;ZH}1LDALkV<31<N@CT0@FvsuxD=MC@4J%Ojy`~u3gFS_FjnOz6
zl;<csmAx&PSN5s9PaJe`*`n9ucu(H}C>!)n?cmv4`98h$hr1Vy&9*Jq@)4FfPXaH=
z(_Vc$5E1;DOOop^mnHdL&YK%th!2)v!58DCZreW12q-Z6BnsKGwZ-^s-h}?x@%hK$
zBZ@+oCC6|*lf1?R-a+K}&XXCr?$V|GO~UyOjPa)2uqWNPIpm|KHE8dmwQ1#gjXy1s
z5{yAk3*{~ow#=XVYW@gB4+%ehl+WA1zL_vBv&lwuq~IKN))Vx{<$YN#5<M=HW4bZ&
zGy|jLDJ%g_kgskqA1;AiUrXDA^Nx7?$V+JN55$m)K(+z439z6E?ebov&F{`T^9TJe
zoZJ^yu=|*kw5Q-VNdGju3lcV&%(-^wWwLL+0MdezeYNl5X-|aS&Go`~@1s)&y~ivZ
zHIjPcS|(apt~#RFf^Q%LDzXKtna_JuGiQ4&XnXhIxr@Wmd+wrHIN5{D{a6EcnaU?h
z=aQ{^;X<hELg`CK#QQWcJ3I@7ELWoo*`@os{K^?DLB3`u#4XS9o^PQ`#7!ixxcMp@
zZ3cnV5=%&nT{{-LJJ;Rq5HbK4*xyxPO!4q*ZgHlg59fnFk(Fq|<G^oP4u3;&Rm_Uv
z$6`4Ft~qnrIp1!;%b)38OrrZT`4*Jc??+!eWrPtG3}iJViP@MgNZ`s}+#>KHfxfTG
zN~>Wy!C+KK+TjX?6#UABl|{-{HE{2z!qExrGj;R{?~%E^uI2jTuChX^(X;+hs&K97
zR_9kN+Mh-c$7`zOHbO1!lCXbN?+T8(aS)MRgQ?H91?fOT2VBg{`-yrbDjXRZYqfpd
z?)RF#c;dOc)JvVH<?ub;*B;Rh#5)}G&7L=G?r^mW!8O-yBy3GI5{u9(PLnKYoa@~h
zZxpPh?~$7TsLX}|-<8_k8@Et$h8?4kpf}bDRZ7kaoI5v4di<8T<M~&*y#3~|e>AJi
zkQxR3S4uuy*?UA6HE?#k3O{F9^n{%!38gum571b0UaLzL44<(X@xO;JluQ76dFc;$
z5g~D|6Wj|IEZY>x-~5@n`yFpjV;Lqt2rAF7s?ejG4zkz8)qe<dyId00b+L}Svvb!~
zJQ1pQFq-y7J+lNAPtzDG)>xa7gOjeNQL3*>aGs@}ROxQus?<dXhM#J@1J-sr!)5c%
zfX#pBb$v(v?)I~oQSC6PU(#bC1Qva8#da%V?EJp8T@Rq}aB-Mb9_=x;<fOO>x;Io!
z3GeX+a-JZH{E@3bJ9(>^42+g1ym2Qa-um~F#dUH6p_Z6`6io~EGr;a|ihM)oC3^#|
z+zJ=h%Q+dx7bLX*6q#iUHc?1lVcJ3(i~XZ@08_oZJTo1{5hX;ha>g@>&o++)E*?Ep
zq>=Y|G<U3w5&!qq_wA9~w1?@}sV**;L)GgqN&ww^w*MhoEHa)=jwpEJ!bSi*p<es>
zf38zK$BN$X=P|-~vx4`3t#E}>@Vv}avp$(c7_o^Z$pD^Ahyo~woBJ(?dal54o-cMr
zO5g)RD;!wq0qEO+NB`V?emz+0KdR{p1^WeQuV4HtTLIkvshAovZX+5#Iu4x<dKZGp
z@@G)!e@sAygan<;p|a(PqY2xVmFMh7?Udph7)vFmZ;j`_9puMv!Nyb&WRazWoMOKc
zXucw@)%+$a$!8#`BwXhlb<`tK#7@j**I*}(L~^s!%(eFzjjo3&k$e%B#;yBB8SWa^
zq$Ng&w3WWkoa-3KHs(-CK`?R&j~my?0Y?-hFTt@}q=TGu(t@udG7`TWf$tZnL~4$c
z!pYUcI+a0_<x@+HhPeICmIXW%cZxbcoy1N&5nu;z+OlW3LUmgO&gf|ZrTDT2lt0I(
zE<Mp%t{#!_NLtc+^J3AExthA<>;!FnhOXEj7vD8+!<&P$yfrYsz1j;5r@wMYzc$<U
zfAeD{n;y(3p6E4v%(4I`brk<7_X_xVmGO7{I>>UbDhiUuZ!WaUNsGH{xL@`#Sueui
zXhem&^k&`?$n_C`fd{U2zQ}&I_}$CkszuOGqd@)3t<Jf_noA0cY|vLyzlSHKUl>R%
z1T4pa)(tfNA#ddf?&i!{#Jy|Oy>qs`v)%N#8a(2ezh6*mYS&V{&+W-Pka2bUo{y$F
znH)^Kan?z6&QUaMxjdc{Hvm!L+|`sbtyq={Do=c(b{SNOG&kC4`bg0!mt~nYDd$)j
zj23W6YgsXpO<9F`7U@VjBPO!%CUjqWrocEqc$zc5@s5Q_qRKRBXMVcuu90*prB}b)
znr$~LhqLbFH0&U2N6R1SNeMGG?@GF|P^LSVC*J9~l={smqx>L2p6FN&>zlJb-Ek(k
z<Xi2T9*cP<i6X8`7lSk)Wp%NZTOd9Q#o6hUY$v&vB46hq4kDjbzU@FySf{Q=WeQ~d
zW=QIs?cdKR+CF@USomaUQ>I!S5pnvA<d77=ezqH#A@|9d1t0x@`_N*e(e)S3oc<#c
zv6H^W*MzZAi&Wf3c?}5Fc*__4-co51VDU0XbS(y*sC(1}L4s@IY(~UJ&qn0H@UwIm
zXkd1eiqm~VcNPB?Rm<^>IHzuESIQw#VhU?v<PY=Y*E#(^5`IN7kEX~#;wuN4<Dsdl
zIY2{Fg|{X3kMQTl_l?6lD;!K8Q*R|(^bA{O0jfv0G)|NUqw{vxu?YAZek%m6iO^!|
z&5okS7XHc~3O-FK5c3t98U33|wOn_6wOy$u1xO17xc}jtTh<vi9qy)A8aDxxW}B18
zQd_fED<JEc&W&{7sw(;JduwLF@gxC4a9n4lErdfu4*zlKIb;&d9Z^##<ZQ+ho_$=x
zNJ4qCF6a7LevC|y81<&d=<%#&lK9T+ak25|9Y9hCe79FtUm8^?(A(~K1tKhbVnpn}
z(|^D0I*K^eFhr}{YbIwtq$XW_#fTG~t!YOw?~uviMVF^mtKc26r~4(IPms7KEoc5f
z2ZJY>IQfQm(tm*JDVN$l?eybNaGaig{})96ouAH!<rn98*SY#06^q`L5c=DMM;rOJ
zg^k;E5>=K-LG~KxVxzmoFTyukQxe-q$yef-&Cu-D*cccVUF`$+-T9>Q)T7Fr6@V@9
z*je}i+1|JkwO$b5Jqt{iXeRA2X2~yZ3KVS`BYNS+_}ZLFT1e^0Q$t$a!lR6`>*@!R
zo=lBy`m#w~jdRb3JM}HF(=?=ZnoZ4}TsOV=G3Bjt>rK+W%}Nn+%zM05xcUh1O)q>r
zx>zD-Jp361iSM*yy|et>y&t>|NE2y-`(j@6xf>eKupSTlZInjVKWUm8J^y00tLc3c
zXjq+}>yzc=bRUduT$=OdX7NjHONZ#0jJ3+HA9<XudJJvX^>{b&cMpGk5Z6BJriJH5
zhEqk;YNUyXKV%rMyZLxfG;FIo$%YhBa!}1^;Rh8;q%}VD0xlGPEM=r*)xT!gQ~Ql<
zJN|yqD!|g8)NFkgg}C)oj?+suT)-&Bd1YR4<9(4s`KO+$UX?MAA+JgX1bFFMJ!Nr7
zI$<Pbtt={Bz(B&$J(P1>PV=C(R2C|$XI`pKm?J%hV1oh;Xq?U-?ZnIv3ukG{F)53c
zxH}5oy6qe&NpPR-%Jl&5h(OrJZv1(9OQIG^$W#IEs|=honCvUA!#Upc<5R|_A(Pir
zuG-&=uSPU*k(~S3`x6<U5WT90S!LJv)DoA6S!MX!3iVzjZ%yZ}`V7s*UJL-VrV;4-
zrzy)<YERTcVPghbj%zhD>;A!%laHOxU_CA0?R^_qn=j6zemn)~>zr3LmmE&1eW?yy
z>6p)FwM0m<h*8rmkKn(M9Q>V$%AO_5Pf7d^W8U%R#cBPUNm>{cnP2rf-3+3iP=8+a
zu@v?QK)VuSHMxQX+npBj$7u<pauQeW(uA9<@rpL<`TX3VyB*DY63Chizxm~+B7$G}
z_(`s{Z1YkxJz4w-PFVzQ%u!S*87prt%uRpeLv5I_q~l}#7IZaVC#w|g8>&B!dbNz!
zi~H*)tbr>rd#p)5F7E)^5%39E>M4nQR0|w9GW8s3pnF)9$ZSTH3lHSv$sSgYvZfuU
zc++p6Hd@({1!Tzc9P>}zb+Pf+@6%yu(x>O}^r{%|$43mIZG`HcmX286a*EYZs>!AG
z8UTU^{`d@bmImj`rs)U|cTPI*<d>SPqrIY3HpZj}#tLm*;i8YJZSVV9!<8DAtvvIa
zpXYztu1$M^Sz6<nIn1>$Z-k=HoL3<CnTm`gr<!C-Kyvd>%5(M64gGkR)Hr4nc7|G~
zg_bEXg}m}dP%+2A<;9p8x!j@@;F2%ciY+<E(hn(sT^OCZ=ql5#1d5XHEE8X%$i3y{
z1)EL{$NEsLI4wwctVn8m-5o=m%D?G%Uzh1|ae9P$)B*IDAkG8R_3v>oj1@9UvL2M6
z#BF4P&@{)x`9^hiu!bzRQ8gjKq2<T;>D<w9A5B61+m+gz2G-5U4Z6XNp8gV^89y63
z3YuY@)22@xv)^3v1LJAMg*W-2itMKZ!63Ey&gLLU&f7-44QGQlz*p8M!N#rC{-xa8
z-V$Js(!4ch^02!4X9mS*3Yp)nOrILa56Xh|G%NID`2Fj=;SH0#{J?VL2BfkZdJ;MN
zheizRdHU_yed&a5-@!)^`KXtnPpe)oN+{obBl=ZR!$CHWc2Mb6ZrtAWzpNM{Yn8bS
z7$(F^9i)JY+ipfygeK*KX1vmZpX#~rc$4Y4Xlb#EH1BwanQTFz#frT+SVk->e$=4m
z1LnoXaZt1od>n7P?U-5Ho=_jW;dG$eBGFeyZQYwKXveSfqwY=}*uh#>sr;tqaJ^h5
z{|y@QTz_h4P;Xj)>TE2DY{@@&)^b&JF^7oVf;hd6h)ZnpvUpee)^SNAohGNBm2f8|
zN)8qyO4EQ)Qpst2H#jcAN;K#iy~6S3JXLL?+A)V21E{^fzwg*)R-p1+Pnw7B(?tGq
zyZu8?J3hike;e<=lEbEXW#pad)NH>R&@|p&AIQ6q5F>dW3w?T4>fU;(m1=aR#a}f9
z7$96l+%E)&<Z?yw>Q&bBT;4p`MW*vw$aUO(Fw1}r`0{;DYZ#=)kuwXo>^0vio###a
zl{C98={%d>FdF$KI~u?Ah>4G9BixQ;I{rjF@r#0GM81>pfPx=lZ(aG0PaM+F5{n5u
zGvxnR68Bl1iuBCm?U<}>S3g_~$HL>Nd@`6TUa@B?Mo4;x)LiRW1^HBbsLY<>VQD*x
zZEHkeQ-Dv49i;Mm=P3@ZjUbNl9k9~$5cUIZ+rpcJZ~B0L@oViP@;omucQ{RzMZq+Z
zK+*HMm_(?-V$ZcHYG3PSD>gjIF?Q$2p9RcplROZ)-HjKuWb<hoXz5q3kQhae2tXUF
zV-IM}x+2UyGYJ;SMuDDYf=d{VEPxPkHI5}ActgIhLHU*YVYT~HF@qy~cRoO$mcuHm
zq@E}ApaA+SRRY(wd2h86&52c<%VQxNt#U)Gf;$g5S+1Q(&?s66emnHaz5B`|h8}a?
z6)w-vEkM^aKH@%C;CVOhUS}#c+^)pwt3_LYNU&9J5@}gkYk#sL6Yiyn*Yp|4xDubG
zsG7hA_M@}W4SRdEyEufkkaS5lk@s#DPn3mj$^Ok*IK?zw=P((C6;2iJ?wjWihv`U~
zWk{`LgiU0doB1Q<xa5suPi9Xms_K{Q8Koek0BOI?>3&5k0e{bV`<-S-Pbr_k-p1ep
zfj6;YE&66>ua2J@^*5P2S-k`Cn4i?tLhAU0OxI4ikyPn9i84VdTbTy|a4YYd0}QL0
zD$;DYQK{sgjaMvh#2)avBfZ%NMKqi+%jpW=Ji?9b;P(85Z_$3silpzj-7oJ;zhr|C
zm((urtNfxl-cM(+1W&Of<i9MGGtz))dnZ1_^xiXCFFnq!)3W!GNB~;Wsm32<#V{^@
z!=`1*yOmV_TCS+qdGS%A4TpD&bv`TI%KyBRpxfM5Tlt(lYphN}F=zQ$Z0Nue<cFJy
z67_E=q>f<Gq^7o2XukY53Zg!<bVG5dBHcH+C9{I@2+-2U&9pE^g&s*Ysc}?pb-X;Y
z?|?;nj(RttUghuUn1*erw}9P>UAC3XSUH}$I~Rq^w|&n!@uQd^F(%-DF^efEomaln
z!qb~rc2s(t4JK5YeQ-7VLzBDHlTyJ533UU!qp9lrSh^T~wpRH3%?w>&Z~OhzTc>~h
zxy&L<$+gSl5k>>363Udf<^gMU*nWgWtS?4GE%PP8m6yLt<NjQB<skpHH|J(wk_@<A
zMtOd<K<L65Z1*95;o?N=`W5+qDn9%_t%yog(;_z$8iw)CIk6!28^eE0cn?c1f5gF1
zC$JjSg@enJ6D-1agG}xPS?`7+hc)YDM^M)3#y{wEXz4DfjR1-Y{+CXz8%py3`m@~E
z9)&bK|M#ssN@v^e{{gkX@<x&7KiG-z^mo!Iv{r{&`iv^mC0K@{k9$K%y*RSFnIO$w
zC(90SRiHgyO0Ep%Dy`#uxXaVenIQY4I+SDgQuF6V1k<$bYF#B*h>!XS?VaP6tK8BT
zypjQ|O1E78$E$v=`q#?NwXbVh_dLw00doUiwJlQSt=IwLl&jL?l<ySuzLGA`HnBU$
z<JaDiM~b5dNd+Mtc}mj)RBk^CX@0od@JTtPQ5Kz~Kh}iFZXx8@iCn7BsjkfPK0C&E
zyaNK-OSIs`$x60+?7i`<n*Zg~o+QVeBlEsTnigd|LN|j`evx7EX`#ovfqM~M{QnRM
z7{35WLWTZxPyq#lmVS#4BO5U<WwvU4#?*NRS8sis|9<^-M&rsCP5Txz1^k45&ESqf
z4=&_-`RucVNkY+8iV!MO{8*p}%GBX!GVGjN`#qotP~-+^iL}bruiu|vPEg2Z1LH;)
z5_j=0+JDr23j2rg)3ifUn9Lc~7w7LN+3q9rX+Bkv5s|OAb>t4>OikR+mV3vs9$;Qe
zP;aVzFX>X~-owx5U=#rif{_4<-zdqAcBO3ZE_SXj#R7%1&6B}aaSqvm_HOQ%|B^tU
z@c!$FZ7}~l7(XzE_df*_N7xnQTQD?dtLr|5FrDI)vs141v2#+m&w5~SK?Vxvw*Fh+
zO6@y^YZU5i3-yvL2<JgZ%nQ2_xESNsytM~|;Lp)pIj1u@qlq+OfBo^`D6cQ<l&5)}
zE{j`1jGLdGaIV)R$R$G7RpDZC<f_9i*r-(Wc?RmpZJoM}IHI+SIum6a>XHYru!P`^
zLy{q<h!8pOhJMa0;WtglQRjLy7OJUmXseJC&my%id#<+9MnVI1$Uuui=~dWIB}%~S
z4}B}E_=dAVt@c<KYwsbgzEoYBb1YC^=rs1=r8<oQ9-nqR1WtImf9>s^lHN11%0O-6
z1y+HH26>NbOAInh2kd}Q=CVL<R=@ZNj*+l7Gzo8P{WU%Wb|Sag>cOT_=j)XnuoOM>
zcb2c`Mrm;om2l&0<1bfU3w%;bHDUCCOnSp04XBXsYhso>&(CX8v(nBwS*<m!(_k#J
z&qU_~*G*9`-cx+Pk+#&j1Kyd#9AT}`iD_=9v1BmEwDOEc;rJJB+BRWu==kcN%Vfyt
zK(>JT`~A2`IC*|&nzPHwfL9#}D~$-)X06X8wjZ<IvIECO>jb}XyL7ruMm&55#Sq^I
z!GP(6pcMt?pg)r`A%w7V4{oGOiU0X5yQ~BEZa5Tn7~ea#b>7^1CJzuy2-=BT?Vk@m
z7+l{U0HS2LPfl`(r8((o>!cnJQqSgBrLznaX%&np3<Sb|`&M;F{v$3_dd%TiTv~}l
zD*Px3H=z(L3MQi9wM?Hxb-;_?8{odwfbR@5$c%*G70&KowLe-?so_<9=eS~pQ`vVp
zt5|fUw-Q^?#oB+Z<oM;g{N3o&x%2&L*Dr2V+TSO;EG!9QHCE5)NFwt#9YXCJpG_3V
ztNr)9Kl~tTGTG}R^!Ng>N^6SWHr#;-@7Mj!O~FnKZAW=Q;YZQ9!&F?=PX%noq<5-S
zkW<hvO{*XEq5ap`0k^NE&5{u3bs-{Kcw^GRjHgiSOrB2`_d-7dJHTk5lGI<h*~BB7
zDLjz~9A`<x795{$;3-Y6TsccQU@aafs-L@d{!ui$B3tHUv&MlPa9?5Loi$gEofvCq
z-JgY%XN)`GwGA}o8r8tx7cjKzCC|%(p?2iOI3RVrk~q#+>@(Nv><6J9Y_`T2A!dIa
zc16=IN9mH~`Q^Vd^yPNjFV|4cdk@QXtJg@)R!=1botkpf5#N*hH6%wsk|i&r5L!JN
z<mL+#W`i6p;`%rfwB+~z+`k?aw|@F?)#S3-z!~dKK<{sZ;siO^R9D-{c8fzB-s@9k
z_%Iar<O*3uwMUKE8*<ee*t73ri3^l~&QEeMdBOr{XET4^8OCBCujRcYT(3atR3Npo
z1se^&<G9ccDj%*u)K^gCDS@Srf+H@q?>jb_MV~yg7C#tOW!F|XKTv4%5UCLFY~Jf(
zCTRB$4hBwu&i{nbe0em&Oy(Zvc&hv=aF&#3ACb=iyMS|MO9L){6;U|ZQzZx`ACER<
z=VS-1GJ{$sQjR3f_kYibqyby@-oa`ZvyO$<bN$;gTPdozA;jX4pn9j|?iQ`LxY1TA
z!ZyajZ^mwz?ueGK`I<`cH9adJ^fN~;n;WKXZ_?b#H%Ro(>@5M*Lo5O+ol`(*!b!XL
z1E#RkdT=PG^uF!!HVRiHQJCQY4@5oHo;cl4ZPOC@`S1=oGR>(dGoqrOF}I^2E_2wN
znru8UHW2zd$i3~n9Mrpj55xRcQUH8sj3%Luvry`Ud4KDm^Aps0tKrVGT%-I=>B{K3
zdYEy7+!7nZRk|!8hfzBbVC!y2)<<Bd<xjsO#KK-7F4+P8bS~GZSEFTSqfxw%xN_QS
ze{Kg26OwQLxlc4_*FaeBajw_T38NYoV81<~ZP=YL&0%5>{8;P<LKWGWcOev%Q-4|b
zIcWo?A&;-s-W;mSA&zN1?8`n|Re%Jewre+FZD%naSu<PMhTmQb`(=<8XNvZXkpTiT
z1iwB*bx2;t^cRx-(>7=`4L3z2|A`H<fn869te8i;nLHp{454?uFH}HFC1m|K+zN&x
zo~E21Hi$mWRj+M0|LvV0_+vD+Q6bTH=aP5~cVDmiJ^%}N*M@eCoDM@yzbM}Wv>!zs
z;%JYh>hK4b0I!3{M6=AGSPQ5ZT*yfL=bnFJLys?vC!amCH8E_2i(=lp2wz;-AJY`_
zgr;G+xcnnl0DxuiA{Stoj&_n3L0(;o7g|Qp^F|ejWyOM-9F7;iP7?aSB}~TDi=tD?
zVTY8%FUitr!sp;TxV6z=IUSe?UQN@AkL<p%d|Uw)Cfx;oq4PgG&SnvrH4PROhXo_F
z4P@0w7>=cM^O|wU*9@io*JKhqm;izu_AZ$%9d4KFa1w0_TSM3Whvfj|-#ua{{h=IB
zHnwWonYQ$wPrl76JrTIWm1^<D9fqG0Bi^1;=i4&A8fdG)ufuPAw;MM0EqqDWvkA+a
zJ$096E=9*SZNdZ19O6Uz#gk((y=4SjXc&t0{Hp~X2yI$TpW(4<OI`d)$(~u53-A3v
zk}Z@~ra9}=LrbRID(w%ZPo`{t{^+M3-4^W+haB+XEb|Xw@FLavMtNoS=|Yc}PdB}B
z0r`gCs!sPW(858s&@O$u<cvWJWI(9lw|wlK)8M^s#^H_2;Lg>*{v>2Rg>fWoxv@R;
zCC|heyP$GLn~Z_aOt^ArGygnj2WI|<In-06r~b<!_~dI+J7O+BG8))M+JD2D@4a#Q
zsxqU}yT@SoYeK5l3t1A>8xpV07`*M~0h(Lb&C5=tF~=yr-mf8z?6;k6dc&=U6H)lK
ziB6N73DDS8hEY<U4_E-cqR>>lEWOj<A1>PS88Sef<$oWovIWT+_YRhoc<`$e<ASen
zkfDCV)N|zBsywk=a<X|Y>xNE=WId=QeENZ`iq;fzwN>?8KJxn-nMBvEDVtqfu`B|V
z;qIwH3U+(D3$OSjqFmPV9M+b-hcu;uZPRgI<E2+IYceS=kxz%)3Z-*XDi6GP{Uee%
z5ke5F8<xuszUXzkXuSD$(SR#X5z+K2%e-7s)6*;_$LwsozoDr~jm56CyZSU8b80s2
zM?Z@{otPCt*c8^+_zKhFLrD(?-Y2v`fB7ooyxr|54Trm)G_m+5H>s_gH9Z)Yk)ZUR
zPeCMjl}{Xg{H%8)*dgN83O18=HygB_MosP1*C?*_{mO*yKAn#2)04^*pEfAMbN-)@
z*N!2#5lu35R5xYY^HMBEP#$;dw83QLI3a|z45Ds<U`<lbx2D`0=Ec2xZFCdTNV%v$
z3;Ye89IWP^-QDwT|2B}dMdOe0hECxIA1m%_#I<Qthpfp~YmBeO-soglP$#v-?`*rD
zToS%H9R)|)2f3=`xJ9SMTWhlX2hm5hS>DB(uP@rDM*cdBTgyb2g}dGAiuv)l>z;gu
zEiaoUy+=jn+8jY92l19DaAq5{9w=ShY7pZfXYA<~()6(~aN2o24^tA%XR%+NUFxtV
zT?`xid#tr#7X1>%HXCn)5YrP(+V}uRj~oZ6N$q=ry^z<-NL{j7#SX^O%9%#-J5i_K
z6SCKdgL_L)RLwB^jnK*5I!U2!9ib3^w0ZcTuXZ{W69NlfYE-&4my~O{gMt>v*J}|@
zTC>@$rOhy2NIiyw)_#q2gf9^oGN2t^rx}Z@aKPQ_9sX4RrmxN^TjHL_%T$w|H|c!|
z<!i|4d-=3S^#>mx4e;u{8Lp(Q;=X10pxkCcwJkZ+%REj0L3Q%C{x0_we8o9@p>y0R
zyA;jSRyP|G6rWxGBKN%c<+jf;3X*a{+-9QKVa}FEq%LU=H$;63F?=v>@!Uq=W(qH6
zMi>Ck=k)pu$*~j@jYuWmu=(E5x2K2hKhtB~iZcWR4WH@l4!99?d9~-SEBkK_8%_6w
z_8SU1RR1urXjIhz>fh8a&7ACy=GUe=WpLL@if{U*niJp`mhpaiLxT~+iYZl&%(R_G
z7tNPW-uRr0uBYb~vx*6uz2ejaJfEo)R@iH*_>tOzX47a|#0^wdD=fz*WB;1N_JGVW
zuZ%EL8zW|!DNDsEZ7us1SY^a|{II;I1!sg?{|J=efzVeqUzHXd9EizAW9o*`(<m-b
zaPp;aRnL)PORWAi3+TMmc=2!L2n!d5^|bf|wQO!%ak=!Q=y=qRQ$E<~DzB(%6u-^s
zl)ZNx2LW>wH_6V(Ksa1m{{5`$TxgMnFPx`Mg0aMMF=5dc2qJZPTPAG-wfolvKDrDW
z*cHCti74PULq2TT9gq_{+)w1EXyRyie5-li2vrsLc^W$!GaPjgC*N<|tV*qvbFIR#
z$9d27-Hu8ZwGYZ?-Mpu{?_Z|ib%nJ0YrIt3gp3f%_naV7!+Qg&LdYWYF!ag9#>lJ8
zsioqi3kF<$x1XsBAr{Pis@meO#hxpn>IK6|23`%mP<jZ=qVci^tD9Ny>ZkfVAGh*g
zp>n>Sj=!(K`LWaA8r}|PM=l;%eQ|_-rUN-55A>OCk3DU&3_3ZOa|u4YbB^(`o4U_N
zuNH~wjH|%vbHPcg8HC%-JoEO_Vr^5~geJ-0w(qCSq^)a`Mb`183e5U3d?C4XzPj`!
zOFZznjiJ7Joaxc<a;xFXdy&<tg1vh#qUEn1xOCTmCX#68uL~y%TiSis2^%e=)2Q9Z
zl}Gc+H%yopFEbRBazazN;=dPsg5M5X?&hWj5210TWP!)DTr3dMuwT)^-DdX3x4XLg
zGYDL4Vl7CuMLam2aUPJ3Nm`ZLf>O2&C3mE)+PgO8AbV5^W)Q3T>~&`WXGD-v*WNwf
z4+9$$jF-QDY&W*ot8}SlcaMHT^OIk6nuYTvpcMatZ@fz#667LCPfK&q{mVo6miQ&L
z+=tZow(3DM`3J=eY?eFf1zsqMTme#GFyHTHZs@zMh*3EvwjLj@MGj4!0M~hT9x-77
zNm<#oXoEV9!Ok#9_7eA5Y6z=NMSl^!gstkL*IBi?iqLHh^y5{JZjTDe{=M&5{O?z6
zYcUQ@ZYMK#W6A^p6g&U-&zrg6Zbigca)mSpjej}YhI#xOruFn-Ni)x~W$_HBZu}3)
z?JS;0P#p{Td<Aoim$R><&`Zrd{Q(r1yf|oRw*0%R=k+RobRcfdL0`1M+bnmS2XLs>
zzxrc63%>h8@3FJtqY|xIAqdgEV=)Dw*>F;SCK5O~Q|MxAR{F6UGb7u(_jFRu;x?;X
zkPoM50ND-ya+_T~_|LH6o1nZ|U1SE*A?hu^Af0uUWN!ky4jE=K54^>u)MQ?iS@K-Z
zZcE)9VEf{|PKP5aP#ydFH(u+5->KARY&2AHDDK7$ujqs7VQo|6rU4sPazaWd*Js_@
zV+yhtsRN%6kH(ZQ6*yfXBU-OT1HQN;yt)8Y_k#itX-h^DvP4HO-M_5=K$<diD?I4h
zpFbB^z{PP*l>Z%&xp%gV)wWBZyEbJo7O`T!%YMa^>M&U5Ff+Ji+jo&(@tG&Dy!U5}
zi;3mpM$L~)-&3Ka$yDv6M8mrh-BMAk_h9trcZd__ihLEif2aInjQs$_d>f-6*2K#;
z3XbZO@1msl=gT&x<pZu}hqW)7*}?C7%e+ys4FhtlqRYkc!Cdv?&rN-N6Ohy%Aqou5
zMh_%Q9uUpAT?_?I`k=!Dpr?TjHG<7C;r?oI8BB4$lRO^&ZG-rZ=?$T;Y~X`G{IhQN
zX$B^=1Farhe0MyoQbiUj3L3%9d})d`Y^=t1iA5TRBPxp+Loz=G3hc3jU*({vVsiA(
z1?vA6ARC3V(_Aqi>YM;hE{~Tstv3`QvV(}2$==RCUYxhXj^P0><DikwI9BZ!!4*h@
z)!ixsSxjy|GEVXXI=ApufR{$6ZV*Hs$1QR1TBIRrKVKYNm7|TTBpK6cd-gp^2&uGo
z55Y=#9^8<dbMHUB4-d#W%{&?QT#>8|eAy~74D=MG?Tv%8vd4pfZW4IQEuyY~@ld%i
zJFzlh*~F7+ye=hY|HobJvQ2l{odoTPrKdYDOR&p5j{9K;F9q0}g`;eE4R?nexSOr}
zb-Xy)4tfOptw({!yDizA1Qx_?kB<k?AYijc0}FiWZAdGyd8Tan4ZII4v)s&0tcY0Z
zwTWH7=M-*D=nWXgUOg6@x>{IO_?p6`EbMh%Qom1y1=?vQnUc||!PeAe(ok3*yszfY
zkWVrc;c`Q_+}DX=MB|Z<Cq0c?<avO=y|mjNrLt4AQ%T8$lnB0VYrdfq;;$9^=UiE@
z`n?NVX|cx!qY->xFEvBPrF#91<*g*hN_u<d$Mq3+N2d7EvA<(T)1m7PL%&FQD=AvC
zK31>>;l~=h_$BA49s+--1|aCj8r5u!=w}t0D{wJXU!j<D@AKFPZL4%CYCe^%Yfw-4
zyQ`uJo%$s@+P^tTAuAfq6FzFLQrr|6mjfi2`vpNQSk8$noB}Zta&vq6lAAvgQbX>!
zcPA`!&@?RTVw}03Gx**tMvnT%>m2{=UDnM;X1~(eeT3sPcFL}-qxv>xqWG0q33@}S
z+fN*b`@N+x7v2kkwUk6^fsrkF8(*RR$G;*CTK03Zg+h3(kGbAlFC-N>^rMJCf1z5m
zH9Ii*K}Obk<FZgsV7fx34lw|umh5r-+*i>JVO1%_IuH|&FJ0cpG{ZFyhz5ifS^q^B
z*gY%tZ-|ba_}Kex)!PU$=}OSO-nuHOEFVk0xPL~eEU8@Hr>+S+=T;1=fO=(5NwK=b
zo$-I%YeoK=+aSmPq>ksBl`yWaoD<>CBzDHDXYqF%K38XZrAZX-Pdl4OCJ~@V<cF*=
z`}O&Ts!Gn%g-MuZoT)am^tLT4f5RJ9#G~T?!;fC{tah(GW-?dJIb>`zQnr$y`1(IF
z!8$Q|6dUk>p<#hzjzh_H|9g^f#45Yxk{;&Nj|s%?(w8%IBs^VMQFkix$I3a<l07RH
zW(2wH8#WUY!k9$6eOHg8I>+EsGcq}&xi_CVHm|not8swE9lYKp!(cRh7^w-X*reE>
zygYquf#^{wP0m?~Segs07x#MeoMj+)ycSR4N?cJ)rA$rC1qK$9?t!9P<;h=D8}Zk6
zM7+%;sIya17AtGz7)8FD#~p67<vLAzetrcmKH0LuX$oX&@PKhLm6y#H8&Dd+)BS`c
z3nz3lj6vK#X=RTRn`>0$g7=A)cXKz+9-6B)v*c<kb1>TWN%NBgwrCaT%4-XtW)ik<
z7-g=t&G~lg3wqRH4+7L|7BaD+ytSI>>dE@sd^;6K2Vnm4n8ay$pUJy{_cf*M9A&<&
zGL;un+p;p9wyMcnamlo4711?3j&F(bh=61au4ADh=_27GN;$tGpj|!*B04!Y^2FNu
zsO3;{k(P9tIHdAY`D%g%N&R|LuUnc!SM6R#-OUmt!XviQ@PiYAw>x#&OAS)i-NdgP
z>%H7lU^JCdxSDDNsX+4(a7W7#>WB@0mL5yWffe-EdhkZ0nFX2}^NDdS7hR1de))r?
ztG5hUx0a|Au@o={uk}kP9@JL1Y!BASSbE!&-hTt(mQW5$_H0&!+b494_dc~Sd^@z=
zA}U9t%ctu7!hhb1ZZm4y)?d}c(EMOE<z}yZKYE?y_`>Gk9^v)eM8VG6GE~vHg~^Gw
zN%*7NoyQdd&DbkrPv?%Q3zPaFoW_zTFAojg8QEL<?N?`S?e<zlFa?q@0kwa5{JQP(
z5p!RK28%9vEjSyy)37;ZUITK;f@rz37(tPoERm10;uR0{<3UZ!F{az-y;xT(6%D&G
z0rtagIse<5e5hWM0TXRPz}1S}y&tYHW6mPI?*}QR%dd=7XI;N3Ka&znds^GEBgva~
ziP){-Yq$Aai0q#v&P7fCdJVEtI(J^<A1~F_0rr!1kL@CFLtcubjhhWe_ISU)^Kh_m
zFQ-X$Yb`WkFa1RzUvkr{K-anoX+&|We|Jufc^RsCBTDvT)64Zlj0U<TLEN>vELb*)
z%o^UKd#3eI@k+N&cbI4TE!g0%-VlXeb_xf@5A!{rd}5MR_Ie{T8=G4qIa468=Oyt-
zoOLbz7Grg&nO~qP4G5H{mU{GS`CQj#-n6$g^2I^GR0yl_rP$6@&-d}!)z|miw&N00
z1RIySI4$!XKmns?(}odA0^QYHK)H#nBj)rRFIgw?mt9{@>QjI72&@P4n;%~ph6Yck
znoLdZ_8jq|dB8FuCl>wOKQ@|kHLHZocP4d-UCK8sFhZ|-l?{f_@dwXy_U&r8<s{gb
zJi<|r<fk~E0@r4Kc+~e*h7SfJ5-a^r3q!IRvxSq_Up1M1Fsz-E^6T8v$RQ4LZj0&9
z8o~9?j7+2Ok>O68$XHYzR@=%7_uKLIgK>_OUZc6$h6@g!8kD2Ve3c3c^ksRflQ3q)
z?}gOn-}%{r{ki$73GRPCU(Pi*1;xEm-VmWq7m1_Y|2E}n&103U*y-^#RWRPz%GB?^
zck)M1szAdx&Lvgm5wx@qoF(O+-xeRfk4>x2OO3X}4?O44Yc7M?6PJ>YCT^!%eV14)
z_N|6`rHZDrks3Mf%0{~F+$F@?iqa{qd#SZf8hKHu<-#eZ#gYhaDHLyYKic!mJ!9v7
z9(6h%w9Dof(H*V%t>eiOv7e2;v*6N4D`K8db=PU0y+6RVJ5j)?eDT|ZxaiyM!aql(
z0N<H69)yNb(vjgj@^Syxe^Y8dYWxAs6o*aI|JD?vwtS&ku9P(O#)^J{!zYXPckBmP
z_b0T%;PVgk06_iaNdneYp}3!aZqwK0t1qqpuBE*Msq{&@di{bltp3AT{gZIC1Q`XK
ziktO`{$<A?Z4%CGtD3GRQv-c;*7M!wSv9I<q9ZD3_td_h|ALTZ2YR_7N|?;r#Mf7(
zYR*%L3de5U-OrI9TVucaKd<=}zc9Nr<i=Fw*)!>RO4#;Y;2T$z5=zWzv^BTb*B-ds
zGr!yFl9z2qAPJ(_BVl<hhyG4#d_?`>Xv9Rv_XZP77at@fwGB2OG!PO<0`ZK<!k66h
zM>Dx;tP2?YE2=2SVdS?h?gw9{Z#ROYwgOzseXM$2+zVo6VrCy%j*n4!0X+st)+lF9
zn7Iq8evG?qN|1;e0~A&jMHE$?9K$?|1F_s8K0177c@gVlh6{lRj1M?|NOkbeJmLVk
zI(L3yIW4FzOp6i~^4|8z^(sT@SQm_l(_qVdj8xnkrjOBj*Mqk#R&6+`VF5g%Trp=Z
zZo%}@cDJ^^l-Qb~WN#W(DwZeEnj)|b4MM_pTAYM!a+DQzYe}mTvys`b32e&MdZge)
zDKlSw?xl*r9yhnu9fx;(tD2^HnmE}ZNbs>3-fy4^gTv}TgCTcmP<+|ATgRr51`yNK
zxMx!?2=6s|(^_EL%;qW}bp4Ot{3@3_Vluu&?$zAV?eb?5tfRifHMTlqF^RF@T5Gq2
zomBIMkCmFhTHO<Sp{E5E&&1iCoI+ojXd7p+?o3)q?UT3XAdeb-bp+1Lm^g`CMTR&B
z_LY>n&}HS}q&B?uwpr~!o4i%5=&^M#t4Cm_e__JTq&MzM?rsofE7xZ3nhGo?UNm3i
z8?E{c*TpiWiKnsdT$xm@&`}uia41IX-A-Ix(jT%hKie_m(Jy?3OJd0zw{?Q1aTu9e
zwY(W75$VaXb<;cDgMXRvi;3q(epM|gRlypw89{Pw7;pXZ>iKR-s5P&THeYZ>V|h4v
zTKiqDV|C6)TD9c&%B^q5x%u{Y9}aeCy+Cb&Q>`31BsA<FTDsZYOfS^DT-z}_Y0pgc
zre%xq4#C+!ye<J+R%mEF@wwP1T8=a&v@M0GS%F$T#%-~k!n<xSLUEpFRaQP0E#p3}
zn=2w|L*EtkC{C;h&w6!Iw^DcFwhMX&l%wH@vXSo88xDViojU>@TT67y-V);)8P1Ty
z;AQuZSIJrVMv5#>DOKJyE~p{)I?%SyE0EnK#3K(%#OUq1XYHS=re<9e3VLtUY-=6#
z9ha3J7t-g9@zHKOp9`&yTO6r^Uz2w-;ODrXVc+P*HM(iN_;W(7=}|oNQ25~hcTyz5
zzyxRR-b@)hik9|mqx!a>mhTp_Zq`=45x5<<cC&_GM2_?D-Wr6yfWvc%<E4T`PnZDT
zsUJCQlmKIZ8zCn<(r@~a9mgjS;&sP5PIm-OMgrv2#PPgDoHzbY!|Y2!%!w3OThz?W
z?xp5spYS>z3qD!e&ZiLE9#y=rwroxfzonhrr`4?>^{*`iYxYxj{MdjTIHG6Z6E5v$
z;`&blb19E5uOf6wNbDtCSEo+20n)23q8Je;tF>~2zal#%oa1F^bXqmNeN(B1QjTQT
zL@_02-pM^9nyu~t-TOF}NK`nSo=j<72br1U9jn5}S7ulm__C2qSM5`o8TzZYT<WsO
zbPL|tfp6)SS9}jIo=~apn5EQ7kE436W-zzCkZ5|+h2r-~*80#|5_!e<+1>a=f3(8z
zgI&CQYKOcUajiL*yH#<_fuBV>2)Cxfa7)f>MNK;RX!kLvFK_>E{=b+~V$#_CQkQ!Z
zifw!2D`ZI*+aOwWhXe5R+S5p*ajIwS?iZ?{CQ<xoE<)RZcbY68%RB1{bFRj5*Ft@t
zq-VJne?U#e@uZV)wC_)ADQ~&J3(!T+FSkD@2VenK$`^SWMhOT%)ywVB_tCe>SAh0^
zlVaN6<^QS#`+pKMTURcUDDMzJCyP7nm$}Dom%-JJ9vw2bKl&#X<@G(sK&6VP%K*2F
zP#pQ7qaf#e007L-$uY#=YDK&vu)W)bW==i5%Mnp#uU-`a&$g&@ed3IY_Fk5bTCyU<
z;FU_q;OhF8R*9G&8J-f80nopVI0<O><4OkcT!$0MmWED|f1Bb|+jaIgsNm1HRCcQo
z&MilC`dV;H{eUIBpAASgvn)>b7K}m18<&q>dj;NH16O1x?re~A9_h-5u+m#2{0bW1
zv6)apQ*by7svIp%Ut~7zleMJSYhp*4a`it%FCm#_)t_lbVQoKeWrJ_5e^E;<NwtKe
zlX1=9c_3lm#reqWn5)_L@d#Q4SDv%%kSt!d9~d3tQEy0<5s!Va?-6|MznocCTPr%2
z-g|Tyg&pS_16yyul%1lql=&Momon$o3l#b+Z^OLg5X$mTGLq{RyqP(vpTW{znzox5
zU%#$6a=M|N;CIsWOFKSjZ5*jUtiY&FlmjJ@H6Hp8EmL!1``9<4Q%~DEO{p@V$uir6
z3F1d0QqF@MfWCh+gW6R--6wp|$D0hWStH+eQrDbkzb$i#c<A364^#3Mp7w5CZB?qx
z&a(EPV>vN&U+|lA6FtXZ_I-(yGL;FgJLqDw>6LioLD%A!Uo?MN{|8Ev`VW+(_2SY!
z$^RzB<wtl?0_;;a9^k)fT4*L+cKt%m6=Mmy*w*;^huSn@y_@puzu~#B_dG3w(pvjS
zg)U!&+mqUrC|^@uU_evU_*?Bi!~UIufLj-NL*(NLIpOD`1kf!NXkSH>Bk(Jnp*OMo
z?Eia1(DUSkIPD)-FP;gV{LkzEnZf^;^1Q;6#?C2gjqr_B+|j^`cGQ($DnVboe*eD!
DUFA~h

literal 14102
zcmc(`X*^q7^fw+{)zZ=lEk%dhDvAzTHAQvOQq(-vaI0FOi7_H1p<JC5ZH+ZWsi-kk
zLsUp;OG;`CqJo$sQc{U2iSWdI-afDXpWpv^UgYePbM`rB?X}nXuD!o&?-zHi&G$$v
zNdo|YJ-2UNw*vsg*G1<`J9mhVgwNl^Ma8b5Tdtu1fXx2wpIF~0Y6Ac`3b=jU%poFY
zVH8}h?U>70g38aFzxVoC@atzg;+>Rp9_D;me|`FrW+r?>LgmH*XykCF*qu`yjaM?S
zr+#cd+Guv+wuFk$+AF@eUZTb1^}Duh*WELBj_x@jt2Z3-CcNHwguJt0tUZt}G!mM!
zDjnqnzni)%4e2%^izbhp7fKz=N(cE=QBhZ9xfSlUE#_J2?)&=NCsSrIa-!nZPBGy2
z<>P;Cx2XB~-f;<0dE)B-uQz{~`HZ|1Y?8@?DB?Iayoj~Q?`>x@gcB1?K5T1jdd&vO
z*uq$Dk-lZ8-xP`Cy)V5lHhPt<X1J?CSV+|W#={!>gDWyNdQENA)mHAwYKkho>PVk2
z2p#oedkQ?X*VovaD;SKF=z1p3HoUjw%S2$_E!rlRu8nM(SNedL<a>?AkNEmsV9MUi
z+Kg_CZbB!h001#>hU~;P9|jY*gqKX~ofS*8HW$ui=gErR^HZ&GPE-I+d}eB|&mW&0
zoOa*rPGRPB13xWRn@6wE+Wqv4Almbs0ys=H`p0x2v<0Mem@#Y$)XClII6<w@GUU8|
zWP=HK#~-bMB(|ksD(G(L!G)Db`1}-BZ>W<UJs~D{P-_q0HY3x%lHc9{HV~}A%8R;b
zm5(HAP(sN3Vko^;*Hhq5d*5AiuQw#X12Vbu+N>|g!~&}ZBuuq<Sv9cxId^INF5S&<
z(}K;U^!LboA%mBy5NO^7S7o2}YbvU|V?l#QuQx*Bsh{7x6}6|XA&pf~c%@tTjiLt#
z8&`^}kJ#re{np2O>{+Ziv`7Q#B~~P{VHfibL#HOkx=U6gzvmm+x#g%a5Ua&0&A97|
zO5FL7LgUrXHTQ(yS2U9so)Y1W^{=w&(R~dGYF-GxsQY7ns-4-4FF@jIvfR6Sf9AxG
zTdh4wj>}oywQYUPD6N4Tj~Gids^psO?wD-;>+bV^6^r+{1);erlC^JHPdtQ|cUn<o
zl7Whcvxo;r%-zOT*ueL}hq-U*+Ru51b@TOX8r}aHPCqnaKKuy6T)PB^ci7L&*s5*O
z0~8Osp}D6P1B=ehA{V}jEW%sMtpq^VZiMG&U@96g3bb2hc@hM>o?kc39_;SO-BEm^
zP8J^z41Z$VGoSB5?v1y|3eRmfU+B#RAZHg1&RwRS7pe%q4?-#m!;j@d+t{rDlVT>E
z`nOm4X)qr$GB$J{s{jq~Keu*imbN#8@g}~nCMtzNrm~@J!UJ4Fg}Z{N%}&*JVgz@R
z{jr{e`(>YJUzjz;3NZj2nRCDSqwkj}>#QAF(j8L?`2L0?5<QjL>(W6}jc(Z3(REnk
zkCLWL%a-5`Px?Z4D*~pU8+K(ahZFBG2J@utrA#d(Dn8~V^xSto(yhid<24BiqnpVc
zqMnv^(rhM9wG<BuJ)-XF?SK}+`8(>*4LzP;eDBR&-HPBeEFO1@)_x8S<=A$+>YEdU
z0^AI&f}9Ieln2{4dJk;{u_jot3&V!A)n^&K`e#MXtLlb(Y>Lj8LNI>a*d@~K+zta-
zg7{6Tm++o4qF_g|^bujMum#2IdeZPC0+@W%r~0pVYi!iRQTqIFiqwy#<N4tepL-Pq
zZ$&Pj5dgb%aD)^?EKzo#ZT?wp)yuf4*TIav>hZ$Z->xw`|B4sIM@dX%vZZE8acXhi
zlB2TM*G%hqQG4iT60{k-*NMUF?T0?LUAe?Ap!_Wt?vr0O^Buoy>3x4qOnM~ug2bCx
zUq*G`LBW>(3eg#`IF7F|ZTwlUUGxl7`>OAw!F<vO87)Zxujjo;TZjB)2;z746lP+~
zKD1@ihdANbfPGG{vv5BIVh*9i-~^a_NN`rhLhv8?Plol5uS<2VoRoh42p&_PlSi)*
z(99x^uuXlhJv0<rT%)PP4c|zw`$fy&^118P!Hqap?CbAh9qk3X<S#cSg5$@&agSS^
z$6W(D7maoxv+A5k&2<<B?|@t@vp{=q&nPj6592GjUK?;y1*o`@wSO<;+C$9KDz+8e
zwL=D}fHPyU-!d>VXC-;4z51U08qv%=5srVNAC*A#Dm!r}_N}ayUpu9lIdGoqZItx8
zu-OIK>Jv2Ln=AbwTgO<>W7L`>BWBu6TYfm~%4~H7!~UvSI2V+p{pX@U_vT=-6}z!h
zw_^jY5x5F#<?$Mbp@g#u-B(3gdJLuY6-DC%%N~h$^h@3>?Eju&n<ftKoC5xV>#K<>
zoS}NV|EY?I{BdzL6ivM#x&m;?F#|qGXzh)w<UPLx8ou#V%2m{<PHNigenkXsHIOE%
z6EkzX+5Cj$YUEy#vjDy|U#k-p&Ch#c|L+H_&tPh$hhS*iCYmq*e-|L6=OMTw6fGDD
z`_m#7dPYpr##9)_U%^J3td&nRN_eMUXy$0oH<H0_G1!!7Qj$t`ZKU^%b^&0#QDU!c
z7l4d=1wiW<{-=ijQ<PR%e4(CqG$rG~jKoHEAmPh;Vchg0o^8!Wt>GyQ;M$j3-pZOf
zaOs7W71!wlGQV-FMGn<dzcQ?!B?pN40TrH~hQ48)ZIw@Oc<J8up$^FxbOxeABS%@D
z89*V^CK;&a)PhMYpv1?nC+HIDFEbpSJ<?E{T(phs+i$W)XPVeZwz~|!>Rbo)o17_v
zLwV$-!KPJqvA;0#YI*!KY6*;&D><QEuC!vFByEYLhPF0ZsEPk@L$ayw&wDxK>85!{
zY-v~VOIK2_B5}R7S5>|PHbdkbGqtgxaPn`VGdO4Iq-(t^L#Jm7V|RhE^UodgIqVel
z#<WEdNFKo>dwB-rP*9#>W7E*yHBks}ryD+;b!`K^3x>O)Ub#QjNmjI=6^A-ACU&Xk
zoaNow($!RZ_`<8rUlibOi6K8+^_2V|n+lW!W|bTtc=2&V)opLguhs<SwhB|e+DZm7
z#oZa%n&WUO{=L6958#5*y1pUYDvn+Eol0}|{8ERu5Ja4AP*paF4osVWUL_g9<s=3o
ze89J*>oRin4be4$v#x9=!ahj3TVJZ)=efJZ(p8XP<WDImFj_#P0?{zwUShd^CV<%g
zc3>H9?F^OPZPz`hg-cI!)A5O!NbjnP8_@PE&WoI%9@o*<LZxFWf(Lz#{JH&u`%Dw$
z{eap!`Zm#(C6b>5$Gk(C^)TNu3m3s{?bkjKGc`^9e?MMz^o32tD`K)C4KD`E<<DaP
zfu0Vyk6l4|>&HKqbPX&^sUbeOcuhmAHz8$f0kEdY1`d4Eqs#baj~=o(730=4<V4J<
zE3;9d9qiVtz$>u&C*w0Qmy>}sKVXEig`i9W1)^=%`O5Wri*M|gRBE{D^rS?gRcUmU
zvS3Q-!p~*}D7hbXG?-UcJzF(nhc457hjJDxoMElG_1L@R1zw9Zs@Vv@Hie(>L^H?3
zi$?2I-0Egu;8?k*JO=!QOC6UWakDRka-)3=o^JhktVBaVDx}c=U9f>g;Vj5M5!9hv
zzC-N--%EHJsf91u``gYXoOyoIq6TE(nat?aN~%jRx6zf~u%ZlWK9Jf0rd`$@gH({s
z?C4JIi66dH>^thz02ZJI7q6fD!^|42Y;nlJYBc*xZ`d9Cq#;@9esbsSf4qoHt3Wq0
zzOn31Is2kbxy*nj;+JoR6$<82OuT4AZTRS5K9A=c4<eKFjiaZ->LC}mD$^14!->HO
z?8?@a(@k!9jHOl91+TqDNlULdW}tz!GmuC2k8Km6c7E@YmtwcVJxPd<or>J|3g7&i
zI=F|_{j&N>mM^vH@;APzZT@LkNG9C@MY`WJ_$zMLAMW_)fcIF5t5Q#;zrq@)R8mwv
zc4xWOA&!Ew!ar$h;O@;I?OFRNb$u-U^h;qkqIuovEs#<-XU+wU8vfDqU?s;p(ZcIv
zdW<zsuecg}(@yVc0RN7;0;23%NZ-kb-yCch#a(oo<lkXZ+b5i^3+JlsJYnt1<>_|h
zJIsv|`R^rn^Z7318O7+Lm^S%}B(-i<Y}3MIm0lAQkJM~!{0i|0xO}Lrh*Gu+bw6=s
z#HK@^EpSavtXmdbEhdMD@4@6aWso*2J3!bnjX#$0PfP3ojvd6R9mhaf>SI!sv{bnw
z?~#>!^f!A?R<$#cKfqdr(Hl+|3k&!Iis6Lyv)cCLzDP>VnczRH6@Pr{%|LT-lUs5+
zV<iHAMCv=D=X@=qRcyXvnlqRfSJdd}Ix}+`xmcWM_+25LWXQ)K)Lkzyh)*aT>baZM
zopt|^5Zj$bM?L&XTjXLDh<@&U%ZNUP7r!s#6dn4C!7WWSy>=-RV9NF>)ta~jyj@cm
zcDGIXdrMda;5H?$Mc5kFye@4^@zJX1f4KzJ2>u5<)5>Nx_s7QpDPpA(6tVch!fr$i
z4*X2k0_nwk&Rw2J-=}S^?tJEqV>>>+Up;HEB1I1pRsJ_}rhI0A(_lH~4UO0;2FZYL
zyPKWSx$E)%i+IvVWIBd~NeWguQ2Qop83~KNJ3OqTI&d}1>j&O@t-+FF_sqgpzEn#|
zY6n?KwW}g~ak8g24R!*wNZC1lbGLJi&RSz~!x3dGCM>2%FO@)5&kXreg#2AIFPkp$
z^U&osCpxAXdz0C7j@dk*C@p)7r1bB)bqcq8kC9=tC2SWILfUbW&1fXdxhu}-q2mO0
z5_v3Fw7TarvUvr~H*L_F=Dc(-k=45a=}ck{tdbTuqe;UTZW}^!pCa)1?+U<&mQ~go
zo<AgD^aa1{ZklbvKlfD|?%DAhbKEuxjQbhE0%)E_Ug%gPnwg_wPyNyYd_XJmPLO(y
z9k;uD*&@yP$P0Bjo!Y6XT{#$SL#r0#y*#bhAGoh7x8}UVislZKk;6|v56M!ronu|^
zYwx*aVT;P{QB(!PM^p8O?#T|`i<pm=@;eEZta1<ZiN{Pip<CUn2|Zm}{*o?5M)tgq
ze@j2N`_@{h`Q)HmpruEo1*O5^B`~};k=%GI5%*2y-|*TudRlS~m&Csdr(X^}xl8pq
zp;*i?d#<~mvb!Y}@7q@MQrYXs^R{OMnmF;4Cq$Z*5;r0;>!k@dwpNC6R(fDSNz(0j
zeu0gL!+!jpG(T6u9Bn6?iZFtX%w_&m)9J>Ql@O9WS}hbakoP~-xjZTyzJCZtXI9Hi
zU7C;L?H%oknn~=~F&ZCM*m+1vQEKZoSh1GyGC^q(d&=e-9qd1xbVF8d-pR)KXX%{7
zdS~dyaN_J91(FyztFE%vM6K6pFIBUqkrUMNJN<5%iefN9M={wj54l+HI9O3=wcXy*
zvk1j2jE>JwufM{5LrN8uC1T*|H)9ZJn8~G(F?IOfJ}A#4Rzp`bTSsV{{Lr@?&(PJ!
zj4EdN?7n*BR))^_@;f%aV*gqpb?N;wuhJ3h!gj=Ip0hh3#aKGFGL+wYGuYC&xUp&R
zele$yQGvRTYk04;e60>V65ot_)Zh@FMUux08s5qL20B*-!>zP^Ag;^WQ2O8iAOHB7
zR#BbB$-3jv1vEQWzfNZ$R)Bc72`R~+%M$hQA}q&n%z)-+W*lgxnCuT-J;d7V4X)%?
zUh1TSOAkWNuo?%}Ocd}0I!+EnhnVQ7)yVOIq{+_@)Ae)<_j&JBIJ};CZfCH5W<*98
z!u(|Tf!pzhZ7={Qv`W-r1)*lp6t{G4=#Pp{!$A}9pwH;ibx#;+8S){xTA}+x(z(9R
z4GM#tV^-Yb?1z+ETZ-UZ_`sQ^>ep^WodW0xX!Dr9UXo#RGLqNdH|xHDGILs3g+6ZY
zGn;w#Smk*`^do1&jWTgdR(Q0h{C+~NvfxEYehAuk%?nJE#VyVSI-Xj*#v*K#9zyhv
zOI!l}ObZpmq+FA${J>nW*CuKId$Ov?89qx}s6ARJ0uU~ARL(<sa!B%6$ClIUkKOmT
zM%H&<NdYP*TbIT4AG({0DUrD~-xD+rIU4*x1NRCS47-vmRb>~B>Q_CQNc#}d?0d_(
z8uP{G#Fdmv(oJiUMb-`|@3~&@@wgH_Ml<%oW3%URp{92amsIwmdX1Nk{HeZpE@(w1
z>0_WrD)-vw$_v7gYtp0=0glDR@cYT9p(z>zqf3<_N~p3&>f}2Yov!^SX6`qBdJ{G%
zvhfr<L!>OJ(!+|m6q1Wp{mYE&_eC?H31}LfCJpO<>enxZ%5u64iuC^emB1VfMO@KZ
zrT?ZCU#u*vGgi3*Il0_E%l7k>B)C1wSXlpI4*WbgpDuT<7|Oen94PZs>q_^OT7^58
zIlcA>)$USqCG_mH%+cIC7SwWh+&@de0L|wn7OCzpJZu?q9wp6*^5t6dl_GSl-5gS+
zGh*G*0hES&L3nv8YnhkN79gl_+W@O&_}o6{d%s#4`?J2kbcg5Q?xo#?FA*|Nb|RI;
zvcg2}Lg1FLLD5FHI`GIdhMDuq>(CiIz(@M3v7zlkE&zDyq7AU|z1mOf3100+SEMMy
zF%;;H31}($AMU=f9mV?er<Yx>EKFX7-4fcBuW#5Kne%Z{efJ~rsb?KtPo%!q1@csU
z;>Xsr@Qul56WsHdR8_hAZ<8T2!ZP0y#0xUVQv4Z&R_TFX1-D)Lcy*}C$DD-#8U)0<
zY)(fk+~!=a3q>nxTugl8;qGj81omaw?iIqd2+aPhVx=4U!%NoAJrFb!j7wdwb{nG-
z=rt8q@M`&mQM~@buj)sO?w&^M$@)$dt00a{_-52Lal&J-kqbA(;+xle#H;uaLb;xH
zv+$IAakU<*Htp$|Wx=Tt=`0&cNKMkPp4t>IqElnHd#2oBCZZ=9!#wipT2I>L%gHT?
z?u$OSSA7I7BNBCGD<BHmMQyME;W?-&WM8>(;+UkpZ*(|Z(R@DmacbXdIV>~3jGQ^O
zRB6vt(JHFJfHL&dk~LoS*;`(toP8Jk1&#vcMKCT$+b^9-_vo5#=zpK5-i;fM+JB$G
zE5HVLI9S>&m?-fC`z+|XP1JnLoW51aQynyeyPg>s^~gL!F?f~?ez}K_NLRXlsJM4e
z4019fbx&T;qv6Kw*;@r7M(**AY}=)Doznu(@5AMiOXczp><zPZR3GK07i(X1*wiSy
zE9`+#36$EI>sEV?oeT8$kTF3Pf)<B&-nI1FC?{9hT3)-eWgJ&hDdyxpPF-2=G)2Sq
ze*PtfQuFY7{41<Qu3TIk;Vq+V*P5^x)|>DBOO7MkvX}A-vh&ZA8F!}`Q$BDV@JUk^
zos<In(CqUZ)V98EMy<nN_Fzb~B`F}hC3|D#yn9bSiV@Y8*{mMIZO<wr{!g>Y|2bkf
zWUtWy5kbUTY+zL`uTLch`ZaY&jdA;!#b_W;C^}k;<{oFG_ScMyn2T2}xv;T!i(eS3
zt0#B<5wQbpliBo*Q)a;b{pa7KYX9-oC$7CF*6#c7fxTv%gEzKW>$7%$@!Su5dmtP0
zv?ua+73tE+_cUCf4e3be&*qTbE=VG;Gq5kk252y6QZ&H>lmjJsA@e20pK*0N#W%$6
z25nWNg^%s`mrCaV)G|#a*OVlpesmdg?<DQ^KDv{GQ)t*`fgg*7QGXf!CrsVW*o}%O
zI))PYI_J%g1b@f;y__F+`FhNa!y$?pi3Crz=Gpi7uJwIQdty|>21Eij8}FS?Ru&PT
zkKZ1{#j;278Ma|DPfq+$(-q&4%!WR<gtiCIw4Z&~e0dM@VD411DN52#tU1h@z)8dY
zPE(6o{e63zIxt)xk83CGJJ#&=DRFl&6M+8bycpn$vgG=`h!f{tZZp<rbws*smcG37
z{XoKtq4Iq-1=r+E!p;|@H^|5~x$paAVQnyz+U{NfE%wwUQVcLeK_=CbYb|<rQsRH_
zO|dovaW2>x?o#9h(ZIOTI%!v_#~NH6b&=LQjEj3tI;+B`-z<;E$%UhKdMW<3+dbjP
ze}wMK%lx@QbyMkOcGKF}m^S}PfgBL<isWM>4F9a{9L*MCJXG#O0)*c>ePIi5NLG@E
zjcC;xbmKh%`n7m{dZvbo;7~GdR+c1shSHI1OHW+^0XoDPHHz2Bl1szNhGG#pkmt)^
zUQ>N{hu=jveFtgUYF{pt%X{m&`A*PBP9DvxM3H6s_R-K*vtrrPWnM!6;o1P|aEI3x
zpIV$jST1V){;|>-HzJx$J*$~6R4n)|86~oUhx5wRev+qLKcHD68JN-~WSd&TfXfd2
zA!RgLHDZ|>(9#6Tirp%sZ^SP1O{2Z{|Dms|t6Rq+0c7r!+SX;{HXq_87^V(ZaI*p`
zZ!3Bsf+Jb(^ekDU-=8G<3Xg7`)P>(}5G>+<xzD{4(K%<Y%!h;yLZeN0jn5QNRZVtH
zTlRmA9&CSxiH81OU8a!o-i6V5y~|Mm1xxK!EOH@$f*)I{l!%SO&zF|<y?d1RP6z+{
z^JEy5I?>rX7pJgsa#--QZaGE0!IxK^wBb>jSh6JINFKa@0i5{vK;N-vM?UvJ0Yir*
znbLzZ;NpeA75vhoNvp3vP;xoCf%|+J4dLI2M1%zYY5u_Kl1WC$Mv1%Zg|_nM%uO30
z6OVGCgC7Eg!6X%Z(7;xQGvTdj<lOsqJud)a@&NksQM1S=@`W?`TH+fg?Si)6s~w3D
zR80FA$y#A~88aX>@8=_htT{Q<pEzc#E^6s2Rm?lw{|)g%O>-G^b5O8F|2qh4%i6qw
zHHh3lo-o@qhk4eQxK(Mq35-d!XEiMhRh{rat_(0=UFdQV+!3<r+`P3r4NSy@j8`TC
zb94(F7)5K~_0`CGjY8)Vl66Eb>h0Zy{56r1Kjw)VSzR8&qB00VHBXn(*C%A*s~>6!
zAXNaj2)MTTs~c6fezt-?S|&%h{9|hsM?_wUL1VfZp!GZXdqj4<`?>1d0h<rrTWv(z
z1^AD;7pmn0abL37@#a9-{y$|bS-BB$Zm~C#J=T;m;~6m#Kkz2x4i~ZA`(e~x*gykX
zil=lw1)%1!cU-qOL2k>6zg*UVd=P5n^{2a((jWiuO}~^{v%j5lHgUs?rG{zR_#J(Y
zckkQ%OB$WUQh@`CYRw4YFSPL2FsFY{aiSY%;G+2`v~OA9zasU}EQWa9D6d*q$SOoL
zYrY<kEt3nnz7^rkvXj{`9&PtCY`$8*0<?--(-{`|S>>Tq+h{ELUC~=i*-U2hEmVaR
zE?A93yR5XhPiH?q{8R=Ilh{ixSrmD2`*{daxH@^Q+Muaw(4u0qzkBW_Ai90IgPCYJ
zlWMQP|C&I9;KB0Mvd!Ygfr9FGCvP#mbfJL0wRzh)S4YUacxtl(H)hE5P?X}itShN*
z>p%qC%`tPnjwh8gs}m4}O1eZ(GM~a?BpEGcZp?veRb?*}R~js7*9As=Q<n8>d9-|F
zc{^t*Q2-zwoc0pVDuxX|ujGmiU2dvyYC&enX7fZqgposxOR!Wi1LRMYjhqgs+|2AK
zygxE}OSo2T-g8(?)X;^^kjWS77!kOYTwbWeFDm_Bl^CiwZJKC-Uh_pQs*s9FdHjW8
zcYn)GA<^Le`8%@-m5ng){B3h%b(5fW%b^p^v5jj@?A*qhjuw2w_?&rQEtG|VFuHQ3
z{#ut_gvV*~y$`AY4jq!5uVOcPBA|<)XZnzTJ)fo#kFs>TjPg9>&b*F|SZOj{9rB@8
zTo;ShsE;PQkG-uV@aLgurrD?n05eDb_59Cxmv;;g4a~OT*X{rXg^DU}BYQn|e{}Co
zgqc>Y{(9yay8QQ?)F&5d4smk@TdXFWGiQo$X#K+quur140gq)yei}rw2kzShCA;?C
zc+~#z@G0)|6CH8`+Se#SxqwT_f(frMif-SO2%9-i-H=X^*%d&l%x6N#+NM6J3@?jZ
zdNO0kYLM!ic|<(t5iLB-YQsCjazp@3TK;+>8o$U>TA`}flgfAg$#|Up&v~frryu{E
z6Wg5<E0!1=+Dk>9+qJhJy*bY|`MkJL<KINw_|354FR)-xvcXynByixbv!)H}C?VR^
z;7c=b%~#jT{Bg7szxSF=5ezXuwvB+d)uN`j?cksPIpNSYx<gF1;!`$P{EMh;#wIR0
z^REMu&sW<_4T3)h&lh6HH+Qx*NnJ`)eVr`VE|G90hWLPtxZT<!rFKVA**oF6kSRaS
z@SkEx0NS33>^R-vyD#N#wkTpAQWr-6t`w@H5h3Rb%n|$K0N&7TJC!~?I%<EnVq6Ij
zBN~AyKECj*e&i=qV(!tqZiZ-Vk_d=yIW#HC{AWHbYnr=gUX-B*yVbyt2HGKD@khW_
zbT<G%p>caHK<LkNdj0=A6b)WJ?FyTSo_+V|?Mk!4MDwNy`kOA@s~Efe{uo4;IFlju
zAoga9&)>#BUjjr~6z>*Q!I0WP=lo-kK$ESzpVdNF&U_a6FW``zNMO<Z>;DZ!Vnk7U
zJLP@z-|dG0hxYxyy?JLu<aQuh9XMsH(B9hMqz7yin)oh^tc^QJq}7a6b{Q~o!dfI1
zcSov&lz}THHqb0*c!jZ4n>7Q9g1}5RvpeGZLh$~Y<fqqZ`C!+YOsdEHOPxz@kGzR3
zf324ufnGHS?xX!=<$s$!y&!;33?0%}(dUj3xt^ZwJO&yqN`DaAQ_a<odMeO<TZgb_
z!0A)(7_Gd<44j`P&H>eVJiTJOuZMAg^y%oINeUZJ+;29Y)0OUjHnu<EpLa0t#@|=m
z#Rw=sIpKYVe)fx-uXrb#)#{Js9?WU}R&4aJ;TC0U)1>c4PH_`Amwg6;)wwmGxxl+m
zO+&b$5?r}?!EJ|`+kp17jBXNWt?gwvn|f2YXoSk}jATwnBTZ4dWBVNLs^IKdof(Yf
zNY!Gk_;mefPovd~M4i5=Ren+$VQOVAngP9&G0VMiC2!1*z~B|JTURpr+!{Pol@)T(
z{9XbVXdgM5i;GaV-eRrygwMbjS*w;BM1S~Ob|9l78QbU4Vr*(`bB~Z5*FS-1Zd-5U
z0!2?5%=%DBHQh^fNTuYZ;mss6H3Yi5HrK}xa&eTAu-TQ&#e^O=HMJz$D@__(INx&u
z8x_>~{9>5@RM)mK^@JIB7e-k7o3_?yBFEB=<pO-6KWTQk6THbwU+$Hr$uHHPUg$O+
zO_(?Nw7XFHPe2;DKWr~feiQ!B0Xb<KO8ak#Y6s>tQUYnGUqp0zkt&{K+{9b;Be<Mx
zCA1XrvN@K_(7lCBV3kEYCjC8g?51|%s?f!cD*ZOov%74o7Q&9JmkWr`D#;JKQtCS`
z7!-3Z3DT6@Ukg^20Miyn@st&+m+7y{4P#2h04<P+d@IKbXI)rG(5kGzf1ci{Pd9GY
zXSn8I(AC|*sL@Tr#8c%{^j}{>84t!Rb-p|RkL5rVSqki0swaMM<|L--1x~bLC6Y5^
z;N4$mSRwmY*cql%Es(m}FOKNMf;GU{!I>~tbcHi3bTa@|L1sASjos5Ardn%%BO7sk
zoRHgTmnK_e2}ffX#e>i>IHO|W0OLtI+qcek6XZ2tTxN$F;C!edt{`WMlAG*QTQ~j~
zcSK?BdHXWx;XrSnutug!=opD_312`K`n(T&G7$EPx{6B<O%oVmpt3ko$I;UiV7kH1
zX_X{63YDH-3|?BoPPu^kI4gxd?yMi=H}_~&<ujV5eKkL|XKGi?DXrz?=7>svTBCN=
zZ)&5JFVsGFA6$hn2hw!6FM0+0y`SqsGNUqzojUWy5mI(VT4ip&?skUHk+FL6n;Ke=
z!_LkdRW?r5xD^#LOZR$+&BKs`>6>;Z`@-$Qe&y+KGdN`RSed^W@w)dpSM4c|R}AKC
zkI|NqR<Qh`eh!ugofIu%0r#F)@isgS((J#kUL*5rNPJ?e*3>`V{sYL(2~2CdBDgCs
zCsk}FizRBA%sjy`T9P<UXgtTBz+a~(Z|bZ}EQc*PSJ*G(R|Dx^ah7Vf;Aav~F@tLn
z=jIhO1FN}L$t8~UhUk@CH`g?7{A=C%+^0IsPA<7(#1NQUY?!g^iYnLaMs(Hx?1L@i
zF`#G?c##u?PVdDfgSWkCKP3+%Fr$?kmloO33XOwMnYtXLm>Rd3De@)ep(Wr?@<E|W
zvdO|)J)4#!@+50Y3~j|}-sMzkm`N8t^$|ob_*z=sG0z};j)up$dxnpzDc>Yd9Sm3D
z9dX#a0eRj3Wq!S)!t-(Ig`c#t?p$@SZvZGd@|`s<*@U$3+J%n*FQac_P8vJ49qUdO
z#noF*pg(`Txy1_X#?qlNMNcivS;4Izi5Jo7l=MwP+AZn=^L(@hv1T(Ofn4!7IR4>?
zS1mh$$4BMSYlRcWD=)BDZ<%Jzel0AyYe|W1VcPMb98!!I8KRYw(}e-M`;K`n4Tb#U
zT9%)+T1BAgHFa<Bjj?xYk{zFGfh&LWe^Aq+y-4|8yB3IUMJ$=ft!c&KT3^ya-=(>s
zcD!2uccUYOnBQ;5jEVf9){<q=FQ8Xe%}k&bWzC=GNKVNi6th`5UHI2<6CS@-R&rNm
zbXG?pkYr?6r9-;~zd#21X@+uYpc)7G<yxvV5Ap?l@wW8Mdkc7E(hP=EuZ<0$4>Y9h
z0AH&pA9-HirQ^%GxyC3}c2vx*OamX3`;PfaB(H_mT9BOog$OxocnmQ>%xO3eBaR`9
z(hyLssErqt;Z%Z`=Fp=(yUPRKW0(*Prx@%^N$quz-2|;TXubhl_FeHd;aUnt^0RJ1
zLy+Y&cHT5S)L9O<gT&*2-f+AG-#v;rzL#oG4J4_t<-8tKr6aUWiF3CpdQ3b|vI<Bw
z_RP~+9u|icoxG&bUuOog-PEf+I?L3yf}y@hYAptOon?&NII1eAS$!XOFt9pf;%R~%
ztOC<`OIvVq);Yttz11jucFJ_tJZnb|<la)9HxN<YhN2KCqw%ZpYf;Q0?FGtZFHm&$
zJj*R1l43CE-~}~M=Wx#GU<WUlF=ENbkyxi_oC>*0*^{6)%rT@t)zcPmRs@iU6350=
zm=*M<qR7sq1s7~!8fs4;=!u~!K5K&vpW7Gx!A018?>IwsV6Ly)-GiZ*8N=e^^(IT-
zL-Y$UJo}SGM4686#;|nfp(AMoHc02Y9<oqK#XI%LLTXXn?ASBV(>eF~0kpb##6Bgq
zF|z=x1uL{aS}8MP7lZ9a!cKH$*pStJhbihhdM?3tj;{2r<*?rf9;CaKUnFJ}GnWKQ
zPcFiq-2TN$_4Eph@KjMW3?I=Z!(A-gvw#v)Y(tYbY;TZqnl2&W5Sksd_nt+dLkAWS
z&DtohMF}=u%oGh4&a8J8b~&o(5@?JX&1AgO4=X`Ys#mQ@tvY!fy7ZH;I2(8K@KG^n
zVnG@T#R>H!y;%b(4l4pz{YenYInQA_#<wgZCJCgX>(O-%MtUI^b<>J*ow@Ndqqtl6
zDwDAiS^HQ8?G|2fu7q6md(qVG=17|kT!jJk`3JE+Fj{CK*EHBMk1;H~?f%Pc7!7am
z*wll<-9Y&8g<;%bQxT2xi%ODrzE{QmUES@umMB`Y0jF<5x&<B~?I%-+!cgG~)dpzF
zn@(Bth+3#kp|5;NpMp2u(X})+f-T<5HnmeqGUohf59=(ZuQVYkAh+a&v8JfeNIf=k
zZ4`IOgEF}xQ0l|deIh4U=c28;GaPAo+hOoL)|8su=b24R_wvNmktwOD-f+X@<<LzY
zL+ul!(_VnevDrey#^6%F1$KD>CZ5iDHeK#WObwiHIeGQnY;VX79+udYyh6m0;ROpp
zW357WT3uxr>da*0@2D{`4A+iS({<pL#LVt9$rp|fz^WjvZD&N>XmlMD-B}MX`2Fcy
zUy_PZI>FN;tySs~KPZ56oS#%tnmDca5C>zA)jaCX`@$H1m<u}uti8-%{HyIr$c{k=
zYT3mRiAe7$1?bq!At^P$U3pTAE;K+4P@Wezqz;Htl9QA1Zp`Xh0<ue+=Z8W(!eWk%
z4;sYWD9jN{PyTP^3?Ne3AqM;Gp2?a1L*EG%7lTzz#%XJk7nO@v;Pu$`s25MG{3DSo
zjS&%AChG^N24w!lk&L>4kAbB$e`ACz`dqgdpgPzjVdC%|H3ac8raN<l>q!(hYnt{O
zR8*KDA9AA)*7e4vul(E8){#s70aTLzKE;+@@m26CmOe!&Jp%Z2$p5<S6=K>=nImN_
zHRG&&7WZZ++&*Y*&2jw;{ESaoD0#t{F3qC;p}Zt!`Bg~8%;Yz!B#VZ-OBcTuR31kO
za_D#b__V+`Kk27R2d@a%6Cb<XL=<Kb6^ofMFzO+p8vfr1Pi=d%0{q_ZAXFiku)90^
zs<Vj3p0@Cas@ZH5yh?u${!=#}U1U4uYSgJfDO*mn=B%%NG2Rkc7$YpeWXUST4VO_e
zLt03nhh}k?4U%)75x|Ft*=o8=o#|c5LiR?`m|y{Kg<Yd-<~)LLW~{;p$tKb0MqQ)=
z&!wM`G)kFt-#N7zXsDj+RCF7(eBPgA6w}&{&zZls;{F_pY71%cO<)mR9+8OI^P8B+
zVh33blcnnQa47M`U?4Pc#<~LdlH6xpYe-bMHofe6=7Nv$`<2$u27|OJ>n@hD6*V&V
z5|#=L^vs}kM3P+cW_=Cip01~_9aD0MVLQ3gul8mBoS!T>mJ`NlP4OfKxH09wxurKm
z_%*l%s(fPQ+iO)e^sM7iUlIbHnbAmRuD<~u#?Jd$mSSwWt7&(U6{tI7-xs{~NS<2&
zk^P{)^_S%Rl7tuO?-8QB)LTuf;hQsWGA1^9lGEw^R8Q7R9u~dP^^#-73g0{}N8>MP
zm<&T^lDWs|5XO7VK*L`KfBM7y4YIm<C3@@JArlMosUMaBaI6p`ET1Z@Bd)lPkcQQf
zTtc1c{m6~jw2ky&V`AU(2G~$N?IE(#Ik~K$_go2_QgdJ8lQAK5KGNMcvCAqqL-X1)
zzRNjxO*0$6Bi;%cZB=r_PDO!|fBq}TF)|fpMPX>dHbxOm5C`sOW19>^Q{AbCzKvj{
zrXV$Z=KYj1GF{hs^r+*YA$U=tWWj#Tk1exMhWR{3t61nu=G=nk(;bubTJ<y0W=REw
z5*Jt72cDD?ePZbSUe4V4aYdCJLvLiyd{l52)!8CWHWKGQzjo*-AFuO$IMy6z=MRTe
z_!)|&T1%a@zzr70o?|44;q0PlD}^A>XVwU>B|Nn5CZ)FAO%>lWxQngF`~Y#UOfO-t
zFSeD}=-w}Tse5U;@T(Os%~`=hU9xNQrCAF$=^Dco9Id5R>opZj)n^9?3a$Rr6v#;3
z1Y385M5rS%Bn7H2I=NAXQlmenBY*l5m4gtK;R{y{$km2LA-9-82{@&;`zDooUyN;C
zr*|aVnXp4n2fp?%;|kjLzKIR)RFjAhtpP58d0?h?kPbi`%F|XfQmd0p?~NJKPlqZ7
zlI2pEapeb(;9h8F5n?-`9+lSDbI)q}H5iXfri^*)X)r$OW|@%wegz+2T@lkC`KTT1
zW;pqx5?U5yH&H6?bAt6;&;~o@a0|rai-Ngv9cVW~icG3yXQpv5%tmI)TCK3xk+2ER
zOA(R2E9vb0gNs-7bMeTI1Ppty;}|YnQ0$~%I%4ZuXs8uf{&7ItgSFuXAE+_O!YtTE
zj-EVc#WjL-pONcpTN&)&SJGlymF~o-;qTT*y>$OHI`DxdQNQSn#;Cu;o`wDqgu7?$
zF!n^Zmf5dWu*)1ygA53h3lzKe;=YA)Y5}8TDBQo7+PS6-CtKLW53T{E5brqcFy1x%
zl5KR>s^Tjo{?8_5i;D<?J-@e)7Y<oKSf(M31IDPpga(IcWdn7wGidjC$K+Ncf6y@a
zlok15E|p+ep+?<<RC?0TZ&Y<e6Z#LxJ~Ca4u9{uc)s0iPVk7z+&cbVeGZ`E=Zg`0^
zJ{9ND5&5`Mgo5YBDYxHiJ)|r3EocizFaB^8o1i%uz8>u;cE7)fW=Y)%lmDIXAo&^t
zYT}PN3sB7;v_Jh2xw4GqCcyT9)U>k7Snp_VjdlmQu57`0%W~?ik<F;b@$N^$itbVN
z`S@r5A_R9?nelyCcAL~WkGmwPS9-~V3y{;+B&QjlVcyJCejSmEEN6<Gb=kEGd6zaO
zc8+YY%R6*tCDR@4p*Dwb`ZBJgRfS+uPTQBk{C!h4*EaH;_LB|4=3`Q(bXAf<bwBS-
z-`q_g<4vp7V-s{oaFMpPmWPX<X}zjn<fW35a+3d0T>!Px>hSX>c3HW}(?;vm#2P2o
z`0BN&YYg=nXm+BzceVX7%vJxiHsOps2cQ6!?>L;+Bpt*xlaHx#>xXA3-;qHfj_q3w
zrANgIe(@yzkvH#&_AnH0K-ZK3+>0NdJvM2aa#AF<plg+7R=ImWHlCCRq?6c#eoAll
zH2>Z~xgj-VF;^h*zq5pe3ETOkn6Vx5;{qnzcQ<*um?lX2`u@%J;jy8HeW+st$6Ix-
zaL<!(iIIn#L^Z1n{7%yf$M2e=pu$q6Z*#`mbX27%;E|lKZ*MR;t$aNOTf8v3(5mb8
z$5MX8*Zdo}Rq^s%(LuuL9tNML+uZwEuT!_if1Y!|YjQ6=tN7g9lniv^>dp!>ncJ`-
z9D=IrP?<W=e_k;ABPWe(!GmNiJuEY{*n>H!M{F)kCm3%D&legKbEL+ShF5RYHU<of
z1OtR!cn<Ko=J$m~CLjfaPy6ivqInYnBkm$uu^j*qm<c(b=2B4Po2RIQcl}Yq%70El
z-}fy0Kh(DQ7V3}WS4sp_I8##VhR+}Tsc98ymO&^Z)*k7^uCN4Fx{Dl|S?<#zT|!-_
zTON?wutALT6=IpHM#NOYEpEWO4)uy_AgAFbW9Yj+hTBsD%lRK_9ae*#RVObJZFG0!
zK@};!w5+^?rc2oPJoSpvoYU))MH5-biieP`_*ld<5CONbQG<=r_f;<AS7=YdL5G7)
z_;k9n;gR)AO%HC<#;X?7Hg#w@7;N^c<O|{yl;rG|(U*bsqBQO<`bAcdWcWkZJjA^2
z`sMYlUYzj&yNhzGJ)_>LpL2^{=^Ld-`?~>thy808zp(~F?ki<2s;2h!#K%TRu?WwX
z;yP-jo(N_W8YVurdXnwWVj=n-eIpmy{An4H_^ZmTm)E5a$$OVN4w=1oOZRb3b=8Qm
zqKvx`1KvTz(9n8oB;CWcf6vL)1>Mdv@DhK-s|lPf-yfi|1bITh%A^9}1#HnW&A^{h
zULWURftFcyg#XmzPZRCDidnqLEzrVQ2>!V%iRK>q+&48*Mz3#3z8o{iUNW<j!g$n^
z6VgkZ*qAp@YWApRc!~x7?jEb@bi;^06zv|NhT&#mMQo7!Xwj+JxH>b|(yHL=dypWD
zQwjP{2c2~uqLDf6RpX@N;MVmgxY#fg7bOA7hc&tFUx^_*TnIOEVPAS{#^v7OyY`NV
ztk}D-Zu(kXcBl3#rrGnG!}hK!<r^`?UB-h(qSLd1VZ9>d{?C)K27c9-W<>e&*~{XZ
z3Q$zgnAq8l!`{4fDC#jyl;Z@h>TZ8s_J8W@38{TsQqBLy7WRU6^F(h3+`eIbz4EGe
G?EeBWzMVb*

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/false-positives-overview.png
index e86ad1454deefca58b80b4c04d171bff693672e6..c2092639aff433aa2ecb5d9318ba7b030d82597d 100644
GIT binary patch
literal 27865
zcmc$`cTiN#*Di|k3JM4Yf~bHXIg3gTijrT_ki!rZ1SClqauP%(D==gjavB(N&KZUz
zAUR1G1{m^?W=Lm`zwgxjZq@zc)~R#q>?+Eh-o1PGUcGwtTF<lE5Dhhj+hh;Ph=_=8
zD=EGO5fKr8AtJi=<0c7Ea~y|&0sq|kq-fwmL_~g%@ON!=-tU}<=n0Y1+t=D2DO*jx
zTNVnQXd~jtXOqt#%$5o!m_4w%|8KdOC9h(oyM87^7CE!p&9dNo+w7lv+3(fg*$DJy
zGYbiEy?uW7DRXg;(oGAeFLvK=UGwRB5G>emPyZPC!MzOHQ2kkOWp$bU{Z+R}HC9M(
z(aqoAFE@9{=wxGO%vYMJV0<2(Qs}jbO3_l6QrFp5)Vn&le+w8aaLM;P&v*V?3UCUP
zz4^B!2-3KD?Qcn*jEwnjp;hrU^FMz}54bpik0xACZv@}@TQJK`zjOU>DV&;G_HQBJ
z=l|BuoM-M-`2HCbP}Xb2Z}sh-MM)*{pRQk3I44d-^k0s<jOtvidD`rH4yP$ftBCE0
zp$}aby)RM6S3Hhl(GIm2OV8*q!rYU|en(v~LiOAJ(sBG(V=YQlR~Ir>WbpdB4LyI?
zgR>6*BaM3e)nx;lV&i4Ll<8SZlUX!X8hKu3xhDOss-EPl*{qIxgl{J48z9RNuiTtU
zazWIc#8NtKrDun#DTkwnI{ab$m!}t%v0@<%R{9iY{#yefLJ7Go<6mdF`+?D?Y%dn_
z1jhst3sUVHz|Z^@$udYzkFTbNVixGV7F6VKhXUQVZYE4yY71b$i+AOyz3QAOEc{en
z+3J&Wv1OG>!GEnvhsOy&pM&-7*zT$Jhd&P&y6Jm|2F`4d`tlP?NmM>X?#9`xVQ!;-
zU=qz<4%jgdKt+sHmitYRO00ShA<`x>Jc(iQHYzsbHR3$Ue*)v;pE;z3y|%AHG))<1
zIT|!&jdGxzdaiIX6VF#lg_6?rK-VWnF7!P|&fZNA`vU{?2u-AsZE8fZd<^EVxrFk5
z)xEcEm}FXEN1h?B=cG2u{)1<YGpJu-`ymhC;h?xo$>C!_>Wquk**pT}50jeEsh<hD
zR?4zwX!(NsQ=Ky%P3LK5)TA7$i;SI!$c_?Zf-1N(Ux@w8opu4d5B?sZBcIdhY4Uwu
z#sverRB@^d%y)FB$Q+%rU>MMQ@Y^S`Q7gli^^LJHvnsg2)joFn&#bA}=u42A`njo$
z7;b*`L&0A3JVNamRT5L&Fvpm3s;(bf7*aKBMVxjFWc*Mp%0+-Ce%X#221@&a&34uK
z0Jbc7gW@&FdRO8Rn`hlt3OA}uDxiqn6{Z~+{g~&@=;w0}Hk&wlv1fXbuCIoK(^h^*
z6;}Tdj&+xZrnRr?N`v8*T5av-bQ<yQo#hff#&UWGCI<?OVwTr(eSYS8nDn6d*Rjz$
z<l~)fv}nE>R<3zKl?^z+7)tMC;fb8>&T<V#rpq&b>4G8GrWs5Atlg!AMFTLi6_lA~
zre^kEo4c{m1Ke5+0#z}U0cf4el%FZ?jV{A(U?}Z&D0-f@VXbBGBKrO;Z1FB2!qSIc
z6?by?qNA{+5LIaK-s%m@NWI*wNck<hSX!=MWsO=49q^TyVVe{hNIs2KpQ<i7YpjJ}
z^y|r0MCzu8QnwE?BT6&1tzNW2Fly@=RkY6jD$e8M(IC_GWr^!=%|VGUafEn^<?CBH
z{(IYK*l3)#T3ybJ%_?fM%bnGTm;AzQ!TCTG&#ISu;L~|kKY<Ly#+#OS4PbL^kNQe<
z7~*JskcoNQoDq#fX&-0NFy~aHOt)o@vhsywB{ZYZw@3Isj7>)f{%;`?VlWJ!LL7L`
z;~7v5xE85$-$wgOt2)!PnR3*|nF$#?EntNL#-GK@CNy|<Tb{1G)O2zsW##A85|J$u
zg^MRS;VxfnpIg5*%-X~EB9}dA)J++@jCd__oD63`9UiMKyx8fylnUq7+Ly{DqA!zn
z5BRuD`{Sh6+K%#1S@ZfO45`vKsarfGq;oJBNyWWb2;8VCpSRE=eByzT=w@kn&bf+w
z-)6o3s?en}X7zJS9u#J5?$RT*HXJsmIAINSTCnpK-j}wq^-a#()*eqRR_Ttz-pldq
z1Fy3L_0N(MZM?UwhSmuSO;)v7N|rd2`wUo}7uQ41cA~EkCt;g{+zr(hfXxLgg$nb(
ziBQ4%;BM@uUFQ&D$bH&DmVv}QA=5UVmPJq;F=VqvwBe(zKi{Y8<*A^*gpE|E+39?1
z@LS2*P(7j%rb$ukq8omwnaAaJPF>R9aps!nGkvVcrEasCnHwbm#`c;7uavi&;n+$f
zkm_}=(v`ko-W5a~Q;t=Rm|Lb+u4LEeFAvz`6p-SJn&v;eGy3HqccCzDYIoO$`)qQ>
zZ*{;ui^y--N3*J~-r<N${-_F=??EvmrUiLh$SSS+J}Kpa^QT86?w7`;f%~xyXdm6|
zYN6W3?PHsF^thzailT^telHVLko~?%Sc^SmCkc>%N+kuiL+oq9EI*%o+#Wml)U}6m
zh^dn00s8LR(+dc^zYF(9msL_cHR?Ei4J3D<wqF#x)|r~5I}OTg>{k16K#dxle}DFY
zaavVcW^anrM0!I5xqY%qxidygjC^n72Tne8&K%u3W`+m-?Eh$dO+*!%IQ4A8e>g<t
zHM7P=ryFk~OnLXT9W7Qs@qYFgbYAv23(9Voql{IEm}y!wmUs1?jA%pKNJP(`)cL6x
z2-H1N$QIOZ+Y4xyJdxL<pR2|kB=WR^0%wqoMQA855?3L1We<0mJa?}%)t-3vnCA&G
z5fMd@3E!6mCY~Xt7j?m<+kry3o8IH!8^qml#@rCm%<-HkF)=5<h@XM1H=ZJOp}Jfp
zzO{kX<|fmsN+B9e{o}m+c4hfKDDr?+d)b2?&v2X3OEul^qrWrnc4YrM{o<n$D19>)
zA^m-#Mf-u7Qd?*Oy5tsA)1hp?`_E>lNZtFPS+|4Nu(PO(H_vWoi6(E>@qjI@-!z&W
zP;Prd%f<2-t-oV$y>Cdi`qZsGFHpv-Y)M5h*BNx==9S&nOCcUZDO-m4!+ftDHF2I1
zDGdknNUa`>F<-+yy?HGK9@v}lw*^5D`W=6|d|ZP{v53)p6R&h){7HA-H;+1?p+GPF
z7E9nTviaRMD3Mant|yoYvNVwTHpXMq?d)Vix3R|Fj~omAGZZr56o9fhne&(CO0jS#
zH!Eyj9XkE3oW)T>&5dG37$=Qc&Dy+a{^(@5+#1rS=VISZTPjR;P@bm8RU09%9?7W(
z%|WPMHp~gsPr!?gbG8Ue>-=yzhFT)C?D_pDg)V`5%A=*PbSo-t<J_i-S&?}~%7Y9;
zKI2kaHNTYZk9g@A-elvqlA-eLcQ~2!c}CA;h}$f$!=x04f<t(~Ge}6eaTM%bai3n#
z0Nq9(DO)4MXYtbgIbLO@c(Fu|;bO_>$>^ir<6Y3DvwI83=wRX+NH!BhN9W01_T3E@
z!?RUppI^)?yFU;D*&bJYztBV!8#Ty+6@uxpSEuGxn~RNarhMr256>FB$ox!dkZoyi
zQXNQ`3(K|YJGpj@8JY@QyB0m3U!3^+8dslAjp!6?uQ#vm`#C|*?xZ!Ycl2SG4?Jz{
zLtK33ZuQgTNUzNvvNcH5Ih9oA+f9qpp*wTPx~eO$jP9GPwY-hx8d@wQzfZS2a-^FC
z%D^tjFU)zNgI{bOTY8IcX~CuNexc+(oskV!MxQls@y3R!X;78m5aQ?0n%Px;Y{2Ky
zio(zm6lejymda0NWS&LA7M42O!z(0!^|ag){wP;&0a1It+R}e<Z{<K%tzt)j;I3Yb
zGz9;Oje9J><?pM16FcNAX@Xu5=@-7PW4<=60^cUt#*XG~ZQlIYb_?Q%6|>%1_3Xe}
zqTX!txCu6ic{8XNAD>=q^DH-t`!1&_f@gEnSbKOwcgAquGf68$kQCAnv6KA7+@S6p
zY6(Y81ILfVVb&*Xh16esENA30kAJbLLxg%<M)*8|?dN;H0JmLPaUwr%cf}9zvjWCP
z!(<b76%q`&{e1_S{v8{?c!z$oPuTE_x2HUK0{Mj`X?ES!HuvCTBD;z;)Ep@0-NQPq
z=^jNd({i-;T3780G-sMtYOhq;?~(Dc{O~F{?A9__teV8mtaTxBoIF!;L7#E+3EHXC
zcGfL+{P@Fmt2aDOv0!D#o?1CH1NwgPe)&w?>WF7mNUrD4u#YEV(a&I1xZmevyF)n^
z?rq-UYvgO$g8m1q!diST%^Hyg6IkxdGj>o;f?J<|{F$6N%pr<143P61bA@_*3oKpO
zthaaB?4<Vhs2ru)&9`9&%?}6~)p}>$l9HLIRe!%xf0*OnSspv-7Plo9;7$N@0N~aM
zawI9})z~yscgZ>E0Sk#pkf&(?h#mrj(wGPVhTz*$AY2&uOf5ZVGk9|6kd{fGgy5<6
zmgZ9cw}BTZwpmjDE&ZR5EdJNSlr2%`)!tj&O#d0EkJ<mt_~?KAEB-$sH|Lq6>4he5
z5qlCMvq4e6bB~#s8N<+Du*<`|u?Ud`#rwcyt$#LhY=SU%egEGS0+xdOup<7?=OL5e
zm|<HJY?9X7k!P@$)o2y=o`oZXyXs}jGEK<?V^r6<{sOx+ek97_+djJWGw}wWqo+z<
zrRn)Hoq9XhIqY%+cAQp&mPCui)Ur9kI?s6`q(40hfq5dccZKtO{4Ox2yG^_<Uwukk
z&8Kl1Mw%De8Qw+*>wZj+-VdGS{uN}<pAiKn)s_RE7UxjT68{Sf2YTWfSIK6r-;N7R
zg%0ehDekfN=dF?!x;(=96yAb|$9%&3T%9ed@A_YzaloqAXUGK_1)DZh9g{k%DD$-n
z%5lHGNx$fGUxYC9yMmF~WYBRI>Wl9r)W5&#G3ddZDN-}g5c+LO-F}-`8DQ7H#&sQ(
zZy{C&N?!!g9?BR-N*|X+sY<`;5K>Nj4*K<>?4#mqQ1dwbS+_{@Gfn>FsVdt^t_>=N
z_-Uz=x#xvv8j!P@$>wUUglbx}fhKsJ@%*@^rD?PlANyW&-S794j>e)lCRn#gy#;eo
zg5n0ePFMRXt}voH+G6Pxwz~74jBcK?<+MvcEpoO>DegH#1$jdIbk*oiqNYul1FSCD
z&~L~=E4pvTKTdrEpMb(F-`nuH8W=twIDXbekBYl7ib#nbYq59w;e)K{?@E<0%@ciR
z@K!_+e18~P1O+b-)4VreNJ;aXCDSY%p5oscLYJ>^*0145YAp3q${b=%2K1ENQlqxp
zj_$5#=)?5VQsj61j5xH4Onu*7ti9-Cm=ArAFBDm18j8V`7e>N23%L>J%{+De6Mc7w
z8+_h*Vp1ZZGtO#SkDlus8965x@#KLPk`D~o6w(~VUHGHXdXt^!amcK~c^y<!gb#u#
zr)9@sAo(8x+(B_Y;zxfu)cvv<H|QuF>V9!Fsm|-<Mit9KBXRQZvwx4o!n3m8{QK{^
zIuKtXJID&erOIDzrtm`0sqPD_4<QM^M?8nU7oLmdIf5~mBN<h`1WL?%%CRmsAw%Uc
zZF=oQQCRs+ztyKqiN<+X+;6VpD2Do(uJ)PKBMW$G6ikF+r=1+t9T+cnukFCiL+AeY
zv!^m=)58uuOqz{k$+<1tqXl@)#QvjkM9ok`8Jhu`K_Mjn$*OYfOyJCyP5BmIlNM;&
zLDuQG+Z+jt?!;DPVL8Y*+lJJ@Y04J};ytS>#Fd4*@Z&v4$z$>keR*zKFIZ#dQ*^qk
z_3Nb}MFo*6Cus<-uAEA?sG$w5atpn_pOc9@d>7Tr8NxhuluXi%zPkpV1t00`XY_S0
z)_y}{EL@sY+!j?-JzqkGQx$!NP>Liqsq4`@-c8z3Hu!M6kM0#nJ)O8x9|EvsCYXPJ
zdBobk`2bq-J2Wpc0imVO^LW!(u1f_yhda!#6%Usu({xBZT(4^P;!hV3!*8o4H;?aQ
z>QDQ5Iel}oUZkpDxQRhEI8<@f?G|!kNFH3VtAy$1gYNTg=ZMOPmWT$prhX0s=HJv`
zK9L2NHBOHrU2bAAI=e$P%UaD^)=!%kQcqGigOG}zRZv~0&hin*n%&W5B~_s+z6SBS
zm8Q&ENOQr(#JE$kcgdH7#p+9EW9cCP&u~`e@7cg61sQYaA?$fe7Wq-smM+tkgWmCI
zwE^|W)u@w_m1vNpt<(?;Z27kWdV8J-{!I+P%LE_%Hs51;y2)AlW_A@16(2~(9+g#8
zR8>{^sxdG_w70J39KKuzlcBGwSq~#58aA`V{M<XAZvKX@J&|+o0MW-DXz8i>cAL^!
z>4*;h+#;Vm<Mk9+5?+sV&`B<`<<SwU%23*|wi%lDhg*Eq>apK#I%z&>+VI`=UhK@w
z76gUXQ_yD9LO!@VX<1IIKCdjBdk5<=&`|@!H0>=?QFTwlz|v2ivEs}igdL&PY_GSB
zrrl@9ETmq|aO~)ETg~io)1-oOhPWo)t>>kB&pz)vHf;kQYDd@4(Ds>$dNUpk8^~bp
z0XNi^@k82aL$>XjX50s8hRPYp%4l*HQo}uvsXJ&NJ=^o5RTI>yd@wOyM#?@jQH7M-
zS2T}nNRJ&wkeSmACC}YWM!HW3v)6$c>rmB*lp>!VuZ^S<PnZO#J?G{o&Itw8bC8+c
z9M#YDDK-2=e*-XH%ygPY`ZJtgHZ=;L=2Aw2Ikq!(+MVRd`(_u8tL@{ZA<j}!oRJB$
zh6OItC64apN#DavUo72VY-D(|vw-&L7Sq=8jF=Q%5ayJE{Aqfim}K|>AKIe!A;-Q(
zIuBmE&0lL>S!g>@a-g3S#-5nsUUP#-6#0#BkgN7wo^IYC-&R4@xyL(aX!$Yt2WGQ&
zu!(NPxwbkkpFb>es!DQUvidu!(*8Yuw|oFoLv5uaCO2&?oP#T3Tl3xNY|Q?HG#uwI
z+$<}cKVoAlq9q`x52$xi^2g?KS2!(|$Z4#f-4b|`sUrrL&&^rwm1Tja(>=Ny+7TMB
zH#=4%uCX&URlbbf{L^QsH@Uy>^RR@)K!l7*?@tV`;U0_ID`@lb0mSfTro%rA6L0g1
zJsN6*`?}O;UyC-)@j(_&;Tqsx&<c(Cc%AD)!#z5vO#>2+G{zllen*;e*+ZN3Otq6W
zM2A%&(^E(Ko|=!#hXz8I2lRe!v(&8Wq!!vWJ<N?|al~a{mEWMYX#{}J-&x@4vYhrE
z?(%H(tXnfr){v%w@wz)f{uCZh<wht`a>?f42Mc&Ox;CsL`<qlutUPyCJuWjxCtaR8
zU`G!r>_58u_L9OadwxDuP#a)r+nH}D5D%aibzT2uNH^Q;dq(o)#sG4Er6+#P?PNpU
zUwqzUCE_=Y9qYnDI>schlwR>?-15^KWf2_2ubAe%Fva9t3cUZptQmf7=9H%&y(GP7
z2K_J3r?Qp5)mioE+#~?<O-KG(+(4R?_vlcn#ANjpllNAc>sq1}<*R#uf3In%dQX^X
zFzmg<W4ng{2CgEH{9|C1T2<Y3+50q#;uV1wAX+CjmIvG;;F2e!l?`CS7CZXd7Kfc%
z`5#-6KDj}-ad-_tr`9`d@}5Qh)6wl+I&MG3xPNJgb;xhFt{nV){4WspuiqzVK>(%o
zt{9h<y>LH3Fgy^aI3h0kLD%@_#)iSLmu?PGdG~E|xlxF_%Z>H>d?Ht&dX4WkERltA
z0M>UCu(P_~soNnYPSojC*~U#6@UC)+=b$ZnneW-`qFT#|cZ&!vjz$fU0y~>SSJOP(
zK0AtZZ+!18t=iGD>$^LvJDMaM8W)zo?CO<+fg+667|=a{6VeC5Mvo!#-Jbbw+nP#*
zU@riVN6D!fEw!6??)D&fvS!E^#bYYQX1aKFdBSm))U<8yI2+lskz3H8UlgNUqFT2;
z!<~2_bRrhtpS*C$eym4K^x#%)IAC&=#daI9>|~>Ibl?}7Z?k)SfDKYiiIs~B<d#hl
z;<3;IQFBrhgTGOZj^#9%b8Vt7`%Y8P@r_D-NJS~;fR*iEvLq<CFQ$>2qp#F<5)ndy
z3|iGm_#P_=-raj<s%PSfVx1=@rObBpS$PzL$)4h(WGKljFfOzh6@xYmZN$U_^A=7@
zEgSF>EkSkF!AcCfI@ZPKTpczY?g(7k<Cj*hUWlzZ1~5Ox#PWh=L;C<%%Ow<)hXpkr
z;?_i3#5AK_2aOgE;`$t6bT9y_=W&7C=1g&^8jT*P=2~`X&4Di8%@EwlFehaaF7IYF
z&mZC9jJQq?X(wg<ZzD%TFjN@|gtVoBpho4{xkAKu8<h>9f!`r_h|DDa2$7Y_t{IeJ
zW85zVefO%bM0_t7TUdP$hI&RF{f_sJ>q_RY^zkz^0;(;C9R4vTUdK_{7{8_9jXEpI
zn8L5GS=i)5L#eB*Z`+n1cG=Ew3)&-2UgAR2%Jav;0`N@f9G7>tws2^;?=RLd@5Qr)
zkmO?Hw>iAZ%y!OIfQ=peC-{z8aEj+zV(R_)@m&!I>6FX!S)+|fe|+72Id$E(-gzqN
zG{o7k!Wij^jLgLxlaJLqsq^!evysDksrfNt{TGv_{uk9yW#y3A*lHdR!?LhYy;PRz
zH80b#3DBCY1^7`YXq+{sD9bsq${P_Y53B%ylIrJdeaLLN2NCfBsE<&poh!PH7<cIu
zMy}egCMTwms?@KzBE%iL?wDEYGsnoXh$slSj*<lbJa|f;wOrO<K~w(Kv+SY3gP7r?
zF`w=iRS0@;ObPEt+guBcMz@!$S|X$3VzjC;|C-$4fJx-9m|o#0jSQ>+ALaQg=702`
zu3qQHz&yrxp0n?yJ2UVxvwadO+2eriO!bwoi+v+{^E&P|m(k2)lhF9JJJoW?bXwn^
z*PqJC^Ee3y$2VjnMyiy@Ty90I&2Xs=&X0NeHj-H<aU0dkmv5%5#H!?5{CdV^0zMcK
z;f@ziY@}~N=>bTBS<2tQGQ_~S+55yHiK3O_vAC<X#4o_^87e&K5*WJgGua|7axu!|
zrpoKD(<`2j3$nV}X`0nLPmWI&OEjGdHn9A<<aB<zpEGEAc9<uV>d?3^ZwP4jE2{rk
zL;1Bk*Ng66EiFp>8|fQd`kkI!xsH~l#Hab<Eh3k8TQ-7YZ2uZD7GPl(U2~T@^}r8x
zsHd^6%QXyJyI#3I;0hl0J$}yNLUvSVyXp4V@~x1NGq*n6!(HuL<L65*|FFJ>8EUM3
z+bCi5C=w<H5y@O_E7Z_s-nB~IA2{r|+H)>s1dO5CDiD6?6F0kEU5Uj1C})?i{6mpE
z0a!pHA~NPy#X8JQhb+R6_oRUOWm~H;6Mlq0BCOIsnRKbo;(y5aoWs<`;u?MukcQS%
zGfnz{muBTc)@@xC5t;eL9HXvRZFx}_H^(Unj{<fZ6Cj*E$$_pHX)1*t+LsXC72pKW
zQKjsSXJP)y(#NKe4&?CL8v<S<6=TU)V<+6tpTPg1uP&l;EBsFuw%^-{{T0qvz^}7y
z2bA4EbAaBS|EgZ<N~L(O<uIl}ZMyur?cb3;APjT~Sb@)dw?pF{c!C$KF9|CKN`D&B
zG@NSp(b2Uy@^5dfK+7Xpo*=)2a%?rUU3~%9p?qUFbQvAAoL@>9IS~mUfx%zPLhcv4
zbpNiA`t4OS{j2*hg6DhghGg5{g;9TX{yU{((SM9wlK`j?{h`*^CNaA`QhnE%>0;(0
zDrZ;noGK>xz2AoVCHuuVag=Io+wfHbQ>t;+AiBk6yd|YJnIJ`?RbX!{dNu?5rTBWl
z^Q1*Oev`0s1t=4|EyDHRIN<-<rK6AL8{Ee}5PkUbE91@V=OJ-S(acRo|MUIB&im>V
zg$XCyvm!)XX1b9~GHKP-)to?(OO(+1ST=y>0N6Y=0FoTowS@kk{`GHOi=*I=CsYek
z6W}7k_5YV$Hiv2w5$Qibr+GVwUmT8cnE_)L^W1AAr2~BdI{w?&|C`wkXxm$&@)rd=
z_p#k~I`r;|WSC`Q@IPJpW<`5cJ?oI%Id=3Ic&wE@2*9^Em~${GE<;Kui~d(g@()*+
z7aN@+_cxl)c9MG`N8@@W#sGy$6rg$?z(&+$LnkHUYUN6;hF7E7Oa5mrK$`2cWqgjr
zZet9R@M-IJf!Y6jAIyOgE^w?9CF4@0Gxgb5LPrdNKegS6St&oA|I~3i<~csnoTZ$M
zJN(xPRL`W2LEcF;+=4p;;~UXFi_E{;Pg&U}?xO{(fQ6S2`UOg2>o!yTRNP?d1`oL<
zcyj9}P|M{dJf?)PWdQmvXqG+Kt9tOKE$IHFQk}*_gZ=C;Tfi*N7K6wVVyR&bn}u+8
zH05Ja!4QR>oN!#N^j(8x>Zo5e?MfuUb;mQd9Fr=vT{JWTSr~?r<??$;xn!GV?|Vj7
zMdn|KEp*M~+0w}Cwx{qQYTrqy_F30}ph4|iOrFx1p`3zuMU}2<xZg+ab51>O45C+f
zx5wP^FLXlTNIGD6X4ZiIQ9R({1HCG`sXQX6+nfC*r$C4UwZ4|@nD(XOfP)8G1a`Xt
zeV1ihSmYz7tbqKvtOnRuyea5r6K6OdWaLPDX;}JfOG)3iM)PLVR2Z)V86B3X#7VmN
z5MMj0T^EZ)Y#NjC7upz-g6`NKX)zv|qSDLtX3BW$;{<>qv~mOa4i5xD4%w24{4QtI
zL%N05RWWj!y5bjcwic$?8#$s%%vf1L-6wDh+n|;5qmnOBu#qf0zu!uWe#&q?syH8+
zg#?jhtlkOZ{ws1h02(c|kYrL14WuS9N;$we+7uf1&SbCDcPlF-ajO7qTSBfwq#Inj
z_C?i{PR1UYR#j3y4Lz8He(RFU;83Q%MBLYi=%~Ts_0}UJDf__~<FYN*3d;~nO?Q5d
ziP!Tlak$(A!uou09k6o5-H0UTj@Schx}FzR<<sIQIpgev-V05%g=QG}sD}gC__5ri
zzUK=!sc}!PWRRU}>bwwJ*d>}Q!xH+qKDU_W6Jv@xiqEvQ3uWf{4wy6)C#-$}QHs}p
z9UeA16==Y1dJ&1_CWuO7%4xOtXQHmu6aX4RfsbrdNM9=$=Xxgi*x1TY!-`(n`F>9n
zle&?Sk&4RhoXfCk9?TCvItp0cDQ!ldy|&<03c}vOtP+d9*6#I3&hu+J1z}mNrpSj7
zQP3I1htu(XK6;HbvuPjz#D7s{L9<2>C-8%)m8JE+gT=h`j?aENDx}j0G*!JZ9vOYq
z|H$#O*)9(1po1ece|1IBEoys%C+?cXoHLbr3+x$kE{!45uk;o!k889(JPJi?dy}Vf
zzerepT_u_jmsM<*gfO645X#@ITXb#aae7rw#cBlGmutKMvT@YUp&#3kFa`e%|5$;m
zR%Ba#Qd;9tj~$XQ%2_}DHJNU2O5EB^g|^9a3ghsv-*K5!@cSM4J588|u;8<TE%bG$
z(-Q@JmdIl$W1G#f8XOwf!sO$_*!FzeDx%3;-u4{IV(~0cC|#TH$-Kz4f?FzQRgf{x
z2-2+WXsG>fPzvL(e5{`s07tGGI%;K0+0AkWf5ehfK2G?;L{?9Fq{(0{u;{5-cN()B
z)JX9=GB#cqf_NPUAqF;+Kc^Yua8N#7wgTshVyeP?V}ZBya&CN_iM)8;-hQKr-AJ*{
zB#td_1z$20Hnh?9U?ucva5H<Pogw0M_Gx?AW60Mdw9IACm1tj3i+RP5>*;EVX~7WM
z>oQ>z)BUd)tRX)0KXn(fSboBo9(^SCqI-M8z+Tq!MK+%wYt(Fpg+2Ti57ongAIoEa
z@AuJr@yppK+6hQKIoVRu-mf=QIUH#o@3y)Gxr_4qQkAm&D#E{S+~BfA?&O8`WTAhK
zeot=qglg3lcYjN<7!6a+N)Ru>EPqcJ;^Ol?9Cc%4{Wf}{qM2pSczc}FdcL<sLPmAx
zouHZp&EeN3e7AC~!Fpl_IxbBMuPw!sDJR!*)L3e3EqxmMzDC0TaTKhJ@toVhPVx^8
zDRTMw$j*lx7cXgiZ4JG1QZ!d?0al!LSi(eRQYzp>Fc&g=ku8Vyt6mD@+kt*%OZpnw
zXgjw$Xt+4~^r%I9%?&fq|D5R@UQxcDn&ozf^d?*K!rf>7&rETD^7G#1pBs~U`u4PG
z^wIa1bDQvd3f0?H?Xhxy<6Bepq_2M6HCCYJIn^4sUk}eTwc|!Tb<x03kcHdy<ZYt7
zU%Brd6+Y6|O%#oC2vg=k(#*aM&nx!cD8h{#G1d+ZPu_M@sL|?K@>ZYZDmo}?tdA&(
zasDnV`Xu{s9#E$Z6;nJ2KVT&tBYn9a<>-HSMRoayN)2CvacydETVqBkk;Rz!*rV^R
zdT6;e46NUHXewy4Nuo)kE0n!)6IOx^d$q&G7%~nKU!yA<)qLQKc^EuibFzYkcwJk6
zy{Yzge7!)SjmBiM^bf`As_yHeFUi4a0$#bjLfPn7P}%%89&fGnnlx3nX>2;kMy*<6
zC#|C>YIy{L?={T&%mdaFLH}ARE>cwU{jGT@CM7X%e*Dr)-s@8lzq&Zg=*ETJv3EP7
zN}S&SV!RYfnhJlUjrF9OK=FS^#;3J~jxGAZ^vzGanbjwmpm_(Y&Y=gLg1Rh)8cl}G
zvAlS26&k)A5|rh1M;o#!%rdRb6sK;veNCgU!0Y=Gh6Jqhwa^7t(U8$RPBN3e=O>^{
znO7njYudNt0j*x<1Ea-5J$2@qsWwRhAQ6}@L`hwqnsk0qHCl2rWi<9W4GQ#dUph7%
zqPr`q|NcW?)NIgdg`KWRGD!ng^tW0n9W-QFd%;(xBnCnq{HaS4zn--LI8GZ{F#PYg
zePg?%j2`KlePf>BJPeK6(vi`ATWN@Z%6m2re~<MRMnSLMV#8ZWkR4^{S)^&BpFy?f
zC(1sWn_u5lQa=1EWtyEWj95BaZp^s-yZA<Res-Wy{POP}^3mE3j3b0PnFImS7@8A{
zB#S|v)U2L7A0%7m4f0p(CySTp!yms&wWwh+I^owe_ChPhMH?YVk6qP-6fCu2qE*b4
z|J2(-RHcKTAY;B2@KAx_jRlX3DRi3@ii+Y$UeT~mgv>{4JqSNc(WZLb>5)tVM!&|n
zrx~wR3+vvFoB-32y0ck5e#?2A=q#nUr8)%-nfTJ*p`1DP{p6FDq!XoiQ3C?EUsV=4
zFANAv#mQsOd!DpV^QK<sQpdM3zM8q{%T@JDi+8BmnVBS&JHdLAq3ZkGeh=8)AR}Rd
zhRAb`zL959+U{Klot@w7ZMj$WbL!9!t}mS)$1Nhb;$$KzYF?W&#7jIQs?e~!-Kktl
zUpvMG#w8gKJOxP~psg0##wrx!{((^1tA?7}J%g7o>x>-!tDOf5{VHDM)m;sK%eoxg
zQxuz%?wV^>b(m+fbhqyv+@$Z}!?94ZAJRIhczw!|caQk2Am)V{z6A{Vh)rs;7RR+V
zEIwAvRo$4?=?SZ9aaY+^;lbQmef>f2Zj`k_71Z0>wNHIxPI97A^+Az5v$0STY5uo0
z7N{^!vNKoLJJEm71tXq1K;TOoIdt>V2bKv^!>kGdwo<*@S0z6kFC4S(D9i8O%CCH%
zVC*NQ(a`+lFmRN3%7wJ_vW+*kD2Rk-=|j4j6XLgGNdCjR;eFYsUdQ87R$B{n;E6f<
zlYoS@aR|8)j^5sK+=X%FnZH8+*ECo&A~rADN~v?_(2LIF(+GbxvSqCD%=A$q?QU5=
zf<~6=6L(WCx^`K6s+re1t}7@^XEi7bvM;BnLq*nE3sv{EgKUYf&r}b3A<|~w@0b|H
zPa<5l;UobJuz4-3E|mF+N`t;`-RY1D*bk&1z-dW5<4fU|Cni~_dy8!8p5{u7ExPGs
zp&|Ay3dHR`>b+BE^@NQ`ULZy^kPiJld&4+jife?pPa1Cm=Jz|?EAYC8n(T>JNrmUG
z?&sGw=ahO`)Umd#>`Ri|kH3iYrr699WiZLwsULENT3AHM_S%$Rf5&F*zZFMURz4<Q
zwkP`(5+>PsL*w@?Z7(vk*moybO+5{4yAUm=oQBO`RC~jqCWWDPH}36raLBQ$gJmeU
ztn%GMTPfK7&?`L5<kCgJzXwGq_c*xclu!1gTIbB>y6n2^8`oxqVH}m>*2@jz9Uea}
z{zx9JiYr%vZ)#cQ`^YCkA{O=RNx|Fo`L*!19I@MVUU;cT^K|o(O+S=Eswd?D3nS%$
zxuKm@J;Z5_DV&X82GP42u!&Fxif|o6a7tR9#yw828cNz67BQGrT;)pd&!-%Q#_nVd
z?z<*M7LUF<1X^+hvYA{S#Ftns(&|%smDXXeY4ia2DcVhQx4jOXmaHaoaTwgmhgl?*
z-uv8*LDa1!xo+gd^S>ntpw<-`Bt0QA(^uR$##3Mvp$Y?yX3WNd&Uc|u2PiUK10Nk!
z%p-hXoLNwQ#_+229^klX2g%mH%J#A0U(~1${_!}PH0KV{L~4Cqkk|klkVKqM5<hZ-
zC2a1_$xWXHY+C%n`I<<cl@!K+_y-A5TwiW&c=OV2$Mse5Ecc1xnuVDLLg>|hJ$~fn
z8yAvq_2!MMqiMlJL>NUnO!~&Ga{djG7j%}og|zZ}vNyww!(VND)cjW82p!@{p)>l0
zv*c|6k`}^9gFjuf)*03rrni$luvrAKB}mpswLf6@`Kk-9GGyHsrwXiiTv;?iw+%jX
zR!qrNU?``5U;}Ly#%%<#vrY53^0V-D*|OCt{Y;~&iYV0KK<6mesq>MLOhi~x<nlf&
z5jU#YE!FGUdjBeSFf_Fyvs#CyMz<-|($P}?G3OVlEZ?h%F8uMJqhE|K*)_A`gf4Mw
zU9tF2sS*Y9{nOt2+>Q(t6tu;x3YJppDyh1T+0t;9)GSfD93nUKv~xvG#y}whJ@-<>
z<v1<RWW6(+8Ey-cug<Vya-eVQc!}RjDcov|Ei-&Iwh@p`d!uf%oc^tsAf^+}{$ia?
zQ59xwG^<<Y%7VL_%#k$Mepz)aBF%SUW0jLKq8HP6Qs&~NYBMEEtAMAGc1UR2`OSq9
zpR5TiyA?$IrmurN*0S@A#1YwK`A!O#wpl-YCTS!49C)+y>E2QwY2q~^ycHuR-QWvU
z<56P2b8cjcG%l^=A=gQ>-U!Q6%dM%h_p^_L(MWx*Mw|Md<-<G?+;n_heD3PLGr1Xp
zAXb|0EL`YfGDILOpEd7~E**`{O2kqVbItr_BXi^MwDS)h%rici7X601wBw8JycJON
zQAm$VjcBS1z5I#1ulI^$-}XwhjKfV6otEeko6Y)0KDnGlp{hQ0<XYrRm&RmwM2pLT
zpxPM9*3(7o{Y4ixnr-cM3uY6+>dyaWz)`18_jWBOe-AiG#TXj(U3k^qmxq7emY=S_
z@O_zyi;uvn5a*6Z)2N2AgO)fN&v*M@l&7_e07`VxGg*DCxZJn|a-xz{4W6vA3@M)t
z7Dk#vV6R^i<a4%N^HhYWHE_MZezFFtf&5AHjbE{El(WwG-chQ%;Y=q+tx3XkhZDsa
z5uF3)zTK7e9><s`-W)!1!5yp6hpG#&yAD72F(6HcrJ?x*p+0I+Hc)^4Gahc|r?w#~
zos;A2M5^6WY=(|w%*pba<fs?n4qpX{7g9mii~pJam|cogH|dF%o0M3rH%aw3%{$#X
z-V{Bk)`c=LXrT=)|41sib-kw>oI4s;4(P~7#C||fLrKJp`SF~M81;Q6_WnFkKuTd0
z+$DwHMKAs=3+KOJa97ijR?g?wcE>#l8wE9q^P{9PKNX7fLBHwL6*g-7U%D+E6=R#f
zsSs;b%&F*TS9zk#cKkv%y3XD#`S^Rh>PNG>gOfB!f=f9nozeA%Gl11-{k72{ZjG<L
zSNJ|>C{&#3p(o6;>|1o;ICaS-JSKO@u;9IP$=2p4RA`X6T@K}5`41nELy=-9W%iJg
zi4n!`XW<8EvQx=0=ll*kl`y(f4Z~=K^69_{+P>__VsQjnN$JkOY~VXK0lk~WFZ7+<
z6ZNlYq&PgnPh3UYe&UkRWvs8{3)b{|EWdOllWRZ&qY*Q@o2rM>4Aq(a{9Rb6HpR8^
z_k>ngK-hA0JF^&^_IV*v;Z~O(NIyl-$O3!3>A|LA!ta2NezOFo41EI=?bUjiU^vnA
z``C|bo{8TZB@^t1sJ=e`nt3avP-lDMMsYY9k)SrddXw)Re+Hdl!6xejgv=@gK*ZgV
z???-xUKDXE-wN5EC^oDkI}oa38-NwcY2iyh$-@(i9i<VA6^QHymSejK@=OzyPy?>3
zoO5k(1831;_kk;efO2G^2ZqG>aF+IE!#jCp+<NFtIjL>-Z@HSm7fn`tR=2n`bcwQL
zjcd|Xc*88`RlvLPI-VSM;()@I?OgVq>JhhUY>WZZQF*VsPIdDORNTl-1(W&j%Pw2;
z?{r~_Ia%8AUoZO~Ch!Eq-=>-w5V1xr7?nNe_w+^ZfT0jb>9|sfxBF&N;gDDIp<S2F
zCM%rbZH<(vBhSajyuHIOQ3^dexj^!;j%RNNr~QS%;OD`WF$G{RgPSFB6IHW7M|l~N
zb-pSlU!xn>^lRj1sz?{j<~7(!(BlHtGbtlVZ64~{7%~6u;m=ha4)xs0;ZB<InZE!*
ze3R<$=h^rcG=q1zvNv#uH=dEV?^3rjYP>Ouhswc!oO1>P>1VW6{(mI*<tLSfttwuo
z|DHZDrj05`(~=5|IM}|O^{^k;^cXzhGI&a@F1f(kFl3|#p?ImsS#Nz@cGO;^f9sg#
z{)izvJ)5bv^Q>#PmFC2@7d@TN{yAHoJ>4isUtm@9WI+d<@Ap0>r_NgW&5^~4v;cnP
zICHmFUrBN@mI+#5@txe?LoE{_z}Fl7P1ASXKSpTn+;HOiYzf$~_#f@@`68jWg(Sv}
zoDuz6`_+RAbnlvY2BXi_8nSuee!uw-%Rme?<KiEh;tTUXV(oY0xwpFh;5DSUN+O@;
z-WvQb{s3unvNKP;OT8^odn>uIWmBg_`RsW6Q2;AZDd&H|uyMN0{}Uv&q7>j+AZ-7-
zlk$@nVf^*^ItjLjI(D$vM$Yqo(o%#6bD|~U0XY$Nq^2fZEW#_1iI215mYuRRk(tZ-
zyRL>yJVpX-w4ZgS{lU+!yojosM8ZtQ^4@<)Wlq~>(9EiOk8Th>AOoW*m6;Fo_`;^*
z@0j&YsS1o29p55axgK0fI^lb1wi?2b_8?M_Nbn==OLsvlgAE`RYS%VjEU#$lCef|n
zPkzFKg<oemi6}lB=+cfqmi4a>fCA@nx+(tV?L=A{Z4(@jR(*3#dIE`Fu_H0%W;t@N
z`d)b}fE<P2CeXlwoVu399m+r^;(LJ80&w+?qKP(XGk#{E!Chl{^eQ2F$FLt(0g#C1
zxBdav34d~}J>b^xQt^IqIViG{vMojpdk(pzJ?H&QfRu>L%+v22x8~~K5*eKN&#|f_
zLWL(fwdUAU@xP8sWd(_Skt*d1{hiBM{eA@q_IUdD0ZymeaEs8zqieM7j8hd>!+@wV
z{sVW1Qv!<nt6fOId%Ax@oC-u@pg}liMr3CEM`-4L`90~qR$^P8tA5kVgKLV{D)yq|
z8^1XJWit|A0ak{Pfi~}Vwryi;YrAbRxeyf1G!cUxmVqVxr%kJ6rGm-DrXH|65w4=!
z`Zv8T7>d8>lj`+9jglM{yBJfG;7bJvzu7CRkSqZLr2jgOhtRf?IJng6cy|%zP=|`E
zil)=;scAkc9<oun<qeR(br=3|qWD024not3M}Q8<!y(Op`WccNRQ;eZQYF+Ah0{^D
z-*^J=`y~R8_tAI%Ti1P?KZ|@B@Q_^azw@M_X+8&iZGCR|jl4XO=KYA6i~HtP1Lc;T
z^j0aFo@x+$AYG%Gx#y@)m(Gv@;8qd^_`PN}zO$Kdbs%u%jIWS6t9Z>73?gBpOa4U_
z)Law(qrA4)p0oLEemC>4gzfIshV$R4vsA`K-xL0)h=OuHmFDj_;)rS6Z#+d|2;4pX
zAigDq(Q7>eip-#q(<J#8%<BODNmGjCJKXPKf^iL1n=uexKE<nXGd^JM`OCaLLLk53
zy$klj6Q+(G`2_G<dkEP$LqayQA>6@xfRZP0sS#fFfP?dkiYziAwp_~l_+RP{OFNSi
zRdiK!{wSeOBBEa4i-bT!l_!hy?u)5A^%z7juV_|XAdrJNVj=UkDDZD9jT>Z3WIv*h
zH}zV)GE3+EuP*MRN~3VWNlYF~!E|cEDGGOuWiF$xyd3H;9MxYSFIv+4<;4$?2X(U!
z4SW|k*cGn*;1b9mV7WMUygF`QCIz|;Kn2Ry%4Sz8eI7#-(jloN_g>*IPg-C={?{DR
znN#Ht7It-R4}VJDT_hrrmLcbVRq%{z*r)qB&#=@AeHd8OV`RT$&FOGm^CKWuv)1%G
zl>hKaJ`Kx|wy78WUi=k5;m`F$7ym-$N7FxlIT<rXjhm#Qu`&i1UjR4}R|dXH7!6Bu
z>|^rZk<m*VBg>XK(vqnvb<X4?fWvmQ1eALTNzUlN_C2<l`*>$w;xEEWRQdVV>%VgO
z?<W)i{#@{m$zCAcztXBHZiYwpJno}<&E@aZLm5wZ+*^`?>De8zAUr1g4|V&sjA9Oe
zrmEJXIl6jWBDkreVBqBXT*G%_km~QmtUsb|r(x+*_oj54_AVvcR?4S&LP$Za-~g-$
za8+Ip{?ymI>3%Zro_Ds}(qes)Ov4p3Gi3sMQN{AH!)x32`_U(<(}tF_hC_h=dV#EW
zK@Ta-$9Zg(^^6i0Q!wfTP%l%sQ1Eyr`o|1m*$woJWGSG97{@=$*0N?3Dc_A{`$Vre
zt?h;HeaG2VsvHtv{zSywcWsG~N@&Cd{W}oAX6^%syVS<<tmE$Z!zmiB47_#aB@iz_
z>i62oNey)WHY+vOxJmbgT97NSzx-zPYvm2S7W}v?kVB?M{l<XuKeN*a*tBrt%j}y-
z9hZDXr6yFI5xYY+h@z^Vttc(Nag}Z396P+r+XEQ2d?`Y&3AX?PHd2^jiXV;F-DI4(
zA>e?;%3NWKl>ZXOg0g9^b54R{;ln;_&uz0P9`^Cny__T*RRawA4Zs}MZdcE;V-F_i
z2l--oHZCvDCL4q%5~^p_4!d|vamX?{F`#AZ`fKJC;z7Dtq4lP#2?nkzWK68=8Vx^8
zx;pi5SL@gLvz}*0Hqd^UrndaWDTAa7{cEFJ*MfpS$!EW?xtpl^76-aqz)#dTSX_SX
z1af*_9<vah4WJ2>6(x4QKd%iu=#K>GZaQ-8DdCP86tKZ}x1ZJSkoQ)~;j{@S0D#)(
zfO{8ky!9wKF#DW)kx)fc>Y0A0x|1g~@-8Y_?!(_IVJhnOI3HZUshYYpZq=}NMg&=N
zKuD}7B1*nNW=_5;RG>QB6Mhhd`47SI;j`>iYXVr#<rBk=fDD(_-n*N?=9Ny&`Q`Q;
z0OMvsXa+UK@+FCgbO$FUbn)$U%|8}^?3+B1#--aEnPL1%J`1PaA`Vv*PN|cSdd7+5
zZ%lqb<TNC<u?a6h41Q}g;ICVau6*AU>54<e>zTM?2Sr3oD)_BitA`tnJyFmYb<=!l
ze7FGMBnsSKSR_!9E_hlx<4<kJyE^IBp8H*NddNpkkB$|VW{`+lNC~GgQ?2h{81@h#
zRXx@ccva3_U(Ox=WEu~i8Osfj)ekB%cL!3v%}_=+xT%W1z%Apxnd;&FejObN8PIrz
zsQAt0>P7Je=w6rE`%IPHavIj6NF@zW`}_=(o?t7~9r9&-Cc1ap3MQqwy7>d(N*wDq
za{H|AYtrYt%xlwDIR9z=+-H@_36(><0t~0`Mko(L-vGgyMIx-0BKm9^Z2-~FTLpV>
zSH;*K)oqmnM%wX_rSjyuSMVdUdJcd!F@}umxTv6<oecONRXs)J+(LOWP%BWkKP;t8
zBh!_A@YMTwE3wh_@HTv<`;lXc{;TX&1{uG`n8)=dOVlR&t@w<gN^x`VlbvD)YHaHu
z`(lavf+t$ZGM%z4O*6TWNF+m;xl0)tr-{qwv%X`_shBp!-#{Ux91<NkCC@xCMt}W%
zt$<2V|0^Lf^Bel4@HW6->3_SE=IDPmJEkCm9~lZYi)`m%?E3a-1D_t*EPe{|IV>m-
z?<-bAM*H_0T2E^DTR^!oBHbE?_BkWhtI;c-^^voa-I3lpkE2y5h#6|aV9i>eYz9%f
z#*s$EkMVC$^cpnq4;xfxEGty~Vs$BY&rxZNh4GC=ye+>Rc@UcqBuYYu87zY%EX~3a
zEq-x)4Iwjqs|=fwtE?{gH~Vdu;7Eu3Mz;@F3!YO7nuRSC1&fp!)0Fg!3+#>_)$5`&
z`?HX*dS(rOSR859^Y11!BbCwA@yj}3(S=b++|#r$6k3S0&SRnreN02jOI<Px8|&+r
zS%`m@R=tyhkXQ^V44SHjAH;lvH@Ls|o_HBo$8C?EHIawA>Nx=Z<8>Xzi8di_I%9O4
z!WJ+aiG`$vjAm&n%XHODpZvbRl#+~S?;*AH`Pq=Qr0#P~TgnG2A71ieR0b24c_<{%
zR0~?l;S+P^&&AX!`;9=26`*PJ0m|mHt8|5BLi!(*vFWE8WRs-xBIUfj_p;TTpt2r4
z4DSCT_8kqhx5V?JsQ>AL%1F$8t`-T94((A6<aGqH2$GHUMAX%lLl7~6_h5B7qD2}v
z8RCn6a!*~00qn?s{$GGPNGf<o*`bUqKG%}A1=48iH+o24c*v{r78g!yB%=WF$E8(C
zz%F^fb<<p68IdC&*K=nr9jQ~X)NchC4IY2#l0E!(dGClP%BZ|Y$j#`}G>;6j1uR0v
zC|SE5ZI{Ddl2wR-iWt<|4^~ZvMAkS-{o7X0j?;-!Ha*I(O|k0A!LSDT>4E9W&ix$4
z!rRf11>xrP?gF3L8`C=_h3@e!7?Fi|?h1VYv9ewBck=}l%ToGKSmV$<318GqK^j|J
z*NFr8vDz%|*u@gMgH%nwqZ?pkAr(99{EJwVioHqufV9XoJBRe+WuV#^9lV7>eZ1rO
z@;4aM<t9<>{j6`vrgmPqO3%dgq|<vtzE_w7%S{vNXX-iv{0w0N_WgGyZYob^)yZ2@
z7vJAG=WHr0RmBB=ETXtPGQB#IRaV;1q(+d|qvz@-pDUici^sXtQ_c6O+z{dKDu|-X
zb|RfztZ#W4kbTyKREFjvqfiy^v}wN4uzVZAzHoQ6i*8UR$tkI{uiLMH1ESY1i!0KJ
zdpI6O^Gb$F%9K}n*VTAfwm-8`G@Nwjyt(Y(96=p`vqR{Tz~}Bm5zE|zG1>|F+L#)N
zgXlKg*qOqW{k4zv%~a=%@!_FbS5l=LlBgG8^hthklz5&XGN@mm**1CEHtVof()dzY
zVQE=vo?1QS%>&HP(j0%PiH_gFr)D+t%w#VLy~5$b%E=ql?boBE@z#I``i+ER@`na4
zKgFzU{c|R1m}w#IjhK$4#)XiUN5kOT8zcKKrCR3_H6HHdD~6P_td3|Hb)MfV@jm@n
zIhnN&BpYk43SdXW`YnI-tZ15odHP|dkv~Prw&Uf%Q@Q7|FA4d1?Xj=3PN9?(bnXXP
zm^hfd{STD1-Unwk#bFUHX)j&RR?e^cf8wMcnk5AzoGO1dkh$+jmGJvdKz_=lnoIQ@
z+8tH!Wm*-`ylN>adZKHvp1BNPEORk^Y1%Mo{AwHqovc6ka`3BXPPU2a2ocR9F^o*K
z*IX!il4mzUZ&XvbYFCdyNFIngChu@>M8igLo-;i^){3id1edlFQ%MSnCVst%s`Qz0
zBLN*pPpE*XI3bi<ZqVob!~<D%ssdj)YeqHEvH}=xk#T9RrrJ%$W4GJ;9J|`JSu_e%
zn09`NmgGRBvq4x3CqoWt$J-MFS5zg<0<o5=hxuJ8^360Cw~8=geO+tGo78-M_64CG
z#4bY$&78`qbC;%;&s>spLFfKy=Toxrc?BmSV2dode~%_s?=HD(nj&N8L!|Ob`2}n?
zDUH5K$r{V+;L7jK9pe>ePwGjz&Jk5zHGLoFj_beEZR`_$EP@#<^Yq2a;$|6YKN6Xn
zY#yu}uFSPk7d0GnBZnawDvS0y>33+&{EQ_y^QQOaUaDVC5O=$bIg9+$Am>?CDLR?8
z@wpJ|#x&lq+4Hh}0rh$<zHoGpn6KOXBt4c7H-ESXS=frZyMdL{JX%JY&g^@{unk*s
z;g%KcwWbQsW$Eqjj)=sYcx}8DTO=GFdgiVwz|Sd2u0u|7Sl6Y*72%_{mwEgZbKfY9
zg>mYmi;SoF&w6K_ZvsPCI$kE@BQCp=RCO=Xbrp0Tr^&D<F2CcpU#*s~ND*LkI(Jiw
zpv^(xLa;qF&91&ayHl1EEtt~wM`+~mimEx)Pj>e=RKL4!m?)oQ9X!Ep-O4%`^=~m<
zSr&9-F0OC>g5K8Q<Gx?Kto(H7XBC~A@sGUU&9f$S`%lUz>AypyReV%YCAG2g@!Oos
zkK1!!N7SF|r_~C7witUBJXU4G^lIbO*vO}Z(pNK)K_T*SqD@RRkkxb|F!<{9v`417
z%oCIB-i%F6hGwv(lLr2e;=Vha&Gzp*-K`c?yH;^)MZ{{Ut*BCa#VCnYMXd(0Y42*P
zMX3={vqq>Oc5GFOqV`Db8nIH;YHaV7`~E%8`y9vn{_+0zUVr2`xRNvHb)DCFp5O2H
zGs3HQeP%@c0i(H+#P-Jl>o13`GnkHnZPmi*#vZYhP!0&MxWrGrRHa$yIW3+G;lt{^
z%zcBVVmw=icTb1{D@<ie%JZ^5?=)jr+tT#IODC?6l8}D0KJ|C@;aG7cQzbc-TfOn@
z49^06FPHx+owKXKcziD)nEQ9E*3cdEkxNo6d5L<V*tce*)+4EMV1$C-+Ar=kaUh2s
zTtDnt-xi5X_yW{no@~}VUHiFya=f0GaZr=t%9=42vjU@<a1AloYgQ6?s2X7U-u7Xn
z3UmF%bA@aw<uG=4cFt2T_P!m^t1m3|XJ5AZeGM%!_j{&gInm04GeK8<ftF|k9OJDv
z#1)Wh3sC%952e-(k{bV1PR+mRv;{y{8)_{HM<LV^V5x9cHTqp=+b6?xc3&Ys@q!i6
z-Uu0b#$&Qa0jNaQ@L~pl&s<@PUp`Mh2MQ^tbCl?g^%xuxm|_>5_7trJj~xw(nF62#
zy;a5i`n(kQXZOAJmE*HV*C_fskx~~y1t6evv{KQ>c~1ERcF^|2jL144qx0RO%Xi(O
z_So;ipCvut&eq(iX(qL^L0#}yL_#cY7acAqQSXNhGqGnGA7x%SEy_OWUG1EGHU0E~
z5h`r+^b6%>9sX1ePTkwNDwGic1lr8|a>E4#)_>fse-^{H1$)8jNoobig0#r}d(-SN
z{U3p|FC4Q1-Wn(5{Dw&uNXbG%+@Qu@<G&zNaRn|Nv$CeiW{4uMyfm~Tw3QN~E8Y9)
zsr0vi_m#dz1r1N{ebipiAUnafYt%gX=EbJH7^B0a_gA}jO`h>*>>z9&E8txrPaSX=
z54(nY{NF8x9(U`VyF6pR(e+gvRlFpZgPp?X2VL@b6z+7z*{)b5=gM(E-;vS&29VOd
zZ8kTiTZElo49Jyshe}Zprdz;82+eNQpmFXDuOp~8tcSEeiEv>x(i77gL=4s;W8tnJ
zfEnV;w>7Wnj=b1AQd?^!RLid9WbQE&rxSJ?IZWZMy5xzH_{-j^gM#R!Wc^{hqweCF
z0#wtQ?ro$B^g{Zn0_J~lU#|zXb$F+5rH<_NV45AR&g)g2{v>E#YmoAXD@ACE7zEf>
zn38(RJ!fy4+^x>_4uNo_NF?1&P`pwpiYnIOj2gc(>Rxw;<D=?nuo;{>YjrN*Ly-Eh
zMl)!4mPWG^4h2P{o=YG=b2$|*^|AK1&KX3cmm2@TN?Bk-@2AOl%4K?rU$G}cG&@t-
z86KKoyFdL5Xwu|?tox1LM8Jzn8hZ{<3oc9k69VdHktj~v2uN|R%VNz_7|b#<D>5Cv
zUVrI%BmeWp({8$5i-q4HlSzoE-jN&Yjw^F}r&XpNHGAy?Vm;4oXibRqW;=aTL18WO
zj5i!>l{x$KrQ_3hK5YKvlT~?2h<$;~cu$M09=4d=O^(`O?+rSI6Sjd*R>tx#RN<}X
zr1g6p7pry7K(*DWuBHiY%jVo0N4fQ2Wyat0OZ5XtE3;9sJ2R!uRbg|bMN+pT{);=#
zl!_cr&h;v-il<1`wlARE_QosjCh@T}gSKXDEq7<EcKWu@Na!g@g+5HQ*2Bx+i^X4X
zPj0+A-!>cWld{Wd#^@CS@j#<$-4$4gpf-kh0yX{K-sO+@?Dx6is^ZgY(W*eic5NNb
z4*J{95XVAjmb%!bNhPiU5kP56k#}IIKUqI5k{Vz=4C`e+Dt>fI20d)&Nbcwz&2sR&
zr(|=OI)H>M3Aq-rAQ`XvHyPOdg*A^DK9o|aVhz7=&MlzR5zsDF5lFX{JS6R_%-drb
zt6@Nee_PayQ`R63zVSojHlKx|(pL#Q1ouG&tFvVR{|~&RLDgvmKu!4LlAXp^vqVL0
z9miRjrN5Jc#f=%SB$Uju^cF<z*o=G`0F^W^r8<(T2<Eb%{ov8%71@fqY0WTmsvg<i
zKFCyY?M!v|19q!nJCmTWP}z50!Pjd<8n)8bxg%stzU-169km%(gQpCV8_&8!g=;>1
zWq6O^2;`_MXL-x`s4g0;Y?J5DqIoQZkF;TQPV)|bxag3lwybq(uuDT6f+P6~de~&|
z&PFQpV!07a#xB}7J3jhscPLyGIg@720eK%6=|~Mnui!30(CG#oAIv%3;*|>-dd)XO
zxD>W{3nNe*87_Nxf^UDyIVCPu<ws9hu<1zRHEkl1mp87XOxUwCob{Z_U{th*Yv~kU
zXG#kMt|VA=&ws}ftE%XP-^`wi%hS1KZI{3oZsdRDXAM^D(y_y2$cpy`M2+We^M_$j
zJmwz~Cc@xmrJ@Z_i!qo(9s$mR`HE|7y^#7&gp2Srt}Hgn48$6~757pq>4~!@%<f5M
zzO}AfjJ8!kqUc(9wcAkfr!ot*6B-@=)Cy2l$-{b1I@>dso_UN-I<#B6;O-+g7&ej}
z<+5)mhO%Cn^~>uN&r3jw{F=?8I4zsb`+p^kG*~>@K<8qE*Ww&T-5e9H5q?+W7-BMZ
z-)1-qnRFQc2zR`Se%A0UBaNu|wc$v6yOi^JMe^w8?A(5l>Zb|E3VI`%qiC1yQfF;~
z;RrczWlUq{OP58ukPzMgKRbM&vwpn}*-piV1|562p!FJJ4%ehZ#WA9PiyW{l@GfYb
zhvf2JEq!TG`LRoM)p<(FLj>D67<Noka!C2EZ*=)hVS~mQ`pRb42lBtg41?Qn(Q0pN
zd(<b+UMI!dWyu8>2Tf8Qb+BQYl@q=Ymz!7mwv2lXP_n}{(P{dq3L3a|fjq=d#rL8}
zrtW-wH<cK@q`??snJm=C^YXh3WbMUdV6gh_NjDh-IIND6>m?OspPp;Cy5ldFKKWq$
zn`FTiCJY+dS$ajVA9H)Q^>NlqCrT>j^P7P_O_CWnDWdlvVodGFO#}CFBlhGm0G2j2
z!aG3bgzk<9*IxS02&~I-rC#$)p92a_-R1AO^H!99U9Y*czuP)lX)@CTr}MTDNUXwV
z+uF;Sk)as|XIseZ&o|hux}M-lV&uZ$1L$GfyZ6LjF<lt)iRn_m(Sz;DU=?~|d1_=l
z;44~w`%1*+sio&Gty<`vbZ=DebETFX#jmnDy%L@#wgwDJPL8;Z+kFvl8x&`2at}Z0
z3aO`Zt;yNeHdcJo<bAM{d7>8)x#emp$a}Ve`fwsE(-ctsUPW4M9R^}Qu;Y*ci7bl4
z;c#oHcQS*vS%<ASufecz$6Wogd|k0jL;E-}Ta0XsKae3CYa-eM7Y{7pz-0c1Tg+Vk
zwE_^s;6b+M>z}5{iv+p=EV$H~%FfFL{tTJCuL8g9;#M#1L_iu9x669rT8eQVXr1L1
z`E`SZw|hd`8<fCSfX}n?<_A?}tvu%>J!L82`Gd`%J3}6KT=svGbf%bRgvyJe%w&{$
zRgwNP*TtVPZ{<>y82cjyze@e){wn#8ng&V~aGeH}flhP>ukY6LEA9RaYv?jXPq|c0
z1yTSyvxPM8D@c*sB~Z&8E#Mj#=K<g)+xvx)YQm03RiTusKx}@5%3+Jj<Kr7qbd`RL
zO{bcETjr>}=>qC}R~S%c&sRyI?qGW`Pl77PWnUg$>4K2cP1Q{_OAUdMR<$G%z-5ig
z-70exGUlNL6bwt~O0E(>-5LX5NBBk6G6M|ZH|sPvL!1Pr&T@ln-)KFAtV;i27Y+jo
zi^8uk&PG?DZ~C90%QOVB(Uw)$`s}$;I@@PJS2!W)a*rDbG%@KOCs5tK$6t6q;v-8b
zAt)dC<Ff@gm?mb&Ud9{xw|WCrJ0Q*is;&=(UpdZ;i3l0$j0c@mT=ODF1(E$3*)nmd
za|kUn5uOKpQ2U=kzZ=A(sGe_^KF?~K+%;JLJTF^so<i6<hHeD5-{Q2du0DyK{muIT
z7BnR6HgTe{F~&1o7IY%8Xub&55t-MpV(^dQ1HF*1*o{p5c7nFqMfXHx0($`3X2f0^
zxGD;W&h8ZW_E?MVh$^&0F>?G9%U@^`uh+gmvlsaOBmK$ttXbTa{8R<-K+?x?<tNC4
zUFZs`eRPrj&t>P1rXKGM1*`_Kv#O<)*GIG<AF#+Iq6tQO!Upnd!4E@Qoir-*3x!<8
z#6kDovNtSgEUWYF_dV`yqQ&D`^DwAa?i|252FS8tp!f<>>~=|L&DW~gXq!sb6edgX
zx`wgHShnZnJlxYZ(a_hnu%5C;rVzVSbQpT`HqK8PH{UTgbP?g@iTQEO#c^=NfEk)}
zQzXhoBm-DOl$~%RYnA%y+V))LR%D^XQ=ofX^J@VBDNA1&_$~<ri;K4(565k?!*Aep
zF@>*;*#!Fqa=ne|aKatv0lE(?H>~L0-=%~LhYc7f8-IPA=^9UZ0}Vc&r^64FwVFma
zaGfI(qJWlw*thcI)hAk`v8^KJV>yq>ol#ILI>AUwm&+I6*)h#sFLPbl8?^LX__=xF
z4-<_N??dvz7W>KXfrq*;axLfC_YFDvRxr9R(Wrw3`u?95OCA|syq!}qPsmI+urMym
zVF|EHs1^;hHf$q3RE<+`R3wpzY>2)#Ku4fAtR)$*lMl@>9>}V%MbJ4||IU5Y`GB-M
zKB7W?hzu~g4h|_ZU8&zJ+B5+wA71AF;uRJ=3enthUiOJY1vdeZNst|QN`?JE6dJ2-
zaAah}cz#6jb3oNwpgS)TqIs2)X;>mU;Vhfl(yPLlvP0T43><|jg;I1yvEz9Y8lwXL
z{D-Fddo}XCPJpIt0A}Uo|1IaGLCnBGbHe22NX{d*BSIq7k*7?Nq_CL0#pAUGK$v*^
zUW(QX2iQ%al;4?8&0VHfQN=kd;R|W<ciQ$hKtWowAM>1Czs(htp)>jp^bba1q4LA`
z^!1vP;{)(t&KiU(5z~ji>_h>E8(^_{7G3gU0$RDZAI+n1lW(;Fn`<U}^m%`!;MVkh
zag6otos-!}@$|z#J7quQ7<j4%d^?1&y2_HNMDMH7cVF*l&Inm4=DMPENtF8N<<E}|
zud5*`RV~5|GG$E*M#ksqwP_dCv<oC7B~retm84weTl%_xCgM+jnqx{Euk-V)J>2XX
zWHq;z+$)yoH}<0y){!B9evNt$Of&)drQ4G}gL=&D29Us54zp!pkJg!r)N~*dhZk?j
z6Hb^qgoV}t?pOTQm<1xh4RYD-JgW1fDwu|$aj^eVPvUP~FY6K;H^T#HvdUiZ+&(l|
zKO%vpsDM!W^x%<=;A31ltC5!7?Ff^I^cGl6u=dO#N?#p08NAg!u5A@n{%YPNNnx$p
zA?qR?IIjQN4>L9kn=#?A2ilpo|40P^kVj4Sg7K%q$D9yLV>aCPhkJ1t$w%{m5n&XI
z3dH-th%(r{Y<pC?!T|sH?_(MgIBsRVnDIPxP8yz|8fFXtEg%VoXPn*d%UGe$h~G52
zGWsRKFOWSSS-#wX&uesI3O)DJ>QZF@7Mn1+(<LEMIpVe+YnztKTE^q|sd3$lti{nN
zqhl6?H@%WUzc;%yDNZhYa(9Z_NE*+3YYBYE0S)D$bu@`z<Dr?7_=<p#)`<>XCW}b-
z<d(o~<MXS5E>$Mbku2HTM^p7$QS3p;!}PnKPMC1Fs7B%<%&}3;m&saxZ%O{JUNHKv
z5q;943{Vbh0*reU7a4CX0+4hArUO9cBH9lO&kO!Csg^5Y1ctt8|BLb~*O%6^j;-Z7
zx0*zjtT=To=uQD0l3`=Rd|<XbtK?}YmNIpG%9d4Bjq{G^9U6InhH3RYv_8dRJNzx8
z>Y`&GO*k2;cCjedb){^=1o*hE3?SwEaf1*vczLk+WZRyFSl;9Rgr-i$)c_5E+^z!P
zEmzwuafM<(Twmu;Kv(+lf1J?D(B|*F0lcqi0Wjn#$=uFl$@*u;y2;Q!_g(S7PXl_q
zl9}&W|2Z9X29VV-^=W|b(>5{?2P5!q!OVBYZ-5E|FpgqBl6Y<JYk^rZ_KQ^%g$9Mg
z`tH{Gu4)4{mmF)L*9-H&zP;RWE5lk#(jLf5IfZoo(+yc#n#ynVU+szmy4Wa|e?_o^
zp1(rG{_QNyBiBMoJfK78yvaPNVHthq{XdI}**RL^CU<hU1^&lsm*XtW4vTjD4<Y3_
ztkDZ0@1?%XscREep3{HUDaD^dH<!cw>gRak|3L@cWd85s#s8xv8mk33{y&>%jnY(M
z%;k?m02)#SC+LOr-0sF4jg10UTOX^0tWMOFSM7S#trC5JH7nKU7a&A*0ko7DQo5|<
zAcSBpR{is(&oIm!2Pg<<6PzhMMR7a|zNU$*QZ+NLxdy^j4rhF(L#Xul;E}hrQrw*(
zQVD;E+Ge98#r2z=9n`<iTu8je@PrnM{X3+~cEC-4QTg-uU_Ikaeoui4j7Q5x;cU(?
z%btSbM)^sAt}|}j>aFg;>bU#6h0)Vb3f=j{xpT8N7Hj7gR#0oO8Hh*_#reEud0rTa
za;6wtIE3OZW?k_(4?Jan+w*<4CK`$3nqjzz$g2(R93KEiH4qhg;FvA-a<rpM!ZWPk
zM)9IX>5|XFJC%`E`HCHW`U=(0fE*3f^eCIjwI+2ro5AdojW+<N8uUDUY(wyp_wA8e
z)Rp&@lh1o5Up!qq#RF&rXMOVYH+BQ_aMNDhgH<h^usi7{9F~`(nh~LUWQ<qhfTVoh
zE=qqoLPc-#Oj^ug>bzgl1e8=kU+jquZxph*k|!a=2_q7fm#RBkT=1gy$|(K4VjU||
zb+q<~a94JW{7!j-RSsS+VZck_8BbgA;_`wNKy<Y-wtBlkL3|rW<kPqPDXiYAM?u+#
zVF{8Wm@dKM#d^K=gC9G^o|ydS?Oq<^=>jmSUw)wu$|^#INcI1mICc-gUYhO}u)Pz?
zHcvL%`EGKUDA>m7*tZw=@|LB2DxE{u$JxqXJ@Liw0(vt9#VCiN-?uDx4qvy@G`ApE
zv;yPWlC|%s<1%eSk<+Ttd6MjFJ^Z$RBGt9H!PiTd2VdT+9CU3hH^n3QP#hJ_LgMk8
zki10ci6rbG(WGyU3M%q>Mxiz3@<n%6uLh<kS{KeL@~6cYBq?m}7w@79wR`YBUjgH@
zTcnj#AOy*ks1+yOY0aZdNX8#3PtCth3HQ@9*<5g0sU}2jh@{6wiD=ek$l2(dAnTaZ
zb9oRv1=?09LJy82?AL0-fh|~3n|T7hYeKrI?E<bRn5PVHICFXhmMZO6&BjJOKrW|t
z@-whiPeP_8)A2IG0dUQLsoKQIO@V+y*;<1AqW~qYjvVjWnCuA=NXN&y2rH7DUdJF&
ziJY*uUSC+SA`@e?H-f|!pU5vBR1TfrtbMbGI_N`YMD7S!vYO`?a!>VM$aBCM&-mzW
z`XK#akMNq)uKnd-sF^FOi=y79zZ3XW+J|m#PfsT@d%j@J(r|nN@MoI#ODij-2X8-5
zj2T#o2mCTp{qgH4sS5y@Sn9Vv)gc$+1F!!B48g4)KwryzKwVcs(s0n|y|G;*MJArQ
z<=hlv%#xpO%LD+tkI!IU57f>^KyJ3DB^LL#>_3m18*?pIDs}2je<Y`~d_O>}?pIlS
zbE<Gc#tB3@q#)I+MnG>y$IGmB9QGhnss_*?6X#&uFc*j(d|krmb(}TuY)+Zs$L@oR
zjQ1AW9psPG+69Lgd=T!<n-uxHj4mt81K8A)B1mPog?X&}hs~1>WzpfvIZr_c#0c&{
zL7Y-s`)<RphB0|1OPiQmCKcF|uedELCmC{nMPB7ZU$?l_8V?Dv_G7p;L^xDIu=hSx
zu55V|O{uYt>vuO>Iu=!G|7l7igrOUXOKEd=Y_{Jo<`K3}tNKBqQrUXH&pZFSP(z2i
zMcl2HYHWN~#QDHs-=24mP4>&y0HYQWAvwxGsbl9zqN81xdWE*BWMotszB<_Se7{<3
zUeSK6h9>zF#k*?k+E$_!EM<wZkH2HeR@SyWCzoG#xHP8BCYp@1wqC>4CZqlN7N}v$
z<s<OnqqMTJHDmL*%+-*-M0q)#ANF{!7{V9#Z(C#1s|1%NxhJk7V%Y_N>=WSRB`y)o
zk}o9X@?5VG8pY_@<ye1%cdYrsBHe`b;SSVW=)v|#RpCNwVqsst31Q3EfKqlb%(1M_
zSuwH85*rPd8eSIZMs;lfT$_QVF|bMFYUsiyCRK9kPTJteU)ikT#x<iyM&!(T65zq5
z=$9gj-tfbEMGjTIHGU+|TO8vNp*&)C9?}^H=bOGPmL2c`XZ@=ur7kkLHqax&ocu)2
zdb+$K&lLH5acI~*YWifgd0EC{`25PV<U}ZOPfXao-OkT84=M+>Lfj2aOk}$u(y{jU
zg}RSD0_C$7JNB9mfK>u;nJ?oos%aNd@^|Rg<os8Desyi=LlZV+7_Z0vSqf<Us1r@-
zZ})!9ZDw{04ZHA=O`%tHKr$^}YBoBK+%MUyen*)dbI)%;+iL_DpDVbwr^ZVckIgs%
ztV!5+-W2dA62y<pkB2Xr`isAx@o%_@R#>4k7s}qujG^4lWnwM-^f+O_H!bK?jO;pr
z<w3yuBac|Tj1eZW=x*awr&nQk?wxm(skHS&g@yc5A0X3kqWwkyBiFcXN`1Gn7+$an
zFcN!D@&>QguMJkDvi6`T`@pKIJx}!$(}YhhY}6697Pa%~hlVxk*LO-=i}C53C&(EN
z4B!RewW8sZ5ECaoe8#D^?F@aJcR<4@-9pcfMKn^>docB$c<}tL{a9p)u9~!)E@R0P
zQHL|rjd#EC4BVV?a7w$IYa>%js(*j_`)m1_715RK#R&OtUhAo?@M|L%Pz$)Ir76x8
zHU5d|miyYD*k8Sjw{r*t_CE`SdY%{9pCnth&Yw@_Rxg<L7GA#uH#%7En&cewzU~Mp
z(+ywi%`K|0J;jla?aE^>bjc4XP^rIv0tPLB!^4%-C5H@84tOO~;Y69DX2<a^((Z!i
z&4Sp2>SdIRn&0FTVmjBnLF#v#N+e<6%?5@I>^$~!gi9aG_W4bUQM+E^*5Sg;+(LD2
zTcrFv*GeF-c1mzlph@MXFvxUn@2Ps#S?}j(6zPFb>_u!G|2a($v%RhY4?zo_@|Uxo
zkRZg4sGj-ht@Ab4!BDUTDrGb<|GDQr<<d6d!}l&vO`ms;Vh!)d-JTUFVq{8(rM+|p
zC(dM49R`HXy>3h-1#GYQGqo=&%8+RRvMmo#bL5ctgR3fIV!Z(gL;&VQY1GiNlZIx>
z=Vpy_l7wIma~V;ncoAjJxtK+TXG_kiw|+l!(6AoqsF95U{0?A6D;8LBlgf)PsGeJR
zXZ^bbkEN2tUdT0(bwo&aR}xoyw$x_XjNaah<I+|l#dyadw<oYcr0b6qr9b`D){TH8
zw@>O}TKYP@8jPvkI+JuCLar+DB|e06j>bE(ZX5Z<HHbuOkerekLS-f$LWo8d&jHV<
zkvC#p5{oIUK^PUVDw5OXc4SaYkteYl#zg+JIb{3|KVgbR&qqXfOz2i8WCUl=X3n2k
zF;XgsHvG#xT>e{uq5OW+!C=u-%;SKE+cnp6H*cTSXtJul^3HO8Ac(lyq&~glGOLtJ
ztyg*u8vDl(VY}%M;z8iw{#&C1&JB0p3?t#pR591Fiz8foLFEV@>Vpb*qiTG&+h9fZ
z>UP#S1DC+t?i~m(4cL@hX5{zsFYXgR6wvQVvLoG6O_G|GjT5UNu)P;EAALL1%?cdT
zFvyO^hdi$5AM86_bkuHWRs_N=z*$1}`op1b8Fzc6^|-!_HS~AB?`b`8&ma44wj4BN
zyQb|JnZu5J%hpkSH8Ofp5LfQ;jN*eTV$a!lJw*JqtRSW}=k3b}dxVI}T_%quFj{aU
zGldxA{QnkYp1h{yRlGhS6<4R%8XL+uH6M8uhJy*jw1g=jC3CBPng9}Ld~@DwjZgR<
z%g|{q-^^%g7?g28`m!>NCsLTVqtGkbEJ4^{@HAk*KE|=GfTQd`^?KgT9xqZegego)
zggZKn7O)ZUSx@Z<!Dj+_{DO#=>)6kgS7{ClnB(@Ln77R$QR5|B>)mZzL?(8I_+VK2
zRV0&S-s-k}a6ju%WD3qD#h0tItK#W~6q;Jszgbf>@3?kneEwD^4ErF#V9zJTD{Xf)
zUc8NM>!Z(MuyD;c870W<`J)Zqu8fDcMZ=tx&~T>Acgs#dv{1-QLIkb81>)YQ#vXt#
z`y_Cochl%mh}Z9*s(ZiEs%bla=@bwk{2MLMd<lZn9~~@$gNv%y8xL-N-bu@*u(SiV
zAvc{^s>UK(AXCiz${{2iYizJ&^fiWpZHz~K==xN{En1u~b}ecqJL*=h`_##J>c93R
zEZ8pC1W<w)cg&$|s~F2CW(SFj>yWYs0A-{Yd3+~xTHe<_xd$MR8pKT_Kc)J(>mzar
z3YF(t$<;e5#IQGysi@HCPaa3pGb~jZl5t&S;IyP$N2GRge)XXhQVu~1K^T-y1c$(n
z7VeL7e<qtKwQbuYFzH<?vr-#JI9KZo?OU(=E06iQrX6Q%4TE7WHR&kC9yXYu(!TiT
zDy7^#)T;(R@aAi+CmojLl;4dJ2JU8vd2PG?kYe}*!^)Z;2OFc(c3<-piI(2k7L`<5
zB#sW)Yr)^QP7p?~?@_aKud7y}mGz3ZHi-VG@+Ja*#Rk9oIxb>cpgyQ(fSRGOW#Sc_
zQV9fDF!6o>p+x!77js7zXduqP{ms-BaJ3H!`kMtl>!7^-xf5FbR1$nd6#BX|bq8DP
zGJ{X8Mc1VA9VK#?9`1m<cl22!tpj$JYWIuOU4owe-N@rqF)><}Y*O{c!ipuF3Ivzr
zGAI<WAY~{Aj@tCtGc|}1A8{H#oHxZuddl*c)EQ3U#|#F`v${<q@Qd&B>!$5!Q;rrT
zq5s~D4#xKA{z|AjW3D+~F`K2qgnBxBDP90~?k4_|vHsZWVn|r-rqLKOR!H11b2GM}
z5?;t^ux!D;8SD%HnGYebLrg_<#JS7eOnuEjb05Png}L$(J0DImFdQ-LgBy86Q=1i=
z8edlkMFI$t?}k(!xdbOOa8m{KeQXWioFA>EAwXcV9h;({OqIgD_Oz)AG{ZL#$GPj3
z={sn;mgdVG`OLU!;wEmnCU{!gWSDb@c(Y$STQ<Zku|gZkfqt9VK`=!ZTfM@sSw}-n
zP;4qzidn<iK81RFiyJ+)O(v|c$cH$W$pTS8^_2CW+gq4`M`WQ5klN{Do#88m?nk+a
zD5kkW!4b>GH%XheU8xt~_<@LnAN%rFc<o3m%t&NQZ0`dmAmMkl-?JP_dDdU*!`{NV
zX(DTW;=vbE02BzAc&rEsRWZ}DoB1ts=#U|%KWg{e#GJiYA<!zmB8`3_Bjoryy!)eA
zMF#O%JM0%r>Zw9Ho2rYj$r|GT;dj+qZxtv=RR(x=JvN%`eD9{%cjH#k%Zk!Ql}QO*
z8XHxW3^Gt_7;TNY<DL@HTcA3=Q&~`1rgO9+FD_tWPK?vodly-rkPug^@zp+LB{bhS
z6~>D+VzV)?^0(v(_(0)xOUbY_+=FDm|M+Yx{ql9ej%s0@G=`PTcDSWbz<m$rN!F6p
z@c>c^z1ydLT%CA0qGKw~++eW)mmY)^c8G*iI-dQv_q5`Fsx;P-UPexpt51m~a$1sc
zFF!60DSCWTZwd1394>j<WN!orD;3B<ZZZJ|DS2%#^>5F|8;Ip-8DwXHZb<bio&&#F
zdExKb2y>sm(svGg4)N-A8+wt!BM$h1p1raiB&$oYz4A@acLuR+P~YW3?emm3qMTkQ
z@hEPcKmKnHu6i`zdqIUn9enS=pg5f+gmQ}x-h5$wu>%-A*`D(c)t!hUx(v=})wgjC
z<SrlbiW|Ylu2ij9&!2d%PkAw)w-<hqdth_zz>cfP1C8q!W?T}i*yX-tBz^VMzN*+<
zX?p{mr5xu4{g^Xpi__gLpBKMWTeYOF^R&@_=2w+~j7~#i7oO+Sy*9m5-@Nj3LTK~5
zaes~XVt=~!&vmAYGnb4LKQQ+ED*fbDX%sztenT3?WL1>e{xfNdd|3J1;n!87pIf45
zs;dpG!EDL|u0{5(u~wdTP(Caex<mDL{avqr+-99K6oAL<dL0lO#YDV9;oTrm5C7F>
z=D+SclA#55-udLQz8TBYCPkkdaqhvP^c+1<m6)`SKhfQI*e>_lpYvo7x$6tTy%HWE
zP-yzSi?<4f%dR)pS9-b>%-^)jU$Ef8)UML!C|x%@n9Llr!3|vm{Zu^7pIZ3R>@=L7
zDfB+CjrU;N-(9#)18-4Wjzd*dgF|`p8R=ekh3g4*#7DbJ5>7yu?0%h16@>&2C*fW*
zsbp!3xbFTQ+bZ~=LqFR<{UN-l=l$ZTZTZ9>v1s*|?f337ob()V$ZW|Ef6V1A*Z@-8
zElyoV@xS<?neIhVKI<GI9J-94lU`4TTyrTvnb4PT52!cvB`Cf6tu}!2>6(%Rfdb2D
zHHiN@^Y8iphu5L;oxl)kFCeE`YNyTGdnTv<f4*vVl?8*mO>nK?y~qEQ2p?+b-zTWq
GzWiU&pNFde

literal 27939
zcmd42XH-*9^fnqrL_x(uQz@dNKp-FrN=K9yr1ug!BE5#*6cOnH2_U_NmJoWcDn$Z<
z^bQJy5UL~;L%j!o_g(jX_<y(`-gm7#Yq6L$nKNh3o;`c^ex5zy>Z%HtX>ZYjK%mP?
ziZ3-mAgcEu(3wvc&I2vGiP%iw-$fTi19uRJ?)vH9nZcRBLlEc=Na^KsZSS<T=72RT
z1s{SDRm`KY$1GE2g2`qqHaA{Xm|62FR(a{?u;tQms$M7$y}th7?e_=Q8?F-H1#p>#
zhkIN;ympVXq)X|7mFs(lj~CDQcd&#CHeT1?#l7|_M>f{H6<k=HziD~W`Lu>Cq&Mdo
z6cm`B-)FQ(+!zXw;wT!KA*2=iuHe(O)Fjn())n<m_HJARCJPk#uE&LL|7yXm?_@9h
zs|jkVUpVuxCQnPt`LEKZ_?+|HzZwe<H}KJ?<sNnD)qfSUysWEd|J9-x7-audg5&<T
z4(2v_wKCw>4*{rN)Balb=0U9FXUN~>lS;SGqtQLbBkqGbCrduIn?C&+ic-p=8={15
zk2$|%{O$?ZSv20M?&$X;X8VWOqd617A}Uu(=CMixrBzZ)OQN_ZHE>7aVXO3^9z6<u
zve{~+6sY^-m_z(AoBx4wElS-_xA8+kRyy!aZG63$tHlf1S3ZgoQv8O#1)ZopgxwHt
zFUrwkU8pDjnJb8t4wPmTeaP#Ml*F{KN3B@uhW?4r%XHUF)5K}Kzhm=#{Uz@3m}AOk
zP%?WjltHiibE`Nou$fQqnh-CZKj=4M9B1QDQcUYLb>bgYoS9IWdGreL<!x3U_H&n^
z`?vM3njo+$;yL%DMbEpXv4xlN|6m#x()}K^0*hrP-0Q&Ei+ozoET4CX7oZs14pY2U
zuvU;;D1MaAT!p67J9|5m&N?4RO#bdYt}^;sNdqRY!^{)QHxpruW+><!DgPsMuA$~e
zv$zLG#~B7-X8P=p!S6L^7ndwUA+^Uyz7M+B*Vz%Kl@4^-Vw^Skju9hVdc7LwnY$j;
zaIippO|a-4)BasxahgiDi7=Nx>jdXkX%c}67>X~pUiW4+tuc05j{1?|@jSfzh8gt@
z5J-g1hxa92R>qzed!YY;bblZS6g={1j5pV}$nQBzW6;v5^ik6M8)}U?6XScl(JG@~
z>eM4Jk4&QOw8{%Dy6Y^~Ff&8G>w#Zs;kVmQb`lciRGboN1tySt67(ru2?FdnNU@Sb
zC=)VuX?R)xm9lI13IoA}7t%4IErpV}NKhgc_cq{6!f*x^@*O5y+-d_Bug7q2X4G$T
z&pGlXqefImK5P3s*+BQc1?_}bi1L&g{=A!LKl6?Ws%GwHABEMKbevK%*@UW*QN|l6
zImEmV9v?5g-=~D$*w@cfZj4(?Izm^fex94^tRBbD?^<e)(WW*Y7DX9Lx6tV1s~S<p
zwlvd=94UdSL!z#=NBs-cBxJI}dAtT)b^CL^+RyQF&yozbirFoubY?{P8*g_B+D`Uu
zhf~=)8C~mI^)#@1Ncn0)nK#{Pis@OOAT%zvu2;5kxBB&q-!q<Sb^=r*i^I3_YJS$a
zPD)5aK2Fw~^iF7m?JV5Tf?%9}1s-Topxs64Q@b=r_)5K^4(^Lj#ptT=cbnZ0!FI#)
zhCjzg`6$4Av<qq=eb(LV<U0n8Y8mt$m4q~oiQ`g_Vb>o>Fq<Bm@8?4ZcR+nA-jT=i
zIC|)N&j_8NVvRo2{(2LB(Y04ryN>KrqXv)9OvEpp>?&H)!X~4!1Lc}h!;qA+9*d?;
z&APpm6-_wPP$16n52~PwlTFLN+#y4=CS#7<@`j_eOJny`!s7R-SIAzS{#+J4_6MP2
z{QO@>kp96B`_&Fh?Mp7z{0K_2dAoJA>JNr7F;D>t%;wJXzCN`;{9O5sZ2S2hDbM@U
zoMnvV@8>Zq+8x%TLsgd9*KGMQS+Vlp*h-lp%T(RyfuQJoael`lbJDew1Z$}Sgu8Bx
zG1ILHy|fDUdVgg$tU<EEZZgeS?tDTTWb+M|FO(9nrNnf@l<@pr0p{w=3Til91k%NT
zVS?*-Y94dtTEStx4URAG*M615^B(Kgi=f7;XI^sYxwY>*H)bWQj1iyl8wF=nv}cHU
zJyYqahJFc$=dBjc7mCd$LWEw@<!mxa8oio*U2KK652|oG$oTVcRyv@U*&iqT_{#V7
z>EjYlja$LX@h3I??~-3@dyaH2kZFJ|m)LJiYmURbAK-tIp{Ky<3H4~{@w~C3Uzc!g
zCN`%hE(UFRO?+C6gHhM(10rKS5-h{pByO#Ob@x1ptSHP~sB-fv{Mgr_nkDwKeCRL2
zep(BkEffiT?({hvLAp<hS(2#G`(1}|FbwRrw_fB)>I<tWjkIPJFLE5J)Vz*7M!?+`
zWMnTTcr`7UJ=cE1aeNRo3t=7!6~~gRGX4MDTarAE8BO7Bs7Xz(^@rm`(Am7E^?ufY
zu{u1)P$PU27~_+i{IL5C^$Tcs6Z&fZ-4N1hMFch;zK$vBjpuR>i~Ad;?O%^}QPKcw
z>|E-e3CsoCCmkvjXHY-5qRuUacz$Y29*?npMf|wuLGz%G!y}Bl?_RIM(5jfqhJId_
zqW7Xi?RDf*)62fV-Rb>J&jw0b-JmcRVr=}Pc1BK9y`RHe@4d!u0uB2?TTg+LY1iY>
zL*kWOl70%!$b;sz!o#|N?<;1D`Am9kDnl`jYiTR31g-p^H}#I%J^4OM29*fZiWpds
z{J2hLI$>4zjT*CQrj3tzor@c5(0PeV5pu;Vnzs6n%D<)<^)uK+=~YlB?ohBz_%8`7
z_2A0y>M2R~+Y$rSKH~OZciRn{A_)S_MUE2H{|a?`N|rWp6-#kG;1hH$D~jbeI6X)L
zeXFnfO4mFK`nkyTwT2G2n4VqS7bjLsNn?g9&M$j&xL;UEyP2yRC-zjMrnm~~0~?KB
zCF7j5^XtWvS6~~FuAE3YJXp_!B*IA{*DJfqeJl8OL{>7_%y+m|%@2=S73+e19F_L^
zx#0ixO-WI%Jq0S-E&eA%VdC{h;YR5+T$ER)$o$TIO--596$g`!H%vEEl67A9>qO(s
zs&Z1LG7NnDcrVNU6`c@1am=Ld#AiF}GEsv-Ea#i`FXRe8fT&&*H>*$m+&!aY!{zw~
zUx9xHZ|WPV01t@8_XpVy6+z(dEGQEw_iMdizjiQpvDQt(jL#R2`r3}BMBT15q!z&}
zV{N|p%AcdI<KGB-H|jf{ftCt7Zoa}l^dWt#O*@vg18)ra^*%e?R!j0+pqOPSGjG!I
z_)`4m6q{z9;vkj&!8W=%?=tdt+(|N;PxY1zzFU7pztctbbf5HppDypA)pgJ--yn&M
zF;|RBmR#6K`_4kMk>R<smUuEuGBBGjZV1qqK0S{EeYdis*glMRM|I`SGtXf5UB30q
z)U4gIOTvgqSnJr;)V14_7^!X8e#GjA4$5+y^aYyiC(dk?QqErAI7dMDEJ31c?t5@y
z<BK;XOppa)brjNmIXT0qf%N=hKYEC@#2eeEQxVw#X?VXBSzZNedOhly+c0P*Gi`B4
zSfAD1dX0D{i?A*7OLG#}CWKt^xrUfj!Q6Jf@w*~JXDQyzKGM;sf&2Tz{t3y)sipfK
zMr$cSL)&~G@%NrO1SDqv0_>;EV|SwqS|YJO3oYZkDi$QZ*2OP0E#~$PRF|$_s9M}=
zF@gJ4q&F%4=qAsTeC!>=-Ej;iP)#g%b@i>0fuuEEp?UT|jfo04qz?vVq=in^+g~fy
z*1wC(izyl^rMtmwKCm;JE68~McJZR)RAAJMe2HQrMp(te@u?d{J9(LX{DCu%y*Q=i
zQ)SJ8=B@ZK+=p5|g9j!v!Z>v|#$8!RB`ysNb1H!Mqo;idj#5qZ=32hEq|Bk?KE2BI
zlv9hSt?s=eJ{JbK8lXhAO(t2b3O59zRf_Muj`DU_OhC9n&9y?>T#wiAAiKur2Tj{N
zjbiSGGGB9#1|oiS+|4l5&TYvRqtl`Md9d)vR0Y33yizqcckGOgAu|%5`%rm4-V|Yo
z0rP4(G9`rnZmhb^b4K%STJ89N^CTS>s_{ebNqSO4O&z!1N}9ik)eX21fv!Nm2;Inx
z{`9KyQdaVK%{+T>{Thrsw{*INLEli!p@MU<g4No``zg}N`O0-&edY7bi?J<6=w)y4
zJBW}3<EEGDN^;TAW9Ke~hy>CnFNWrb*Bor<7OVa}kw{m(@;X}8ikchlk?96IJm%?2
z{prt*)WaB|(w(_J+2KYaiHfrcwPxOnh-dTFThn~&4|DuqPOeEN520odD>8d|3xx|s
z^~gC%BD-#i*yzKIOqNY+XP$(lv7A4FzFZyOL$1{O>j>%b2j?|>4B-+pDehuL?qO)_
zYC#c*^LH8+TYD;HwmKzp`GA<<QV1Jy<s|T3LojDTBX^B!_c@lcZojJ!Pz-l}lmi+D
zV!3|g&`Sdn)LgvF(;?6R^$q>uZ*&@)1ZNNQ<OqR4mie|Jl=qSMfu>6gd_d?y*Y0Q3
zS9#|W(9o7614JdsRE{O;6~{hjnE0{p8o5t9GBP27JqQ#Q9{vBHg);v`T!f3crx25t
zMfz{boit4UM`Eb|;l=;Qqq~A1DeE(hUPG@zpwXy>uGoT-k`mN~BcfW6*o^l=^pk7A
zI<wd9j2ba(M*Z(vC@}tM5c%m4%xgxN(zGO8Dk{goMy4o3>aE<?V4J>Uizi@{t%xr=
zCcUwE$N5~2qh(K)pewA;KFyL6YdxR`9Rh({_tU<f5HpW~h|;gmJ>zk>5ouScw{>ut
zsy6QL=Ym)JPVP9uSnKi5Y>$x5_dO_cVmf^_<A@q#LoHYA#$NfOr6y<I(=b`^0(-#r
zz&5y*1TOeU+8=8TbaP_+L@JJ1B}nbndkn}iqe5utRS{3%kSXr4)_ruV*u{eWz1EYX
z?c=@HAd+n)w)xLjx}ntB?R+KU)nG9sZz_Gj@{0ujJ=j?Jt1;B8Vs!(4*@4(MGS3~o
zM_hM!x_;jDHAx!SFsn|Jr%-{~u70|ECls1^15CZoZ~gov7r$)DaWKC4_z7PwLi8TB
zBNO@q!+pF_dbzXz!tERQif~w?XL|hcPuI^g?){Rv4fHy-r2*^q;-R+ot{IFYp&MVE
zgAS&^(P%YMrqB(A%R;?9VvEAgUIBQv4^*d$%W`hTs?eQb=KhfpQ?25LRKCl=`kzSC
z!}-NJSgMui(4)p+o-`PEJ>w>_W_kB>V-cRPCc^c3?bwEbz{VQ1Kp=5_d;N#K{SF*j
zX&O!jch+${qDNCqG~EUMjmFdUWO&5AL^%(tA>l3KZo>(#W8+7OBVUNb+LEiN{iyY?
z8~%_;EY=>&5n$xmadTCk*x`?~8l#M}8*@Cm61wAq@3vjssD%r4?2kMgbyiK79w>R1
zU+POf`YllpL9f&mV~gi;n~m{}4(Y60O+612Yx{`$Mf`*()sM7vTDfYw8{ByD%{-+#
zZi_@+Ny1&9K)6b;bCE>xBur;^>N{ayV}Es{vq|X`5^1~h^FlqJkq==rb?)$WuJ@Q}
z&{6w!n>`sG&2snBYkvXPnC(Vnlo+S3#2R$@8Rk>*&^@}mzHUvgSs#K5RwGP_Eq$+v
zAerF4KU&>laxyghj#wtOBnUIUn~Qp)f_#n)C-X%9Qjj9Wb;I{dg|?l$e>EL$ahz-|
zCgU_+7p=+RYW^1DO<1pjF-W1RK&?bg^a+3}ta%<@>p+*;?oUC|i#d?>#-{7Ot4+6!
z;^DKdh>x_g*q258g(`(k+f#%cBO;G<gsEef;~fj@9~*_d;1Pus&rghDGhs;PbUkr&
z?tLwcX@GI7sN-Uyzui;l3!#Z02G$Ods8y}5l$AP<O=5~B;Lnqm)1<hRJ&~+F>BQMV
zXE3{6W&G-&-`}S8GLT8do&)*OIwQ`iFi|Cuu|})C=3#`M*4}h@JHa@{%4I4XLTnjR
z-bv2y|DNyp6z#8LeX)n;6nr`#BF4!cy-NU_QlKT?D<6qsq19ir`*gIMJo?hrVk6Ms
z-sD}yk1EBQfH8!##g&C~8&yOjwpMIpYwx>3Ju&DIW!O1M>mqy*;S7GIi^y$?pM%zt
zQ8DJd&U|BvQ-7!G8gGT_OqTZzU;IHxUJ1Hg`}<j#V5`Z_hCf&eFCHo~zdGa7A1+iF
zh0rsyWmMq1edKun;m;VpuQgSHP7t33M;H-OC!Jwzwe@>Y?i0sVfiC=lM4kWrf<?D9
zsZ!DJD7Tf#PSXCmrmBWWlFC$*m(ND~;iBTP_lX#Ur=xOofse$a8sITId%4Uv`2_&b
zg*<0FFCdf?^G>`<1#4RLtx43BLtNa*$Y_c%d`(lK1ELN!y*G<;Id)c-ovW)vtEMb?
zDM;j~!fdZ-dOYPrKIf5!<A-ey;jX%&WY+E$m*)QXz3WaP8_T-Y-3>LGTw1qN7Gn~Z
zrjKf&`6BS?-C4g)zq!=ey_P){J}B)yRAG<Vb2|+iPv)mOi8D`L-0tDu^-0sg5AWO@
zksme45U&`=Q(b=%Pp?aJ3LaiMAIoaQ*-N;RSh$)e4BMRBIM+Gg7m&wLd;{g|WlZ*9
z?Z2xli>#L2l4sWE!8n%C)tp7@jydp_YSu5AFNL=%H@s%Iw$;7aP$dAbfj7gv&|mrN
zMy4Os2fU(U<&wkP2ZZZqmg5LR8#BZ*ysoE%@~jtM)&1Sn%~oFIZ{uhgKZTDoa$3c8
z<Ge6QSW3!X{XH(@h^!0_Jrf`NZe<B1+8RfLrcTlTj2DC3wdzn*v~1xOl$gcJuW|Sw
z#E^^Crs`AEx})=yCsFI+82RJ;$NCba7=gU+`4Amm_gC(Q$*(U{j}|uq`fSo(=pe_u
zqZb@Q2DNBrBj4r~g=UxjUA5Ak^jvjsh?v@V7b%Z!=se_&Mb*EF@AmOBDtnjfKR%fD
zuE*J9AU(9fbNIejlimtn-vD(zHfCzt?-3---adS#V)-MiXCc5bQeSmSB>x1`(-f%e
zs*BV@{IJ$a={K~PC8+i)(_%3?>p8{j=t-C<>5JVdWE=eacVD>J4@a>W&BQA8w@e9t
z&fYadR@zw^LSy*uSJ3*FU(0@m@%E{f3_w%iW1{)NQl(ciFmN~<M}NT<Z#+Erk1MrQ
zcMi3H1&uZl3^6STy|W_!%TdK+GNLxpDB1Y1itYVS&x|G^x|Mb$luy_sTPt0e&<u9f
z_*{c-D(*!Jl*SYuA_sLR{C4E3FNTt*wUeS@u}J0)&edKFcb`Aw1jJ3*WTXf;iZ+Mx
zkP<n>N}p)Ynru~IV^%ksHH{Nz_KefIQj_f2YcArowz}Pz^=Pnmv5u3;i=Xal7tf_N
zxM`*ZF4avpF2WNDsxbrs-T=v`^CAK&{Xg?P$HM%}3_V#z-4@&VuCL8DrxsHszkLyQ
zr37BSK2_@s(rm-9N(cJeI(cOtZx;+jKb=*CeUYE%r*GKcx{&&o!Ino#^Xinh5NP{L
zN$qUIC%5+hK=PkwN=$g^3{BndoYB4bA4o1kw|16qOuK)RTHj0Gn!&7lZKCqw`gFa!
zW8_hJ7rU}ehR+h{{uuz3LXF%vCl53|Tk8Ch|5o-wnN{AU4EU&lz0q2%1nD~{@6>Y*
zmTI#;1z~|uGS7_joW9W9{%GxJ!}p+Fn;=gRz&!xr83*t~uxgs;tp!Cvhb9`MnGfsN
zHcN#!KdeN`PqDt~e{wp^Kj3~jcsC=#ZS-}e!>MQeO<lT;*5?bI$)}7RjExTM9sB94
zy7ysTPxXSO2HeP{-W}jXlYERF;D<+oLa&;IDsmbV7!}U!%iu;DXLqpMDPv8quTRys
z9<6WtweI;PI2-(4#8K+|0{~ERsKs>CyG#55Vd%->0bn&8xk_wv-_(EPRV~nKFd^db
z!>)mAmK>>k!UCe}5q8W&V=cSY3D4$Ej`uPd2!6BVjBe*J4ex-}X}uN_Qj4^6v>6ms
zQ93a-yIZsFo#vF%5QP&f+MYy2VoTzA1l%*->zjxw&K5z!py0UR9>D*{Ajo~<&N+8r
zfP-~I?qx*p=>eJWGCuyUwF2(bN5YX2fguc0DVBF%DLlSIWlZ^6q<);3|KC50O^7Ev
zYMNj3vJ8p_Yx|U4<1aOOuBUv@l29}W4OhH4v~z`n496q&R0kzpe#z{2K5cnauNsj)
z|8t8s1&4w@NY|=gO_TDu34|uzKxm@x-a`H({YvN$#n~BUy012;ym>r7m(L+}td?MT
ze4a(9LbZF4D=&E(aJ34!;bH<E%9+lA<kTBnN@GoUe&^4JyFObJ{ed+?wGFxv>4Q~V
z{Bu@@x)L4yc!B&Qz@2PiDX{ufL0Co5bQdnfsrk>}D0mNNfo&cdup2>8O}ZL-5J#){
z_(F0Y8ll7UQJ>}vsFMnk3j$kZFp5k25a@?!oDYJA2q#C%gAX_T`Hq%s=$$hUCXZrK
zrLe8RZRH@+QzFXdM6qFm*(5o`uk&${9m{=9i@ZWbjmXim2g;^R`6XwEmV8YUN|$*e
z4QF;LcvrN<9@f;<7<P}-s0cOhHE*WZP2l9TaXAcMALto@K;y3fc1id9XPb-(QCEYb
zz=fr6#QxT1WZ+Rjrntto6=T%&(XRz!!-@Zs0GAW;Q2)^vuLq;w`cE1;R7$6YBqf98
z+>ds~oQ;a|5Q<8+jqeH=8w<Thc;X$gd%}+V)-Cd*)!E!SDni|2yh#R)1gPyxzz(uJ
ztcyB}xu$vE)a#qq16<bMU&ldlQa*%l#JG3%%kUHY_{%eh!9ud`r86HsFbeV9cXQvC
zedwsp!XsTF$jjcStjlSi%#7Z8_lROF{ln&!)@sUtFa?)W^BQ`-!(MOb3H)A3g5|)I
z?nP=>QhkWn@lI(_GZGGPA0ku?vcbZ#kgSU1aJ_XY%lRw3V*}SU&pss629by{>3oqH
z?iU0ZtZpJIP(Oa7ylt<T8|7WH8(`)U)U>L)ZlmR0ue@>#hJGTM^z#iieSUaaGJUKI
z9h_fOfwI4k?h{q5e-Ay+mM}lU#SxI}R+P}4x@8oIX9j^fyZ;52$y|g+ug&~!P;XoI
zi?A9h!0wg8&uJdcOMLM<T6G^1Xto$@C+US^LQ<r?cQ<Dn13FrLCO#)nLSX=S$HLwf
z%V9ccT%#7WKSb=j?VQI5n4aynf7Z~#>I!Gutu2n@b#iSe62BRC%8Ie|_z))w)RtI|
zk5f&a)t}NopgZq+xZ7^IjD^G&Y)Tw1D!ntQI*5|rQwxjJ{5x$U?JiWHp4pi1RB+l?
z(5dX|S<IQt6OP#YxuX?&)$7|u)YgH?$188U>>l5t{zIM%^zh@n<vMz^|CRJ1y+Far
zY2++_g$a=JFZ;cdAoq(r_7*Sc`pRr2PX`2C@hC)N%rB8s=2p-XP(S&IB?bVU0JYTt
z)={4d;yZBD{UYUC*9iq-S$~`7^r0wv07KBHdH@b#GM1R)j+peltFp)8zds(UzJB_9
zFkrW@yrJ?9aKriy(HSYt?TVc?voHg3pZ(Xy*1xqx%M<)^P1)q9;~Zv5@n(v2K&cQ_
z1#RH*+{qiU1Fy{)sm{bxTnc0c_;qCu`~hWuh)Ww-B9%^&TZd^+l%?xe5&YmXrqh`Q
zpHB3~=?)wk!+H~IG?$~7f`A=k^!e@F_`!5{{;vGk3d`weGO|EVfhwWphXUfxMm&d$
z>CzbOKN#*nDef3ry3-zJfCNS_@k89lP6EGJ1^xnTz!xjjK;64HDSbB%Pd5hkpkM8W
z=;6`R=Bw8KI9}Daa@L^HtB$uh_XbL5PW1QtzMTjfJX=aSUUVKbmHadQ^5)@T>%l;`
z@TC8-xZY7uc;i1Q%3PrZ6eRcPVl+d0n%Bvydy&cM3<}SkdRsvGfAhru_bF{K*X;My
z@x0mjD{Nv_Y|EI+zT)U#TU{J#Y7$%RSrI;SEdf-Y&c4R~-CD4<w~r(NC{pmnUf`QK
zfy47c2mR@=V5<LTeBk`*{^fQGDS=*`p#wZpp!|QPvvqG$gMvd{H|h!bLu%6LX91=^
zIe~`5--T1|<NwTlvs~gh{u4IDm1Hb*O`+9mZM^(wU@MFx&|9MVy3_y41$eFD+_+w&
zBmwI`)m#T5KxbU8Yc}+W64E?Qj`m8M%yu{DGF8)_#cechwuBq&nFj3OtWWh|{64UF
zzwYOG|F8@<I_I~$rj!KpG-v=0ydpl}=U{d~PgtG}z%`u`_7fv>KfUwV>R`_Fm|dQx
zW;PZSg+$I>emX5En!CyJ;4V7r>xBSQA3So(oFVL+V*d4p*)i^>lBj)-e$iQ}PYwgs
z!`Am8t%oG&XLKL2)@qM}KxJ1{S`^#EAdrIw5`f%;SZ)Dxr;^7-Pv56!mw4uyj-W%u
zF{(ko&o=wj&hVmwm6W#X(bxt%w~e;9R0-Z5#<=9z)f;hKs#_NVz-d<M$@Znqo^H)n
z8pax1LJhN9yby4<ZE+U6xF_F?$B;_G0t^$-plfc$)muLw0j?QBM0tXBM7h&QafHeZ
z;}qUbs4@Ye1`Fz9^Kuw_OD=Wp%63!ILe&-fpNjUwc|iYy;|A|iw?||#T(%5-1=UaC
zb=Qn>YN0GCJp%_-Xm(Fp>#6gI0MsZhDc2*9m1pBg`dGmUSLn~kuj87`Fg3>GwaWgC
z_ak1nfu`o~^Z721PPT3lhM=XfU=^ft(OPjI>Q_!mKKu^#fUY!N<3#5QuOEu7C&!+0
zx?-5?fc-yn4=;~PAPUv0{dPb_=!zRKSfhrV>*aTaP1Pe37=#4QSyER(Yeb$wj835X
z6V+T*5e@z#$hRe-$Kw&j62*L|tI#Xuh5tmZe-042awmB!k6Y2atb-@>BrzWsict~6
z+G9NOiYgHKkO<qAr8l+EP-U%17$a?|pbk3RFm3=I|79aHUhX9Kpm?a3TD?`7slBCq
zWN1{Po3Te#$S6^t2~KdcU>k-dWIFSjo@x^(VC4kO){1$azT%1XbbX}-PA$<gX_t!#
zpXPw8GF8{zi6)G8bZB@)BNZ&iw9=C*csk_ACit}~mV>ZY4RyP-?I#V-5WY~fXGzq?
z##a&_E&+=cLn>Nbr$xsyw%2h-^CzQ7Bb$YoQ&C+CWmAY@{cJlD0)U2E;lM}wowLg@
zOutU`?F&4g8lISa|EcTY->s_Z>guZPKFPglk9}f+06$>mgH`ZfXgG`&`%ce}YZWhj
z*zaIyOb|8~aCd-#W%_Ip7usCP;oaU}uIqE;T}rI!0h&Q9XHT`a6C8T_b`alLWBF61
z0nQQt8EuQ-V!A=`JZHEyXe8dw$lqMvw6(O^^V)!@i~MI~w&{URG6RX!Zp<SQIVyg5
z$Loeqx>A>^Jn-wzLE_dm+1{$vwLgnwLzLLHBSUOOCu#GEDLTLTLy9vFR0xgNY3?7$
zRP5X|Z8y4u-2I@F@@Tz<Ji^#rD3a<NseSj#S-;2v@y(`6od_rTfXkD+!l1PSmkiHa
zwcezHRjICkMTK?6bz7}}8{SaygO1#p6v|iT7D1v6@wNy({H$<kgRPnxPgH|0or@#x
zuJOvx;>Wxw?`zXua{&nfR%79s;@^?2It1mNe7TM%--&0U#Ws^p;YjR`h}`72nrO{J
zk)U5~Z<YRLXZfjfjJ(|?r86TVr72S1dt}xXeQdP|x2p7?0`};93`cP#Z>aBc-}gc>
z!#=}5QX2^OoP2GG)_Lx<9Q~^uOf!b?bW=Am?8!>gavFQoBkVKHW&8Q>`S^%d$-7P8
zHEi^Qju(OsV-qC)-WH+b0j(g22KqLfe=6UkH(wfltJ^ikW{a2Py-uN&XNzQcJ=gv;
z@<3bu#pJvKsg4agT0`4R%KCDNM@j|o{c849>ga9EVFis@SFsoACAZam=ffX%nq12L
z8j&*n`N_)Do{z~UpEUE=0*k#ReA#)T>v+=iM3GZ={@;}zG><=tC?YpNVm=bn1_u=c
z90||exC2@lgeR8<)T7^xMjtkkhZZ5{7hdW<cOFMOW8SBRX5933B8sBaMk?<bYHu6$
z(=~or3Q-gFY$SJW{WVzoQX1dUNoC@i#V2)R-APxhfRG#Om&#ed^VuRrtkiO=X<^5G
zhU$%Oa?Y!Lm?qT1yMy?=y$Pe8=nB5y{W{60yU;zx^hDX(skX04g8Zdb3>-NtYDeQ5
ztX@H6yGCXvBk5y&c|YL#;h)C5ST7;d%K6aq)n^O5cV<2OJ)aJH8PUaKB2^VAZsKG!
z?7UY~yvkN0R{0BVO+xW?Qoszzh1QX`CcELeHGn5B*A!Oe7?-QGdrvkb^`&sYHs7uu
z`p=kod5FVVTlPHCzw-9u&{KcKc*3~fQ^`W-X1wOoTeeXGsDA&Y$HWDWlfSzPCnvw?
zkALNzG^mb&SsmClGx7w99b=yC&tsm-)%HZ0WNlF=<U3u}G3R=b67z>5)_P$vV?ItF
zR$v);4a^ogP>a>j5Ac(gGA&>ZX3yJrsU4l+%V7K)ewnUMM%9V29a?9wOv$l{;CtbF
zMVsgSt)_~np@FLtR!NfdyvQZ1#)S>h-hFO%SV1gC_*UH@9PWOFZ59`?IIO@XmpN29
z#P-@W*CvmqYlW0YuGjh5|GM?znjv~2UZ;yu)#qn@!*k)xJu}$GyF!2BP0X{S^}TRL
z&sJuV$B~8)uNtI)TkVo1R}Sq6no+hpXHLhjg*W5bvs*OJbqbvB#jEU?Q?y6fLCCb?
zFqRglpE}lsVtb;Ew^xiDvo6za?&U1H>_@zyAlG8_Y{9dGaBOa}UdQ@DmJ>*Stj=U@
zKgDllF$8Dl*O%MJqr#)E0YP2ce9^6Mvl9~{{5tWlPEt{-=QY0CwoE+s#rm+1#%FF-
z{LCI%%s@fof?jWKtW*l%I3c8ViqupP5=Vi*-qPGcN~Dj$8%%yPn6xr-TuS|0@kG~+
z6c%>8dL}n)x)_;dK)`C(Z~pCAO|nj<A$&4^YxeBrYSx!iDI5ImYssMUHF@%bE2=QT
zDH6(C2M6%TraRH%O~<+l<+i_gsqww(3x$FPfkDcF(nFX#eL{Z;RT!801dKENu#zXZ
z0={{@1LYNC#Z!;>HB%$pch{ER3D>$kFO$`yJGQ8GAxFX|xq<Yv8kdS2z?qHswd3q;
zLE7dP>EryOp<fjHm3G>mN7dT?gtH@p2;J6B_Ld{R-ps&VUG&^KpT8djmGw{T+xPgG
z*r?P=VD5`Wd(%JdxIwtu*|3_zVS0OY+_BQOtdSv%rgbbJ>sF|X9IKT7vl+J@exlm(
zqS^!97J!thKd0f{k^7gSbUw`7LXWxmLN2P89?8l^R)p)V8RAu=*&X)hI*+t%<@IiK
znN!wNEGP@#U2Zdsy4K&I5~R}^l>zL)Tk)d-WNCMY#9jQopui<I3CTz+C3V8j(L9z;
zrb=G038PB?OE@p;P2sm<8;2>mmv>FPd!YujP#aoZ<)9QM_Bg(p6(lD6QAr_)s5Md)
zi@(ZWGvKDnoKHKFH2HR=ST+04!E1JjQZ?esy>_|lG_r%khO9kU-hM|c8XS9g{4r6-
zs6I?S=@8NP!}7<}`!9A3U%7I9f_>jWG;J#@c#<^vK74DZA9^;gTYD?R#CKr*p6Q1P
z@+-IPiqVki<C9yI(GwBcY^&{zV5s<qZu}Tk^(vjL0JmhYq!(zFqgS?D>`mEqr}ID#
z9W)y8u{iF4Rp3dEjp>Yg=SIMQ^^bH{`j12dSZx_Hb3hj$M;@`0y{a6RDa2K%53f(+
z%Qe+fueUVJ>lWxkah1lC>TJ6$_Qo|s&TUY^puKMlST%IL=iO@qi8_5bsb_}FrXD&w
zSu#;Zl;JMjE^G+aaSB6Nsh3>ZsD}Hji;cC|fyTEcB;mTo?4GSvk=Dq_&8A`e!%*sv
znj%><U1nY>-*WAcSyv&~gr({|0TjDgSxFm$a(mcJ$nZO_dDd)ODEywcYm8z_AN9xd
z>yn?=ayLit^9uBt#mwq~0si&F^>$G9*oajlTC_r<GD)1h-%`+ZVzaI*ODbaMx9|#f
zl}}GeewX`w+5_+%-LE@cPCnPb;*Jb-0#7t+zrQdB$)(Gn3S2TmSoVC-Mq3kD-;CTv
z(b)a<C&RyoD^*>)LLJtYbbS*KZWeDV&)#(n^sGAXgMtdASl}BXo{blJta<A3`UOmf
z>oz!w?FEK)go-!R9Vc3aLsH?y&MyPSHFqWu0*zJ0QaT@SHVA{UzX2njKS!{U5sh{x
zDMO#o1#^`H0R!vfbe|D#{9t)bpz)Ae6B(54YSi@_Y(oGK1Zke6<F;_eJHf&<Df0=k
z3(iVYb#QBKx4A_%LrpvefK78c;00xVdmA0l8uR4``iXb-=kWqT6zHzwTYMHxsyGJ-
zeu|$uG4DXq{5I-|+e2!miqjRx0l%m?-ZX8b*khHFOniy5Rv<-l_>jK~J?KLy!l|^s
zEJoX>y_b&ZEA>5Q4Zx);x<rc-5FKx@c$|IXtYu!w4m}tM)ntUZ-_yOsB`uLITN_>I
z=JZjgJ!3Xglq#P5%~%$2`s`e8!tPXjzw8>@Mv&a}A^va<boU*t%n%0Ig3LZUMD#4*
zp8fMd75muNX2y55q`3!h@5=aqhaNw%aVfmrsSH^+xBx1P@hHEN(o*u?(B*}@#%q+F
z`8k32W#2n4Ah1mE!X6`H(^sEz>U7i2iUZ(rZ}khz!MZ!fJ854Y+|S(QKL^r(TD){_
z7Cr`>%Dj$FQ)YQ8UTS$0OtfQcDsG-z`4nHQ^PVeHmuR1mDfLD(zFC%VcTlrQ_gyLj
z(LiIW&=BrsQj9nlwlFiB(eE_F<!lvK!Vj+a!F#37TTNodMZtDPI<EF3QwF=bA3EO3
zjz6B<bB1A@=MI;iP83`PjYb$?LS7@?FOJnG*j1%9GnbM^AN80GK;5)Q$yLL)JMt@)
zyn~_<?i#da%uC&|40ulN1UQ@q&E+JDto5nR%rB8$vgY2KXb1+zHa%L=8%j`<s%NTz
zs&><X${@Y=c%%17^?N(6u@%#XsF+FyS-7gjL$Qqjn?0?~p^*o(PiB@U2<fUZ^FKc}
z_4#p#7mOi3@LRd&nf_k*FtMtdUV(KF0JEeDJ`+SpILI2vH#z^wpEi0hny^`fO>OQ^
zc<>}dcKlu#Jx7NBr<<Uxpe0~6<n%9A$JO)Mtb8XXY*LEj+&29f`Gqt)W7x!Nn$6v@
zQNkUm`L}rvng$Eq1~jML_J#`_Z_(b9(=?YzDgE1QuvhUB>PG7X*N79DWtqM0HdWGh
z`|Cj(KTUlF`w&SK85c+(%Uk-3LAVSuy(PRNheVUiJ)DPYpB^VpOF<|LAAafVfN!Sf
zV|%7FwfFh8QV;VSHVR>v;EvOO#UIiyJb|?&K23T&YAPXMV8OoKh~0p?5ro<gb&>WX
z!IATB)2RA(9m>ZyF9OGE=LegY+{!UxOsm3Od$N#_`Is^A<qo_E${jm5*ruHkCbFj)
zLr$-yJelF`*)jBL&9j|?2N)%CH^ScJ9_sAf)IOC@?OdR^8x@G}V++PFz~~~1)xdT6
z9fB`9zK2U=&ZhvS(zG$$NXEx##td>BG!zf2ONb?Ix)v|=u*{Uo`XG!mdXm9qy!72`
z?vG40&gdy<oS+dq3=BT?xFrH2W<kr4m)T1OK27WCMAQ%~_6o@H%l)bdLFMkNhs{Di
zmB`bg4;SHl1|H4ilGPE)9z3GosWj%Ev%L;w;1L|FbG|RZN>9Rbpci(6Irl7T1!}tl
z)v*2a4WASHwegrC)2hNhq7u8&@I8xE+|UK3f;fdhhg=ET_}up^vhXDO3U2-p^n&K>
zJ=y}_1Y;k4BpRo@LvSX*=EOGr>YfM+_cUwE>7;tGuWlqIn>0x?^zDVwRQapAjiD}D
zt6%Vw1$$x9sLO!WxRfr13CVW`XN&2sU<%3EaeD?#e%w6zDqAb9Vzw(7q}UP}hrObQ
zeOCBQcLgLs*ZmOR8S!#WW+iR0x<iKT8+Q;kxWAG+Osu!2%KI%nip%GID*qeDxK}IV
z#S6uMXjl81__=jSZlOP+A&g#0;f$aTVokR5kwE?VB$6dQTX{;81>a@PU~*!aqO)ZX
zSIIcwqr;BUuV(xB=3YpTQkSx$q|T)}ZU_%+e5Ku^++u%(x<6NFhflSfh;wO-Ud1AQ
z-V-9qFpJN6wjCZKfqGkHJ)`WnnKXFxyF%|+>kYvU{F9C0Yeu2rh!gB5t`I=BP|oPt
zyGz%7vysKB7O(=BL;w+YE8z3|w6FLrA_wt_#d)R}iM}JCW%Tv1$nXh@p3bH!WnzD6
zVPA3;8lfR_6l1$>zOMcmNixN$jZ{Z|g*x-8jcw&D7Dm)MwaK+QYE*(>=OJRTh5UYH
z@=%z^)T<%CQMbfTXRWCPdE4Q14eb^Bqs_xRfd)vgulaz&-dNqpi~>lROGv4bkbE_;
zdD>K-s(w+Wb!`;{r>)gg6YO1{Y#;`O+b*|a-qvf@L5D9UQp=E*n;FFy;>QRLgE|I!
zG)C#$4PFJ<q7_W7Qon9mzG}tfbB`(VPEAhdmv@K8T7e$M)`lsTddM(|sKL>bLDq2z
zsQ^UglWN-hqO)dTO`acv<p$Ott8Thzu;IJVq(^iSFL3er7$4+a)Is(lZEC(bvW8JM
zV9jE38<R{hDb6YSF*YNhGgeR}?wT^1v@(UykWI<h6hjckuRiBoJ0n~LH!!H8?T*#F
z0D57iaX`~|!`UN!+h4?p3YyN}Z@tCs=j8h5`g)CgRrHuHTj-d7X1uWMR{MfV#cC5?
zyGz|YG$-;khmk;U1ky}E=vs+&yaq{*t5(IvpUHX#o8<b1x!=@n(vy=vbVrsQz6l!%
zU3uDRkP?~yL|e^slbj>%B(NV7iEMXQp=f-DeyIBsM!3JSKlqN%hh-$}_$iNNU#WF;
z-O(g!1S+F5^Mm(Ao?Tl<<Y1iyqw|!%2j^(xAYb=pl`^hkMPXf*13aRkQDQmjR}@h!
zGPe|1^ws1NmVP9GwDQa%<!A4I`~fP>b8}W@OLd?nB(<#j0By2UT;)91az^niD02Qk
z7}nkv51ju0K+=GvKNa);j(@nL$4u*TPNZRI{ZfkkAS%g3tkNH}8o?ZIuoO`a666T*
z>q#CeOri|D6H0B%U!($wgh6zhR!du3+*=r>X*r{=8Te1?M}o}AU#zQW0{?_?U;@|&
zJ*qVT4)Z5`Ba1;cXtLsCz{N8kqGq-=f7oS$1R;PaFq<LJ%V&7chyT7n1<HM`;ZEb8
zh`iEv^-s%(6n9)iH0YE11%k~G#;z{<Y}?gjYio@koZAI-`WMfD%zFRj?flZO8M$)m
zfJFVvBn*E3XtgE8QICn=9L!1A3*g7&ZKpJFh=tCm80Iw3OCCT$KxTryc5G`@OV@$S
zAC@oH9;z8Y@=i(hp(sEi-b$1K3Gyyhgik#H9w)WQK6}^?cq*fY$7uu!g6OyFz;Hle
zI!|j(?+}4>8N!@iIs$>z>4AncARov+Gwl6;)U%*i@{4h*)Eq^}2n%tMQ<S`dbrayS
zF&$Tc2g<IQajw0U^xFkQb^SkLx@}noP+WdKaz#?JLkang^(SiUe}i{YLvkfK!M~~K
zCCX|@t-!q@j$j5sIsu<<W$ve^J(4d1R;KPW18u!_E(2ioMpZr6CAlf)lA<Sv<Ra1k
z`WVamEsm513InGTP}(MgL(3FK2cRF}F4X{?eJ_1TdcA6B5Fq^OkAf1P?au>{{w=He
zQ^-w599XW`C&x#`L?b5yu#Y+1f7NJiC9MWgc1r$Eo!Eru3XFT6b~S4Tbik&{kZ`Jg
z)t_|ey30n+{d=GHb53JWMardsO5g4<`03RLklFMvp@uuNfQM9|7O<j4?0%TZn&wcD
z8R+Y~aC`3Ag!DDt9zG-aG}q3XNP>2OfcF<Vro@Lo^o;Roa;MKPGc$ap&W@o7oR9<x
zqz@{kZzD9ht<~MiFCGal`}JJliHw~7FyA<L1o<c7w)1a$me0l+<s$@m%wM$Oe*K&=
z_y;7KiJEa53u?B^0^EH*;5PRVv%}a8i&zac7_43Nzt4{{8k|8-%W?!AZhfA2pc{P-
zygT^E*-)2@-zBx&Y3YGLexrGB7FBR^x^y|0glt^A{ef(pRlbCp^g_)GnShdio<9}C
z>FvF``*~4HJX4i6{VyLGcP{NrdYFL2c~wq72o%f;go5|*ul!DC0`_Kz*v1XR@9!R`
zfW3hnM3vna?Y#f#pAG<-fp~0719#95X{V0%=A<>Q93-0-Qr<F~c>lKg=ELx1XW`^;
zDItIAWcOw6^vNp4ChtWlUnW3jObuq9P%;JhHc#^h2AxlKodx)S`&_^^90>P&@Jnba
z!?S>Y>5y$y^m&^>CkI3z|Eq*Atm2&138jCoMy$fD*SB)vrs4Kp<}LD{UK@!@()8nu
z^6}6RW;SUDc7<4WlrA9F^OtCU%l!QMxPoORAwM!?+^*31DCw*%N{vi4q5R*C#HBN#
zE?J6{gb_6WPE6&P+KJ_9E~F$LZV`^%@uDR%`&!aFT6ExtlXrpXwY>&%Fa)n+n|}S)
zeWyr7TWroYC;UTrWo{>5{ikC<e)8!CKP~dK0Dn&Pn;OuW#i4fF0-d=Uw}%0EFnBj_
z`R!)lUL(<O?tondAc{a{FJw4buTJ_}*xTFt>1dqvZ_(zOz!8iJPpL+1W)5XehYM~2
zw3k!!u!>-o)J%i^nepE63<*d<edGsN5unI`)h{GPVFCfn)~n&<_#kq$)gVr&D0+QI
zNei4Kf*EW1pie&*(t6O?stoX7in$nZuZ^@}$M7z8KfVB9Ga2d!o~l<hua-W)@0Frv
zVAM8$R!LtE$btqN_j_eo+AN0W24|DrB2-WXv3wsiFQE|^SkAlM7`0(P22u&jk(&Rw
zGr(pt_XCJ~f>Z0!u1U#TSlspESozh{c%gt!pvmQv^(h?$0`*Xbx;$4rlW@0=FVgIG
z9s<xLQ<Xg+`hNKcf&XuHI_YT5`@iGWBC?Ey!y*vFMo#tC^YXkM>S&{{D}e1WiSLs>
zIqY*=o2reSJhdsop8*4Qt>o4|N+7@%wUG_`GcO{2LYD3?&inVydy6-<eWexa_j_%m
zDn)QvaZT|??ri_<K;u($IOWvnC?w#VJ}@m?AHOlz8q^H7jJ9oDe`(r8LYA`n#htz-
zik;!B=uiLWJR!3O&NFeEXbB}AE0f<OqUF>-2?Rra35nfXsk1jvRM9veP0IDpPX70L
z2PypvHZP$GOmP!05d!$l66b(b`6Xw?G$5zPQsCb*>T`0xe|+cZfQk<AV1d6-flIky
z>^~jTy$H!=8(<GvZ3%v5git%>?SUe4gW>CyH~lT;Jc_td(&c|`sWi0a%1t@TEE+8a
zR;T&}oQpD?4&6zB;oe?MP{W2|0&@MqC;vK^8Dw3pk%1&kRt5BOpVY<tn}q`t_xsCH
z6FN_5#xy`IVgT2Y9Ru_h0|LJ`0LGOx)Ei($hTy0`W+M)cjwk{D-*m*&>>J;2w`V^=
z8kTdq3DH2F@UAo4m=COA)x6o~@9(f7fV51&w(PG=`hQQw$16jW#68y(lS~7B@bIT|
z{_YFHtMAS`9Q5`e^-M%5+o3DD{eRsIkb8r_j{Z@R1<tNtsF@v3OsMTrnN9s&QBBus
z&4U=QC2J8zdl6rE-cF4*JySa+Rc&IrE85lczNv6fG+>32j<nqGg}>kO9D{jX)@{+r
zBDF#53}5^Fg`+lUV5R~II@w8ei(QVsJKxW~;rc_x@mFR)vh{D|_OB3nCj6i)0Ey~e
zDZhgi@Qq0e*qyi`hrI%DCA;~lPAUE(*N|_;##F2yfoZO=Ci{<uYZ@%l4g-cW30pTG
zfy6_F?93M0!*3)6Waxy!p|jOvCgSzFnLUt3hn&M2jeL)2tX>_!nrL#2e9_T^3D;^v
zn3M1o8seHJDe4(x&s|?~V$Q7oDl+4G|ER*IKcib&VXjQfscEY-ocbknc59(aygPf9
zQS~<?J%(fD75YYv*XHcx^GEd44x}SrLb_Lm_W6~ot2e8QXkBjD-O$A3Iow3XPQE*T
z?Zdmp@b!wGJGlsMo{x?UUnSBx1wR~Av^QM3pL<m|7+!V@@K?%SEpAYDYg;7)wsSew
zF&CD&o8~qA>*BEVE6eB*fewXC-k#*?l{`L5Ehg0S@{WS;=j$tPx>i|Z=RZ36No5qQ
z)&)4O)#-I`PFP9)bZz`g6sJxaHFoO2*9o^}t9b-f)1gYsr}AJTQ;Q0=9e?^vH;CE3
z-90!G-BHbaaZEY6`0uoa?zsN>nq;N(0T#)Hf8_GEi(oJ9Q*ke$+LvxfIv|{SlSt^;
zK`l|S(ug7WjUJt?1`L@5ftA|BAq^76mpqzEsFif3QLCgFA{yhN>dIp>61u<-vk{%I
z*AIk*#7Ek|{GCi)+hn&IjzrU&4i^G$F4(S`tTd1%3&lP<Hu6gQ)HV1$t+9bwent;^
zwyaxMLA~$~)GvV5@#buNxo%(JPCo6b(Al^m->j80OZE2y%@58H!t{r}4RQPXt9LTj
zi{CnKXO<cHrf1v!7kclgvV|KeKpu<)Gn!1szaUsNWS|$BVcl?T;>6`bh8mT?>|5Xv
zRE;Qo#8=iL;s2EjK#y_>_!)4o=N;ek6$U+?_g>SkU5mF)66HFu?)!?*)r~2Y-`L*x
zQ7z|sWA1+^c>);)-EcU0I}foe#>2h!*(l;0ZRk(e?psCiMq?9r>>?A|#n$lkmQh#Z
z(nFQZY-oSQOGN*h@*Q{Wy`)WpMl!K=5Sf}jxZ|$Xuh1p%RA(e4a|i(7uT+x=WZKd>
zNF-~zUJI8WpJgp|QZp&{a0*WT^(ABq(yePp5-V;n@kt1s8a4JyU-rH|_Kg8!A8)!-
zxUCZ#(c`0Q+@LD7>@@<v*0Z^n_>J4&gy6Uk>6C`6g?(B-F81}JGzKmN6bVJ{#NRkz
ze=wSkyE7Z2L+M_fcKk^yOkXjuF!0|T?f6}l?kugROT<o}qcx|llN)_O;iHkfx??t|
z%oWtOFK6hRwIs0oB%pkMYD-&E;$Gli%J0%E!Qzj6>nI)hNouJ{;n;A2-_v`o5Yzk(
zxoc$Yo%zA?zk@Zb<sn%fk}3Au@&jVO`(g*tv{MMv!cN>T(~})jfjk6*0Q9$SmS11G
zpJa%KfahoFf`gywP1-ICnrZvq&u@9T9F-gxQ7Jaep)uOF#fSP*V0j%^eNHzPNj3Mq
z&Ik2qEA@ToRN`&v#s)z2jP~7z)<qi4`e(MuKgk{QWYw-6zA8Rk<TvkMeVey?v}v_M
zas7BZ>oT0A29Xy#D4`S@4y_JsyeDuoO}aT~dyXk9fAyek)3v+s+0GnQYM++s5Iit;
za=*}>HdmtVaK5pIr$q!B+w%=y>cIe+9a7n97kyv8!P>VzNYueUq$jL0JZLEDazX85
zpnfnJPQE|Oxv}|S?7nYY+%8{4#^NqAMY41Imi<MgNF%g5s73@Hht^KL(!R=OIz-i*
zei8LMCIZ0?mSw+OE!Qis)eu%H?<aZ7)MA!d?pR2mxz6~!j|BV9NOi>_1<w+m`!mpB
zIMfj*pnaO3C-Ca#lL%8{n~Up1=>{jt#OQg04R`AYdhfRV6XtVmkTg*iEc8yq+%x$G
z%eNG61NV3dv*Z<$4UE}f_~xkltA1VSsk^?3hG(`9aI_Z4PzZ0!KAZTS4!L@&ms<PC
zz^BAdjhjB8mw)&`eUq1`f{aO<V8Z{Pb;B{Gm&4J}zWmh{+`UqA4G|j;q41<<76e?f
zowYMkzd$GPr;REk!S<uNYEOZq%^hn2+vfW_!J33NCq2<hi8hIpscqShZeTVzWV-_E
zrnR0h7>V96cOJVML{beEH+0=DgRE7M8+i)(lB)kk4r=%czVgVF(^ED2Eh#wio|$Q&
zGHXNB=4s=zVC&G%5SfAbvBctM5`qN(#mJoD?)4KLrpE=gTpcHb?pS^gpA_HBaXAsg
zc5P=B_G^L6JE&I^>ErIStEBk+jWYQ7y>@GDqyYGfV`*$vK&juSubYNO{;8Nw$I?je
zIClE1&i&6^E%C2-5Un$B(dVx&p&-(#(tVd-eQB^S%{eq?ZrGmDrKUAMv(!}`;+Ar`
zA4XnumNb)i%J21}%m|^U9O*8Z!d@umyr<F33OByD24lAhEaJT^{nLWglO8$|Kc_-(
zO8DV)Gfv8sK}P_4h+>O<YCtkhj2DO*76~oE2_OcTt_8RgQAw%@^6BNF>+WOQ^Y6}9
zs#mwkWE!O*2EP-|3D`N;NtNSy=HHfx>?JTW6@m5Of9DTPQ3M?}$-O@ECuJ%-xOT^H
zie)?xB!5uesqsZ8W&T>1bJFk|jg^$lXF<llmB+gFVqmY28n1wxT(O4|vkbdeZQY)3
z%fO6(p**B{>Ert|1bGFH_6~$0S1g$ai&vGsXH7<Oga&xAPv%(-{C>An`#{$l*WuUb
z@A{>`{lAL)uBfKEw%drG4N*iXA_5{J5C|Y39aIp|AV^E72_PUM1f+!C6p$t$m{6oj
z2_+DulNgF9AVGRlsx$+H9+0a1JHFp{{xi-v7yrc><K!Y2S;^jOt-Z>#=6vRiDYf$R
zu<@U09Y@daaaX$poG%R&cEry`IbFCX$7`g3pluz&#C2D<Y%lh3VZXc0eo07`6a8NA
z?|s<E5*8nPFvF8p+u%!8o+O%an=|=cng5u}=Avr1`E2m01}nIe<EzzWWU9C>|L47B
z+ET?rMEUeO)6t2~-vuWOLk8TQnW}E898uMs>$}k%Om`K_;S-2i(TLL+_SrPG8C&qY
z*io7g$m=bv*QS#@iQetg7<@zb*iiAE0u?yaN_Frl^Cej<w2~M7!js1`@jng?&VERp
zvl*TBPJM#ywC_xPGhOXL?dqEPvmtpX{kv=RK(DOg9yb}lVXimgf1dsGXZ0{>kC?Sj
zgs&I<E<~blRo_{@;$=)5akIkotp!-}Zp(a((QkUXE@Of2^-5p^rNombrR?JPR7vlT
zNgAA#Im@q>?n0bPy3;Oe_xGU9$hlr>0lk+i302=&@orQGWMft|-8jIf<Wl$=y38Lz
zS|QQQTfV~t214SGKZci{(;_nwl+<YoRQvw5A66?h%%GT~;cKGLxI3+Hq`K%MK|S(#
z{p0<Y7vxZo>A;U0zgu(Ca>gGns{^FNz<W)d&;F$ETcb&bgq4RqlI1JLjUu6-_ssey
zWf)Kq3pDechVPNvS)0T<9WMKxuZcnZLsz}pzi#u;lSDFg-iQSRI`<~xDA|3<H~T4B
zalQ{_O?lk}z=QmhD^2dbsu3}A%u}N8`C;-RlA!rF4eZTkn2)lydzCJbY1osSwLShn
z&{4IWoDk&h4Xb0O>t2Y<z!8WMxwD8P$E_vRL8jN=CW~m^XSU*~1cz4kwGCYrs_kr;
zh7jK-iN|T=JI)P)y+_Qx^c#{V+KlP1is7N@C(N9<sz>n0|5a><G!BAmW{GY7y0fwY
z+5Vwmnmal1>eex?4YSoP&6-?NO^zJge1UW5G<)+aP2Hg}<M-zzI2#`v7;Z;rYWOXb
zz9l99z@dFwLpXmGt5bgP|L*0_2c%*ASt0>K`OlE{&oUj%fgY(`(Y)CWG~%jSmWAoa
zPwPS-)@IGpu;L0gvsuT5@A!?)hMd5<BvD|7Y~OeoG{70L=3I*Z0L$_3_3)bGlpx9~
zTrjEca!Xr-pU}8kgC(!zlO>)W-j>1qs%Zz%G#2)5(GBwXKuLGa=64@YTc-nXSGQxv
zs->u9jeXBuu@EKq{QWA&#&WZ1)Q9BcF-`Qc%Kmj1X>_QQ(s1pI@>8L{8ttF-I}Eo;
zn2&Xxug7b2LXTX!_WIEvTCxH5I+-XxYjuq!M3N6kvwJ>$;)m(>iJ4<kdeF319#JpD
zwY+(5vG73AQ1pWKfFnKW!rrguEAR&Qysy4fuVvBSUomH%2pA~e2uemx4{kBjXk;sg
z%$IR(5NW$=)8r$#x{arAy)yA|7`9r3H2;08D{YO+vq2SWYOM<BiYE8PF0|}8pV>g-
z)G{U4W=e&`3$i@+erZi6j<yK}kAcXPVjg*^VKk8gd{)8~C%5aCI)WM^R89!jJgr<-
zdDZW^Yd&GwWg5Ir=F*Se7#u|Ka6bydQ*I(>HZ8s4KFIdu$a*$vX|^W?wXjXPQqrdB
zpoei?V!XBX*o;28@`evJf@Nx#KVek3$KX&je{HEFn9E<8D3R;$jBHD4)b$VDy(7RP
z#eX&_oWB9as(TC6UnMw`Y}Y=RSA3Mc$gc;taQcpmc+kDtC@Y(-D*#yqH!T>gF|s*r
zy(G2Zw|WZG2r5=$cHBF^xv{)*5kt8mu|9!5a_-`B7<39O9{N7O)0H++U2z$(5-FfY
zn5+yCeX`nMh%J@g!(t9=BU4^DJo6wOqU3dAfZozA%3J#aSuq4<+Xg*9alo$S?wfDg
zDM|ORaP!e`N-D7AM63qT{8amAI0e1@(U*5aEMP&N54s;=pVO~>=ZHth(w`q2)L_Xa
z8NS{1Aj-xM{+nL1@@zCtN27-|k6Wzjh`4m*RvBM+3FV7y-@dxlbo-Q;-a46LdT7rp
zeg-7=s>{qPkmeUo_aB~9&{3v*8W6QaqbH3euGeU{%&3KoI(wGGc;%|)=Og+>+6ofz
zeae%&UGE}~^1QM_!f~5DUDV%s3pzbRFA~%4FM$@q-$j%w>m=-CSJP6a0ePyn+pJ_R
zX=f{BNYOjRQ_TyEiDQ?lx7@5S^h3!{|GF71*)Tuj);`4{fW_G*vOu-7$f4QNJ-*@P
zOrk_nuVB+c<lFa#^SfaQzSxg)3!fI(0)!@O%VkzS7Mn(_rzVvxKIN)6>!~!D%FWku
zTi|vOduQiFn-WMBkJ-Qlm>R6fbk3VrangRjBP){o24(t~!%VW!+@C#g;9E)(z9i3P
z4y|3ci{Zn;ZP?~YGCO=Xiq4eLR)>P}OPiVvyJ7FQtA4ZR=;*`$GB<0V6i6(G>WSH`
zlbi8N*q0j!Fc09#qVJ|4DJl}`_|nUm<1y!3O3UY8g;iLG_UWL=4z1tO;25DzRv;ap
zBm3+tK2N{hq1fwkY|6L2qT2a?2K8tq%cwq4rKI3k=M3BOC4#(*58R<<1<eu?q@W}{
z%{c7<)Od_Nr_~d`cB+J8QYTzXbc#9NVsULJDr+YSE{zor4>Ub)aB?{2;Jago#@J}t
zUH-InZG0+3QjIWqDU5>98a-#<znY@OAA_4^wnqdN6A<it<X3ZMhB<qAU}SycCZU|i
zJ0N(Wmb#h*|2DAyWfeKIZP<Rku;QW3icOr|`$vmM*u)}Xr%7M?;(kJAaPAArs`ISC
z5+h{0&DR(}4J6hsgCJsmBr>88Ofw!?E{b3ZX)2#}v)xp=ufP4YO&YEzV4V#_mo&JY
z(<DmHs!DDh7)Kao(7r7gYmWlt7Fu7A*S&1d(pz`%*AY}7{ffyOLr1Zg{*A4g9v^*z
zCqeX<5+B41wedQle6XyY=Tm4d{25s@lsf$#RTX==l5)<#>|4&|4yp49MM30)>tLUn
zF0<Vjku!mwDC~=(9dcPABn-7NP{WIUSM(c>)#1ojs*y&zS9TVpH5~x!vN*SxHs5+$
z8*~tNbl~S5Wu1e}wCs4RF@!S5%2>WsgwP{jyb|;EBwN_T#_nAy%b<0x;PPr`IP-pr
z%r_x~=^3x1o9Y+cZtHH>sr+j?VBx^b;87BXb$y1mWuZoQcHNKIKgsY{#-^)^Cff(Y
zG7l&kuPQfL=yJz?&GvY};g@b5Elv5>A(-hziKiG#e<n_49>vjgVghDujQRH_^Xe2D
zlWtDmx$U3z8FC4VmdCTO)!ytb^G@|OxRmU0|D#dhx0XTaf`x25EX%Lyb>rAXm98{G
z<^I!te=<sW(NH3v<Z2{=o<)~<H^dJzCNm?qSn-C=1BMue8T7abKU9>Pll<}z?PID1
zp8P(VdT#MfA=fLbkxc!vy6FxL$^EhL&w>l^It+n8|6`Y#VwJ<*NH7V=3@wa{3_P4s
z)7e`kMrCe0Tx-<USk`)jV-2dGRb@j;k5Zo4_tP)4M{p6=ndEP{k|yZq>J`+*k9Oa=
zeBrN}=8;&%FNQJ@_ukd#6Hi|#tJ=2@4`A~dUbNC$35aS4Z01f~A0-JSrSdo6`rT&$
zpwC*LNg`o}L&3D#AiQ^K@y@4P2O2+Fn+x^*w?UUdELoc1FhJu3YWkt?ur(aCJe+hj
zsqYSVSh@A^N8`#7VbH774EqehM+ot-qDMl#4ZSrSBMmvrFE;@Q5Dz*%#oS|gP1l*X
z`6@f$Z)9KLe{ItH`m}D-5zxy>OjRE;H1N4JKoW$gn?`ZA^t`x;f{R$lx-X=l#g0H)
z4QlV+0yVuZH&mb<2ZE!RQw;Yd5PLH;?<ACsMoI>hH=8loW`>yEgP6@6ZlVI9cD#(-
z>{pp#>ZV#NIfhKtRrT8s#RN>c>P+Ict=Y^eiYwuE`F%E<y;qMTnI`v}eGZc%|A-M}
z0r2CGPTVK|>IJ3M$@6920f_=HWA^z)&#u}SS8K;MxBj+bFB><2eAt$B4?<5=<f$X8
z=0di2j(`d^Vj7=B9a!yzTg{hT1cGOy9eW5I0Ds?~%|6HZS~^$ts~zt^;@8T$Sm+%?
zpJjo9czJ<j^}M-(Kyffqscc49=eGak6=DLk=uIN-eY8#+d&G8x%*3iL{9(p$gSUae
zfMN$;;j+VB8(ZL5i;dsNo9RlPH3@(lr%}u+er_;<Fh0F8NQ~O%J67FaEPvy1D01+s
zgA#$xNR~}+1}f9kpRQ$=9*yB~T`KhrGdw#}E_cu74f+A}Ev8HsHk%jLGS|sb>-gcI
za&|4?l4}n{=z+&EEN;4YJra@tmqY!Q?S0{x)0~3a0M?Kd5BSq%BuzH&T8&#Z4EYGq
zCRW{9$z&vD0fZ|ER2dpBr2&VC2KOE_q!_nDMeJ{!hdfde&exAlv=k|Qeg8<sV9!vU
zZ=|#cBwtkX0Vhe$H}+dI^&ue}46%5SuTW!PO{4t79>D=%|0Rakti(NE7YZkQ{Z^4L
zRgr?NdDe4tPlPP~gyhv5Gl1c2?!D3O%58tYD)H@${IXM`VTQ-+=k=J|E@$=YryHI`
zabq9!GW~_zLHJ`p?Vvg<mlk)!goJdU30zuH9XV~s>;p2`uMv$}JpxfqQ^!zbk=SwL
zSaumAW@JND2tvWr@}*jjxk3w_Ju@0mzl}24lezK}`h<1zyTm5Jw*cfr)cYU4B4n_9
z=1YR0@Z<aSPtV_SR&#%jZH{n1@jeL1YEwa>P!LU*PI{Vm8l!>t7Up|%8C;^}z5CVz
zVR~QoL^^=80#E{K+WQ2~?YTq@q#!VmtBg<n>i(W|lErfVLhnuQ|69(>pqLpiz%8@+
z`8!{~z@@<g1$M669NwxsK7K2!6KQ}jkyTU>_)17ZbIk>w7rz7s9@D?lL*?#q2aKPY
zydSRuC`j>#J0@K^jpf@!%=k%b21gOH6^athPS{^<%u;^=p9NHoo!xw`K%xS`P^$yL
z$Cq)#w6fK2<+dBW6aJ1*!}|~MWet8CrH6Z8ZW<j*HtbBdyIM)cWX$xqiJ_7$-P>m`
zd~#GiG38@x8qAKYXt5>1+dS*LXeobmj^_)o*9IxS>T?o2?aU`+-;@1UQ1^-zIQ@v(
z4kP_hN^aAi?YdP(LzMV>iS_>5xDLri6@*(0$D2du3lKB|Sid|BVBf03ooC3v;jv#=
zeq7dVy()(*$_5)Z4Zp0{v2b6Gw|@(mc6<B@uM9VU+%GxBve-FnTTMmNWBme_OBi)V
zAGv*03*$CCkod4vfy#dhu*q)@l?ao~)VzE5dr6DM_?oh<o9b{S3$}1}xm<<(c|}WX
zM*+JUf-1{C+$ldvF0E=&(7C4;PMnETz8;<Z`YJc%Im-U|R(`DXlRS3jf24xWY9e7C
zSHdaKr1C@|djm>3M$(KsS5rbb{?onnN@)i>04BPwlZDXO&x3N#$1|9~`WEz`U8+2?
zUz1x_Bpj$IXa<zr%OYyg%j6JaS#`k8`-bTvl?BT7pkEW2XW71on<REPUSJjsHzcHM
zIWFWX^c&l}!u<Sm|9HFT_W<PjqAAzh!>OCYJ#=<eZvziVs>iq3)xcH%`oOm-z&+~X
z8RLpkQEo$w-5@<j!tljrW8OLFyS_11Nohg*9zwF0^57##bS{3bGv>2TIak}NZ|EMs
zfuB47R*p1Vy9il7j$MI2w9}sNKTp(IZb{>t%-b~Kxvw67K<+@g!GJ|7z|58TkXh}e
zn$^P7j_xzYa|!>FM&0!<;YM(k51vdVFB-5P!}1w?pS7)xL8@YcW)J=NT*bmNKM4Nu
zD(227bs0v70G!rT`e%;YN8qs~J~8^oI~l@BkuYE;;Uqd#8A{W~fRr!f%rr^9Uh4PW
zLrE<gW!ftT9H34%e0v%w2B>#Hh-nkBQ9<`JVJ>9>bfql+Tfy_qBK91Xzuf|m&>$Wt
zKUCoFjBR=x3jFTl*WCXU1HA^~=@S1>u>v69zIX(IQUAM<g{(7#Q0GTP!U2Q<c+I?s
zT{xl@hEZQHI^6qYBpoY#GO*HVm{8?G)uRBlw$=mo?YEf$8|~rjf<PRcU{LYz`@FgU
z#E@*~vH!U)Ll=AR9}%p~@74+GKb2+p=!OW<6O+kyQkp^IfQ%L-%DAsJz|S*@r_#G`
zWnE<?I)vP5y3CjYjD_OA{hgk1A2XGXILo^T`53tW3w7A=XOAYFr3Q%dCvNOAz6><}
z|1MtqKd<!Pr1w9WB>!{a<o`<_V9dWGw;_N8(@g^m6lCJ~Z!xk_lCEwN5Fh%wGL-#e
zR%=FGbQo*a{kF4wDk*?|(#m%^>Vi!DwBOu|(-QYg5NH?)P!Q@x)vSzxzn9x;+kcmM
z!{bsX5V-S+UvC@WKeH(g8HHk>-i--sIJ)BPu&Cb@v9k04euZb&qEps#|Lc)r_!ve<
zrl(gL5C24^ERy$(2A^+MYuu(}&XM;P@%<Uz6GRA1MP3$e@RIe`!J3z_QK9oooOl_J
zFL$e4UGe_4GOA{~A=KgCdK<|!qDCV8=1-I8E0iCPfl&s;BDd|1i~&g;*N&hIbJQ<(
z-+=-&D*dzJBV#$RU`hrVh@tD4H~f(7F?tRYJGO`t4GaFh+dP}68P5pNyObw&q^d1i
zW7lp1bn5zSiPo<<aDgo~-J>hdHaXXWxq!Y`N*fo5b_DBrFS5s%d7JM+hE)QUODr{K
z6vGp$n?#o8lC6-U4x+rd9?@3R&C;Fz0o9(}FWvWpBHG8@bw}6synN>^Hd>xB8zmap
zJJCYp@G9vz%GIAnRLmi%3LQ%;w2Q4!*()@<r9;##9=R(DsXaPu^VK`kMIsbPbQP+`
zUTj<mCof}1tev}~mAfs5-3<_$+_ng!%7$Ops3$odakvLh-SZZw)+~z}qJxtuB;(rr
z9b5nSZKt9$vuHM2dy=-*s>2;5AFNxY#Z~c9y20@bNl~9fq1Ga)8Wu3JV?||mBxU<R
zak`>wwM``p*6nJl0?cvHdw3oFM_iYEG9rnwp`?alKG@+L+h7?NJ3EQLMx2D(2Hq*{
zFI5UpxsVoc?T3ccdv4=yZM<*ZuaM`>`AvLcmp;&QJub~9E93j2{b%1%9ot*LT^ITk
ziP1#CvcqVrw&K|msP+<|VRSF;DsuKjG3V~P>ly`+x_D*US7&rx>U@2?WrbWbad9-#
z#j<J9_Coin{Z#s#EJv;Kl;g<MV0m#BjJjw^igPzn33nqFOR&2nxyztYIhdqonqRdU
zZ+wzK0oQ15uoz$a6ZYh;qRZ3P&qwPwcxQ^9h9(Z9G1O8gqKIT-TXZfBjKdCBCOl9o
z*jJ#GRwS}05$ezx{TLP0sFB{npRNv4u?u|%>&k1gw^!!TV5Nh)QWle9Rm;k|O*EBE
zgt=iUl&RkV&y?U`4!yQ(54pTe^7H*R>p4|<0{DyhJiDZ|k3HO7_jrI(Km3hSTt99q
zU~c?43CL|I;Rj5KWK`)6yCS7(iqC#DMHTEJg+11Oe7pb%3Nq6BwTD}r;(3+5rU8Ae
zT6yr{p9_Dv&y=!Q{+0{9<!LS?$Nk8lHrcNL@m|Y|bQCESBh)=|A9LK@Qz<!YQy|p;
z8o2;Spo_4T7(EQNqC-Mi^lOy*?r!6Be=S8cS*(w};hF=CjId`1zhP*Qm60t5*qXk9
zt+N;GMcQxb5a&?&#k!b2FxE9l1vfM4tD?Sqn>u)1yb+*YiDa0g@f>Q1WH|Z?%~AA5
z^pJn`lOaO+kDT;RdjzSGUO~W*UJOp&&n}WEwsQiD<x<lr8r_K(`W><fbo%P&%}X8m
zq`o#Z^_luI<!}bQo<3`&{A#`~vqOk`{Bih7cb^A~-W($#?A!h&hA_PZ!WXz*h&~k?
z=Ja_)5J(~#j`Z$ly6M$VF-RA(TQ9fQA()`3WB26pC24VLy*Y-7l@h!bIA@d@XN}5T
z{9TU9FCzHp4sH8$5O&{@VtzAE<2aI<Hy(1sl?bbjY9N$BHS7hP($zBGfIH#|%eEhL
z%qT5$$YQ)%<hD)Ft$7)zaoG5zs2EKGEyO)CaROEJrZNnI18>h?8hfcyhUi~;`!dtE
z1~)BDQu>?lh>CJ?%J&U%9C?>uk%;)tu0;tS!!Eg)RDXFnJ#f=2*ia#md@-z<V&B1>
zp)?1OOjQywQl{5G#I)KH)6omxgp4u>eU`PCt?(+Mv4jlixzQB|39EMQ8Qp$Gl&-Y7
zn+P^-oFB$V@kan2TpqRUh8KgqMQiUN(nRv}XV&-Tar3q)`}aBG-?!H5e@MSg2HLYi
zCVnU^!c%cRFqfoHTdF$#P>yYHJ;ZqH&hJTybeB*VD*J4K<M&5tt1tSzE_<Eu8cFQ0
zm_yGvI65B5NnGOdd4GCQTv{v+Cg~;n_-`{IB4*qJQThcMxj!;P3(o41hfX8rFS*jQ
z*&O3Dsi#S^^Opiu9KP7tqYX{bukFg|m#^{mD~bxPh?w#5(pB!xco>}W6fV8yfKYN&
zn$DD*eJAA$j8ZDp*C4*mfll%Rq|fDy{|H#LS=j3fp0moh9lp)P9XA}KUzbaG29pN!
z@71Z<UNZO?4b>7w4HLQ6BIzqo8_YIgj<e|L1(@S^zZqJoc$?o7Xn)<x_-<Dt{eAhF
zn)Xrgxf~^TWeL$^zN*Q6T{Jb_4znrCTEc40a?#zOV5<ATAd0V%rW8!TjNC>bKJO#>
zEe?tofuYV7XYgHw3@Jd~)!r2`Gg5tqb5iNCR!JU?p?uy;3P4_Lla}v1wb`s4CyA>+
z*>TPIQ|l(ksa0BTZP`C`OaOIW&1=ZlcF#W7zw@+clXD@xuq#K+k5CvYzTIUuCS((+
z?|`I4u4KHEU~m4d`XDdN?~aH9w;T?LYC@_%jUMqi6?EqDI~EtYiJ;qCUyBoZII6Q6
z#xmZi78t;RD8>GpY>?V40dBs+FURBizC@$mBbb#nlM4?xJTx^$sr}l0*$d<ONP%>C
zV3y+fxxCgMS6m{-ry-NCdk&)>(};Ked~QF0@le6B7p)u<Uf|BS)K7UjuE*4IqsQzN
zyIuLzT;lLf<U);xcLeIYs`e8l@-VS@rrS3&%j7(Dq_*Xo`Wf8DMNw|UXS0v7jpRkS
z7lSv%ME=xNP+{GDo<dTtuki_ei7#Nasinz#+qlNe+pE}i@`2agVbh;|r-_}%Ybi#K
z7c3BhwX&V6YrY*>RC$+qC*KV1vN$fcfG%4jHAXZxbOeY5kJwuIiSZa5smP(in)7;m
zSB3W{#mIleERE02P$JyyKlN?&k<{XTLD&0lWL0i`#q%qjY2h(}%bG_4eg}iaap+xX
zSPaPLP_8Wcr{~P#%d<|q<g4#CRtAU3uZV6cU_nWq2@LBzzlHM$3D~X2izUPO3TMem
zzGZGH*2LlNmrAmcvsIgxn@!)z1EsIOpXjCAqz+&cRL$Ub_|d}O@zbWBfw+Yq4*jY_
z4m{yofH$9Y?0f}_M}t|p$?lu;?8ymom37<S_8!Mra2U8qK7@pqP;}8|_Xvgat({>y
zyY2E|KB!tY-(cn9NlkZjVJMk7KbMt!YrGhKKPmZcmY5CrmWKYn$l)D5DVh@X4x?vP
zHW69ZCv5$?N9iZB&j9<njuxx)s(l_;q<j`6cE~@}ly~^1+iC?a*1CSZT%I=Q=6ZLO
zGaNtiRZdrVL{HLu4TF>KPg)W(F`nz>Bz;lg8EcKLH~Mx`ne?SqF<f*>(BAihA(r*x
z*{20dj@9NvX57h3X#?ett@DCk>f;8)z8?MSEb$^Y;co1K?~G-C6<f(TPbtfS<-uf9
zai=r3fqLdA!MNt0A6xR1gjc7_=Y7-+m1xIn^-PBS?p$)chw8{|n0X<q=CEy$KiBf)
zEs~(S8`8qYWxjDGic3Md7t$-Zz1Ia1B#s(iUfBMj+i=nVW-hd$pi*~%%QpJ7TD94H
z5jfzfX;|@M`rLNC4cDU2t#2FIt93t&2FoL-6TX6}Pc)-8WFbIH39;)9MkGSn_3hz+
z8%2pai1uj5?=ZQf`lnOH;9}076#497w_1k}@BIy={QZp~?y%xX!&H%y=DIV=hZD{!
zt~_p2Qtc*lr`WjIJb>P7<wD%4uQPjF<5>HS`~c4>Y2?$$1IZeNB7f>t>IUUlq8;z<
zVjk9t4o79F?mlw9!3u5bj!2Ag?ytP+(!;-6evoSHcUH4_#rq=LNJ<b8Ei@^)Emsd`
zegop(d73kjFpG2eBhH^cD13sI57Rvn#n}1J(|CaZ;cv9y2KW-RQ;VvDGn<E__g6l+
zZdgnzlJwjzD|<P+Yq{Y|70A=7Y}5VT2y?b}t{IW3_fV^aR@(N;xc@W|C*UC;FRD>|
z9*z9`-Prk$J&B$h(Xs`AAgT~rB)vnyd|O4*_C|%LDj1QRHEY;_;NL5?6~-+rO*S50
z+vSa*+#miqYrjY`ve37TvpBR>j=bk(MWseA4juC9x$Scc62;T{qI~;;11&S7I~qBX
zXVBx+E%uJi;bFk%64SYEp*CpyK=LPSfp{P&abePm)VfvV`RF2oc36IZxK23TVuDSg
znNhL9?bJPw02kJBwb7r#$#`(=y^?+0GvC0Z5zDB)%BvIJ`Tk3HJ3YQEXRicB*sS+x
zutJssV;RT0A!dsh`&0<z<-jqsugh;s6M`ivd2F5*^ZlDj{H`%v&nTsBeC@;c$fZm*
zO0tkmW3C1lwqlY;>%yXWi-Qh^%1q1U2!Ltz=9nlAy`1lS{X)lkoate&klIg;L;Tna
zJm;G}R||E^Rb7vwG)@Ag$Red<x7W3ut-~s-&vMnc{0r73o`9cJ!qgOS&X2ljb!0&B
zis+cgYE3tvL!zmb#Ax5Ny~I)Mn`V*Kq=#F1JC6cuIv?u6F4151->5!4S6cjAR#j}|
zL4Kj%*;LX#Z!0k67*P`PqR8qO?}e|Q^@z&P&{eu(66Wj%1@H_hQA2a<oM`Y|9%_dq
z{RGUP&&y@D!NdXPCz_A8n6G2v&;s2K!^bj7(|+aZ`4yYZH#)TJ9gazzRWfaVTAXW|
zwR>n5weE9+HyFAMc_?Oew`64mJdH+iNqU%{wRkFs+AwM>Stfwf7rz-@o4#}ew_K0Z
z9`q1NF7s^s#4vmdF~~NcnOPM|iIYPTlnnMzVpeZ6JGM(@VHpOlPUlNyqx;()-^a5@
z7^FN&U4p`PNScL<U31^0VGiq+ErRB%(6$jwFyCs)X%(13b&B!Zp?XR)JpKCHe|Imm
zXi>;~hrM8SAt#`)Yh=jvsTtReE~Q5qb1{*ktTkVKd-B1hb@8QTmHEY0K4u*G(yNJC
zW~thz;{8u(lhnkZ(#EP0k4B27gSMN!-|sSj$R_itV;5%Cg`5(VRFL1ad2J-`+AY1f
zZc^UozTa!kjyTUzJ6<?~<7l5*yUORqosQ;jDqcg!=nrOyVI%q?V=#4<d|b0VH!1!L
zrg6vZrkllKUn`o7F2G{$6D`?;Eoj#L%`hQgje+*p0IbxdDumSsbFmKtWd!<FX|%nV
z8D_FhLFc|`k;Pr{p@NlUaEsX-8<+h$8Xc27n2=0d`B<}?dJNmR@!kHR_T(p*WUtg%
zPhYt4xGk((z{nfu_iyi_!YXIIfVnMuA>_=*47>WfThhHT_7gCf`sTMK?sb_g5&!X?
z{_<~>rmI?n3k@G7JU*Qk$}T8+(oe5*2H54u+c?WJ_~YW7;TZ9HBj9-0n!(f~2nY{!
zAFA!nsz-0if|)^A>0garGZmhV-2Q1XsMQ5Ryf*xyDPnEuv-0D*XsF{`Neh0HgkRvF
zwoFY+KctyK^-aZgYlpSok|MGHGGM>$|En=?Nq9763d+Z>8GJrB<Nk!=m1qv-=tv?W
zYd=o<O~PDoDzE&T@wRUoJE!ECip!oYrFIw&$;>{c?2PRyyL%j)h`D`IQh(pJReB`1
zZ>o1E1)PU)+4o<JT&$KJD=qJ>GZByxww>BEomUBVkvPnZajT`IuR>;CPQJd9lDg!O
ze2<QNdQ1Z@8_>M;BLF&^s-sDLqa6RsnCX!J`8nj34rzM4jKBC(;)sZC^_>9S`pDAU
zcWpmXXmfkj!L}*_&aTc$%3alE#hGH0M)j{LqjT=Ndwlfn#-z7De+S6=WD4K1Mdl5l
z7e&_RylNYe#<P2RH;;l8B7kbYK8H=M{ra*~2Qmzea5(kgW^Phy%{mQlt>C)rqml|-
z8m=AQJ>^m+;@x48N>{ZX1Az`yo}bf$SK7lG$kncnPVKtQhFhk*5cH^6o+=n0SYy2Z
zLHs5YNFo0ANnw08_O^*obNrVXygW+WQlk1m*47NFl=-VhUJlP!2++2LBHpN)wO(ll
z5UA^&7n5ERcfC?dJ|&XhKnIKu@L8tOq>{nY_1?}H+RtYpN==W6%ZST5FWPR)Ck0b~
zUzDS(pl|D{4t)gJld^&oKDB%5=IWy((tY(e_VgdHf>x>WF$)mDHw^RydIeCAJfZNZ
z?_5ztdv;6!{%oqLfEnR`O8zPTpS&-2Z~6VEB?G7Go_KBmd<wz+>;LC_T$26n390<_
V_oMWV`;0L4zNX$?g1YsK{{qVPsw4ma


From 0fc5c1575c45368487396bb4cef1ffe83d54c36e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:09:47 -0800
Subject: [PATCH 270/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 89da6e7ecf..99428b624b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -63,7 +63,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
     | Alert status | What to do |
     |:---|:---|
     | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
-    | The alert is a false positive | 1. Proceed to [classify the alert](#classify-an-alert) as a false positive, and then [suppress the alert](#suppress-an-alert). <p> 2. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <p> 3. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
+    | The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive. <br/>2. [Suppress the alert](#suppress-an-alert). <br/> 3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <br/> 4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
     | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
 
 ### Classify an alert

From 71ce32654daec644b5ddbd198d5fa7f167bacedf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:11:16 -0800
Subject: [PATCH 271/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 99428b624b..65a56a8421 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -85,7 +85,7 @@ If you have alerts that are either false positives or that are true positives bu
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, select **Alerts queue**.
 3.	Select an alert that you want to suppress to open its **Details** pane.
-4.	In the **Details** pane, choose the ellipsis (**...**), and then choose **Create a suppression rule**.
+4.	In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**.
 5.	Specify all the settings for your suppression rule, and then choose **Save**.
 
 > [!TIP]

From 5db57d8657c4b511930d491c3010cd25ef049736 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:11:44 -0800
Subject: [PATCH 272/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 65a56a8421..3cdec79594 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -268,7 +268,7 @@ Microsoft Defender for Endpoint offers a wide variety of options, including the
 
 ### Cloud-delivered protection
 
-Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, this is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
+Check your cloud-delivered protection level for Microsoft Defender Antivirus. By default, cloud-delivered protection is set to **Not configured**, which corresponds to a normal level of protection for most organizations. If your cloud-delivered protection is set to **High**, **High +**, or **Zero tolerance**, you might experience a higher number of false positives.
 
 > [!TIP]
 > To learn more about configuring your cloud-delivered protection, see [Specify the cloud-delivered protection level](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus).

From 98147f674b436cc6716e980e2869d013fe4e21bf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:12:09 -0800
Subject: [PATCH 273/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 3cdec79594..f749263f1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -280,7 +280,7 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
 2. Choose **Endpoint security** > **Antivirus** and then select an existing policy. (If you don’t have an existing policy, or you want to create a new policy, skip to [the next procedure](#use-microsoft-endpoint-manager-to-set-cloud-delivered-protection-settings-for-a-new-policy)).
 3. Under **Manage**, select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
-4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting this to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
+4. Expand **Cloud protection**, and review your current setting in the **Cloud-delivered protection level** row. We recommend setting cloud-delivered protection to **Not configured**, which provides strong protection while reducing the chances of getting false positives.
 5. Choose **Review + save**, and then **Save**.
 
 #### Use Microsoft Endpoint Manager to set cloud-delivered protection settings (for a new policy)

From 4dce3eb74897b63e1b9d8093282a41702e395c25 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:12:47 -0800
Subject: [PATCH 274/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index f749263f1b..731967a11e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -300,7 +300,7 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere
 
 Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation.
  
-Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If this is happening, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
+Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
 
 We recommend using Microsoft Endpoint Manager to edit or set PUA protection settings. 
 

From 37c3f8535612fc56170dfa2c61bdf3befbfbb465 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:17:47 -0800
Subject: [PATCH 275/396] Update defender-endpoint-false-positives-negatives.md

---
 ...fender-endpoint-false-positives-negatives.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 731967a11e..251443c99e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,16 +31,17 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution. 
+In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, includling [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
 
-If you’re using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), and you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives. These steps include:
+Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives:
 
-1.	[Reviewing and classifying alerts](#part-1-review-and-classify-alerts) 
-2.	[Reviewing remediation actions that were taken](#part-2-review-remediation-actions)
-3.	[Reviewing and defining exclusions](#part-3-review-or-define-exclusions)
-4.	[Submitting an entity for analysis](#part-4-submit-a-file-for-analysis)
-5.	[Reviewing and adjusting your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
-6. [Getting help if you still have issues with false positives/negatives](#still-need-help)
+1.	[Review and classify alerts](#part-1-review-and-classify-alerts) 
+2.	[Review remediation actions that were taken](#part-2-review-remediation-actions)
+3.	[Review and define exclusions](#part-3-review-or-define-exclusions)
+4.	[Submit an entity for analysis](#part-4-submit-a-file-for-analysis)
+5.	[Review and adjust your threat protection settings](#part-5-review-and-adjust-your-threat-protection-settings)
+
+And, you can [get help if you still have issues with false positives/negatives](#still-need-help) after performing the tasks described in this article.
 
 > [!NOTE]
 > This article is intended as guidance for security operators and security administrators who are using [Microsoft Defender for Endpoint](microsoft-defender-advanced-threat-protection.md).

From 2124e871d4e374b3206bd09300c846ed9e118495 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 15:18:18 -0800
Subject: [PATCH 276/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 251443c99e..9fef03cef6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -31,7 +31,7 @@ ms.custom: FPFN
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
 
-In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, includling [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
+In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
 
 Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives:
 

From 8c5574fd668f3c09831eb4f953c3f0fa40ffe846 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 26 Jan 2021 15:23:49 -0800
Subject: [PATCH 277/396] Re-labeled code blocks

As written, the commands in the code blocks that I re-labeled work from the Windows command line, but not from the PowerShell command line.
---
 .../microsoft-defender-atp/troubleshoot-np.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
index 79cdbc3b60..05563e45c4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@@ -86,13 +86,13 @@ When you report a problem with network protection, you are asked to collect and
 
 1. Open an elevated command prompt and change to the Windows Defender directory:
 
-   ```PowerShell
+   ```console
    cd c:\program files\windows defender
    ```
 
 2. Run this command to generate the diagnostic logs:
 
-   ```PowerShell
+   ```console
    mpcmdrun -getfiles
    ```
 

From 4948f6d7dc91d0958c655165d21a17b11b80f142 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 16:16:46 -0800
Subject: [PATCH 278/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 9fef03cef6..784067032a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -33,7 +33,7 @@ ms.custom: FPFN
 
 In endpoint protection solutions, a false positive is an entity, such as a file or a process, that was detected and identified as malicious, even though the entity isn't actually a threat. A false negative is an entity that was not detected as a threat, even though it actually is malicious. False positives/negatives can occur with any threat protection solution, including [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection).
 
-Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address false positives or false negatives:
+Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address them by using the following process:
 
 1.	[Review and classify alerts](#part-1-review-and-classify-alerts) 
 2.	[Review remediation actions that were taken](#part-2-review-remediation-actions)
@@ -59,7 +59,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, choose **Alerts queue**.
 3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
-4.	Depending on the alert status, take the steps described in the following table:   <br/>   
+4.	Depending on the alert status, take the steps described in the following table: 
 
     | Alert status | What to do |
     |:---|:---|
@@ -69,7 +69,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 
 ### Classify an alert
 
-Your security team can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**.
+You can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts.
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	Select **Alerts queue**, and then select an alert that is a false positive.
@@ -81,7 +81,7 @@ Your security team can classify an alert as a false positive or a true positive
 
 ### Suppress an alert
 
-If you have alerts that are either false positives or that are true positives but are for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. 
+If you have alerts that are either false positives or that are true positives but for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. 
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	In the navigation pane, select **Alerts queue**.
@@ -104,8 +104,7 @@ If you have alerts that are either false positives or that are true positives bu
 
 Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone.
 
-> [!TIP]
-> See [Review remediation actions following an automated investigation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).
+After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. After that, proceed to [review or define exclusions](#part-3-review-or-define-exclusions).
 
 ### Review completed actions
 

From f0b5db42db04991d4d0a921afa3a23012134e131 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 16:36:30 -0800
Subject: [PATCH 279/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 31 +++++++++++--------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 784067032a..18ee9960a2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -104,28 +104,26 @@ If you have alerts that are either false positives or that are true positives bu
 
 Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone.
 
-After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. After that, proceed to [review or define exclusions](#part-3-review-or-define-exclusions).
+After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. Specifically, you can:
+- [undo one action at a time](#undo-an-action);
+- [undo multiple actions at one time](#undo-multiple-actions-at-one-time); and 
+- [remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). 
+
+When you're done reviewing and undoing actions that were taken as a result of false positives, proceed to [review or define exclusions](#part-3-review-or-define-exclusions).
 
 ### Review completed actions
 
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 
-2. Select the **History** tab. 
+2. Select the **History** tab to view a list of actions that were taken. <br/>![Action center](images/autoir-action-center-1.png) 
 3. Select an item to view more details about the remediation action that was taken.
 
-If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo the following remediation actions:
-- Isolate device
-- Restrict code execution
-- Quarantine a file
-- Remove a registry key
-- Stop a service
-- Disable a driver
-- Remove a scheduled task
-
 ### Undo an action
 
+If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo most remediation actions. 
+
 1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select an action that you want to undo.
-3.	In the flyout pane, select **Undo**. (If the action cannot be undone with this method, you will not see an **Undo** button.)
+3.	In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).)
 
 ### Undo multiple actions at one time
 
@@ -133,6 +131,13 @@ If you find that a remediation action was taken automatically on an entity that
 2.	On the **History** tab, select the actions that you want to undo.
 3.	In the pane on the right side of the screen, select **Undo**.
 
+### Remove a file from quarantine across multiple devices 
+
+1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2. On the **History** tab, select a file that has the Action type **Quarantine file**.
+3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. <br/>![Quarantine file](images/autoir-quarantine-file-1.png)
+
+
 ## Part 3: Review or define exclusions
 
 An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
@@ -142,7 +147,7 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi
 - [Create “allow” indicators for Microsoft Defender for Endpoint](#indicators-for-microsoft-defender-for-endpoint)
 
 > [!NOTE]
-> Microsoft Defender Antivirus exclusions don't apply to other Microsoft Defender for Endpoint capabilities, including [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), and [controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/controlled-folders). Files that you exclude using the methods described in this article can still trigger alerts and other detections. To exclude files broadly, use [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators), such as "allow" indicators for Microsoft Defender for Endpoint.
+> Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use exclusions for Microsoft Defender Antivirus and [custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) for Microsoft Defender for Endpoint.
 
 The procedures in this section describe how to define exclusions and indicators.
 

From 88c2ccb91f9599910eb8929a0bbd30971f2eda0f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 16:38:56 -0800
Subject: [PATCH 280/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 18ee9960a2..f61361d92e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -182,7 +182,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to:
+To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)

From 5a95a0a2fcf9286ed70efb477fd1cfa21e7cae1d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 26 Jan 2021 19:12:31 -0800
Subject: [PATCH 281/396] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md   | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index caeb8f45d2..780fb5a960 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -117,8 +117,10 @@ When you're done reviewing and undoing actions that were taken as a result of fa
 
 ### Review completed actions
 
+![Action center](images/autoir-action-center-1.png)
+
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 
-2. Select the **History** tab to view a list of actions that were taken. <br/>![Action center](images/autoir-action-center-1.png) 
+2. Select the **History** tab to view a list of actions that were taken.  
 3. Select an item to view more details about the remediation action that was taken.
 
 ### Undo an action
@@ -137,10 +139,11 @@ If you find that a remediation action was taken automatically on an entity that
 
 ### Remove a file from quarantine across multiple devices 
 
+![Quarantine file](images/autoir-quarantine-file-1.png)
+
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select a file that has the Action type **Quarantine file**.
-3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. <br/>![Quarantine file](images/autoir-quarantine-file-1.png)
-
+3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. 
 
 ## Part 3: Review or define exclusions
 
@@ -352,7 +355,6 @@ Depending on the [level of automation](https://docs.microsoft.com/windows/securi
 > [!TIP]
 > We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. 
 
-
 ## Still need help?
 
 If you have worked through all the steps in this article and still need help, your best bet is to contact technical support.
@@ -365,4 +367,4 @@ If you have worked through all the steps in this article and still need help, yo
 
 [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)
 
-[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) 
\ No newline at end of file
+[Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use) 

From c4fc310164a58e2b58f7dc09ab41691c44a45c8c Mon Sep 17 00:00:00 2001
From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com>
Date: Wed, 27 Jan 2021 14:16:03 +0100
Subject: [PATCH 282/396] Update waas-manage-updates-wufb.md

It is not clear what version of Office is managed by WUfB. With the majority of users using C2R versions, we should point out that Windows Update only patches MSI-versions.
---
 windows/deployment/update/waas-manage-updates-wufb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 1a27cda457..c6548529a8 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -49,7 +49,7 @@ Windows Update for Business provides management policies for several types of up
 - **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
 - **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
 - **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
-- **Microsoft product updates**: Updates for other Microsoft products, such as Office. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
+- **Microsoft product updates**: Updates for other Microsoft products, such as Office MSI (Office Click-to-Run is not patched through Windows update). Product updates are off by default. You can turn them on by using Windows Update for Business policies.
 
 
 ## Offering

From 95b12a62beb0830130ecb66f9d3e8155e26d8e31 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 07:37:27 -0800
Subject: [PATCH 283/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 47 ++++++++++---------
 1 file changed, 24 insertions(+), 23 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index caeb8f45d2..851be0216d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 01/26/2021
+ms.date: 01/27/2021
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -52,7 +52,7 @@ And, you can [get help if you still have issues with false positives/negatives](
 
 ## Part 1: Review and classify alerts
 
-If you see an alert that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
+If you see an [alert](alerts.md) that was triggered because something was detected as malicious or suspicious that should not have been, you can suppress the alert for that entity. You can also suppress alerts that are not necessarily false positives, but are unimportant. We recommend that you classify alerts as well. 
 
 Managing your alerts and classifying true/false positives helps to train your threat protection solution and can reduce the number of false positives or false negatives over time. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
 
@@ -73,7 +73,7 @@ Before you classify or suppress an alert, determine whether the alert is accurat
 
 ### Classify an alert
 
-You can classify an alert as a false positive or a true positive in the Microsoft Defender Security Center, in the **Alerts queue**. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts.
+Alerts can be classified as false positives or true positives in the Microsoft Defender Security Center. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts.
 
 1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2.	Select **Alerts queue**, and then select an alert that is a false positive.
@@ -98,7 +98,7 @@ If you have alerts that are either false positives or that are true positives bu
 
 ## Part 2: Review remediation actions
 
-[Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, can be taken on entities that are detected as threats. Several types of remediation actions can occur automatically through automated investigation and Microsoft Defender Antivirus. Examples of such actions include:   
+[Remediation actions](manage-auto-investigation.md#remediation-actions), such as sending a file to quarantine or stopping a process, are taken on entities (such as files) that are detected as threats. Several types of remediation actions occur automatically through automated investigation and Microsoft Defender Antivirus:   
 - Quarantine a file
 - Remove a registry key
 - Kill a process
@@ -106,25 +106,25 @@ If you have alerts that are either false positives or that are true positives bu
 - Disable a driver
 - Remove a scheduled task
 
-Other actions, such as starting an antivirus scan or collecting an investigation package, can occur through [Live Response](live-response.md). Those actions cannot be undone.
+Other actions, such as starting an antivirus scan or collecting an investigation package, occur manually or through [Live Response](live-response.md). Actions taken through Live Response cannot be undone.
 
 After you have reviewed your alerts, your next step is to [review remediation actions](manage-auto-investigation.md). If any actions were taken as a result of false positives, you can undo most kinds of remediation actions. Specifically, you can:
-- [undo one action at a time](#undo-an-action);
-- [undo multiple actions at one time](#undo-multiple-actions-at-one-time); and 
-- [remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). 
+- [Undo one action at a time](#undo-an-action);
+- [Undo multiple actions at one time](#undo-multiple-actions-at-one-time); and 
+- [Remove a file from quarantine across multiple devices](#remove-a-file-from-quarantine-across-multiple-devices). 
 
 When you're done reviewing and undoing actions that were taken as a result of false positives, proceed to [review or define exclusions](#part-3-review-or-define-exclusions).
 
 ### Review completed actions
 
+![Action center](images/autoir-action-center-1.png) 
+
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 
-2. Select the **History** tab to view a list of actions that were taken. <br/>![Action center](images/autoir-action-center-1.png) 
+2. Select the **History** tab to view a list of actions that were taken. 
 3. Select an item to view more details about the remediation action that was taken.
 
 ### Undo an action
 
-If you find that a remediation action was taken automatically on an entity that is not actually a threat, you can undo the action. You can undo most remediation actions. 
-
 1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select an action that you want to undo.
 3.	In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).)
@@ -137,14 +137,15 @@ If you find that a remediation action was taken automatically on an entity that
 
 ### Remove a file from quarantine across multiple devices 
 
+![Quarantine file](images/autoir-quarantine-file-1.png)
+
 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select a file that has the Action type **Quarantine file**.
-3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**. <br/>![Quarantine file](images/autoir-quarantine-file-1.png)
-
+3. In the pane on the right side of the screen, select **Apply to X more instances of this file**, and then select **Undo**.
 
 ## Part 3: Review or define exclusions
 
-An exclusion is an entity that you specify as an exception to remediation actions. The excluded entity might still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
+An exclusion is an entity, such as a file or URL, that you specify as an exception to remediation actions. The excluded entity can still get detected, but no remediation actions are taken on that entity. That is, the detected file or process won’t be stopped, sent to quarantine, removed, or otherwise changed by Microsoft Defender for Endpoint. 
 
 To define exclusions across Microsoft Defender for Endpoint, perform the following tasks:
 - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
@@ -157,7 +158,7 @@ The procedures in this section describe how to define exclusions and indicators.
 
 ### Exclusions for Microsoft Defender Antivirus
 
-In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using Microsoft Endpoint Manager to define or edit your antivirus exclusions; however, you can use other methods, such as Group Policy as well.
+In general, you should not need to define exclusions for Microsoft Defender Antivirus. Make sure that you define exclusions sparingly, and that you only include the files, folders, processes, and process-opened files that are resulting in false positives. In addition, make sure to review your defined exclusions regularly. We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to define or edit your antivirus exclusions; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)).
 
 > [!TIP]
 > Need help with antivirus exclusions? See [Configure and validate exclusions for Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus).
@@ -186,13 +187,13 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, you can create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities:
+To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities:
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 - [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
 
-You can create indicators for:
+"Allow" indicators can be created for:
 
 - [Files](#indicators-for-files)
 - [IP addresses, URLs, and domains](#indicators-for-ip-addresses-urls-or-domains)
@@ -205,7 +206,7 @@ You can create indicators for:
 When you [create an "allow" indicator for a file, such as an executable](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-file), it helps prevent files that your organization is using from being blocked. Files can include portable executable (PE) files, such as `.exe` and `.dll` files. 
 
 Before you create indicators for files, make sure the following requirements are met:
-- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)
+- Microsoft Defender Antivirus is configured with cloud-based protection enabled (see [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus))
 - Antimalware client version is 4.18.1901.x or later 
 - Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 
 - The [Block or allow feature is turned on](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features) 
@@ -215,28 +216,28 @@ Before you create indicators for files, make sure the following requirements are
 When you [create an "allow" indicator for an IP address, URL, or domain](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain), it helps prevent the sites or IP addresses your organization uses from being blocked.
 
 Before you create indicators for IP addresses, URLs, or domains, make sure the following requirements are met:
-- Network protection in Defender for Endpoint is enabled in block mode (See [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))
+- Network protection in Defender for Endpoint is enabled in block mode (see [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection))
 - Antimalware client version is 4.18.1906.x or later 
 - Devices are running Windows 10, version 1709, or later 
 
-Custom network indicators are turned on in the Microsoft Defender Security Center (See [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features).)   
+Custom network indicators are turned on in the Microsoft Defender Security Center (see [Advanced features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-features))   
 
 #### Indicators for application certificates 
 
 When you [create an "allow" indicator for an application certificate](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates), it helps prevent applications, such as internally developed applications, that your organization uses from being blocked. `.CER` or `.PEM` file extensions are supported.   
 
 Before you create indicators for application certificates, make sure the following requirements are met:
-- Microsoft Defender Antivirus is configured with cloud-based protection enabled (See [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus).)
+- Microsoft Defender Antivirus is configured with cloud-based protection enabled (see [Manage cloud-based protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus))
 - Antimalware client version is 4.18.1901.x or later 
 - Devices are running Windows 10, version 1703 or later; Windows Server 2016; or Windows Server 2019 
 - Virus and threat protection definitions are up to date  
 
 > [!TIP]
-> When you create indicators, you can define them one by one or import multiple items at once. Keep in mind there's a limit of 15,000 indicators you can have in a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
+> When you create indicators, you can define them one by one, or import multiple items at once. Keep in mind there's a limit of 15,000 indicators for a single tenant. And, you might need to gather certain details first, such as file hash information. Make sure to review the prerequisites before you [create indicators](manage-indicators.md). 
 
 ## Part 4: Submit a file for analysis
 
-You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions. When you sign in at the submission site, you can track your submissions.
+You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and . When you sign in at the submission site, you can track your submissions.
 
 ### Submit a file for analysis
 

From 592c3d4fe02ed21e25325b56985c93471c329682 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 07:51:06 -0800
Subject: [PATCH 284/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 26 +++++++++----------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 851be0216d..80c64fb69d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -187,11 +187,7 @@ In general, you should not need to define exclusions for Microsoft Defender Anti
 
 [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) (specifically, indicators of compromise, or IoCs) enable your security operations team to define the detection, prevention, and exclusion of entities. For example, you can specify certain files to be omitted from scans and remediation actions in Microsoft Defender for Endpoint. Or, indicators can be used to generate alerts for certain files, IP addresses, or URLs.
 
-To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to the following capabilities:
-
-- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
-- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
-- [Automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+To specify entities as exclusions for Microsoft Defender for Endpoint, create "allow" indicators for those entities. Such "allow" indicators in Microsoft Defender for Endpoint apply to [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10), [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response), and [automated investigation & remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations).
 
 "Allow" indicators can be created for:
 
@@ -237,7 +233,7 @@ Before you create indicators for application certificates, make sure the followi
 
 ## Part 4: Submit a file for analysis
 
-You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and . When you sign in at the submission site, you can track your submissions.
+You can submit entities, such as files and fileless detections, to Microsoft for analysis. Microsoft security researchers analyze all submissions, and their results help inform Microsoft Defender for Endpoint threat protection capabilities. When you sign in at the submission site, you can track your submissions.
 
 ### Submit a file for analysis
 
@@ -273,7 +269,7 @@ To check for updates regarding your submission, sign in at the [Microsoft Securi
 
 ## Part 5: Review and adjust your threat protection settings
 
-Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to the following settings in particular:
+Microsoft Defender for Endpoint offers a wide variety of options, including the ability to fine-tune settings for various features and capabilities. If you’re getting numerous false positives, make sure to review your organization’s threat protection settings. You might need to make some adjustments to:
 
 - [Cloud-delivered protection](#cloud-delivered-protection)
 - [Remediation for potentially unwanted applications](#remediation-for-potentially-unwanted-applications)
@@ -288,6 +284,8 @@ Check your cloud-delivered protection level for Microsoft Defender Antivirus. By
 
 We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivered protection settings.
 
+We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to edit or set your cloud-delivered protection settings; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)).
+
 #### Use Microsoft Endpoint Manager to review and edit cloud-delivered protection settings (for existing policies)
 
 1. Go to the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)) and sign in.
@@ -312,13 +310,13 @@ We recommend using Microsoft Endpoint Manager to edit or set your cloud-delivere
 ### Remediation for potentially unwanted applications
 
 Potentially unwanted applications (PUA) are a category of software that can cause devices to run slowly, display unexpected ads, or install other software that might be unexpected or unwanted. Examples of PUA include advertising software, bundling software, and evasion software that behaves differently with security products. Although PUA is not considered malware, some kinds of software are PUA based on their behavior and reputation.
- 
-Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus. 
-
-We recommend using Microsoft Endpoint Manager to edit or set PUA protection settings. 
 
 > [!TIP]
 > To learn more about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
+ 
+Depending on the apps your organization is using, you might be getting false positives as a result of your PUA protection settings. If necessary, consider running PUA protection in audit mode for a while, or apply PUA protection to a subset of devices in your organization. PUA protection can be configured for the Microsoft Edge browser and for Microsoft Defender Antivirus.
+
+We recommend using [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/endpoint-manager-overview) to edit or set PUA protection settings; however, you can use other methods, such as [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy) (see [Manage Microsoft Defender for Endpoint](manage-atp-post-migration.md)).
 
 #### Use Microsoft Endpoint Manager to edit PUA protection (for existing configuration profiles)
 
@@ -345,18 +343,18 @@ We recommend using Microsoft Endpoint Manager to edit or set PUA protection sett
 
 [Automated investigation and remediation](automated-investigations.md) (AIR) capabilities are designed to examine alerts and take immediate action to resolve breaches. As alerts are triggered, and an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. 
 
-Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts deemed Malicious or Suspicious. Remediation actions can occur automatically, or only upon approval by your security operations team. 
+Depending on the [level of automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels) set for your organization and other security settings, remediation actions are taken on artifacts that are considered to be *Malicious* or *Suspicious*. In some cases, remediation actions occur automatically; in other cases, remediation actions are taken manually or only upon approval by your security operations team. 
 
 - [Learn more about automation levels](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automation-levels); and then 
 - [Configure AIR capabilities in Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation).
 
-> [!TIP]
+> [!IMPORTANT]
 > We recommend using *Full automation* for automated investigation and remediation. Don't turn these capabilities off because of a false positive. Instead, use ["allow" indicators to define exceptions](#indicators-for-microsoft-defender-for-endpoint), and keep automated investigation and remediation set to take appropriate actions automatically. Following [this guidance](automation-levels.md#levels-of-automation) helps reduce the number of alerts your security operations team must handle. 
 
 
 ## Still need help?
 
-If you have worked through all the steps in this article and still need help, your best bet is to contact technical support.
+If you have worked through all the steps in this article and still need help, contact technical support.
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 2. In the upper right corner, select the question mark (**?**), and then select **Microsoft support**.

From 37c50b4ecc433f63043aa1b2f004097c4173000b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 08:04:19 -0800
Subject: [PATCH 285/396] yanking AV false positives article

---
 windows/security/threat-protection/TOC.md     |  1 -
 .../antivirus-false-positives-negatives.md    | 83 -------------------
 2 files changed, 84 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 76bfdf55f4..0e49e0f09b 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -176,7 +176,6 @@
 ###### [Use PowerShell cmdlets to manage next-generation protection](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
 ###### [Use Windows Management Instrumentation (WMI) to manage next-generation protection](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
 ###### [Use the mpcmdrun.exe command line tool to manage next-generation protection](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
-###### [Handle false positives/negatives in Microsoft Defender Antivirus](microsoft-defender-antivirus/antivirus-false-positives-negatives.md)
    
 ##### [Deploy, manage updates, and report on antivirus]()
 ###### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
deleted file mode 100644
index e99e915192..0000000000
--- a/windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: What to do with false positives/negatives in Microsoft Defender Antivirus
-description: Did Microsoft Defender Antivirus miss or wrongly detect something? Find out what you can do.
-keywords: Microsoft Defender Antivirus, false positives, false negatives, exclusions
-search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: denisebmsft
-ms.author: deniseb
-ms.custom: nextgen
-ms.date: 01/26/2021
-ms.reviewer: shwetaj
-manager: dansimp
-audience: ITPro
-ms.topic: article
-ms.technology: mde
----
-
-# What to do with false positives/negatives in Microsoft Defender Antivirus
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-**Applies to:**
-
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-Microsoft Defender Antivirus is designed to keep your PC safe with built-in, trusted antivirus protection. With Microsoft Defender Antivirus, you get comprehensive, ongoing, and real-time protection against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.
-
-What if something gets detected wrongly as malware, or something is missed? We call these false positives and false negatives. Fortunately, there are some steps you can take to deal with these issues. You can:
-- [Submit a file to Microsoft for analysis](#submit-a-file-to-microsoft-for-analysis)
-- [Create an "Allow" indicator to prevent a false positive from recurring](#create-an-allow-indicator-to-prevent-a-false-positive-from-recurring)
-- [Define an exclusion on an individual Windows device to prevent an item from being scanned](#define-an-exclusion-on-an-individual-windows-device-to-prevent-an-item-from-being-scanned)
-
-> [!TIP]
-> This article focuses on false positives in Microsoft Defender Antivirus. If you want guidance for Microsoft Defender for Endpoint, which includes next-generation protection, endpoint detection and response, automated investigation and remediation, and more, see [Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md).
-
-## Submit a file to Microsoft for analysis
-
-1. Review the [submission guidelines](../intelligence/submission-guide.md).
-2. [Submit your file or sample](https://www.microsoft.com/wdsi/filesubmission).
-
-> [!TIP]
-> We recommend signing in at the submission portal so you can track the results of your submissions.
-
-## Create an "Allow" indicator to prevent a false positive from recurring
-
-If a file, IP address, URL, or domain is treated as malware on a device, even though it's safe, you can create an "Allow" indicator. This indicator tells Microsoft Defender Antivirus (and Microsoft Defender for Endpoint) that the item is safe.
-
-To set up your "Allow" indicator, follow the guidance in [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
-
-## Define an exclusion on an individual Windows device to prevent an item from being scanned
-
-When you define an exclusion for Microsoft Defender Antivirus, you configure your antivirus to skip that item.
-
-1. On your Windows 10 device, open the Windows Security app.
-2. Select **Virus & threat protection** > **Virus & threat protection settings**.
-3. Under **Exclusions**, select **Add or remove exclusions**.
-4. Select **+ Add an exclusion**, and specify its type (**File**, **Folder**, **File type**, or **Process**).
-
-The following table summarizes exclusion types, how they're defined, and what happens when they're in effect.
-
-|Exclusion type  |Defined by  |What happens  |
-|---------|---------|---------|
-|**File** |Location <br/>Example: `c:\sample\sample.test` |The specified file is skipped by Microsoft Defender Antivirus. |
-|**Folder**    |Location <br/>Example: `c:\test\sample`       |All items in the specified folder are skipped by Microsoft Defender Antivirus.         |
-|**File type**   |File extension <br/>Example: `.test` |All files with the specified extension anywhere on your device are skipped by Microsoft Defender Antivirus.         |
-|**Process**     |Executable file path <br>Example: `c:\test\process.exe`         |The specified process and any files that are opened by that process are skipped by Microsoft Defender Antivirus.         |
-
-To learn more, see:
-- [Configure and validate exclusions based on file extension and folder location](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus)
-- [Configure exclusions for files opened by processes](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus)
-
-## Related articles
-
-[What is Microsoft Defender for Endpoint?](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection)
-
-[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
-
-[Address false positives/negatives in Microsoft Defender for Endpoint](../microsoft-defender-atp/defender-endpoint-false-positives-negatives.md)
\ No newline at end of file

From 79c75450d4907cafbac4d82e359b16256cc089f8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 08:06:27 -0800
Subject: [PATCH 286/396] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 7bcd7f8d15..6c6cd0335b 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16519,6 +16519,11 @@
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": true
     }
   ]
 }

From cc757691fac0332d41ab38cd26ad2eb471bb0c98 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Wed, 27 Jan 2021 10:56:07 -0800
Subject: [PATCH 287/396] Release notes for MDE for Mac 101.19.48

---
 .../microsoft-defender-atp/mac-whatsnew.md                | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 617e8532aa..9053de5168 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -30,6 +30,14 @@ ms.technology: mde
 > [!IMPORTANT]
 > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
 
+## 101.19.48
+
+> [!NOTE]
+> The old command-line tool syntax has been deprecated with this release.
+
+- Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac
+- Performance improvements & bug fixes
+
 ## 101.19.21
 
 - Bug fixes

From 560702cef3489eefad29fff075b4fdae0f92ce31 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 11:32:53 -0800
Subject: [PATCH 288/396] Update defender-endpoint-false-positives-negatives.md

---
 ...nder-endpoint-false-positives-negatives.md | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 8b351b1709..6a64647a0c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -61,24 +61,24 @@ Managing your alerts and classifying true/false positives helps to train your th
 Before you classify or suppress an alert, determine whether the alert is accurate, a false positive, or benign.
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2.	In the navigation pane, choose **Alerts queue**.
-3.	Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
-4.	Depending on the alert status, take the steps described in the following table: 
+2. In the navigation pane, choose **Alerts queue**.
+3. Select an alert to more details about the alert. (See [Review alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/review-alerts).)
+4. Depending on the alert status, take the steps described in the following table: 
 
-    | Alert status | What to do |
-    |:---|:---|
-    | The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
-    | The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive. <br/>2. [Suppress the alert](#suppress-an-alert). <br/> 3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <br/> 4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
-    | The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
+| Alert status | What to do |
+|:---|:---|
+| The alert is accurate | Assign the alert, and then [investigate it](investigate-alerts.md) further. |
+| The alert is a false positive | 1. [Classify the alert](#classify-an-alert) as a false positive. <br/>2. [Suppress the alert](#suppress-an-alert). <br/> 3. [Create an indicator](#indicators-for-microsoft-defender-for-endpoint) for Microsoft Defender for Endpoint. <br/> 4. [Submit a file to Microsoft for analysis](#part-4-submit-a-file-for-analysis). |
+| The alert is accurate, but benign (unimportant) | [Classify the alert](#classify-an-alert) as a true positive, and then [suppress the alert](#suppress-an-alert). |
 
 ### Classify an alert
 
 Alerts can be classified as false positives or true positives in the Microsoft Defender Security Center. Classifying alerts helps train Microsoft Defender for Endpoint so that, over time, you'll see more true alerts and fewer false alerts.
 
-1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2.	Select **Alerts queue**, and then select an alert that is a false positive.
-3.	For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
-4.	In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.)
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. Select **Alerts queue**, and then select an alert.
+3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
+4. In the **Manage alert** section, select either **True alert** or **False alert**. (Use **False alert** to classify a false positive.)
 
 > [!TIP]
 > For more information about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts). And, if your organization is using a security information and event management (SIEM) server, make sure to define a suppression rule there, too. 
@@ -87,11 +87,11 @@ Alerts can be classified as false positives or true positives in the Microsoft D
 
 If you have alerts that are either false positives or that are true positives but for unimportant events, you can suppress those alerts in the Microsoft Defender Security Center. Suppressing alerts helps reduce noise in your security operations dashboard. 
 
-1.	Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
-2.	In the navigation pane, select **Alerts queue**.
-3.	Select an alert that you want to suppress to open its **Details** pane.
-4.	In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**.
-5.	Specify all the settings for your suppression rule, and then choose **Save**.
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. In the navigation pane, select **Alerts queue**.
+3. Select an alert that you want to suppress to open its **Details** pane.
+4. In the **Details** pane, choose the ellipsis (**...**), and then **Create a suppression rule**.
+5. Specify all the settings for your suppression rule, and then choose **Save**.
 
 > [!TIP]
 > Need help with suppression rules? See [Suppress an alert and create a new suppression rule](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts#suppress-an-alert-and-create-a-new-suppression-rule).
@@ -123,15 +123,15 @@ When you're done reviewing and undoing actions that were taken as a result of fa
 
 ### Undo an action
 
-1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
 2. On the **History** tab, select an action that you want to undo.
-3.	In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).)
+3. In the flyout pane, select **Undo**. If the action cannot be undone with this method, you will not see an **Undo** button. (To learn more, see [Undo completed actions](manage-auto-investigation.md#undo-completed-actions).)
 
 ### Undo multiple actions at one time
 
-1.	Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
-2.	On the **History** tab, select the actions that you want to undo.
-3.	In the pane on the right side of the screen, select **Undo**.
+1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in.
+2. On the **History** tab, select the actions that you want to undo.
+3. In the pane on the right side of the screen, select **Undo**.
 
 ### Remove a file from quarantine across multiple devices 
 

From 87a43c486a27d80811f79d30915204bd20dbcb0a Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Wed, 27 Jan 2021 11:37:23 -0800
Subject: [PATCH 289/396] Add link to new syntax

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 9053de5168..2ae1e83837 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -33,7 +33,7 @@ ms.technology: mde
 ## 101.19.48
 
 > [!NOTE]
-> The old command-line tool syntax has been deprecated with this release.
+> The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see [Resources](mac-resources.md#configuring-from-the-command-line).
 
 - Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac
 - Performance improvements & bug fixes

From 5db9bdd39f5af3eb34f60c0c86b8656fe6d0032b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 Jan 2021 13:59:44 -0800
Subject: [PATCH 290/396] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md           | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index ad505f776b..20419165db 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: tewchen, pahuijbr, shwjha
 manager: dansimp
-ms.date: 01/22/2021
+ms.date: 01/27/2021
 ms.technology: mde
 ---
 
@@ -89,10 +89,12 @@ The table in this section summarizes the functionality and features that are ava
 |  [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note <sup>[[4](#fn4)]<sup> | Yes | No |
 | [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No |
 
-(<a id="fn3">3</a>) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. However, if [Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) (Endpoint DLP) is configured and in effect, protective actions are enforced. Endpoint DLP works with real-time protection and behavior monitoring. 
+(<a id="fn3">3</a>) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. 
 
 (<a id="fn4">4</a>) When Microsoft Defender Antivirus is in passive mode, threat remediation features are active only during scheduled or on-demand scans.
 
+> [!NOTE]
+> [Microsoft 365 Endpoint data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/endpoint-dlp-learn-about) protection continues to operate normally when Microsoft Defender Antivirus is in active or passive mode.
 
 ## Keep the following points in mind
 

From e94d376345b81166cd2e35693ba87e2de650bb94 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 18:09:28 +0200
Subject: [PATCH 291/396] 1

---
 .../microsoft-defender-atp/api-release-notes.md                | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 4a650a2e4d..5dd49affed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -23,13 +23,16 @@ ms.technology: mde
 
 - test 1 
 
+<hr> 
 ## 2.2.3
 
 - test2
 - test3
 
+<hr> 
 ## 2.1.58
 
 - fix: test4
 - fix: test5
 - add: test6
+<hr> 
\ No newline at end of file

From 1849be05e2751c3a377c9b089ac7083d54054b50 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 18:21:42 +0200
Subject: [PATCH 292/396] 2

---
 .../microsoft-defender-atp/api-release-notes.md   | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 5dd49affed..4bd5e626eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -19,15 +19,20 @@ ms.technology: mde
 
 # Release Notes
 
-## 2.2.4
+## 25.01.2021
 
-- test 1 
+- Updated rate limitations for [Hunting API](run-advanced-query-api.md) to 45 requests per minute. 
 
 <hr> 
-## 2.2.3
+## 21.01.2021
 
-- test2
-- test3
+- Added new API: [Find devices by tag](machine-tags.md). 
+- Added new API: [Import Indicators](import-ti-indicators.md). 
+
+<hr> 
+## 01.09.2020
+
+- Added option to expand the Alert object with its related Evidence. See [List Alerts](get-alerts.md)
 
 <hr> 
 ## 2.1.58

From 9d62730beb65f306f0d14ff0c21010b23dbf3616 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 18:23:39 +0200
Subject: [PATCH 293/396] 2

---
 .../api-release-notes.md                      | 23 ++++++++-----------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 4bd5e626eb..a61531bcf0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -19,25 +19,20 @@ ms.technology: mde
 
 # Release Notes
 
-## 25.01.2021
+### 25.01.2021
+<br>
+<hr>
 
 - Updated rate limitations for [Hunting API](run-advanced-query-api.md) to 45 requests per minute. 
 
-<hr> 
-## 21.01.2021
-
+### 21.01.2021
+<br>
+<hr>
 - Added new API: [Find devices by tag](machine-tags.md). 
 - Added new API: [Import Indicators](import-ti-indicators.md). 
 
-<hr> 
-## 01.09.2020
 
+### 01.09.2020
+<br>
+<hr>
 - Added option to expand the Alert object with its related Evidence. See [List Alerts](get-alerts.md)
-
-<hr> 
-## 2.1.58
-
-- fix: test4
-- fix: test5
-- add: test6
-<hr> 
\ No newline at end of file

From 7cd95e5ac9ede0a5247190187c5d1332ad30e9b0 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 18:26:48 +0200
Subject: [PATCH 294/396] 1

---
 .../microsoft-defender-atp/api-release-notes.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index a61531bcf0..496e4151c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -18,6 +18,8 @@ ms.technology: mde
 ---
 
 # Release Notes
+<br>
+<hr>
 
 ### 25.01.2021
 <br>

From 05207554978b7ca295186f41d6fcb0ebeb067930 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 18:54:48 +0200
Subject: [PATCH 295/396] 1

---
 .../exposed-apis-odata-samples.md             | 170 ++++++++++++------
 .../get-alert-related-machine-info.md         |  47 +++--
 .../get-machine-by-id.md                      |  38 ++--
 .../microsoft-defender-atp/get-machines.md    |  38 ++--
 .../microsoft-defender-atp/machine.md         |   4 +-
 5 files changed, 197 insertions(+), 100 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index ab3344e02c..589c3508f8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -221,25 +221,39 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=riskScor
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2021-01-25T07:27:36.052313Z",
 			"osPlatform": "Windows10",
-			"version": "1709",
 			"osProcessor": "x64",
-			"lastIpAddress": "172.17.230.209",
-			"lastExternalIpAddress": "167.220.196.71",
-			"osBuild": 18209,
+			"version": "1901",
+			"lastIpAddress": "10.166.113.46",
+			"lastExternalIpAddress": "167.220.203.175",
+			"osBuild": 19042,
 			"healthStatus": "Active",
-			"rbacGroupId": 140,
+			"deviceValue": "Normal",
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "High",
-			"exposureLevel": "Medium",
-			"isAadJoined": true,
-			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-			"machineTags": [ "test tag 1", "ExampleTag" ]
-        },
+			"exposureLevel": "Low",
+			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+			"machineTags": [
+				"Tag1",
+				"Tag2"
+			],
+			"ipAddresses": [
+				{
+					"ipAddress": "10.166.113.47",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				},
+				{
+					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				}
+			]
+		},
         ...
     ]
 }
@@ -260,25 +274,39 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=healthSt
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2021-01-25T07:27:36.052313Z",
 			"osPlatform": "Windows10",
-			"version": "1709",
 			"osProcessor": "x64",
-			"lastIpAddress": "172.17.230.209",
-			"lastExternalIpAddress": "167.220.196.71",
-			"osBuild": 18209,
-			"healthStatus": "ImpairedCommunication",
-			"rbacGroupId": 140,
+			"version": "1901",
+			"lastIpAddress": "10.166.113.46",
+			"lastExternalIpAddress": "167.220.203.175",
+			"osBuild": 19042,
+			"healthStatus": "Active",
+			"deviceValue": "Normal",
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "Low",
-			"exposureLevel": "Medium",
-			"isAadJoined": true,
-			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-			"machineTags": [ "test tag 1", "ExampleTag" ]
-        },
+			"exposureLevel": "Low",
+			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+			"machineTags": [
+				"Tag1",
+				"Tag2"
+			],
+			"ipAddresses": [
+				{
+					"ipAddress": "10.166.113.47",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				},
+				{
+					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				}
+			]
+		},
         ...
     ]
 }
@@ -299,25 +327,39 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2021-01-25T07:27:36.052313Z",
 			"osPlatform": "Windows10",
-			"version": "1709",
 			"osProcessor": "x64",
-			"lastIpAddress": "172.17.230.209",
-			"lastExternalIpAddress": "167.220.196.71",
-			"osBuild": 18209,
-			"healthStatus": "ImpairedCommunication",
-			"rbacGroupId": 140,
+			"version": "1901",
+			"lastIpAddress": "10.166.113.46",
+			"lastExternalIpAddress": "167.220.203.175",
+			"osBuild": 19042,
+			"healthStatus": "Active",
+			"deviceValue": "Normal",
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "Low",
-			"exposureLevel": "Medium",
-			"isAadJoined": true,
-			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-			"machineTags": [ "test tag 1", "ExampleTag" ]
-        },
+			"exposureLevel": "Low",
+			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+			"machineTags": [
+				"Tag1",
+				"Tag2"
+			],
+			"ipAddresses": [
+				{
+					"ipAddress": "10.166.113.47",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				},
+				{
+					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				}
+			]
+		},
         ...
     ]
 }
@@ -384,25 +426,39 @@ json{
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-	    "computerDnsName": "mymachine1.contoso.com",
-	    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-	    "lastSeen": "2018-08-02T14:55:03.7791856Z",
-	    "osPlatform": "Windows10",
-	    "version": "1709",
-	    "osProcessor": "x64",
-	    "lastIpAddress": "172.17.230.209",
-	    "lastExternalIpAddress": "167.220.196.71",
-	    "osBuild": 18209,
-	    "healthStatus": "ImpairedCommunication",
-	    "rbacGroupId": 140,
-	    "rbacGroupName": "The-A-Team",
-	    "riskScore": "Low",
-	    "exposureLevel": "Medium",
-	    "isAadJoined": true,
-	    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-	    "machineTags": [ "test tag 1", "ExampleTag" ]
-        },
+			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+			"computerDnsName": "mymachine1.contoso.com",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2021-01-25T07:27:36.052313Z",
+			"osPlatform": "Windows10",
+			"osProcessor": "x64",
+			"version": "1901",
+			"lastIpAddress": "10.166.113.46",
+			"lastExternalIpAddress": "167.220.203.175",
+			"osBuild": 19042,
+			"healthStatus": "Active",
+			"deviceValue": "Normal",
+			"rbacGroupName": "The-A-Team",
+			"riskScore": "Low",
+			"exposureLevel": "Low",
+			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+			"machineTags": [
+				"Tag1",
+				"Tag2"
+			],
+			"ipAddresses": [
+				{
+					"ipAddress": "10.166.113.47",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				},
+				{
+					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				}
+			]
+		},
         ...
     ]
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index 60d47669c1..1ee033457d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -90,24 +90,37 @@ Here is an example of the response.
 
 ```json
 {
-    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
-    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-	"lastSeen": "2018-08-02T14:55:03.7791856Z",
-    "osPlatform": "Windows10",
-    "version": "1709",
+	"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+	"computerDnsName": "mymachine1.contoso.com",
+	"firstSeen": "2018-08-02T14:55:03.7791856Z",
+	"lastSeen": "2021-01-25T07:27:36.052313Z",
+	"osPlatform": "Windows10",
 	"osProcessor": "x64",
-    "lastIpAddress": "172.17.230.209",
-    "lastExternalIpAddress": "167.220.196.71",
-    "osBuild": 18209,
-    "healthStatus": "Active",
-    "rbacGroupId": 140,
+	"version": "1901",
+	"lastIpAddress": "10.166.113.46",
+	"lastExternalIpAddress": "167.220.203.175",
+	"osBuild": 19042,
+	"healthStatus": "Active",
+	"deviceValue": "Normal",
 	"rbacGroupName": "The-A-Team",
-    "riskScore": "Low",
-	"exposureLevel": "Medium",
-	"isAadJoined": true,
-    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-	"machineTags": [ "test tag 1", "test tag 2" ]
+	"riskScore": "Low",
+	"exposureLevel": "Low",
+	"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+	"machineTags": [
+		"Tag1",
+		"Tag2"
+	],
+	"ipAddresses": [
+		{
+			"ipAddress": "10.166.113.47",
+			"macAddress": "8CEC4B897E73",
+			"operationalStatus": "Up"
+		},
+		{
+			"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+			"macAddress": "8CEC4B897E73",
+			"operationalStatus": "Up"
+		}
+	]
 }
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index 0a6ff20f30..c754604e60 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -93,25 +93,37 @@ Here is an example of the response.
 
 ```json
 {
-    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
-    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+	"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 	"computerDnsName": "mymachine1.contoso.com",
 	"firstSeen": "2018-08-02T14:55:03.7791856Z",
-	"lastSeen": "2018-08-02T14:55:03.7791856Z",
+	"lastSeen": "2021-01-25T07:27:36.052313Z",
 	"osPlatform": "Windows10",
-	"version": "1709",
 	"osProcessor": "x64",
-	"lastIpAddress": "172.17.230.209",
-	"lastExternalIpAddress": "167.220.196.71",
-	"osBuild": 18209,
+	"version": "1901",
+	"lastIpAddress": "10.166.113.46",
+	"lastExternalIpAddress": "167.220.203.175",
+	"osBuild": 19042,
 	"healthStatus": "Active",
-	"rbacGroupId": 140,
+	"deviceValue": "Normal",
 	"rbacGroupName": "The-A-Team",
 	"riskScore": "Low",
-	"exposureLevel": "Medium",
-	"isAadJoined": true,
-	"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-	"machineTags": [ "test tag 1", "test tag 2" ]
+	"exposureLevel": "Low",
+	"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+	"machineTags": [
+		"Tag1",
+		"Tag2"
+	],
+	"ipAddresses": [
+		{
+			"ipAddress": "10.166.113.47",
+			"macAddress": "8CEC4B897E73",
+			"operationalStatus": "Up"
+		},
+		{
+			"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+			"macAddress": "8CEC4B897E73",
+			"operationalStatus": "Up"
+		}
+	]
 }
-
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index 42a179a64f..a36163fc75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -97,25 +97,39 @@ Here is an example of the response.
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2021-01-25T07:27:36.052313Z",
 			"osPlatform": "Windows10",
-			"version": "1709",
 			"osProcessor": "x64",
-			"lastIpAddress": "172.17.230.209",
-			"lastExternalIpAddress": "167.220.196.71",
-			"osBuild": 18209,
+			"version": "1901",
+			"lastIpAddress": "10.166.113.46",
+			"lastExternalIpAddress": "167.220.203.175",
+			"osBuild": 19042,
 			"healthStatus": "Active",
-			"rbacGroupId": 140,
+			"deviceValue": "Normal",
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "Low",
-			"exposureLevel": "Medium",
-			"isAadJoined": true,
-			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-			"machineTags": [ "test tag 1", "test tag 2" ]
-        }
+			"exposureLevel": "Low",
+			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
+			"machineTags": [
+				"Tag1",
+				"Tag2"
+			],
+			"ipAddresses": [
+				{
+					"ipAddress": "10.166.113.47",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				},
+				{
+					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
+					"macAddress": "8CEC4B897E73",
+					"operationalStatus": "Up"
+				}
+			]
+		},
 		...
     ]
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 896f5ca654..79b6f79c97 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -58,17 +58,19 @@ computerDnsName | String | [machine](machine.md) fully qualified name.
 firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint.
 lastSeen | DateTimeOffset |Time and date of the last received full device report. A device typically sends a full report every 24 hours.
 osPlatform | String | Operating system platform.
+osProcessor | String | Operating system processor.
 version | String | Operating system Version.
 osBuild | Nullable long | Operating system build number.
 lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
 lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
 healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". 
 rbacGroupName | String | Machine group Name.
-rbacGroupId | Int | Machine group unique ID.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
 exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.
 exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.
+ipAddresses | IpAddress collection | Set of ***IpAddress*** object. See [Get machines API](get-machines.md).
+
 

From 374cd8e3891b666e6e350b9626725305f9928331 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 19:15:21 +0200
Subject: [PATCH 296/396] 3

---
 .../microsoft-defender-atp/api-release-notes.md        | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 496e4151c6..94884f8d28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -22,19 +22,21 @@ ms.technology: mde
 <hr>
 
 ### 25.01.2021
-<br>
 <hr>
 
 - Updated rate limitations for [Hunting API](run-advanced-query-api.md) to 45 requests per minute. 
 
-### 21.01.2021
 <br>
+<br>
+### 21.01.2021
 <hr>
+
 - Added new API: [Find devices by tag](machine-tags.md). 
 - Added new API: [Import Indicators](import-ti-indicators.md). 
 
-
-### 01.09.2020
 <br>
+<br>
+### 01.09.2020
 <hr>
+
 - Added option to expand the Alert object with its related Evidence. See [List Alerts](get-alerts.md)

From 996ed22e654a18d0995a157e5b72eb05b56d973b Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 19:27:34 +0200
Subject: [PATCH 297/396] 1

---
 .../api-release-notes.md                      | 16 +++++++++++-
 .../set-device-value.md                       | 26 +++++++++++++++----
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 94884f8d28..aef1b00336 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -34,9 +34,23 @@ ms.technology: mde
 - Added new API: [Find devices by tag](machine-tags.md). 
 - Added new API: [Import Indicators](import-ti-indicators.md). 
 
+<br>
+<br>
+### 15.12.2020
+<hr>
+
+- Updated [Device](machine.md) entity with IP Interfaces. See [List devices](get-machines.md).
+
+<br>
+<br>
+### 04.12.2020
+<hr>
+
+- Added new API: [Set device value](set-device-value.md).
+
 <br>
 <br>
 ### 01.09.2020
 <hr>
 
-- Added option to expand the Alert object with its related Evidence. See [List Alerts](get-alerts.md)
+- Added option to expand the Alert entity with its related Evidence. See [List Alerts](get-alerts.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
index 6f1fe23a4a..1164cfc4a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
@@ -73,12 +73,28 @@ Content-Type | string | application/json. **Required**.
 
 ## Request body
 
-```json
-{
-  "DeviceValue": "{device value}"
-}
-```
+In the request body, supply a JSON object with the following parameters:
+
+Parameter |    Type    | Description
+:---|:---|:---
+DeviceValue |    Enum |    Device value. Allowed values are: 'Normal', 'Low' and 'High'. **Required**.
 
 ## Response
 
 If successful, this method returns 200 - Ok response code and the updated Machine in the response body.
+
+## Example
+
+**Request**
+
+Here is an example of a request that adds machine tag.
+
+```
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/setDeviceValue
+```
+
+```json
+{
+  "DeviceValue" : "High"
+}
+```
\ No newline at end of file

From 77288ab9c0827ae9ccca1e1a72fa46d54b374dc3 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 19:39:53 +0200
Subject: [PATCH 298/396] 1

---
 .../microsoft-defender-atp/api-release-notes.md      | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index aef1b00336..5cc2a60d8b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -28,6 +28,7 @@ ms.technology: mde
 
 <br>
 <br>
+
 ### 21.01.2021
 <hr>
 
@@ -36,6 +37,15 @@ ms.technology: mde
 
 <br>
 <br>
+
+### 03.01.2021
+<hr>
+
+- Update Alert evidence with 
+
+<br>
+<br>
+
 ### 15.12.2020
 <hr>
 
@@ -43,6 +53,7 @@ ms.technology: mde
 
 <br>
 <br>
+
 ### 04.12.2020
 <hr>
 
@@ -50,6 +61,7 @@ ms.technology: mde
 
 <br>
 <br>
+
 ### 01.09.2020
 <hr>
 

From 70290566344b75cb6e089be8a29df213ed0c672d Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 19:43:39 +0200
Subject: [PATCH 299/396] 1

---
 .../microsoft-defender-atp/api-release-notes.md                 | 2 +-
 .../threat-protection/microsoft-defender-atp/machine.md         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 5cc2a60d8b..8200dc8a47 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -41,7 +41,7 @@ ms.technology: mde
 ### 03.01.2021
 <hr>
 
-- Update Alert evidence with 
+- Update Alert evidence: added ***detectionStatus***, ***parentProcessFilePath*** and ***parentProcessFileName***.
 
 <br>
 <br>
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md
index 79b6f79c97..477cebbeb7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@@ -71,6 +71,6 @@ aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machi
 machineTags | String collection | Set of [machine](machine.md) tags.
 exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 deviceValue | Nullable Enum | The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.
-ipAddresses | IpAddress collection | Set of ***IpAddress*** object. See [Get machines API](get-machines.md).
+ipAddresses | IpAddress collection | Set of ***IpAddress*** objects. See [Get machines API](get-machines.md).
 
 

From 2560de795908d3c9b9bad44417d9a2a7ddf7e272 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 20:12:39 +0200
Subject: [PATCH 300/396] 1

---
 .../microsoft-defender-atp/alerts.md          | 159 +++++++++++++---
 .../api-release-notes.md                      |   8 +-
 .../exposed-apis-odata-samples.md             | 171 +++++++++++-------
 .../microsoft-defender-atp/get-alerts.md      | 171 +++++++++++-------
 4 files changed, 349 insertions(+), 160 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index f6b1666c6c..165692fb02 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -69,45 +69,146 @@ determination | Nullable Enum | Specifies the determination of the alert. Possib
 category| String | Category of the alert.
 detectionSource | String | Detection source.
 threatFamilyName | String | Threat family.
+threatName | String | Threat name.
+threatName | String | Threat name.
 machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
 computerDnsName | String | [machine](machine.md) fully qualified name.
 aadTenantId | String | The Azure Active Directory ID.
-comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time.
+detectorId | String | The ID of the detector that triggered the alert.
+comments | List of Alert comments | Alert Comment object contains: comment string, createdBy string and createTime date time.
+Evidence | List of Alert evidence | Evidence related to the alert. See example below.
 
 ### Response example for getting single alert:
 
 ```
-GET https://api.securitycenter.microsoft.com/api/alerts/da637084217856368682_-292920499
+GET https://api.securitycenter.microsoft.com/api/alerts/da637472900382838869_1364969609
 ```
 
 ```json
 {
-    "id": "da637084217856368682_-292920499",
-    "incidentId": 66860,
-    "investigationId": 4416234,
-    "investigationState": "Running",
-    "assignedTo": "secop@contoso.com",
-    "severity": "Low",
-    "status": "New",
-    "classification": "TruePositive",
-    "determination": null,
-    "detectionSource": "WindowsDefenderAtp",
-    "category": "CommandAndControl",
-    "threatFamilyName": null,
-    "title": "Network connection to a risky host",
-    "description": "A network connection was made to a risky host which has exhibited malicious activity.",
-    "alertCreationTime": "2019-11-03T23:49:45.3823185Z",
-    "firstEventTime": "2019-11-03T23:47:16.2288822Z",
-    "lastEventTime": "2019-11-03T23:47:51.2966758Z",
-    "lastUpdateTime": "2019-11-03T23:55:52.6Z",
-    "resolvedTime": null,
-    "machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd",
-    "comments": [
-        {
-            "comment": "test comment for docs",
-            "createdBy": "secop@contoso.com",
-            "createdTime": "2019-11-05T14:08:37.8404534Z"
-        }
-    ]
+	"id": "da637472900382838869_1364969609",
+	"incidentId": 1126093,
+	"investigationId": null,
+	"assignedTo": null,
+	"severity": "Low",
+	"status": "New",
+	"classification": null,
+	"determination": null,
+	"investigationState": "Queued",
+	"detectionSource": "WindowsDefenderAtp",
+	"detectorId": "17e10bbc-3a68-474a-8aad-faef14d43952",
+	"category": "Execution",
+	"threatFamilyName": null,
+	"title": "Low-reputation arbitrary code executed by signed executable",
+	"description": "Binaries signed by Microsoft can be used to run low-reputation arbitrary code. This technique hides the execution of malicious code within a trusted process. As a result, the trusted process might exhibit suspicious behaviors, such as opening a listening port or connecting to a command-and-control (C&C) server.",
+	"alertCreationTime": "2021-01-26T20:33:57.7220239Z",
+	"firstEventTime": "2021-01-26T20:31:32.9562661Z",
+	"lastEventTime": "2021-01-26T20:31:33.0577322Z",
+	"lastUpdateTime": "2021-01-26T20:33:59.2Z",
+	"resolvedTime": null,
+	"machineId": "111e6dd8c833c8a052ea231ec1b19adaf497b625",
+	"computerDnsName": "temp123.middleeast.corp.microsoft.com",
+	"rbacGroupName": "A",
+    "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c",
+	"threatName": null,
+	"mitreTechniques": [
+		"T1064",
+		"T1085",
+		"T1220"
+	],
+	"relatedUser": {
+        "userName": "temp123",
+        "domainName": "MIDDLEEAST"
+    },
+	"comments": [
+		{
+			"comment": "test comment for docs",
+			"createdBy": "secop123@contoso.com",
+			"createdTime": "2021-01-26T01:00:37.8404534Z"
+		}
+	],
+	"evidence": [
+		{
+			"entityType": "User",
+			"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
+			"sha1": null,
+			"sha256": null,
+			"fileName": null,
+			"filePath": null,
+			"processId": null,
+			"processCommandLine": null,
+			"processCreationTime": null,
+			"parentProcessId": null,
+			"parentProcessCreationTime": null,
+			"parentProcessFileName": null,
+			"parentProcessFilePath": null,
+			"ipAddress": null,
+			"url": null,
+			"registryKey": null,
+			"registryHive": null,
+			"registryValueType": null,
+			"registryValue": null,
+			"accountName": "eranb",
+			"domainName": "MIDDLEEAST",
+			"userSid": "S-1-5-21-11111607-1111760036-109187956-75141",
+			"aadUserId": "11118379-2a59-1111-ac3c-a51eb4a3c627",
+			"userPrincipalName": "temp123@microsoft.com",
+			"detectionStatus": null
+		},
+		{
+			"entityType": "Process",
+			"evidenceCreationTime": "2021-01-26T20:33:58.6133333Z",
+			"sha1": "ff836cfb1af40252bd2a2ea843032e99a5b262ed",
+			"sha256": "a4752c71d81afd3d5865d24ddb11a6b0c615062fcc448d24050c2172d2cbccd6",
+			"fileName": "rundll32.exe",
+			"filePath": "C:\\Windows\\SysWOW64",
+			"processId": 3276,
+			"processCommandLine": "rundll32.exe  c:\\temp\\suspicious.dll,RepeatAfterMe",
+			"processCreationTime": "2021-01-26T20:31:32.9581596Z",
+			"parentProcessId": 8420,
+			"parentProcessCreationTime": "2021-01-26T20:31:32.9004163Z",
+			"parentProcessFileName": "rundll32.exe",
+			"parentProcessFilePath": "C:\\Windows\\System32",
+			"ipAddress": null,
+			"url": null,
+			"registryKey": null,
+			"registryHive": null,
+			"registryValueType": null,
+			"registryValue": null,
+			"accountName": null,
+			"domainName": null,
+			"userSid": null,
+			"aadUserId": null,
+			"userPrincipalName": null,
+			"detectionStatus": "Detected"
+		},
+		{
+			"entityType": "File",
+			"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
+			"sha1": "8563f95b2f8a284fc99da44500cd51a77c1ff36c",
+			"sha256": "dc0ade0c95d6db98882bc8fa6707e64353cd6f7767ff48d6a81a6c2aef21c608",
+			"fileName": "suspicious.dll",
+			"filePath": "c:\\temp",
+			"processId": null,
+			"processCommandLine": null,
+			"processCreationTime": null,
+			"parentProcessId": null,
+			"parentProcessCreationTime": null,
+			"parentProcessFileName": null,
+			"parentProcessFilePath": null,
+			"ipAddress": null,
+			"url": null,
+			"registryKey": null,
+			"registryHive": null,
+			"registryValueType": null,
+			"registryValue": null,
+			"accountName": null,
+			"domainName": null,
+			"userSid": null,
+			"aadUserId": null,
+			"userPrincipalName": null,
+			"detectionStatus": "Detected"
+		}
+	]
 }
 ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 8200dc8a47..51e3dc8790 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -41,7 +41,8 @@ ms.technology: mde
 ### 03.01.2021
 <hr>
 
-- Update Alert evidence: added ***detectionStatus***, ***parentProcessFilePath*** and ***parentProcessFileName***.
+- Updated Alert evidence: added ***detectionStatus***, ***parentProcessFilePath*** and ***parentProcessFileName*** properties.
+- Updated [Alert entity](alerts.md): added ***detectorId*** property.
 
 <br>
 <br>
@@ -49,15 +50,16 @@ ms.technology: mde
 ### 15.12.2020
 <hr>
 
-- Updated [Device](machine.md) entity with IP Interfaces. See [List devices](get-machines.md).
+- Updated [Device](machine.md) entity: added ***IpInterfaces*** list. See [List devices](get-machines.md).
 
 <br>
 <br>
 
-### 04.12.2020
+### 04.11.2020
 <hr>
 
 - Added new API: [Set device value](set-device-value.md).
+- Updated [Device](machine.md) entity: added ***deviceValue*** property.
 
 <br>
 <br>
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 589c3508f8..504f3e3b49 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -57,75 +57,51 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts",
     "value": [
 		{
-			"id": "da637306396589640224_1753239473",
-			"incidentId": 875832,
-			"investigationId": 478434,
+			"id": "da637472900382838869_1364969609",
+			"incidentId": 1126093,
+			"investigationId": null,
 			"assignedTo": null,
 			"severity": "Low",
 			"status": "New",
 			"classification": null,
 			"determination": null,
-			"investigationState": "PendingApproval",
-			"detectionSource": "WindowsDefenderAv",
-			"category": "UnwantedSoftware",
-			"threatFamilyName": "InstallCore",
-			"title": "An active 'InstallCore' unwanted software was detected",
-			"description": "Potentially unwanted applications (PUA) often impact productivity and performance and are often unwanted in enterprise environments. This category of applications include torrent downloaders, cryptocurrency miners, browser advertising software, and evasion software.\n\nAn application is considered active if it is found running on the machine or it already has persistence mechanisms in place.\n\nBecause this PUA was active, take precautionary measures and check for residual signs of infection.",
-			"alertCreationTime": "2020-07-18T03:27:38.9483995Z",
-			"firstEventTime": "2020-07-18T03:25:39.6124549Z",
-			"lastEventTime": "2020-07-18T03:26:18.4362304Z",
-			"lastUpdateTime": "2020-07-18T03:28:19.76Z",
+			"investigationState": "Queued",
+			"detectionSource": "WindowsDefenderAtp",
+			"detectorId": "17e10bbc-3a68-474a-8aad-faef14d43952",
+			"category": "Execution",
+			"threatFamilyName": null,
+			"title": "Low-reputation arbitrary code executed by signed executable",
+			"description": "Binaries signed by Microsoft can be used to run low-reputation arbitrary code. This technique hides the execution of malicious code within a trusted process. As a result, the trusted process might exhibit suspicious behaviors, such as opening a listening port or connecting to a command-and-control (C&C) server.",
+			"alertCreationTime": "2021-01-26T20:33:57.7220239Z",
+			"firstEventTime": "2021-01-26T20:31:32.9562661Z",
+			"lastEventTime": "2021-01-26T20:31:33.0577322Z",
+			"lastUpdateTime": "2021-01-26T20:33:59.2Z",
 			"resolvedTime": null,
-			"machineId": "97868b864dc8fa09cc8726c37a1fcd8ab582f3aa",
-			"computerDnsName": "temp2.redmond.corp.microsoft.com",
-			"rbacGroupName": "Ring0",
-			"aadTenantId": "12f988bf-1234-1234-91ab-2d7cd011db47",
+			"machineId": "111e6dd8c833c8a052ea231ec1b19adaf497b625",
+			"computerDnsName": "temp123.middleeast.corp.microsoft.com",
+			"rbacGroupName": "A",
+            "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c",
+			"threatName": null,
+			"mitreTechniques": [
+				"T1064",
+				"T1085",
+				"T1220"
+			],
 			"relatedUser": {
-				"userName": "temp2",
-				"domainName": "REDMOND"
-			},
-			"comments": [],
+                "userName": "temp123",
+                "domainName": "MIDDLEEAST"
+            },
+			"comments": [
+				{
+					"comment": "test comment for docs",
+					"createdBy": "secop123@contoso.com",
+					"createdTime": "2021-01-26T01:00:37.8404534Z"
+				}
+			],
 			"evidence": [
-				{
-					"entityType": "File",
-					"sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c",
-					"sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2",
-					"fileName": "Your File Is Ready To Download_1911150169.exe",
-					"filePath": "C:\\Users\\temp2\\Downloads",
-					"processId": null,
-					"processCommandLine": null,
-					"processCreationTime": null,
-					"parentProcessId": null,
-					"parentProcessCreationTime": null,
-					"ipAddress": null,
-					"url": null,
-					"accountName": null,
-					"domainName": null,
-					"userSid": null,
-					"aadUserId": null,
-					"userPrincipalName": null
-				},
-				{
-					"entityType": "Process",
-					"sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c",
-					"sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2",
-					"fileName": "Your File Is Ready To Download_1911150169.exe",
-					"filePath": "C:\\Users\\temp2\\Downloads",
-					"processId": 24348,
-					"processCommandLine": "\"Your File Is Ready To Download_1911150169.exe\" ",
-					"processCreationTime": "2020-07-18T03:25:38.5269993Z",
-					"parentProcessId": 16840,
-					"parentProcessCreationTime": "2020-07-18T02:12:32.8616797Z",
-					"ipAddress": null,
-					"url": null,
-					"accountName": null,
-					"domainName": null,
-					"userSid": null,
-					"aadUserId": null,
-					"userPrincipalName": null
-				},
 				{
 					"entityType": "User",
+					"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
 					"sha1": null,
 					"sha256": null,
 					"fileName": null,
@@ -135,13 +111,74 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev
 					"processCreationTime": null,
 					"parentProcessId": null,
 					"parentProcessCreationTime": null,
+					"parentProcessFileName": null,
+					"parentProcessFilePath": null,
 					"ipAddress": null,
 					"url": null,
-					"accountName": "temp2",
-					"domainName": "REDMOND",
-					"userSid": "S-1-5-21-1127532184-1642412920-1887927527-75363",
-					"aadUserId": "319dc320-4ce3-4cd7-a0de-c476d146342d",
-					"userPrincipalName": "temp2@microsoft.com"
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": "eranb",
+					"domainName": "MIDDLEEAST",
+					"userSid": "S-1-5-21-11111607-1111760036-109187956-75141",
+					"aadUserId": "11118379-2a59-1111-ac3c-a51eb4a3c627",
+					"userPrincipalName": "temp123@microsoft.com",
+					"detectionStatus": null
+				},
+				{
+					"entityType": "Process",
+					"evidenceCreationTime": "2021-01-26T20:33:58.6133333Z",
+					"sha1": "ff836cfb1af40252bd2a2ea843032e99a5b262ed",
+					"sha256": "a4752c71d81afd3d5865d24ddb11a6b0c615062fcc448d24050c2172d2cbccd6",
+					"fileName": "rundll32.exe",
+					"filePath": "C:\\Windows\\SysWOW64",
+					"processId": 3276,
+					"processCommandLine": "rundll32.exe  c:\\temp\\suspicious.dll,RepeatAfterMe",
+					"processCreationTime": "2021-01-26T20:31:32.9581596Z",
+					"parentProcessId": 8420,
+					"parentProcessCreationTime": "2021-01-26T20:31:32.9004163Z",
+					"parentProcessFileName": "rundll32.exe",
+					"parentProcessFilePath": "C:\\Windows\\System32",
+					"ipAddress": null,
+					"url": null,
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": null,
+					"domainName": null,
+					"userSid": null,
+					"aadUserId": null,
+					"userPrincipalName": null,
+					"detectionStatus": "Detected"
+				},
+				{
+					"entityType": "File",
+					"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
+					"sha1": "8563f95b2f8a284fc99da44500cd51a77c1ff36c",
+					"sha256": "dc0ade0c95d6db98882bc8fa6707e64353cd6f7767ff48d6a81a6c2aef21c608",
+					"fileName": "suspicious.dll",
+					"filePath": "c:\\temp",
+					"processId": null,
+					"processCommandLine": null,
+					"processCreationTime": null,
+					"parentProcessId": null,
+					"parentProcessCreationTime": null,
+					"parentProcessFileName": null,
+					"parentProcessFilePath": null,
+					"ipAddress": null,
+					"url": null,
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": null,
+					"domainName": null,
+					"userSid": null,
+					"aadUserId": null,
+					"userPrincipalName": null,
+					"detectionStatus": "Detected"
 				}
 			]
 		},
@@ -188,6 +225,12 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdate
             "computerDnsName": "temp123.middleeast.corp.microsoft.com",
             "rbacGroupName": "MiddleEast",
             "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c",
+			"threatName": null,
+			"mitreTechniques": [
+				"T1064",
+				"T1085",
+				"T1220"
+			],
             "relatedUser": {
                 "userName": "temp123",
                 "domainName": "MIDDLEEAST"
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index eb0067b2ba..47af279049 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -128,6 +128,12 @@ Here is an example of the response.
             "computerDnsName": "temp123.middleeast.corp.microsoft.com",
             "rbacGroupName": "MiddleEast",
             "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c",
+			"threatName": null,
+			"mitreTechniques": [
+				"T1064",
+				"T1085",
+				"T1220"
+			],
             "relatedUser": {
                 "userName": "temp123",
                 "domainName": "MIDDLEEAST"
@@ -170,75 +176,51 @@ Here is an example of the response.
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts",
     "value": [
 		{
-			"id": "da637306396589640224_1753239473",
-			"incidentId": 875832,
-			"investigationId": 478434,
+			"id": "da637472900382838869_1364969609",
+			"incidentId": 1126093,
+			"investigationId": null,
 			"assignedTo": null,
 			"severity": "Low",
 			"status": "New",
 			"classification": null,
 			"determination": null,
-			"investigationState": "PendingApproval",
-			"detectionSource": "WindowsDefenderAv",
-			"category": "UnwantedSoftware",
-			"threatFamilyName": "InstallCore",
-			"title": "An active 'InstallCore' unwanted software was detected",
-			"description": "Potentially unwanted applications (PUA) often impact productivity and performance and are often unwanted in enterprise environments. This category of applications include torrent downloaders, cryptocurrency miners, browser advertising software, and evasion software.\n\nAn application is considered active if it is found running on the machine or it already has persistence mechanisms in place.\n\nBecause this PUA was active, take precautionary measures and check for residual signs of infection.",
-			"alertCreationTime": "2020-07-18T03:27:38.9483995Z",
-			"firstEventTime": "2020-07-18T03:25:39.6124549Z",
-			"lastEventTime": "2020-07-18T03:26:18.4362304Z",
-			"lastUpdateTime": "2020-07-18T03:28:19.76Z",
+			"investigationState": "Queued",
+			"detectionSource": "WindowsDefenderAtp",
+			"detectorId": "17e10bbc-3a68-474a-8aad-faef14d43952",
+			"category": "Execution",
+			"threatFamilyName": null,
+			"title": "Low-reputation arbitrary code executed by signed executable",
+			"description": "Binaries signed by Microsoft can be used to run low-reputation arbitrary code. This technique hides the execution of malicious code within a trusted process. As a result, the trusted process might exhibit suspicious behaviors, such as opening a listening port or connecting to a command-and-control (C&C) server.",
+			"alertCreationTime": "2021-01-26T20:33:57.7220239Z",
+			"firstEventTime": "2021-01-26T20:31:32.9562661Z",
+			"lastEventTime": "2021-01-26T20:31:33.0577322Z",
+			"lastUpdateTime": "2021-01-26T20:33:59.2Z",
 			"resolvedTime": null,
-			"machineId": "97868b864dc8fa09cc8726c37a1fcd8ab582f3aa",
-			"computerDnsName": "temp2.redmond.corp.microsoft.com",
-			"rbacGroupName": "Ring0",
-			"aadTenantId": "12f988bf-1234-1234-91ab-2d7cd011db47",
+			"machineId": "111e6dd8c833c8a052ea231ec1b19adaf497b625",
+			"computerDnsName": "temp123.middleeast.corp.microsoft.com",
+			"rbacGroupName": "A",
+            "aadTenantId": "a839b112-1253-6432-9bf6-94542403f21c",
+			"threatName": null,
+			"mitreTechniques": [
+				"T1064",
+				"T1085",
+				"T1220"
+			],
 			"relatedUser": {
-				"userName": "temp2",
-				"domainName": "REDMOND"
-			},
-			"comments": [],
+                "userName": "temp123",
+                "domainName": "MIDDLEEAST"
+            },
+			"comments": [
+				{
+					"comment": "test comment for docs",
+					"createdBy": "secop123@contoso.com",
+					"createdTime": "2021-01-26T01:00:37.8404534Z"
+				}
+			],
 			"evidence": [
-				{
-					"entityType": "File",
-					"sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c",
-					"sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2",
-					"fileName": "Your File Is Ready To Download_1911150169.exe",
-					"filePath": "C:\\Users\\temp2\\Downloads",
-					"processId": null,
-					"processCommandLine": null,
-					"processCreationTime": null,
-					"parentProcessId": null,
-					"parentProcessCreationTime": null,
-					"ipAddress": null,
-					"url": null,
-					"accountName": null,
-					"domainName": null,
-					"userSid": null,
-					"aadUserId": null,
-					"userPrincipalName": null
-				},
-				{
-					"entityType": "Process",
-					"sha1": "ff02786682af8a6ae2842b64c8da543c4d76823c",
-					"sha256": "16dafd771171b619a472bb23cd55bc069625be8de5ee01b37b41de1216b2bbb2",
-					"fileName": "Your File Is Ready To Download_1911150169.exe",
-					"filePath": "C:\\Users\\temp2\\Downloads",
-					"processId": 24348,
-					"processCommandLine": "\"Your File Is Ready To Download_1911150169.exe\" ",
-					"processCreationTime": "2020-07-18T03:25:38.5269993Z",
-					"parentProcessId": 16840,
-					"parentProcessCreationTime": "2020-07-18T02:12:32.8616797Z",
-					"ipAddress": null,
-					"url": null,
-					"accountName": null,
-					"domainName": null,
-					"userSid": null,
-					"aadUserId": null,
-					"userPrincipalName": null
-				},
 				{
 					"entityType": "User",
+					"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
 					"sha1": null,
 					"sha256": null,
 					"fileName": null,
@@ -248,13 +230,74 @@ Here is an example of the response.
 					"processCreationTime": null,
 					"parentProcessId": null,
 					"parentProcessCreationTime": null,
+					"parentProcessFileName": null,
+					"parentProcessFilePath": null,
 					"ipAddress": null,
 					"url": null,
-					"accountName": "temp2",
-					"domainName": "REDMOND",
-					"userSid": "S-1-5-21-1127532184-1642412920-1887927527-75363",
-					"aadUserId": "319dc320-4ce3-4cd7-a0de-c476d146342d",
-					"userPrincipalName": "temp2@microsoft.com"
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": "eranb",
+					"domainName": "MIDDLEEAST",
+					"userSid": "S-1-5-21-11111607-1111760036-109187956-75141",
+					"aadUserId": "11118379-2a59-1111-ac3c-a51eb4a3c627",
+					"userPrincipalName": "temp123@microsoft.com",
+					"detectionStatus": null
+				},
+				{
+					"entityType": "Process",
+					"evidenceCreationTime": "2021-01-26T20:33:58.6133333Z",
+					"sha1": "ff836cfb1af40252bd2a2ea843032e99a5b262ed",
+					"sha256": "a4752c71d81afd3d5865d24ddb11a6b0c615062fcc448d24050c2172d2cbccd6",
+					"fileName": "rundll32.exe",
+					"filePath": "C:\\Windows\\SysWOW64",
+					"processId": 3276,
+					"processCommandLine": "rundll32.exe  c:\\temp\\suspicious.dll,RepeatAfterMe",
+					"processCreationTime": "2021-01-26T20:31:32.9581596Z",
+					"parentProcessId": 8420,
+					"parentProcessCreationTime": "2021-01-26T20:31:32.9004163Z",
+					"parentProcessFileName": "rundll32.exe",
+					"parentProcessFilePath": "C:\\Windows\\System32",
+					"ipAddress": null,
+					"url": null,
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": null,
+					"domainName": null,
+					"userSid": null,
+					"aadUserId": null,
+					"userPrincipalName": null,
+					"detectionStatus": "Detected"
+				},
+				{
+					"entityType": "File",
+					"evidenceCreationTime": "2021-01-26T20:33:58.42Z",
+					"sha1": "8563f95b2f8a284fc99da44500cd51a77c1ff36c",
+					"sha256": "dc0ade0c95d6db98882bc8fa6707e64353cd6f7767ff48d6a81a6c2aef21c608",
+					"fileName": "suspicious.dll",
+					"filePath": "c:\\temp",
+					"processId": null,
+					"processCommandLine": null,
+					"processCreationTime": null,
+					"parentProcessId": null,
+					"parentProcessCreationTime": null,
+					"parentProcessFileName": null,
+					"parentProcessFilePath": null,
+					"ipAddress": null,
+					"url": null,
+					"registryKey": null,
+					"registryHive": null,
+					"registryValueType": null,
+					"registryValue": null,
+					"accountName": null,
+					"domainName": null,
+					"userSid": null,
+					"aadUserId": null,
+					"userPrincipalName": null,
+					"detectionStatus": "Detected"
 				}
 			]
 		},

From 599ddc7daa6d8f72b29d51178627286f09df0972 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 20:17:00 +0200
Subject: [PATCH 301/396] 1

---
 .../microsoft-defender-atp/api-release-notes.md           | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 51e3dc8790..43a133a98d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -26,7 +26,6 @@ ms.technology: mde
 
 - Updated rate limitations for [Hunting API](run-advanced-query-api.md) to 45 requests per minute. 
 
-<br>
 <br>
 
 ### 21.01.2021
@@ -35,7 +34,6 @@ ms.technology: mde
 - Added new API: [Find devices by tag](machine-tags.md). 
 - Added new API: [Import Indicators](import-ti-indicators.md). 
 
-<br>
 <br>
 
 ### 03.01.2021
@@ -44,7 +42,6 @@ ms.technology: mde
 - Updated Alert evidence: added ***detectionStatus***, ***parentProcessFilePath*** and ***parentProcessFileName*** properties.
 - Updated [Alert entity](alerts.md): added ***detectorId*** property.
 
-<br>
 <br>
 
 ### 15.12.2020
@@ -52,7 +49,6 @@ ms.technology: mde
 
 - Updated [Device](machine.md) entity: added ***IpInterfaces*** list. See [List devices](get-machines.md).
 
-<br>
 <br>
 
 ### 04.11.2020
@@ -61,10 +57,12 @@ ms.technology: mde
 - Added new API: [Set device value](set-device-value.md).
 - Updated [Device](machine.md) entity: added ***deviceValue*** property.
 
-<br>
 <br>
 
 ### 01.09.2020
 <hr>
 
 - Added option to expand the Alert entity with its related Evidence. See [List Alerts](get-alerts.md)
+
+<br>
+<br>
\ No newline at end of file

From 8d66bba38052d0c40a29a928203e9df21f6446b9 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Thu, 28 Jan 2021 20:28:30 +0200
Subject: [PATCH 302/396] 1

---
 .../security/threat-protection/microsoft-defender-atp/alerts.md | 1 -
 .../microsoft-defender-atp/api-release-notes.md                 | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index 165692fb02..ffa3cd11ee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -70,7 +70,6 @@ category| String | Category of the alert.
 detectionSource | String | Detection source.
 threatFamilyName | String | Threat family.
 threatName | String | Threat name.
-threatName | String | Threat name.
 machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
 computerDnsName | String | [machine](machine.md) fully qualified name.
 aadTenantId | String | The Azure Active Directory ID.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 43a133a98d..6689e36c5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -24,7 +24,7 @@ ms.technology: mde
 ### 25.01.2021
 <hr>
 
-- Updated rate limitations for [Hunting API](run-advanced-query-api.md) to 45 requests per minute. 
+- Updated rate limitations for [Advanced Hunting API](run-advanced-query-api.md) from 15 to 45 requests per minute. 
 
 <br>
 

From 2d5030b41f663590154cdf47afb85ecce5a101db Mon Sep 17 00:00:00 2001
From: Jane Muriranja <68369324+JaneM-02@users.noreply.github.com>
Date: Thu, 28 Jan 2021 22:55:56 +0300
Subject: [PATCH 303/396] Update manage-windows-2004-endpoints.md

Adding 'adl.windows.com'
---
 windows/privacy/manage-windows-2004-endpoints.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index c6f1fd140f..aea5913427 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -113,6 +113,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTP|*.windowsupdate.com|
 ||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
 |||TLSv1.2|*.update.microsoft.com|
+||The following endpoint is used for compatibility database updates for Windows.|HTTP|adl.windows.com|
 ||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|TLSv1.2|tsfe.trafficshaping.dsp.mp.microsoft.com|
 |Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
 |||TLSv1.2|dlassets-ssl.xboxlive.com|

From 9a3e2c4ab8c33b4a068c3bf22c6ed69cd58d090f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 28 Jan 2021 13:13:23 -0800
Subject: [PATCH 304/396] fix warnings

---
 .../microsoft-defender-atp/enable-attack-surface-reduction.md | 2 +-
 .../microsoft-defender-atp/indicator-file.md                  | 4 ++--
 .../microsoft-defender-atp/indicator-ip-domain.md             | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 44d58c8d1e..c34737f912 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -99,7 +99,7 @@ Example:
 
 `OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions`
 
-`Value: c:\path|e:\path|c:\Whitelisted.exe`
+`Value: c:\path|e:\path|c:\Exclusions.exe`
 
 > [!NOTE]
 > Be sure to enter OMA-URI values without spaces.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
index be86647e97..78a28933b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md
@@ -2,7 +2,7 @@
 title: Create indicators for files
 ms.reviewer: 
 description: Create indicators for a file hash that define the detection, prevention, and exclusion of entities.
-keywords: file, hash, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
+keywords: file, hash, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security
@@ -39,7 +39,7 @@ There are two ways you can create indicators for files:
 ### Before you begin
 It's important to understand the following prerequisites prior to creating indicators for files:
 
-- This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
+- This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md).
 - The Antimalware client version must be 4.18.1901.x or later.
 - Supported on machines on Windows 10, version 1703 or later, Windows server 2016 and 2019.
 - To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index f238e1f680..2fd5f9cce1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -2,7 +2,7 @@
 title: Create indicators for IPs and URLs/domains
 ms.reviewer: 
 description: Create indicators for IPs and URLs/domains that define the detection, prevention, and exclusion of entities.
-keywords: ip, url, domain, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
+keywords: ip, url, domain, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: m365-security

From 28e58d56b3539a1fad719b6cbf73bc373a1e8d9c Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 14:56:28 -0800
Subject: [PATCH 305/396] Added label to code block

---
 .../security/threat-protection/microsoft-defender-atp/alerts.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index ffa3cd11ee..da475d40a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -79,7 +79,7 @@ Evidence | List of Alert evidence | Evidence related to the alert. See example b
 
 ### Response example for getting single alert:
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/da637472900382838869_1364969609
 ```
 

From 7520c0930bcd2110d525b5dca6055cc0d768fd3e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 14:56:56 -0800
Subject: [PATCH 306/396] Added missing period

---
 .../microsoft-defender-atp/api-release-notes.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 6689e36c5c..36327643c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -62,7 +62,7 @@ ms.technology: mde
 ### 01.09.2020
 <hr>
 
-- Added option to expand the Alert entity with its related Evidence. See [List Alerts](get-alerts.md)
+- Added option to expand the Alert entity with its related Evidence. See [List Alerts](get-alerts.md).
 
 <br>
 <br>
\ No newline at end of file

From 100c6d9bc9c72ed8b832ea791b1194b550c8d8d7 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 15:01:43 -0800
Subject: [PATCH 307/396] Added end punctuation

---
 .../exposed-apis-odata-samples.md                    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
index 504f3e3b49..0d88d39023 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@@ -44,7 +44,7 @@ Not all properties are filterable.
 
 ### Example 1
 
-Get 10 latest Alerts with related Evidence
+Get 10 latest Alerts with related Evidence:
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence
@@ -189,7 +189,7 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev
 
 ### Example 2
 
-Get all the alerts last updated after 2019-11-22 00:00:00
+Get all the alerts last updated after 2019-11-22 00:00:00:
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z
@@ -251,7 +251,7 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdate
 
 ### Example 3
 
-Get all the devices with 'High' 'RiskScore'
+Get all the devices with 'High' 'RiskScore':
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=riskScore+eq+'High'
@@ -304,7 +304,7 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=riskScor
 
 ### Example 4
 
-Get top 100 devices with 'HealthStatus' not equals to 'Active'
+Get top 100 devices with 'HealthStatus' not equals to 'Active':
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 
@@ -357,7 +357,7 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=healthSt
 
 ### Example 5
 
-Get all the devices that last seen after 2018-10-20
+Get all the devices that last seen after 2018-10-20:
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen gt 2018-08-01Z
@@ -410,7 +410,7 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen
 
 ### Example 6
 
-Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint
+Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint:
 
 ```http
 HTTP GET  https://api.securitycenter.microsoft.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'

From 6de7189a3606f704093641de13b30799e47bcd95 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 15:06:31 -0800
Subject: [PATCH 308/396] Labeled code block

---
 .../microsoft-defender-atp/get-alert-related-machine-info.md   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
index 1ee033457d..4a56186c19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@@ -56,7 +56,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
-```
+
+```http
 GET /api/alerts/{id}/machine
 ```
 

From 2524740ebb80195497b5c065a48d2d11786a8af7 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 15:09:38 -0800
Subject: [PATCH 309/396] Added missing end punctuation.

---
 .../microsoft-defender-atp/get-machine-by-id.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
index c754604e60..76dc993182 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@@ -41,7 +41,7 @@ Retrieves specific [Machine](machine.md) by its device ID or computer name.
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md).
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

From c4dcb999082992535349ecde10c7e51214654f45 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 15:14:11 -0800
Subject: [PATCH 310/396] Replaced br tags with CR/LF, added end punctuation

The block of text looked strange in preview due to the short and wrapped lines.
---
 .../microsoft-defender-atp/get-machines.md          | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index a36163fc75..44e815ff37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -33,9 +33,12 @@ ms.technology: mde
 
 ## API description
 Retrieves a collection of [Machines](machine.md) that have communicated with  Microsoft Defender for Endpoint cloud.
-<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
-<br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
-<br>See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md)
+
+Supports [OData V4 queries](https://www.odata.org/documentation/).
+
+The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
+
+See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md).
 
 
 ## Limitations
@@ -55,8 +58,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information).
+>- Response will include only devices, that the user have access to, based on device group settings. For more info, see [Create and manage device groups](machine-groups.md).
 
 ## HTTP request
 

From ba506d79807f1d7ebfff3553a238d112aeea3039 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 28 Jan 2021 15:15:57 -0800
Subject: [PATCH 311/396] Labeled code block

---
 .../microsoft-defender-atp/set-device-value.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
index 1164cfc4a4..66e0dfcd99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
@@ -89,7 +89,7 @@ If successful, this method returns 200 - Ok response code and the updated Machin
 
 Here is an example of a request that adds machine tag.
 
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/setDeviceValue
 ```
 

From 9070c026aada653a5c4953f229221656e3c9eaff Mon Sep 17 00:00:00 2001
From: Matthew Palko <mapalko@microsoft.com>
Date: Thu, 28 Jan 2021 15:17:15 -0800
Subject: [PATCH 312/396] Fixing weird phrasing and list issue

---
 .../hello-for-business/hello-how-it-works.md                  | 4 ++--
 .../hello-for-business/hello-planning-guide.md                | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 60d7c90219..c9844c3d80 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -21,7 +21,7 @@ ms.reviewer:
 
 - Windows 10
 
-Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords.  Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you.  For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices.  Windows Hello for Business also works for domain joined devices.
+Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices.
 
 Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
 > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]
@@ -48,7 +48,7 @@ For more information read [how provisioning works](hello-how-it-works-provisioni
 
 ### Authentication
 
-Authentication using Windows Hello for Business is the goal, and the first step in getting to a passwordless environment. With the device registered, and provisioning complete. Users can sign-in to Windows 10 using biometrics or a PIN. PIN is the most common gesture and is available on most computers and devices. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. The PIN nor the private portion of the credential are never sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential.
+With the device registered and provisioning complete, users can sign-in to Windows 10 using biometrics or a PIN. PIN is the most common gesture and is available on all computers unless restricted by policy requiring a TPM. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. Neither the PIN nor the private portion of the credential are ever sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential.
 
 Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 260676b71b..0d50683cf6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -45,7 +45,7 @@ There are six major categories you need to consider for a Windows Hello for Busi
 - Client
 - Management
 - Active Directory
--Public Key Infrastructure
+- Public Key Infrastructure
 - Cloud
 
 ### Baseline Prerequisites

From b7b092458eb9f5300d4ce03928a4750192d8a85b Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Thu, 28 Jan 2021 16:41:12 -0800
Subject: [PATCH 313/396] remove config score

---
 .../microsoft-defender-atp/tvm-security-recommendation.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 5ec3a45841..442c78a35a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -105,7 +105,7 @@ From the flyout, you can choose any of the following options:
 
 ### Investigate changes in device exposure or impact
 
-If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating.
+If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating.
 
 1. Select the recommendation and **Open software page**
 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)

From 098fadffe74b309909c6a4de723156a405223a0e Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Fri, 29 Jan 2021 17:22:30 +0100
Subject: [PATCH 314/396] Update indicator-ip-domain.md

indicators are also supported on iOS
---
 .../microsoft-defender-atp/indicator-ip-domain.md                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 2fd5f9cce1..bfa5bf0c44 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -46,6 +46,7 @@ It's important to understand the following prerequisites prior to creating indic
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
 - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
+- For support of indicators on iOS, please [see](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators)
 
 
 >[!IMPORTANT]

From c31f98e043441b191c772b23559fdcdfb751e3d8 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Fri, 29 Jan 2021 20:03:13 +0200
Subject: [PATCH 315/396] Update pull-alerts-using-rest-api.md

Fixing numbers that are written as strings in the example.
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9037
---
 .../microsoft-defender-atp/pull-alerts-using-rest-api.md  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 035be361f5..0b426b8e0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -84,10 +84,10 @@ The response will include an access token and expiry information.
 ```json
 {
   "token_type": "Bearer",
-  "expires_in": "3599",
-  "ext_expires_in": "0",
-  "expires_on": "1488720683",
-  "not_before": "1488720683",
+  "expires_in": 3599,
+  "ext_expires_in": 0,
+  "expires_on": 1488720683,
+  "not_before": 1488720683,
   "resource": "https://graph.windows.net",
   "access_token":"eyJ0eXaioJJOIneiowiouqSuzNiZ345FYOVkaJL0625TueyaJasjhIjEnbMlWqP..."
 }

From 3d28a9ee0d231981a95413a9aa2566403ae91c17 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Fri, 29 Jan 2021 20:09:53 +0200
Subject: [PATCH 316/396] Update pull-alerts-using-rest-api.md

Acrolinx.
---
 .../microsoft-defender-atp/pull-alerts-using-rest-api.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 0b426b8e0d..49d143d897 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
 ---
 title: Pull Microsoft Defender for Endpoint detections using REST API
-description: Learn how call an Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
+description: Learn how to call a Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
 keywords: detections, pull detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -67,7 +67,7 @@ Use the following method in the Microsoft Defender for Endpoint API to pull dete
 ## Get an access token
 Before creating calls to the endpoint, you'll need to get an access token.
 
-You'll use the access token to access the protected resource, which are detections in Microsoft Defender for Endpoint.
+You'll use the access token to access the protected resource, which is detections in Microsoft Defender for Endpoint.
 
 To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request:
 
@@ -115,7 +115,7 @@ Name | Value| Description
 :---|:---|:---
 sinceTimeUtc | DateTime | Defines the lower time bound alerts are retrieved from, based on field: <br> `LastProcessedTimeUtc` <br> The time range will be: from sinceTimeUtc time to current time. <br><br> **NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
 untilTimeUtc | DateTime | Defines the upper time bound alerts are retrieved. <br> The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time. <br><br> **NOTE**: When not specified, the default value will be the current time.
-ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time. <br><br> Value should be set according to **ISO 8601** duration format <br> E.g. `ago=PT10M` will pull alerts received in the last 10 minutes.
+ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time. <br><br> Value should be set according to **ISO 8601** duration format <br> Example: `ago=PT10M` will pull alerts received in the last 10 minutes.
 limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.<br><br> **NOTE**: When not specified, all alerts available in the time range will be retrieved.
 machinegroups | string | Specifies device groups to pull alerts from. <br><br> **NOTE**: When not specified, alerts from all device groups will be retrieved. <br><br> Example: <br><br> ```https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts/?machinegroups=UKMachines&machinegroups=FranceMachines```
 DeviceCreatedMachineTags | string | Single device tag from the registry.

From 236497f1a20efa5048a868c70296b4951eaf78c0 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 29 Jan 2021 14:09:12 -0800
Subject: [PATCH 317/396] Labeled code blocks, added some vertical spacing

---
 .../feature-multifactor-unlock.md             | 140 +++++++++++-------
 1 file changed, 89 insertions(+), 51 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index da9b1c7c1e..e6e5fa20c1 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -83,15 +83,17 @@ For example, if you include the PIN and fingerprint credential providers in both
 The **Signal rules for device unlock** setting contains the rules the Trusted Signal credential provider uses to satisfy unlocking the device.
 
 ### Rule element
-You represent signal rules in XML.  Each signal rule has an starting and ending **rule** element that contains the **schemaVersion** attribute and value.  The current supported schema version is 1.0.<br>
+You represent signal rules in XML.  Each signal rule has an starting and ending **rule** element that contains the **schemaVersion** attribute and value.  The current supported schema version is 1.0.
+
 **Example**
-```
+```xml
 <rule schemaVersion="1.0">
 </rule>
 ```
 
 ### Signal element
-Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.<br>
+Each rule element has a **signal** element.  All signal elements have a **type** element and value.  Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values.
+
 
 |Attribute|Value|
 |---------|-----|
@@ -109,8 +111,8 @@ You define the bluetooth signal with additional attributes in the signal element
 |rssiMin|"*number*"|no|
 |rssiMaxDelta|"*number*"|no|
 
-Example:
-```
+**Example**
+```xml
 <rule schemaVersion="1.0">
     <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
 </rule>
@@ -142,63 +144,76 @@ RSSI measurements are relative and lower as the bluetooth signals between the tw
 You define IP configuration signals using one or more ipConfiguration elements.  Each element has a string value.  IpConfiguration elements do not have attributes or nested elements.
 
 ##### IPv4Prefix
-The IPv4 network prefix represented in Internet standard dotted-decimal notation. A network prefix that uses the Classless Inter-Domain Routing (CIDR) notation is required as part of the network string. A network port must not be present in the network string.  A **signal** element may only contain one **ipv4Prefix** element.<br>
+The IPv4 network prefix represented in Internet standard dotted-decimal notation. A network prefix that uses the Classless Inter-Domain Routing (CIDR) notation is required as part of the network string. A network port must not be present in the network string.  A **signal** element may only contain one **ipv4Prefix** element.
+
 **Example**
-```
+```xml
 <ipv4Prefix>192.168.100.0/24</ipv4Prefix>
 ```
+
 The assigned IPv4 addresses in the range of 192.168.100.1 to 192.168.100.254 match this signal configuration.
 
 ##### IPv4Gateway
-The IPv4 network gateway represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4Gateway** element.<br>
+The IPv4 network gateway represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4Gateway** element.
+
 **Example**
-```
+```xml
 <ipv4Gateway>192.168.100.10</ipv4Gateway>
 ```
+
 ##### IPv4DhcpServer
-The IPv4 DHCP server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4DhcpServer** element.<br>
+The IPv4 DHCP server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv4DhcpServer** element.
+
 **Example**
-```
+```xml
 <ipv4DhcpServer>192.168.100.10</ipv4DhcpServer>
 ```
+
 ##### IPv4DnsServer
-The IPv4 DNS server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.The **signal** element may contain one or more **ipv4DnsServer** elements.<br>
+The IPv4 DNS server represented in Internet standard dotted-decimal notation. A network port or prefix must not be present in the network string.The **signal** element may contain one or more **ipv4DnsServer** elements.
+
 **Example:**
-```
+```xml
 <ipv4DnsServer>192.168.100.10</ipv4DnsServer>
 ```
 
 ##### IPv6Prefix
-The IPv6 network prefix represented in IPv6 network using Internet standard hexadecimal encoding. A network prefix in CIDR notation is required as part of the network string. A network port or scope ID must not be present in the network string.  A **signal** element may only contain one **ipv6Prefix** element.<br>
+The IPv6 network prefix represented in IPv6 network using Internet standard hexadecimal encoding. A network prefix in CIDR notation is required as part of the network string. A network port or scope ID must not be present in the network string.  A **signal** element may only contain one **ipv6Prefix** element.
+
 **Example** 
-```
+```xml
 <ipv6Prefix>21DA:D3::/48</ipv6Prefix>
 ```
 
 ##### IPv6Gateway
-The IPv6 network gateway represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6Gateway** element.<br>
+The IPv6 network gateway represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6Gateway** element.
+
 **Example** 
-```
+```xml
 <ipv6Gateway>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6Gateway>
 ```
 
 ##### IPv6DhcpServer
-The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6DhcpServer** element.<br>
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string.  A **signal** element may only contain one **ipv6DhcpServer** element.
+
 **Example**
-```
+```xml
 <ipv6DhcpServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DhcpServer
 ```
 
 ##### IPv6DnsServer
-The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string. The **signal** element may contain one or more **ipv6DnsServer** elements.<br>
+The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IPv6 scope ID may be present in the network string. A network port or prefix must not be present in the network string. The **signal** element may contain one or more **ipv6DnsServer** elements.
+
 **Example**
-```
+```xml
 <ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
 ```
+
 ##### dnsSuffix
-The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.<br>
+The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix.  The **signal** element may contain one or more **dnsSuffix** elements.
+
 **Example**
-```
+```xml
 <dnsSuffix>corp.contoso.com</dnsSuffix>
 ```
 
@@ -210,15 +225,17 @@ The fully qualified domain name of your organization's internal DNS suffix where
 You define Wi-Fi signals using one or more wifi elements.  Each element has a string value.  Wifi elements do not have attributes or nested elements.
 
 #### SSID
-Contains the service set identifier (SSID) of a wireless network.  The SSID is the name of the wireless network.  The SSID element is required.<br>
-```
+Contains the service set identifier (SSID) of a wireless network.  The SSID is the name of the wireless network.  The SSID element is required.
+
+```xml
 <ssid>corpnetwifi</ssid>
 ```
 
 #### BSSID
-Contains the basic service set identifier (BSSID) of a wireless access point.  the BSSID is the mac address of the wireless access point.  The BSSID element is optional.<br>
+Contains the basic service set identifier (BSSID) of a wireless access point.  the BSSID is the mac address of the wireless access point.  The BSSID element is optional.
+
 **Example**
-```
+```xml
 <bssid>12-ab-34-ff-e5-46</bssid>
 ```
 
@@ -235,19 +252,22 @@ Contains the type of security the client uses when connecting to the wireless ne
 |WPA2-Enterprise| The wireless network is protected using Wi-Fi Protected Access 2-Enterprise.|
 
 **Example**
-```
+```xml
 <security>WPA2-Enterprise</security> 
 ```
 #### TrustedRootCA
-Contains the thumbprint of the trusted root certificate of the wireless network. This may be any valid trusted root certificate. The value is represented as hexadecimal string where each byte in the string is separated by a single space.  This element is optional.<br>
+Contains the thumbprint of the trusted root certificate of the wireless network. This may be any valid trusted root certificate. The value is represented as hexadecimal string where each byte in the string is separated by a single space.  This element is optional.
+
 **Example**
-```
+```xml
 <trustedRootCA>a2 91 34 aa 22 3a a2 3a 4a 78 a2 aa 75 a2 34 2a 3a 11 4a aa</trustedRootCA>
 ```
+
 #### Sig_quality
-Contains numeric value ranging from 0 to 100 to represent the wireless network's signal strength needed to be considered a trusted signal.<br>
+Contains numeric value ranging from 0 to 100 to represent the wireless network's signal strength needed to be considered a trusted signal.
+
 **Example**
-```
+```xml
 <sig_quality>80</sig_quality>
 ```
  
@@ -257,7 +277,8 @@ These examples are wrapped for readability.  Once properly formatted, the entire
 
 #### Example 1
 This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer, and DnsSuffix elements.
-```
+
+```xml
 <rule schemaVersion="1.0"> 
     <signal type="ipConfig"> 
         <ipv4Prefix>10.10.10.0/24</ipv4Prefix>
@@ -271,10 +292,11 @@ This example configures an IPConfig signal type using Ipv4Prefix, Ipv4DnsServer,
 
 #### Example 2
 This example configures an IpConfig signal type using a dnsSuffix element and a bluetooth signal for phones.  This configuration is wrapped for reading.  Once properly formatted, the entire XML contents must be a single line.  This example implies that either the ipconfig **or** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
+
 >[!NOTE]
 >Separate each rule element using a comma.
 
-```
+```xml
 <rule schemaVersion="1.0"> 
 	<signal type="ipConfig"> 
 	    <dnsSuffix>corp.contoso.com</dnsSuffix> 
@@ -284,9 +306,11 @@ This example configures an IpConfig signal type using a dnsSuffix element and a
 	<signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
 </rule>
 ```
+
 #### Example 3
 This example configures the same as example 2 using compounding And elements.  This example implies that the ipconfig **and** the Bluetooth rule must evaluate to true, for the resulting signal evaluation to be true.
-```
+
+```xml
 <rule schemaVersion="1.0">
 <and>
   <signal type="ipConfig">
@@ -296,9 +320,11 @@ This example configures the same as example 2 using compounding And elements.  T
 </and>
 </rule>
 ```
+
 #### Example 4 
 This example configures Wi-Fi as a trusted signal (Windows 10, version 1803)
-```
+
+```xml
 <rule schemaVersion="1.0"> 
   <signal type="wifi"> 
     <ssid>contoso</ssid> 
@@ -332,22 +358,34 @@ The Group Policy object contains the policy settings needed to trigger Windows H
 > * You cannot use the same unlock factor to satisfy both categories. Therefore, if you include any credential provider in both categories, it means it can satisfy either category, but not both.
 > * The multifactor unlock feature is also supported via the Passport for Work CSP. See [Passport For Work CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) for more information.
 
-1. Start the **Group Policy Management Console** (gpmc.msc)
-2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**.
-4. Type *Multifactor Unlock* in the name box and click **OK**.
-5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
-6. In the navigation pane, expand **Policies** under **Computer Configuration**.
-7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.<br>
-   ![Group Policy Editor](images/multifactorUnlock/gpme.png)
-8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.<br>
-   ![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
-9. Configure first and second unlock factors using the information in the [Configure Unlock Factors](#configuring-unlock-factors) section.
-10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in the [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider) section.
-11. Click **Ok** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
+1. Start the **Group Policy Management Console** (gpmc.msc).
 
-    ## Troubleshooting
-    Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
+2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+
+3. Right-click **Group Policy object** and select **New**.
+
+4. Type *Multifactor Unlock* in the name box and click **OK**.
+
+5. In the content pane, right-click the **Multifactor Unlock** Group Policy object and click **Edit**.
+
+6. In the navigation pane, expand **Policies** under **Computer Configuration**.
+
+7. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
+
+   ![Group Policy Editor](images/multifactorUnlock/gpme.png)
+   
+8. In the content pane, double-click **Configure device unlock factors**. Click **Enable**.  The **Options** section populates the policy setting with default values.
+
+   ![Multifactor Policy Setting](images/multifactorUnlock/gp-setting.png)
+   
+9. Configure first and second unlock factors using the information in [Configure Unlock Factors](#configuring-unlock-factors).
+
+10. If using trusted signals, configure the trusted signals used by the unlock factor using the information in [Configure Signal Rules for the Trusted Signal Credential Provider](#configure-signal-rules-for-the-trusted-signal-credential-provider).
+
+11. Click **OK** to close the **Group Policy Management Editor**. Use the **Group Policy Management Console** to deploy the newly created Group Policy object to your organization's computers.
+
+## Troubleshooting
+Multi-factor unlock writes events to event log under **Application and Services Logs\Microsoft\Windows\HelloForBusiness** with the category name **Device Unlock**.
 
 ### Events
 

From 47bb2e611ed6cfc1c86a26baba8e2e0ea8fe4d3e Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 29 Jan 2021 14:10:42 -0800
Subject: [PATCH 318/396] Acrolinx: "the those"

---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 0d50683cf6..57805caf8b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -160,7 +160,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in
 
 ### Cloud
 
-Some deployment combinations require an Azure account, and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional.
+Some deployment combinations require an Azure account, and some require Azure Active Directory for user identities.  These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from those that are optional.
 
 ## Planning a Deployment
 

From 813366c483832642f9265d2cf6eedd7f87ac0749 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 29 Jan 2021 14:55:37 -0800
Subject: [PATCH 319/396] update section on passive uninstall

---
 .../microsoft-defender-atp/minimum-requirements.md            | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 7d4ff91ed4..f7623205a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -199,14 +199,12 @@ When Microsoft Defender Antivirus is not the active antimalware in your organiza
 
 If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.
 
-If you are onboarding servers and Microsoft Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Microsoft Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md).
+If you are onboarding servers and Microsoft Defender Antivirus is not the active antimalware on your servers, Microsoft Defender Antivirus will either need to be configured to go on passive mode or uninstalled. The configuration is dependent on the server version. For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
 
 > [!NOTE]
 > Your regular group policy doesn't apply to Tamper Protection, and changes to Microsoft Defender Antivirus settings will be ignored when Tamper Protection is on.
 
 
-For more information, see [Microsoft Defender Antivirus compatibility](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
-
 ## Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
 If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.
 

From 402d66cf2d6e71fc1f511079881b8f70f96e0e88 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 29 Jan 2021 15:01:47 -0800
Subject: [PATCH 320/396] Update MDE for Mac docs to use new command-line tool
 syntax

---
 .../mac-install-manually.md                      |  4 ++--
 .../microsoft-defender-atp/mac-pua.md            |  2 +-
 .../microsoft-defender-atp/mac-resources.md      |  2 +-
 .../mac-schedule-scan-atp.md                     |  4 ++--
 .../microsoft-defender-atp/mac-support-kext.md   | 16 ++++++++--------
 .../microsoft-defender-atp/mac-support-perf.md   |  2 +-
 .../microsoft-defender-atp/mac-whatsnew.md       |  2 +-
 .../microsoft-defender-atp-mac.md                |  2 +-
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
index 904279814f..375f715a8e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md
@@ -116,7 +116,7 @@ To complete this process, you must have admin privileges on the device.
     The client device is not associated with orgId. Note that the *orgId* attribute is blank.
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 2. Run the Python script to install the configuration file:
@@ -128,7 +128,7 @@ To complete this process, you must have admin privileges on the device.
 3. Verify that the device is now associated with your organization and reports a valid *orgId*:
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
index a83bc01f7a..37371fa8f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md
@@ -59,7 +59,7 @@ You can configure how PUA files are handled from the command line or from the ma
 In Terminal, execute the following command to configure PUA protection:
 
 ```bash
-mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
 ```
 
 ### Use the management console to configure PUA protection:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
index 8ab4ccb54a..227df25707 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md
@@ -149,7 +149,7 @@ To enable autocompletion in zsh:
 
 ## Client Microsoft Defender for Endpoint quarantine directory
 
-`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp --threat --list --pretty`.
+`/Library/Application Support/Microsoft/Defender/quarantine/` contains the files quarantined by `mdatp`. The files are named after the threat trackingId. The current trackingIds is shown with `mdatp threat list`.
 
 ## Microsoft Defender for Endpoint portal information
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
index b7f2649c73..331b7057ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md
@@ -47,7 +47,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
         <array>
             <string>sh</string>
             <string>-c</string>
-            <string>/usr/local/bin/mdatp --scan --quick</string>
+            <string>/usr/local/bin/mdatp scan quick</string>
         </array>
         <key>RunAtLoad</key>
         <true/>
@@ -73,7 +73,7 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
 2. Save the file as *com.microsoft.wdav.schedquickscan.plist*.
 
     > [!TIP]
-    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp --scan --quick</string>`, to use the `--full` option instead of `--quick` (i.e. `<string>/usr/local/bin/mdatp --scan --full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
+    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp scan quick</string>`, to use the `full` option instead of `quick` (i.e. `<string>/usr/local/bin/mdatp scan full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
 
 3. Open **Terminal**.
 4. Enter the following commands to load your file:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index 3cefc80735..dae30c8c6a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -37,15 +37,15 @@ If you did not approve the kernel extension during the deployment/installation o
 
    ![RTP disabled screenshot](../microsoft-defender-antivirus/images/MDATP-32-Main-App-Fix.png)
 
-You can also run ```mdatp --health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
+You can also run ```mdatp health```. It reports if real-time protection is enabled but not available. This indicates that the kernel extension is not approved to run on your device.
 
 ```bash
-mdatp --health
+mdatp health
 ```
 ```Output
 ...
-realTimeProtectionAvailable             : false
-realTimeProtectionEnabled               : true
+real_time_protection_enabled                : true
+real_time_protection_available              : true
 ...
 ```
 
@@ -90,15 +90,15 @@ In this case, you need to perform the following steps to trigger the approval fl
     sudo kextutil /Library/Extensions/wdavkext.kext
     ```
 
-    The banner should disappear from the Defender application, and ```mdatp --health``` should now report that real-time protection is both enabled and available:
+    The banner should disappear from the Defender application, and ```mdatp health``` should now report that real-time protection is both enabled and available:
 
     ```bash
-    mdatp --health
+    mdatp health
     ```
 
     ```Output
     ...
-    realTimeProtectionAvailable             : true
-    realTimeProtectionEnabled               : true
+    real_time_protection_enabled                : true
+    real_time_protection_available              : true
     ...
     ```
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 96b85255e0..9aff2517bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -48,7 +48,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
     - From the Terminal. For security purposes, this operation requires elevation.
 
     ```bash
-    mdatp --config realTimeProtectionEnabled false
+    mdatp config real-time-protection --value disabled
     ```
 
     If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 2ae1e83837..55c92067b1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -173,7 +173,7 @@ ms.technology: mde
 - Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
 - Added a new switch to the command-line utility for testing the connectivity with the backend service
   ```bash
-  mdatp --connectivity-test
+  mdatp connectivity test
   ```
 - Added ability to view the full threat history in the user interface (can be accessed from the **Protection history** view)
 - Performance improvements & bug fixes
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index 61c7fe0660..9766c422da 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -132,7 +132,7 @@ The output from this command should be similar to the following:
 
 Once Microsoft Defender for Endpoint is installed, connectivity can be validated by running the following command in Terminal:
 ```bash
-mdatp --connectivity-test
+mdatp connectivity test
 ```
 
 ## How to update Microsoft Defender for Endpoint for Mac

From 5d73e88e40b16c8c285dcbe144712e9f82d9fcef Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 29 Jan 2021 15:05:01 -0800
Subject: [PATCH 321/396] One more file

---
 .../microsoft-defender-atp/mac-sysext-preview.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
index 3e8f336502..b02e640d1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@@ -45,7 +45,7 @@ These steps assume you already have Defender for Endpoint running on your device
 - Your device must be in the **Insider Fast update channel**. You can check the update channel by using the following command:
 
   ```bash
-  mdatp --health releaseRing
+  mdatp health --field release_ring
   ```
 
   If your device isn't already in the Insider Fast update channel, execute the following command from the Terminal. The channel update takes effect the next time the product starts (when the next product update is installed, or when the device is rebooted).

From 47bd07c3fa4979cb5e91ca1c8bda30eadccec328 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 29 Jan 2021 15:12:40 -0800
Subject: [PATCH 322/396] Typo

---
 .../microsoft-defender-atp/mac-support-kext.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
index dae30c8c6a..8d726d2f36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md
@@ -44,7 +44,7 @@ mdatp health
 ```
 ```Output
 ...
-real_time_protection_enabled                : true
+real_time_protection_enabled                : false
 real_time_protection_available              : true
 ...
 ```

From f29f13280dc50788d2e9537221dfe79d255d7335 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 29 Jan 2021 16:13:11 -0800
Subject: [PATCH 323/396] Corrected indentation of content in list items

---
 .../microsoft-defender-atp/mac-support-perf.md            | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
index 9aff2517bf..cbfb2f15f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md
@@ -43,13 +43,13 @@ The following steps can be used to troubleshoot and mitigate these issues:
 
     - From the user interface. Open Microsoft Defender for Endpoint for Mac and navigate to **Manage settings**.
 
-    ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)
+      ![Manage real-time protection screenshot](../microsoft-defender-antivirus/images/mdatp-36-rtp.png)
 
     - From the Terminal. For security purposes, this operation requires elevation.
 
-    ```bash
-    mdatp config real-time-protection --value disabled
-    ```
+      ```bash
+      mdatp config real-time-protection --value disabled
+      ```
 
     If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
 

From f0446c8eb4ebb6e9c0598e76fee5cf30b2c76462 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 29 Jan 2021 16:15:28 -0800
Subject: [PATCH 324/396] Corrected indentation and, thereby, broken numbering
 in a procedure

---
 .../microsoft-defender-atp/mac-sysext-preview.md             | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
index b02e640d1e..3a5f837ab4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md
@@ -66,8 +66,9 @@ Follow the deployment steps that correspond to your environment and your preferr
 
 1. After all deployment prerequisites are met, restart your device to launch the system extension approval and activation process.
 
-You'll see a series of system prompts to approve the Defender for Endpoint system extensions. You must approve **all** prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device.
-For each approval, select **Open Security Preferences** and then select **Allow** to allow the system extension to run.
+   You'll see a series of system prompts to approve the Defender for Endpoint system extensions. You must approve **all** prompts from the series, because macOS requires an explicit approval for each extension that Defender for Endpoint for Mac installs on the device.
+   
+   For each approval, select **Open Security Preferences** and then select **Allow** to allow the system extension to run.
 
    > [!IMPORTANT]
    > You must close and reopen the **System Preferences** > **Security & Privacy** window between subsequent approvals. Otherwise, macOS will not display the next approval.

From fa72b22985f0b4b466df2b91c0d845cbbd77dacc Mon Sep 17 00:00:00 2001
From: "Nisha Mittal (Wipro Ltd.)" <v-nishmi@microsoft.com>
Date: Fri, 29 Jan 2021 18:26:51 -0800
Subject: [PATCH 325/396] Need to update Windows 10 Release Information Page
 Url in all the docs pages wherever used from "windows/release-information" to
 "windows/release-health/release-information" as we are changing base url for
 that repo.

---
 windows/client-management/mdm/policy-csp-update.md            | 2 +-
 windows/deployment/planning/features-lifecycle.md             | 2 +-
 .../update/update-compliance-schema-waasinsiderstatus.md      | 2 +-
 .../update/update-compliance-schema-waasupdatestatus.md       | 2 +-
 windows/deployment/update/waas-manage-updates-wufb.md         | 4 ++--
 windows/deployment/update/waas-overview.md                    | 2 +-
 windows/deployment/update/waas-wufb-csp-mdm.md                | 2 +-
 windows/deployment/upgrade/windows-10-upgrade-paths.md        | 2 +-
 windows/hub/TOC.md                                            | 2 +-
 windows/hub/breadcrumb/toc.yml                                | 2 +-
 windows/hub/index.yml                                         | 2 +-
 ...ent-changes-to-security-settings-with-tamper-protection.md | 2 +-
 .../mcafee-to-microsoft-defender-prepare.md                   | 4 ++--
 .../mcafee-to-microsoft-defender-setup.md                     | 2 +-
 .../switch-to-microsoft-defender-prepare.md                   | 4 ++--
 .../switch-to-microsoft-defender-setup.md                     | 2 +-
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 .../symantec-to-microsoft-defender-atp-setup.md               | 2 +-
 windows/whats-new/index.md                                    | 2 +-
 windows/whats-new/ltsc/index.md                               | 2 +-
 20 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index df70a21a7c..bc6e5f1c7f 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4332,7 +4332,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
+Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/).
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 9469d47cb7..2b515fbbd0 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -42,4 +42,4 @@ The following terms can be used to describe the status that might be assigned to
 
 ## Also see
 
-[Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
+[Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information)
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 2ddf505e62..52147e7fab 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -26,7 +26,7 @@ WaaSInsiderStatus records contain device-centric data and acts as the device rec
 |**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
 |**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
 |**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
 |**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
 |**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
 |**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index 0b5adb4096..72389ab819 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -33,7 +33,7 @@ WaaSUpdateStatus records contain device-centric data and acts as the device reco
 |**OSArchitecture**        |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`amd64` |The architecture of the Operating System. |
 |**OSName**                |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
 |**OSVersion**             |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild**               |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`18363.720`                |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSBuild**               |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`18363.720`                |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
 |**OSRevisionNumber**      |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int)     |`720`                      |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
 |**OSCurrentStatus**       |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Current`                  |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, as well as the latest Quality Update for that Feature Update. |
 |**OSEdition**             |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Enterprise`               |The Windows 10 Edition or SKU.  |
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 1a27cda457..3490e22ae0 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -67,7 +67,7 @@ The branch readiness level enables administrators to specify which channel of fe
 - Windows Insider Release Preview
 - Semi-Annual Channel
 
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 #### Defer an update
 
@@ -188,7 +188,7 @@ The branch readiness level enables administrators to specify which channel of fe
     - Windows Insider Release Preview 
     - Semi-Annual Channel for released updates
  
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 ### Recommendations
 
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 76e17626d7..094f58c685 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -101,7 +101,7 @@ In Windows 10, rather than receiving several updates each month and trying to fi
 
 To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. 
 
-With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
+With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).
 
 The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
 
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index d7a01438ab..82617b0e13 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -105,7 +105,7 @@ Now all devices are paused from updating for 35 days. When the pause is removed,
 
 #### I want to stay on a specific version
 
-If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-information/).
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-health/release-information).
 
 ### Manage how users experience updates
 
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 37da456194..ca70223a2c 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -30,7 +30,7 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
-> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
+> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-health/release-information) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
 > 
 > **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
 > 
diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index 25ef07d002..eaeb093642 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -1,6 +1,6 @@
 # [Windows 10](index.yml)
 ## [What's new](/windows/whats-new)
-## [Release information](/windows/release-information)
+## [Release information](/windows/release-health)
 ## [Deployment](/windows/deployment)
 ## [Configuration](/windows/configuration)
 ## [Client management](/windows/client-management)
diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml
index a28aaa3b77..e2971f2d84 100644
--- a/windows/hub/breadcrumb/toc.yml
+++ b/windows/hub/breadcrumb/toc.yml
@@ -27,7 +27,7 @@
               topicHref: /windows/client-management/mdm/index
         - name: Release information
           tocHref: /windows/release-information/
-          topicHref: /windows/release-information/index
+          topicHref: /windows/release-health/release-information
         - name: Privacy
           tocHref: /windows/privacy/
           topicHref: /windows/privacy/index
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 75355791f6..bac6a47a7b 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -33,7 +33,7 @@ landingContent:
           - text: What's new in Windows 10, version 1909
             url: /windows/whats-new/whats-new-windows-10-version-1909
           - text: Windows 10 release information
-            url:  https://docs.microsoft.com/windows/release-information/
+            url:  https://docs.microsoft.com/windows/release-health/release-information
 
   # Card (optional)
   - title: Configuration
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 4a620da214..d56e4a120b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -98,7 +98,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
 1. Make sure your organization meets all of the following requirements to use Intune to manage tamper protection:
 
     - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
-    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).)
+    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
     - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
     - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 8108d9e245..e3c03a1566 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -110,10 +110,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index bf07f58bcb..33da9af409 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -168,7 +168,7 @@ The specific exclusions to configure depend on which version of Windows your end
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add McAfee to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index a49d62bf03..6898a5ff90 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -100,10 +100,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index 639bbd689d..f4b0d0633b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -164,7 +164,7 @@ The specific exclusions to configure depend on which version of Windows your end
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add your existing solution to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 4d58af47fd..1833f80a00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -80,10 +80,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |:----|:----|:---|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft -Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections)  |
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 8648a57da9..d99d0d1d39 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -138,7 +138,7 @@ This step of the setup process involves adding Microsoft Defender for Endpoint t
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 559ab66233..89b398d5a5 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -28,7 +28,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 
 ## Learn more
 
-- [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
+- [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/)
 - [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004)
 - [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history)
 - [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new)
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 09f32c39f4..61f137f85b 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -49,4 +49,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as
 ## See Also
 
 [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.<br>
-[Windows 10 - Release information](https://docs.microsoft.com/windows/windows-10/release-information): Windows 10 current versions by servicing option.
+[Windows 10 - Release information](https://docs.microsoft.com/windows/release-health/release-information): Windows 10 current versions by servicing option.

From 73f669e1e90ef76a8a27f03a6ab43d9397c0762f Mon Sep 17 00:00:00 2001
From: Office Content Publishing
 <34616516+officedocspr@users.noreply.github.com>
Date: Sat, 30 Jan 2021 23:33:12 -0800
Subject: [PATCH 326/396] Uploaded file: store-for-business-content-updates.md
 - 2021-01-30 23:33:11.8570

---
 .../includes/store-for-business-content-updates.md        | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index 42f33e8015..82518ed170 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,6 +2,14 @@
 

 
 
+## Week of January 25, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 1/29/2021 | [Distribute offline apps (Windows 10)](/microsoft-store/distribute-offline-apps) | modified |
+
+
 ## Week of January 11, 2021
 
 

From c795074fc1a033d438a0467e94f052fb1be7966e Mon Sep 17 00:00:00 2001
From: Sunayana Singh <57405155+sunasing@users.noreply.github.com>
Date: Sun, 31 Jan 2021 21:19:08 +0530
Subject: [PATCH 327/396] Added Conditional Access with Intune

---
 .../ios-configure-features.md                 | 47 +++++++++++--------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index d04735e349..877b61390e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -28,6 +28,33 @@ ms.technology: mde
 > [!NOTE]
 > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
 
+## Conditional Access with Defender for Endpoint for iOS  
+Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
+based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
+
+For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+
+## Web Protection and VPN
+
+By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device.
+
+While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below:
+
+1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**.
+1. Click or tap the "i" button for Microsoft Defender ATP.
+1. Toggle off **Connect On Demand** to disable VPN.
+
+    > [!div class="mx-imgBorder"]
+    > ![VPN config connect on demand](images/ios-vpn-config.png)
+
+> [!NOTE]
+> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
+
+## Co-existence of multiple VPN profiles
+
+Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
+
+
 ## Configure compliance policy against jailbroken devices
 
 To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
@@ -63,26 +90,6 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i
 > [!NOTE]
 > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.
 
-## Web Protection and VPN
-
-By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device.
-
-While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below:
-
-1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**.
-1. Click or tap the "i" button for Microsoft Defender ATP.
-1. Toggle off **Connect On Demand** to disable VPN.
-
-    > [!div class="mx-imgBorder"]
-    > ![VPN config connect on demand](images/ios-vpn-config.png)
-
-> [!NOTE]
-> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
-
-### Co-existence of multiple VPN profiles
-
-Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
-
 ## Report unsafe site
 
 Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site.

From b7d0e0f861f946c55978c6fecc3e044a3d2e4ca8 Mon Sep 17 00:00:00 2001
From: Thomas Lee <doctordns@gmail.com>
Date: Sun, 31 Jan 2021 16:42:08 +0000
Subject: [PATCH 328/396] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

Updated examples to have correct casing based on values in Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType enum

Added an example for viewing PUA events

Removed future tense to improve readability.
---
 ...anted-apps-microsoft-defender-antivirus.md | 37 ++++++++++++++-----
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index dc721c7813..0467981cf8 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -62,13 +62,13 @@ Although potentially unwanted application protection in Microsoft Edge (Chromium
 
 ### Blocking URLs with Microsoft Defender SmartScreen
 
-In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen will protect you from PUA-associated URLs.
+In Chromium-based Edge with PUA protection turned on, Microsoft Defender SmartScreen protects you from PUA-associated URLs.
 
 Admins can [configure](https://docs.microsoft.com/DeployEdge/configure-microsoft-edge) how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several [group policy settings](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreen-settings) explicitly for Microsoft
 Defender SmartScreen available, including [one for blocking PUA](https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#smartscreenpuaenabled). In addition, admins can
 [configure Microsoft Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/available-policies?source=docs#configure-windows-defender-smartscreen) as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.
 
-Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen will respect the new settings.
+Although Microsoft Defender for Endpoint has its own block list based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you [create and manage indicators](../microsoft-defender-atp/manage-indicators.md) in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.
 
 ## Microsoft Defender Antivirus
 
@@ -87,7 +87,7 @@ The notification appears in the usual [quarantine list within the Windows Securi
 
 You can enable PUA protection with [Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/device-protect), [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection), [Group Policy](https://docs.microsoft.com/azure/active-directory-domain-services/manage-group-policy), or via [PowerShell cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve-view=true).
 
-You can also use PUA protection in audit mode to detect potentially unwanted applications without blocking them. The detections will be captured in the Windows event log.
+You can also use PUA protection in audit mode to detect potentially unwanted applications without blocking them. The detections are captured in the Windows event log.
 
 > [!TIP]
 > Visit the Microsoft Defender for Endpoint demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com/Page/UrlRep) to confirm that the feature is working, and see it in action.
@@ -125,7 +125,7 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 
 7. Select **Enabled** to enable PUA protection.
 
-8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting will work in your environment. Select **OK**.
+8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
 
 9. Deploy your Group Policy object as you usually do.
 
@@ -134,25 +134,25 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 ##### To enable PUA protection
 
 ```PowerShell
-Set-MpPreference -PUAProtection enable
+Set-MpPreference -PUAProtection Enabled
 ```
-Setting the value for this cmdlet to `Enabled` will turn the feature on if it has been disabled.
+Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
 
 ##### To set PUA protection to audit mode
 
 ```PowerShell
-Set-MpPreference -PUAProtection auditmode
+Set-MpPreference -PUAProtection AuditMode
 ```
-Setting `AuditMode` will detect PUAs without blocking them.
+Setting `AuditMode` detects PUAs without blocking them.
 
 ##### To disable PUA protection
 
 We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
 
 ```PowerShell
-Set-MpPreference -PUAProtection disable
+Set-MpPreference -PUAProtection Disabled
 ```
-Setting the value for this cmdlet to `Disabled` will turn the feature off if it has been enabled.
+Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
 
 See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
@@ -160,6 +160,23 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 
 PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune.
 
+You can also use the ``Get-MpThreat`` cmdlet to view threats that Defender handled.
+```console
+
+CategoryID       : 27
+DidThreatExecute : False
+IsActive         : False
+Resources        : {webfile:_q:\Builds\Dalton_Download_Manager_3223905758.exe|http://d18yzm5yb8map8.cloudfront.net/
+                    fo4yue@kxqdw/Dalton_Download_Manager.exe|pid:14196,ProcessStart:132378130057195714}
+RollupStatus     : 33
+SchemaVersion    : 1.0.0.0
+SeverityID       : 1
+ThreatID         : 213927
+ThreatName       : PUA:Win32/InstallCore
+TypeID           : 0
+PSComputerName   :
+```
+
 You can turn on email notifications to receive mail about PUA detections.
 
 See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Microsoft Defender Antivirus events. PUA events are recorded under event ID **1160**.

From 40589e437f4e628d9fe18e780fbc70a721feb3a5 Mon Sep 17 00:00:00 2001
From: Thomas Lee <doctordns@gmail.com>
Date: Sun, 31 Jan 2021 22:21:20 +0000
Subject: [PATCH 329/396] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

Changed double-tick to single, as per suggestion.
Added blank line around codefencing
---
 ...ntially-unwanted-apps-microsoft-defender-antivirus.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 0467981cf8..73b795ee62 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -134,14 +134,18 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 ##### To enable PUA protection
 
 ```PowerShell
+
 Set-MpPreference -PUAProtection Enabled
+
 ```
 Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
 
 ##### To set PUA protection to audit mode
 
 ```PowerShell
+
 Set-MpPreference -PUAProtection AuditMode
+
 ```
 Setting `AuditMode` detects PUAs without blocking them.
 
@@ -150,7 +154,9 @@ Setting `AuditMode` detects PUAs without blocking them.
 We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
 
 ```PowerShell
+
 Set-MpPreference -PUAProtection Disabled
+
 ```
 Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
 
@@ -160,7 +166,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 
 PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune.
 
-You can also use the ``Get-MpThreat`` cmdlet to view threats that Defender handled.
+You can also use the `Get-MpThreat` cmdlet to view threats that Defender handled.
+
 ```console
 
 CategoryID       : 27

From fd30b0a830ebbd942b4cf61181c942b7e7ab5f59 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 01:05:18 +0200
Subject: [PATCH 330/396] Update Onboard-Windows-10-multi-session-device.md

Dropping the rebranding note (was removed from all pages).
---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index e63643ed0a..1f03573655 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -24,8 +24,6 @@ ms.technology: mde
 
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
-> [!IMPORTANT]
-> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
 
 > [!WARNING]
 > Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.

From ff100e743717b62e52ee29850b2e00a83770bbdb Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 01:26:56 +0200
Subject: [PATCH 331/396] Update configure-server-endpoints.md

Addressing:
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8911
https://github.com/MicrosoftDocs/windows-itpro-docs/pull/8996/files

Also adding a note regarding US Gov customers and MMA setup.
---
 .../configure-server-endpoints.md                 | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 3e1fad5b1a..abdf7a98e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -42,6 +42,7 @@ For a practical guidance on what needs to be in place for licensing and infrastr
 
 For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines).
 
+<br>
 
 ## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
 
@@ -56,7 +57,7 @@ After completing the onboarding steps using any of the provided options, you'll
 
 
 > [!NOTE]
-> Defender for Endpoint standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
+> Defender for Endpoint standalone server license is required, per node, in order to onboard a Windows server through Microsoft Monitoring Agent (Option 1), or through Microsoft Endpoint Manager (Option 3). Alternatively, an Azure Defender for Servers license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
 
 
 ### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA)
@@ -102,6 +103,8 @@ Perform the following steps to fulfill the onboarding requirements:
     On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
     - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
 
+> [!NOTE]
+> If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government".
 
 
 <span id="server-proxy"/>
@@ -140,6 +143,8 @@ You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsof
 
 After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
 
+<br>
+
 ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition
 You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods:
 
@@ -183,6 +188,8 @@ Support for Windows Server provides deeper insight into server activities, cover
     
     For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
 
+<br>
+
 ## Integration with Azure Security Center
 Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
 
@@ -202,6 +209,7 @@ Data collected by Defender for Endpoint is stored in the geo-location of the ten
 > - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. <br>
 Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
 
+<br>
 
 ## Configure and update System Center Endpoint Protection clients
 
@@ -212,7 +220,7 @@ The following steps are required to enable this integration:
 
 - Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting.
 
-
+<br>
 
 ## Offboard Windows servers
 You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices.
@@ -264,6 +272,9 @@ To offboard the Windows server, you can use either of the following methods:
     $AgentCfg.ReloadConfiguration()
 
     ```
+
+<br>
+
 ## Related topics
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard non-Windows devices](configure-endpoints-non-windows.md)

From bd6233826f769c56fb2f12a191eae8fe0588cd9e Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 01:35:51 +0200
Subject: [PATCH 332/396] Update configure-server-endpoints.md

Some Acrolinx changes.
---
 .../microsoft-defender-atp/configure-server-endpoints.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index abdf7a98e7..8ac55c19b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -63,7 +63,7 @@ After completing the onboarding steps using any of the provided options, you'll
 ### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA)
 You'll need to install and configure MMA for Windows servers to report sensor data to Defender for Endpoint. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
 
-If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Defender for Endpoint workspace through Multihoming support.
+If you're already using System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Defender for Endpoint workspace through Multihoming support.
 
 In general, you'll need to take the following steps:
 1. Fulfill the onboarding requirements outlined in **Before you begin** section.
@@ -184,14 +184,14 @@ Support for Windows Server provides deeper insight into server activities, cover
 
    ```sc.exe query Windefend```
 
-    If the result is 'The specified service does not exist as an installed service', then you'll need to install Microsoft Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).
+    If the result is 'The specified service doesn't exist as an installed service', then you'll need to install Microsoft Defender AV. For more information, see [Microsoft Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).
     
     For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
 
 <br>
 
 ## Integration with Azure Security Center
-Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
+Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can use the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
 
 The following capabilities are included in this integration:
 - Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).

From 0c2f8a5a264c3f5f59ad8ef0475298d80ee851e7 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 01:43:10 +0200
Subject: [PATCH 333/396] Update gov.md

Adding:
1. Portal URLs.
2. Power Automate & Logic Apps integrations are now available for GCC.
3. Clarification regarding MMA & patches.
---
 .../microsoft-defender-atp/gov.md             | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 2bde8df0d5..2fd68eca5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -31,8 +31,18 @@ This offering is currently available to Microsoft 365 GCC and GCC High customers
 
 > [!NOTE]
 > If you are a "GCC on Commercial" customer, please refer to the public documentation pages.
+
 <br>
 
+## Portal URLs
+The following are the specific Microsoft Defender for Endpoint portal URLs:
+
+Customer type | Portal URL
+:---|:---
+GCC | https://gcc.securitycenter.microsoft.us
+GCC High | https://securitycenter.microsoft.us
+
+<br>
 
 ## Endpoint versions
 
@@ -63,7 +73,10 @@ Android | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../im
 iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
 
 > [!NOTE]
-> A patch must be deployed before device onboarding in order to configure Defender for Endpoint to the correct environment.
+> Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment.
+
+> [!NOTE]
+> Trying to onboard Windows Server 2016/2012 R2/2008 R2 SP1 or Windows 8.1 Enterprise/8 Pro/7 SP1 Enterprise/7 SP1 Pro using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud".
 
 ### OS versions when using Azure Defender for Servers
 The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):
@@ -88,7 +101,6 @@ Defender for Endpoint GCC High specific | `winatp-gw-usgt.microsoft.com`<br>`win
 
 <br>
 
-
 ## API
 Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro), you'll need to use the following URIs:
 
@@ -100,7 +112,6 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
 
 <br>
 
-
 ## Feature parity with commercial
 Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
 
@@ -126,6 +137,6 @@ Integrations: Microsoft Defender for Identity | ![No](../images/svg/check-no.svg
 Integrations: Microsoft Defender for Office 365 | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
 Integrations: Microsoft Endpoint DLP | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
 Integrations: Microsoft Intune | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
-Integrations: Microsoft Power Automate & Azure Logic Apps | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development
+Integrations: Microsoft Power Automate & Azure Logic Apps | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Integrations: Skype for Business / Teams | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Microsoft Threat Experts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog

From 807f04e1810c7b76dc6723c07cf0635bd5e710f4 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 01:51:12 +0200
Subject: [PATCH 334/396] Update gov.md

---
 .../security/threat-protection/microsoft-defender-atp/gov.md  | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 2fd68eca5a..5223c1229a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -32,10 +32,8 @@ This offering is currently available to Microsoft 365 GCC and GCC High customers
 > [!NOTE]
 > If you are a "GCC on Commercial" customer, please refer to the public documentation pages.
 
-<br>
-
 ## Portal URLs
-The following are the specific Microsoft Defender for Endpoint portal URLs:
+The following are the Microsoft Defender for Endpoint portal URLs for US Government customers:
 
 Customer type | Portal URL
 :---|:---

From 2c2946d03a75384998f916a26260b8c8a0ca1a6c Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 1 Feb 2021 09:05:21 +0530
Subject: [PATCH 335/396] typo correction

as per the user report #9050 ,  replaced  s  to  is
---
 windows/deployment/update/waas-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 76e17626d7..01f89be64e 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -46,7 +46,7 @@ Application compatibility testing has historically been a burden when approachin
 
 Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal.  Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10. 
 
-For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics s a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](https://docs.microsoft.com/mem/configmgr/desktop-analytics/ready-for-windows).
+For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](https://docs.microsoft.com/mem/configmgr/desktop-analytics/ready-for-windows).
 
 ### Device compatibility
 

From 8cdd0d0ee153d5c8ec94f7fb3d1d31011f08f82d Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 18:57:44 +0200
Subject: [PATCH 336/396] Update troubleshoot-asr.md

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9055
---
 .../microsoft-defender-atp/troubleshoot-asr.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index 8a626f4670..e507384f99 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -100,7 +100,7 @@ When you report a problem with attack surface reduction rules, you are asked to
 1. Open an elevated command prompt and change to the Windows Defender directory:
 
    ```console
-   cd c:\program files\windows defender
+   cd "c:\program files\windows defender"
    ```
 
 2. Run this command to generate the diagnostic logs:

From f13504560a9849a630ce0b74b5fe3781e3c613b1 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 19:03:07 +0200
Subject: [PATCH 337/396] Update troubleshoot-asr.md

Acrolinx.
---
 .../troubleshoot-asr.md                       | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index e507384f99..dd95924a68 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -29,9 +29,9 @@ ms.technology: mde
 
 When you use [attack surface reduction rules](attack-surface-reduction.md) you may run into issues, such as:
 
-- A rule blocks a file, process, or performs some other action that it should not (false positive)
+- A rule blocks a file, process, or performs some other action that it shouldn't (false positive)
 
-- A rule does not work as described, or does not block a file or process that it should (false negative)
+- A rule doesn't work as described, or doesn't block a file or process that it should (false negative)
 
 There are four steps to troubleshooting these problems:
 
@@ -53,7 +53,7 @@ Attack surface reduction rules will only work on devices with the following cond
 
 - [Real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) is enabled.
 
-- Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
+- Audit mode isn't enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
 If these prerequisites have all been met, proceed to the next step to test the rule in audit mode.
 
@@ -61,7 +61,7 @@ If these prerequisites have all been met, proceed to the next step to test the r
 
 You can visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm attack surface reduction rules are generally working for pre-configured scenarios and processes on a device, or you can use audit mode, which enables rules for reporting only.
 
-Follow these instructions in [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md) to test the specific rule you are encountering problems with.
+Follow these instructions in [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md) to test the specific rule you're encountering problems with.
 
 1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md). Audit mode allows the rule to report the file or process, but will still allow it to run.
 
@@ -69,19 +69,19 @@ Follow these instructions in [Use the demo tool to see how attack surface reduct
 
 3. [Review the attack surface reduction rule event logs](attack-surface-reduction.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.
 
-If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled.
+If a rule isn't blocking a file or process that you're expecting it should block, first check if audit mode is enabled.
 
 Audit mode may have been enabled for testing another feature, or by an automated PowerShell script, and may not have been disabled after the tests were completed.
 
-If you've tested the rule with the demo tool and with audit mode, and attack surface reduction rules are working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation:
+If you've tested the rule with the demo tool and with audit mode, and attack surface reduction rules are working on pre-configured scenarios, but the rule isn't working as expected, proceed to either of the following sections based on your situation:
 
-1. If the attack surface reduction rule is blocking something that it should not block (also known as a false positive), you can [first add an attack surface reduction rule exclusion](#add-exclusions-for-a-false-positive).
+1. If the attack surface reduction rule is blocking something that it shouldn't block (also known as a false positive), you can [first add an attack surface reduction rule exclusion](#add-exclusions-for-a-false-positive).
 
-2. If the attack surface reduction rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data-for-file-submissions).
+2. If the attack surface reduction rule isn't blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data-for-file-submissions).
 
 ## Add exclusions for a false positive
 
-If the attack surface reduction rule is blocking something that it should not block (also known as a false positive), you can add exclusions to prevent attack surface reduction rules from evaluating the excluded files or folders.
+If the attack surface reduction rule is blocking something that it shouldn't block (also known as a false positive), you can add exclusions to prevent attack surface reduction rules from evaluating the excluded files or folders.
 
 To add an exclusion, see [Customize Attack surface reduction](customize-attack-surface-reduction.md).
 
@@ -95,7 +95,7 @@ Use the [Windows Defender Security Intelligence web-based submission form](https
 
 ## Collect diagnostic data for file submissions
 
-When you report a problem with attack surface reduction rules, you are asked to collect and submit diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues.
+When you report a problem with attack surface reduction rules, you're asked to collect and submit diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues.
 
 1. Open an elevated command prompt and change to the Windows Defender directory:
 

From 8d274b26124aa1bf9935770635ffc6ef49baa6cf Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Mon, 1 Feb 2021 19:06:40 +0200
Subject: [PATCH 338/396] Update troubleshoot-asr.md

---
 .../microsoft-defender-atp/troubleshoot-asr.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
index dd95924a68..c25e934d20 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@@ -109,7 +109,7 @@ When you report a problem with attack surface reduction rules, you're asked to c
    mpcmdrun -getfiles
    ```
 
-3. By default, they are saved to `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`. Attach the file to the submission form.
+3. By default, they're saved to `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`. Attach the file to the submission form.
 
 ## Related articles
 

From d13ea7f085443acd43a9fa6bb706bb7612c47696 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Mon, 1 Feb 2021 10:44:16 -0800
Subject: [PATCH 339/396] Update ios-configure-features.md

---
 .../ios-configure-features.md                    | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index 877b61390e..10354d8762 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -32,7 +32,7 @@ ms.technology: mde
 Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
 based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
 
-For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] (https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
 
 ## Web Protection and VPN
 
@@ -64,28 +64,28 @@ To protect corporate data from being accessed on jailbroken iOS devices, we reco
 
 Follow the steps below to create a compliance policy against jailbroken devices.
 
-1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
+1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
 
     > [!div class="mx-imgBorder"]
     > ![Create Policy](images/ios-jb-policy.png)
 
-1. Specify a name of the policy, example "Compliance Policy for Jailbreak".
-1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
+2. Specify a name of the policy, for example "Compliance Policy for Jailbreak".
+3. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
 
     > [!div class="mx-imgBorder"]
     > ![Policy Settings](images/ios-jb-settings.png)
 
-1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**.
+4. In the *Action for noncompliance* section, select the actions as per your requirements and select **Next**.
 
     > [!div class="mx-imgBorder"]
     > ![Policy Actions](images/ios-jb-actions.png)
 
-1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**.
-1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
+5. In the *Assignments* section, select the user groups that you want to include for this policy and then select **Next**.
+6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
 
 ## Configure custom indicators
 
-Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators.
+Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. For more information on how to configure custom indicators, see [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
 
 > [!NOTE]
 > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.

From 1adb141e2b2f459d735481a7ddbf7f10311f7322 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Mon, 1 Feb 2021 11:32:08 -0800
Subject: [PATCH 340/396] pencil edit

---
 .../microsoft-defender-atp/ios-configure-features.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index 10354d8762..00fc73300c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -32,7 +32,7 @@ ms.technology: mde
 Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
 based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
 
-For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] (https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
 
 ## Web Protection and VPN
 

From 5eab1f1af72b8f6bb950f48b8d7e1acd08f53206 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Feb 2021 13:08:11 -0800
Subject: [PATCH 341/396] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 6c6cd0335b..4af39e6318 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16524,6 +16524,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr",
+      "redirect_document_id": false
     }
   ]
 }

From 27bc25e7daf6b9cc92222580249de5bc691b6725 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 1 Feb 2021 13:47:35 -0800
Subject: [PATCH 342/396] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...entially-unwanted-apps-microsoft-defender-antivirus.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 73b795ee62..5b962456c2 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date: 01/08/2021
+ms.date: 02/01/2021
 ms.reviewer: 
 manager: dansimp
 ms.technology: mde
@@ -164,9 +164,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 
 ### View PUA events
 
-PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune.
-
-You can also use the `Get-MpThreat` cmdlet to view threats that Defender handled.
+PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example:
 
 ```console
 
@@ -194,7 +192,7 @@ Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA
 
 For more information, see [Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients](https://docs.microsoft.com/troubleshoot/mem/configmgr/recommended-antivirus-exclusions#exclusions).
 
-## Related articles
+## See also
 
 - [Next-generation protection](microsoft-defender-antivirus-in-windows-10.md)
 - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)

From 87d4839f8baf1e1f4540dc6fae82fa886c6b9968 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 1 Feb 2021 23:26:36 +0100
Subject: [PATCH 343/396] MarkDown code blocks & whitespace (ref. #9053)

Corrections to PR #9053 / commit https://github.com/MicrosoftDocs/windows-itpro-docs/commit/9856688ff24ecbf4fe47f7446b9ef9182d2de3a4

A misunderstanding in PR #9053 caused the addition of unneeded & unwanted blank lines within the PowerShell PUA code blocks for the 3 variations of `Set-MpPreference -PUAProtection` and the console output, as well as missing the opportunity to add editorial blank lines below the code blocks, for easier future editing.

Ref. PR #9053 / commit https://github.com/MicrosoftDocs/windows-itpro-docs/commit/9856688ff24ecbf4fe47f7446b9ef9182d2de3a4
---
 ...lly-unwanted-apps-microsoft-defender-antivirus.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 5b962456c2..15e0a33178 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -134,19 +134,17 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 ##### To enable PUA protection
 
 ```PowerShell
-
 Set-MpPreference -PUAProtection Enabled
-
 ```
+
 Setting the value for this cmdlet to `Enabled` turns the feature on if it has been disabled.
 
 ##### To set PUA protection to audit mode
 
 ```PowerShell
-
 Set-MpPreference -PUAProtection AuditMode
-
 ```
+
 Setting `AuditMode` detects PUAs without blocking them.
 
 ##### To disable PUA protection
@@ -154,10 +152,9 @@ Setting `AuditMode` detects PUAs without blocking them.
 We recommend keeping PUA protection turned on. However, you can turn it off by using the following cmdlet:
 
 ```PowerShell
-
 Set-MpPreference -PUAProtection Disabled
-
 ```
+
 Setting the value for this cmdlet to `Disabled` turns the feature off if it has been enabled.
 
 See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
@@ -167,7 +164,6 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example:
 
 ```console
-
 CategoryID       : 27
 DidThreatExecute : False
 IsActive         : False
@@ -188,7 +184,7 @@ See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for d
 
 ### Allow-listing apps
 
-Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. 
+Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed.
 
 For more information, see [Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients](https://docs.microsoft.com/troubleshoot/mem/configmgr/recommended-antivirus-exclusions#exclusions).
 

From c38a104e09a6336cc2d137b81f58016861192a53 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 1 Feb 2021 14:28:43 -0800
Subject: [PATCH 344/396] delete page

---
 .openpublishing.redirection.json              |  5 ++
 .../supported-response-apis.md                | 52 -------------------
 2 files changed, 5 insertions(+), 52 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 6c6cd0335b..3e7809a16e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -2044,6 +2044,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list",
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
deleted file mode 100644
index 111a228fa4..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Supported Microsoft Defender Advanced Threat Protection response APIs
-description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls.
-keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.technology: mde
----
-
-# Supported Microsoft Defender for Endpoint query APIs 
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-> [!TIP]
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) 
-
-Learn about the supported response-related API calls you can run and details such as the required request headers, and expected response from the calls.
-
-## In this section
-Topic | Description
-:---|:---
-Collect investigation package | Run this API to collect an investigation package from a device.
-Isolate device | Run this API to isolate a device from the network.
-Unisolate device | Remove a device from isolation. 
-Restrict code execution | Run this API to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
-Unrestrict code execution | Run this to reverse the restriction of applications policy after you have verified that the compromised device has been remediated.
-Run antivirus scan | Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device.
-Stop and quarantine file |  Run this call to stop running processes, quarantine  files, and delete persistency such as registry keys.
-Request sample | Run this call to request a sample of a file from a specific device. The file will be collected from the device and uploaded to a secure storage.
-Block file | Run this API to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
-Unblock file | Allow a file run in the organization using Microsoft Defender Antivirus.
-Get package SAS URI | Run this API to get a URI that allows downloading an investigation package.
-Get MachineAction object | Run this API to get MachineAction object.
-Get MachineActions collection | Run this to get MachineAction collection.
-Get FileActions collection | Run this API to get FileActions collection.
-Get FileMachineAction object | Run this API to get FileMachineAction object.
-Get FileMachineActions collection | Run this API to get FileMachineAction collection.

From 995bec4332dc63e7076692a99e423d99b62a6a87 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 2 Feb 2021 12:23:41 -0800
Subject: [PATCH 345/396] add unique key words

---
 .../microsoft-defender-atp/api-release-notes.md | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 36327643c6..2e50a85b73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -1,7 +1,7 @@
 ---
-title: API release notes
-description: Release notes for anything that is new in the API.
-keywords: apis, mdatp api, updates, notes, release
+title: Microsoft Defender for Endpoint API release notes
+description: Release notes for anything that is new in the Microsoft Defender for Endpoint API.
+keywords: microsoft defender for endpoint api release notes, mde, apis, mdatp api, updates, notes, release
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
 ms.mktglfcycl: deploy
@@ -17,9 +17,14 @@ ms.topic: article
 ms.technology: mde
 ---
 
-# Release Notes
-<br>
-<hr>
+# Microsoft Defender for Endpoint API release notes
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+The following information lists the updates made to the Microsoft Defender for Endpoint APIs and the dates they were made.
+
 
 ### 25.01.2021
 <hr>

From 2b0b5e9648bf8c543b92c2d5d8a9dc4bb196e836 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 2 Feb 2021 12:24:30 -0800
Subject: [PATCH 346/396] update description

---
 .../microsoft-defender-atp/api-release-notes.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
index 2e50a85b73..441c3cbd30 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Defender for Endpoint API release notes
-description: Release notes for anything that is new in the Microsoft Defender for Endpoint API.
+description: Release notes for updates made to the Microsoft Defender for Endpoint set of APIs.
 keywords: microsoft defender for endpoint api release notes, mde, apis, mdatp api, updates, notes, release
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security

From 541d1009d1aae85276618653480fce6502a3173c Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Tue, 2 Feb 2021 22:28:30 +0200
Subject: [PATCH 347/396] Update configure-server-endpoints.md

Fixing the MMA anchors + clarifying the note for Gov following feedback.
---
 .../microsoft-defender-atp/configure-server-endpoints.md      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 8ac55c19b5..0ec1dfdeb6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -101,10 +101,10 @@ Perform the following steps to fulfill the onboarding requirements:
 2. Using the Workspace ID and Workspace key obtained in the previous procedure, choose any of the following installation methods to install the agent on the Windows server:
     - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) <br>
     On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
-    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
+    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
 
 > [!NOTE]
-> If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government".
+> If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
 
 
 <span id="server-proxy"/>

From eb6195222459dee2ffc2c10610a75c569c025cd9 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Tue, 2 Feb 2021 23:48:32 +0200
Subject: [PATCH 348/396] Update gov.md

Addressing feedback regarding the MMA note.
---
 .../security/threat-protection/microsoft-defender-atp/gov.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 5223c1229a..663f76f5c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -74,7 +74,7 @@ iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images
 > Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment.
 
 > [!NOTE]
-> Trying to onboard Windows Server 2016/2012 R2/2008 R2 SP1 or Windows 8.1 Enterprise/8 Pro/7 SP1 Enterprise/7 SP1 Pro using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud".
+> Trying to onboard Windows Server 2016/2012 R2/2008 R2 SP1 or Windows 8.1 Enterprise/8 Pro/7 SP1 Enterprise/7 SP1 Pro using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
 
 ### OS versions when using Azure Defender for Servers
 The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):

From 77a070d0ab26a071b41f91e33a1019338e744c10 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 00:20:34 +0200
Subject: [PATCH 349/396] Update configure-server-endpoints.md

---
 .../microsoft-defender-atp/configure-server-endpoints.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 0ec1dfdeb6..870a97ecca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -99,7 +99,7 @@ Perform the following steps to fulfill the onboarding requirements:
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
 
 2. Using the Workspace ID and Workspace key obtained in the previous procedure, choose any of the following installation methods to install the agent on the Windows server:
-    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-setup) <br>
+    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard) <br>
     On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
     - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
 

From adaa7e3c61fc32d37e0e9c6ae86b0daf3a32aec7 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 00:29:35 +0200
Subject: [PATCH 350/396] Update configure-server-endpoints.md

---
 .../microsoft-defender-atp/configure-server-endpoints.md     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 870a97ecca..060c2d575a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -99,9 +99,10 @@ Perform the following steps to fulfill the onboarding requirements:
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
 
 2. Using the Workspace ID and Workspace key obtained in the previous procedure, choose any of the following installation methods to install the agent on the Windows server:
-    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard) <br>
+    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard). <br>
     On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
-    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
+    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line).
+    - [Configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
 
 > [!NOTE]
 > If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.

From 4bc30c80528db7c70358245a23d90b55eb776943 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 00:32:57 +0200
Subject: [PATCH 351/396] Update gov.md

---
 .../security/threat-protection/microsoft-defender-atp/gov.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 663f76f5c5..3ec12f3876 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -74,7 +74,7 @@ iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images
 > Where a patch is specified, it must be deployed prior to device onboarding in order to configure Defender for Endpoint to the correct environment.
 
 > [!NOTE]
-> Trying to onboard Windows Server 2016/2012 R2/2008 R2 SP1 or Windows 8.1 Enterprise/8 Pro/7 SP1 Enterprise/7 SP1 Pro using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
+> Trying to onboard Windows devices older than Windows 10 or Windows Server 2019 using [Microsoft Monitoring Agent](configure-server-endpoints.md#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)? You'll need to choose "Azure US Government" under "Azure Cloud" if using the [setup wizard](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard), or if using a [command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line) or a [script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation) - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
 
 ### OS versions when using Azure Defender for Servers
 The following OS versions are supported when using [Azure Defender for Servers](https://docs.microsoft.com/azure/security-center/security-center-wdatp):

From d5114919769e1c9ff06d21444fe86603bba5ea2a Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 00:33:10 +0200
Subject: [PATCH 352/396] Update onboard-downlevel.md

Changing MMA anchors and adding Gov note.
---
 .../microsoft-defender-atp/onboard-downlevel.md           | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index 8bf4aa0e07..d1c3d64aac 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -83,9 +83,13 @@ Review the following details to verify minimum system requirements:
    - Copy the workspace ID and workspace key
 
 3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent:
-    - Manually install the agent using setup<br>
+    - [Manually install the agent using setup](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-setup-wizard). <br>
       On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS)**
-    - [Install the agent using command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script)
+    - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line).
+    - [Configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
+
+> [!NOTE]
+> If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
 
 4. If you're using a proxy to connect to the Internet see the Configure proxy settings section.
 

From 600c87a35177d6b3e6a3d7ab1a889366feaec635 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 2 Feb 2021 15:35:53 -0800
Subject: [PATCH 353/396] Indented a note in a list item

---
 .../microsoft-defender-atp/onboard-downlevel.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index d1c3d64aac..bb6315accb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -88,8 +88,8 @@ Review the following details to verify minimum system requirements:
     - [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-command-line).
     - [Configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-agent-using-dsc-in-azure-automation).
 
-> [!NOTE]
-> If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
+   > [!NOTE]
+   > If you are a [US Government customer](gov.md), under "Azure Cloud" you'll need to choose "Azure US Government" if using the setup wizard, or if using a command line or a script - set the "OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE" parameter to 1.
 
 4. If you're using a proxy to connect to the Internet see the Configure proxy settings section.
 

From 1cce4fea20d4e5be3b494a006c8887283e6f226a Mon Sep 17 00:00:00 2001
From: isbrahm <43386070+isbrahm@users.noreply.github.com>
Date: Tue, 2 Feb 2021 15:56:18 -0800
Subject: [PATCH 354/396] WDAC Intune OMA URI document 350K limit

- Document that files deployed through custom oma-uri must be less than 350K bytes in size
- Change warnings into 'removing policies' sections
- Remove line indicating support for Server 2016
---
 ...plication-control-policies-using-intune.md | 29 ++++++++++++-------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 8eb3de7a42..1f84641636 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -23,11 +23,8 @@ ms.technology: mde
 **Applies to:**
 
 - Windows 10
-- Windows Server 2016
 
-You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited.
-
-In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies via the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp).
+You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI.
 
 ## Using Intune's Built-In Policies
 
@@ -50,9 +47,15 @@ Setting "Trust apps with good reputation" to enabled is equivalent to adding [Op
 
 ## Using a Custom OMA-URI Profile
 
+> [!NOTE]
+> Policies deployed through Intune Custom OMA-URI are subject to a 350,000 byte limit. Customers whose devices are running 1903+ builds of Windows are encouraged to use [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) which are more streamlined and less than 350K bytes in size.
+
 ### For 1903+ systems
 
-The steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy to 1903+ systems are:
+Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies.
+
+#### Deploying policies
+The steps to use Intune's Custom OMA-URI functionality are:
 
 1. Know a generated policy's GUID, which can be found in the policy xml as `<PolicyID>`
 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
@@ -65,11 +68,13 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [Applicat
 
     ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png)
 
-> [!NOTE]
-> Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
+#### Removing policies
+
+Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
 
 ### For pre-1903 systems
 
+#### Deploying policies
 The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are:
 
 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
@@ -79,9 +84,11 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocke
     - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy)
     - **Data type**: Base64
     - **Certificate file**: upload your binary format policy file
-
-> [!NOTE]
-> Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy.
-
+    
 > [!NOTE]
 > Deploying policies via the AppLocker CSP will force a reboot during OOBE.
+
+#### Removing policies
+
+Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy.
+

From 2beb86cdd0a6358b3f0a67a9fb02f357f9f2a10c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 3 Feb 2021 17:55:27 +0200
Subject: [PATCH 355/396] Update controlled-folders.md

Some customers opened support tickets wanting to know why CFA blocks did not create alerts in our portal... so I think we should add this note to avoid customer confusion...
---
 .../microsoft-defender-atp/controlled-folders.md               | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index f193b2eca8..34b3992bb5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -35,6 +35,9 @@ Controlled folder access helps protect your valuable data from malicious apps an
 
 Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
+> [!NOTE]
+> Controlled folder access blocks do not generate alerts in the [Alert queue](../microsoft-defender-atp/alerts-queue.md). However, they do provide valuable information that will appear in the [Device Timeline](../microsoft-defender-atp/investigate-machines.md), [Advanced Hunting](../microsoft-defender-atp/advanced-hunting-overview.md) or can be used when building [Custom Detections](../microsoft-defender-atp/custom-detection-rules.md).
+
 ## How does controlled folder access work?
 
 Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders. 

From 29073bd634dfcf3fb5c21fde7694689c56762e97 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 3 Feb 2021 08:39:19 -0800
Subject: [PATCH 356/396] update sheet

---
 .../downloads/mdatp-urls.xlsx                 | Bin 20092 -> 25191 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx
index de1ec91182b84f43093aeee46bb6ee02d8b3d2e2..136c11b15d47022e131bf797785eb4d226ef1590 100644
GIT binary patch
delta 18236
zcmcG#V|=B}7Cji-w$rh#j&0jX$2L!FJ007$ZFQ`U&5n&pzwf<w{xe_Z(|k#O&vWWj
zt=envwd>Tbddmbp8U)5tkOl=q1A+j80s;ae1{&UA<{btG0*ZvH!y*O&OscKht~0{<
z5Y_@1@3;r0It;NwIDJ;Yv1+CLT?u<NoM}Z;z~WC5dI+luMVSgEqp>vfX;+wMxc2j?
zW~$k<Xf7G!;k%VE4^+^P&kQQ{)lMHTmd7Afkpelk14g85;ujX*?kiR=*h$b)F3ObX
zoZd>=7U^6COv8>%OQ6dDpegH(3&^MFw2Jz2C4XG-c?*u9AF(XIzed4V;$!Nw-?*2U
z7<N&Azt}u0qXuW<)&`AK@Hv{|CrkXr+AM~8>O%30d??7ERCIqjnMu=7hGUdAJbn(6
z3zZv3tbL|DX_Pif3-=_t@B>V^=hj*6wN>9pydEObO5zQbdra33kokc+XNlZj&Wpg@
z$l4}i3c0j(_I;4SrAv-DK_k_^HQ<%|em0R(AZ=w=xG07>;*VKLl#ekst8m*Ho5S&R
z@m3#iqPLyPL$I?Rz1TyiT@jr3<P9h{y?$6s3xmi=$7f-n>16)&@~t-MK&Cm^Zj~^O
z*Nw?9<w-g+Rt{QFVQ;Q>zmXLRXGYpW5N-xzKn%7s(C13dj-+q;2Y*~2P~Zmwtn-#P
zYW6HV{zdFTy{mx9LD2L_;TaP_anE!Q%54u&VmvQe!wcvSP(T;zh@=515D>!`)reng
zyIV83**RJn+1XjqyW3b-s%qO+a3cBYTYQ4<W(BlCvhl%i*c9EBS~{(bkYdWz!eC*~
z7nV;0_>C#ZEIQVr+i}UiWnX*WP7MtlwAiehGXx<fxj5nLYP5^B2P8LY&)gGM{DyL|
zL29LO7~p0GEbEWu0y<u9V<+JEX5^#ztbl&OJ9S~?$I3WSTF&k61l$*b$_}|lf?GeY
z;d#p0b1ejgH8a^v+)QE2%WV;hyy3yAsWuW((F~_J8$tF<27>=0v|K|()zZ!cT{imQ
zeGuzgBOuB)7apnrS!`+!t6s+6dn)s<Z5f?!#_RqLc#8v%<nsVoq)?}$<HXe<rw3a5
z9shyGUoR81S!D3a1$ji=_Kku;W$CIn;#J?|fUx$B6s!J&1t(xhsS8E$raSBqzjgIx
z(Nq-orq)Uq{_)-I_qY^W`_i_c2|0RU<{7Z{YDg#QRb8z3n%|PE(8SVIg)q;SBfJ6l
zPD^GtV0#z+GN?Mau-}+e?blkOaNO(1<U`>_in#KN9r*J0r%O8+%;OU{l;Fxiw|-5Z
z@zbr1p_icF?n>H$piyfXIxdqVFR9b}%FHaugV{8L1jb`Qz>ea=D-rpjj+?3G_j21S
z*Eu2@91D-T&mR~3A>O_k-!>SqLp!GtldMCG0o?m)>)+?9O>jrm47`x0&l)-6Xivo~
z2rZ~i+b)B;ed69lkJ}-}+3SmtPU*|0?pw&RJR(I8u`JF*L(babV3R09vS@dK+5`!X
zs`E{<?UfQiTgyt8$}G2JFlD7BMcWhXFGe;{iv76BZs8C1;+@B9q{#|+*?K63Mt7#I
z0MIgtGtKrRh|T5FA4B(aX5iQmSn=YYm(U@%vjC+%TiHf(?HmnG3XJMT#*$Ik-)O&b
zZ}NmPh$ljxX&<4ZYC}q6S_<J;BMyiblmn57k4Bp?{Mnq~X#(|}2GVVUs*Q2OGuF~E
zO)N0H>d*E$V?Sc^ATU8aX794&I;|#$01<n;*qiijg%Q_4kHY9fVBIAq#tcz(kd*CQ
z<M5bMw4^aU%U5&1uR)T&rKb{(jf1J^<5A_6RYGHshV}znG{x@!{8I#J*o1nX@n^$2
z=2D3b)^+LA`HCRlZZtjgHk1YN+m@Xghgr7nkBXewHp{A>XjgUkwsHdI5*)pEh`)gd
z<FDO12K%M2hF}f9V5oorNqv?BjBp`;0=oideH;>8H?UkhsRH#{E`eq82lK-5X<f88
zeZSSZ`X}fL(L+c+ee#p7u5Y-lhsocm@Kg|m8zGrHsV_7uT{(FBxI+k5+T`JyDGJ7d
zb)0|LzJ^2}+K0<*#6wZ1pkW<eib{>cH~%DA&Vx^$dscIT@*(E|WaT&qGe_@5-vQW&
za4jN)^Lhy*(8G+kz>hwgbTyZ_E_HovXK&zPpAX)`;Yc7AFKA4_Q_;rq>LWmyM%NkT
zo%-Wu2_oGd@|K;!af(U|=7M<=<@(5A2gsBeGc-pAeNa<A>KR!Fl^<fA)|}j>++7HT
zxH1#zG#Gee@9l&k_K%H6egDxYgt<nD;c_$}prJS*AS|H7JZbbqdueb$X5xBG1|w3)
zADVmoxIckRSQ7bhs;-HpG^(nL7dvZAa<u_WO<4oYryXuYak^BhI8|U#z<^Kw0l37D
z0_v_VMzvFF;X%YW3hHVnO&jLBi!(<?k!+XBam_NC_&hVi*^RsRjxoWED!L$h0!kHj
z;b5nGEaM5-ytI24I%;=7!;%;iWXq308ym0*ZHZ(~xBxJkZ#2$ISQ*-^cb;@@X;$6J
z`HmFGq*8}O0PWGW2g`^pl9II5%TwUxa)|I`+9EGo(fE?5CkJJV0X6akAF?EeKjzy|
zJ5in)56{7g3BS!NmZu?2y~m&H-;fCmhi9Zx@3+W=DcOw}G9bDE62W%T;e%#XSE96@
z1saYRR^L;x|CnUwZQTyN(}qiMhGC2u3CxSKVnH-K`+Y-XC4OYVVVLJP=N=<>ZY>*U
zG0Mur#s=WUAZ5#~0l&}>^>u4`#Z+aBP_?2O2*o{0Tip+8QhjGb)#z^k`q7cTmb|nM
z0SJl)##+U&io$XOI5H53K(8N7ZGT!<8A3Ndoxgf+9MxJMy)|4r*8S+1^O+4r6tabZ
z9A1#$74ttsX&zWqu76%N7+$H1hD`4u5mwws+)Mj5z$!+trCG8VJC8eeO@ZP$pMd0*
z@LOyyCTJy|wKF;>N=rTrUsA~YOiH6ANj6!XMUES1H~nD%U?{Uo)~RQ;7LUZkT<Dt#
z!6>*ac&wknIJn8&RkfffE_6;OobziNP?pfmFqKcLd|E<=CHi?uX)C_V@Rj5~KmYlY
zq<azbyA|0xdEmQ1=g&XzOAx#F=hI={&;yLqp+pY$n>u>@1%~k?9a>d~IRm<73;U`k
zfs1o7*#N-%)5rV!#PVZJPWI>9bI;bt+Y=-2+rt^Z{^$GIgB^g79kJ)#{qw1|$A9bN
z_3Ztqhkonx$w$bx_cfNk`~CKI<`v-W`N4ki8f$SBi#W1A9E;dP@SX4T{^a_3KtCs&
z-y3w#$taV0_!qNYTAc;9KFVHMd7TZmS#_NiHlQY)iC0bZf$l&y4^L}cG!IXETs1FK
zYrIq;TT4oTGBA!kfJHNLk?@BD|L-@tZ(H8viJ@JWCxh=#wN(``!rv*RSZeL}$(4(Z
zcgcQyklS>=J7u?ComEZ>J>8e9Ap3Tak5>~&Jh_Y|A#xhkpkR?Bks+blySFZyoAiWB
z)C26YKU_5weDiB4b0~{%((|cv*xAP;3vRzUz{{$ULND{qPa8LrQq%(}01E&!0?~M0
z@4W=|-K`$YrYt^B&mYfbU#hno<Z?LFv>r^pNv?oXdJthUok=3;026}-gB}E{J#PVB
zr+XdLjptL8S!FRz@M%F+&ttH#D(GlU0c3gL;3^&@SHxY08=YoTiMl~Yor(5ylYfKp
zayq{Hv0Lq)NLkF0p6`{|%)U9A0VHosY6qed+$o7RpCLoFDPfQ#5GNqhdy#Wc+?+l$
zeb{WT&CoWJ5Z<vXlAk7L5^*WAw#G?(nP8R;!PTca8ZN?=HJY>=^dD^QfXvn^=?yuV
z-{=%5L(U}1&J=S?!_XdHhZb?DI>DI|X!GGRRC50r#cw2h{dDtUa8TEQL{Wx<S=5ch
z#wHV~B9}!zFms!F|DO@19EAR3DqcAm>@l06tj=9<&SLD~f)4+wCVcHSKc(XOWE#pM
z1Z<F)6M)1HnluzPG<1*%Q4`&|hyUDf))1=8vE1&Yoy&bT?Kr|S4LW7KQ@BU-nF$(e
zTkH5odsAv{4^;KjS~`pN4l0w43`ERxHd1w=;Q$py<=^W8fv9~us*4NE*Xs!Z`RP@E
zz?BEcOJ3+!6HaN@64*JK!*cD18Shn^h0@gRe*zjQK_NMt=q&EmFv6ou875LXmzgQ@
zV~ip(x-e%j#IFcAJ?w_6o{Q`;=#B6)T5hrfP@3sto}#&%=+IiiSuh6cP5D;E7Zk12
z0}5VAhU4AivPy{^PQ75)6S!cT3#aZCy9>Nv<%4H1ss}Kc(hC`$2uo)$#;{>W>dF6@
zW&!BJ3s&Y5*Gn4AZJxnnY$EYD6!Ysue^1YhtGMn$d8mF(lQ}}aR^0}6=)S+s+5yb<
z?^q;7uhu)YlV;MpE6pY`Yoj=vb`!-D*qMj);%?s61J$EpK7t2p=rE_j#%&3Y^>Qhh
zN2bbd$Kik6Zq|gNK;Psl^Ys+Wu485ZJ6;rI{4~lt!D&jNmru-g`U-8$!Af2`8qJlD
zkR+#+6w>l3gm{JonJ*@W+UK0HC{t`Qu4+kT=Y##bsujY`oFsgw3u20;6mmplhtI5Q
zlhWzzEq7$EeaIJmbv|_id{PVD=O-yM%7*%!TYp9|#d}A*E%hmPF=Jdns$$UrilOqk
zvhtTbiObn2a^UM^!W2lSw7Sc+ZA?=1AYa2AkO-6si}@QLe)Om3U=)9jt+vl9QgCu2
z;|-N&%k_R6`oZEDV4STOT)>cD_w}Xkh3duqVnrwH>N1|C89cxfX8qvCs%B`!#)45S
z<9*@Vlw$XH5bQCVK%C8ru66(*a-4$WRUUa$dBiQ$5q3+yK7B^Qv&s%`&VoQxyiBMV
zqaX6(hI_}9e#RN;9SE>y_--H%^|J*s!BhL(-X1zL@0d}h8EtxI&I`~8a$w?24JC+m
z4tK=8byJP6NR+dg>5g@!GNufeky7~VPF>pef>|#pQd!WuU_vBFLqUM->Ve@|7oZXL
zzDw?05#xaKSt?~i)Tb<9_P*;mpy6`a-0xrxAjHUFMndwjUpSb)a40-tJ=K9oEque<
zztKq_7yN#qcv=g6R^<nKy6{b5-JjDx4oZY6ucWAU$LxCH7<h!8xCI~MlI}MQ=ct=m
zQduo@ObW>9inQIT5}-Au>&D2Nj0_3IpYq!sD-wGQ1PEsnG^D5OoGnqVh|{-UmeD0b
zKKNBJ-tXv{r}4nVe<MvJ^7wv9L<D~*CHtdqc$Ob%q<QF)@C!d|RR`WXXcfZh?lEDm
zoR5G02k;kqrkRoX<<*Bq*vtJUb?r7?ffCqL+9ufAwrhYWeO^+Tg1&eKsSof-=MVJh
zw+NahSUi`1!Wh+jeV)EGaXCurd7al^!EBZ?<{8oxk;~z98oUXXQO1}P`@kGCSIz|l
znHgiSb&l&_w{Y!Snx+3T>9{Rst_W$Z4kC@RVL_{|Jy8MP1xS=CZt^2_g<pSNlolZk
z;49Qs<Y^4f%)$MPaZOu56!O_mDVHb5RZ7uw7YqyVs(==lw1E+(kGH`fDFO=8R_9?>
zxV3<{SAMKj0VSDFCfV4TQd|GP8Sdu&dW|*l#qsoU>3=;(+VISr>WeXp7Bq!?CS?dJ
zQ)+MMgA|aQ^e+a6%Ng<j3ra*^kprSAb8JCnjZX(|Z;g7M0wTrwZS)9rTxA8!*Un$o
zz7dU4%?6|iEesVZTmTK#Qwv60TpAc}9jv3s4<#C!d5T&&FC{=JR8|9!x*fpX1bw#&
z@?WR<F9d^sAP9C-=gS1kN(`(#VvO)WV*x7I{Wm552Z6{MA0Eu!5;cb8y$3C3Q)l3C
z7!0PI7yb0i+(jhD6SU;?49St)gf^@x%(c_jkK1~px&&ZPQS%=C?GbSlV?i^bXyx|`
z$$Shm`YEBgOCjBM+IwJs`lnjr3*;bl&>%0NyuR7;Kb(5+xB|Z>0JvUG0t_wn_qURA
zlFMote!FreFvPe550_VK21S80$r1gvdZvJK(0w<4yR^r$H#`{LZMzyLtXPpDPJxNN
zVzJN!t^H5b_$VpkRSJc}Ns2fTu_)8Ue}l2SM7P$d5w^E3x_%v;au$nRIGh=sJz@)Q
zn`L~KzE|TOfc@nRK3V;B)1~)yUvejQ-w5IwqxO$D(EQbgza#XEInek;J2rxRv7oYP
z#V$qS{}Az)2a>mG<ek1c*;-QGzl?4FHSIRk%r{OF-oKFxC7&rE0hXWk3w6gW1`098
zCIEj&F`r2g0`tpdK*ZhI`;Y-UOkd23y8lNGvY~pMMBM-S095Q3u{UESUvT}mU<^?4
zkO_<zzbOR$)!Dz^5`M)a9t8O%8!=auvuQ;01%Dfo@@8y@U15E3O2YeJ{)4u-NO(D$
zp&xjF{x&2ur2f*EImQR2<!c0>VZawmH=uv~Y9+`=-r!4zeK$ssR}{^tYK@(Y1K`fb
zRgMM2l|rY%>?b>Swsr6`XZ!vmbQA~j{E)3L%Ca#@vD}eA9Jv7rv5a3NrvH6zPCv`?
zt0?$i+;Ev{*-;qefYh!+1C4a@Vodil*cBO`0$6S(UB7hx*8wu#?G03n%{Ld2aXs=D
zB$R(WUFl;p{^qZRmA`*k_}8DD>#vv)A0N?ZhGw4EpU`W7PCyMq{VQE$PhF&afyNmI
z6z)mpGI7v)=`b1F5?7_h8AS8XP3LSG0?^r<|Hx>-77xl_i?{}ehXaPe(zm}bL&t!9
zVTNX|`Ty#Z&r{{}%5o}xTd_oo8I>93KR8j|HsiPd;za$&6ToV|Ji(sKeW7j!%(JHF
zoGs`7g;P1>ifs2$dIvyT8N=zpKXz3rb0GPF#K4(xQ=nldP+rmnu4$X0kDnP&4Jkwt
zx8BC_S%16N8Di&)Ww3>M`e(n1Hy!kqm-E#q)DuoQ2XBCsPP?tIcX(eVCw7M;sXAIy
z{(iZBx!!|R72#`XMQ@D2C-^C+_gbcb@L~dYN^2@?Z5tggtqCxtH<6)Ii2_!_Rz}*3
z%Igvn`kQQKLbAhr?M0mJC(qP&Xy1M?h@b5!(*H<qtA%g-Wi2eXj@_0U<MP<b&1t-|
zKmL_&2F+yTe}AWRcvY<A<quThVd0HPo|Pu1(-`pga!=xLT`-p?eQp5YNPa+oa^6b{
z17~oO5`TRU5cFp+G~3UIB60#{B75G+r-fwoA}rcpOZ1>hhdllqul~8D(v-71*SRT#
z+~nUhRsSe*8i-P+`H-0^yLzGU)p*tPNd0f)3Qbq+PzFlf33@KlfBc`sOFk_7J0&r0
zBdwR*X!7|@1_?uHqdV^56OYOkUfU-<;0&7$$8KMrvd5CFeRLGayHBs_{BAqrpA;J3
zMZr#(v@%(LBx5~p3uy+oKrPjx>s!rNdkzzBk{VmbfYp<dMc{%;@i%+cKY|?uq9lF6
z3iyIm8ubP11Q$Fr5PcOLWsF|<5`1sDety8_pGX&d$Ts)>$_NvH>>Qo1*K~`%oqy+H
zK|TQOiFLeI9Vg-XT>27lZMAyh!2aK<-0)GxHfTPGwCloF$P13;P>2-`S@H0PeIGlH
zM5$t{r^<^f<%5*#@=cPjs2TisQC;~`N3payW_2bWXT2z>rG%ehB`VLnOr2>MS58Bw
z1i;UfauKQyiVFI>9ud9IM)OipqQyTWsw&N<rYoQ3a%G5hi83ZUg9-OFg2>czNq6~g
z&k?75$oI$LrT=Y;?82bVgk>h`LO)nO!Rsk_a@sC8Dk1S#u2lX=mWm%Be=V%S8}r+<
z6qppMDBqU?`W34IjCcwsGnWdb-<M9(865ugzI;!40X|O<Y6+V1bzpQhoJG^`s+<w0
znev)0<0X{3gl9?e;s0d9MX#Ha*+h9kEk(XijV|aAoT<gY?#7b%C)aW^-DkmW4wdp)
zS8VbBA-?1TzCVWkLVRossj^`1Qep~-!ceflE{M}`lPXOU@aa?*BL7EVo&O@17Xr5s
zb>qp)7pvgeP-+U2YNsiT9&NY7s{X!tazgiCv|jQee4Zp<XxrD3(b=>%4l3Yq!fRNh
zL`*lR3i4gQIu-kGr(<88ih-BScD)GgcDX%)C;_wt=iCD8nv%1=tB!J|bQhMRCqx6=
zp9W@;Q2*OMRHW}|c&XcsmI(M527V#<Y+Vz2R<~3d!SxauiY^VAC}asrRvZoSKj9>T
z+(nU>%?piQh(3E3Bqh!*)tEnVUm#>On@rJ6#?9v`dT@Fp^dDA4a^}(jkI4th5socH
zie0KCIe7t%B%bAs&V^2uc*iV(SR>!(l7+}TcNfIlMXIr^4*%mNciG;aH~Y$QII{=h
znEC=*r!WRiPNnLEf-*BnDhY3L4Pqp#C(zUn<*_bf*#9!M>IHH-hN>WFX_}e?2V$Y<
zdeBz#<`d5Xux#9flGJBI8IyxX_gbv~ul-HF>`x&tv?!sSz^6WkTCNnxz%*{sT-Yu|
zvdB`>sjM8rz#k^?&qS6aZq>HRC~`K(jG#$-Djqe-$INhp8*|%Hf=<>W*92~){c3Q+
zO=b$F>ZSL!PLon~zJ6^E;#ipe2``}lkZ0GQ|NXQOd^H(|XVq-^$3Q(zvc$t=x@qcY
z6CC@Ol=ySjiD|8R&7DX}me6*5&5gxE(6uP!jeb`%Bl<0AtK#d`t$D*aN?Qtd!};HQ
zWL22lMUk1EWItYSMV7#qh+!h1QDQeYeWvm}RMEhWzobhe+8@}M#UBoc+HLt$GrjC)
z6g>$8Hw3rw=a=LMVvn!)=f}sv+3T|WC*=P&c~oL#VfqE&f@@G5f!3)>BuZ#F=)w9>
zW!4*6G$@3BQoDPW2)(Z!yl(ErGp}XKsd*BLVU;QeK3j$ob-PVe;cdA_Dl|}UVK|y-
zC#17O;WyC7smdO7dJ$)l)Vjl1E;=z{X{uDJgQdPDDl_8cb7)lF;_b-gcRwrFKUN8H
zHG>yxHr)%D(Qpe5C`&M4JQ?rI>&;x8Ys+65w8g|oRABzI(FrcU|KequXh=c^NZhhp
zCqf$8qPPGEbgqMaS{e<N&6zB{u*<H$$S}qz_PYBes?2{pW@UY=LMw};UhQVNdjE}&
zcl%nPX3kKVSWL$VPk|Mlk|EW+4)Xb?2%#L6X=XE&WFhLG6Fl%3Ig@h;Y3x>w+)ql>
zSlt`_s4Ew?7yWB8xEPgga$(pKaJaK<8-7-4ut+%<A(AL5#+pd?9of+fc3`1t-^j+j
zM)XV`i3aU9uE)ycXqt7(uFv9!n-8Xa0gr%nVZw(;kWrz>N2^V=DK5ARp+!F@x0XAJ
z`<_#p!y9!%%5NMqOG1$JOvi3|fY^_qYuJ<aj|@guVzu)Fd%v2}V`HjWz+HcYp5Zm5
z;VL-0b?TItCi;^+Ud^~gbD^NxW>p}W7C%@6YZka-n|GRN1yz=B_{Z*0XM%mdu<B?;
zd$07*8uOqrqwnm$7^n~~qhmvSe`7V^ej^~B21Amg><gV1fSc5-3{nE82M+xGC!YJs
zj|}rr`*V_Egy7?cBDv)f4d8PFuN$V#hF2$zY;w-OH#*?pN>mF06Z$0-U)(D$*$xJ8
zgjn{QW|GmM*HN@Dcl12wy(DCMG<PjSJ1cx5Wmm@BC#7MeIQdEgv#+}3aMI`3&i;Ql
z9Fs31`WcZ#^^5kwEm`+4>uQ%UsYH)SN>_HfKc*$rH?D`H0H1RYad@^AEOmb#UJaMw
zWYHN)a(3$-HqqbPxE?ySW^`uZJBifcHr%{cviHYS>(Fnce_fvq-@m<R$r^c78Lh^Q
zx{4fj_7U!azK2>uP5n_A`{CAArYo<oq|KYdr|KI94SN8YNB*!kT6qmU?mOY;>j%wJ
z6#4)S-DR+h3Sh+~H0qan7Np!6N&XQn|4YX^j99gREkNnnfmr(;Z0aBs>xP;itmv(E
zrOG$p@J1M}j7No(@?d1h_8yfrmC#6H3-RkyHCKK?r)T1jfR`R9spsc#-K*h4lpv%o
zXLBw!yJY7#lc1=sPaD)bsQeMXR@nj^CCL%Q!>|@O6BMZUY_d2{2U<eqXUzYZuAWLl
zM*d!wR%&LFMr~A5mZnaX`4@}266Ltej9;Df4Qy|Iu@sEtGdcNl8>60>rIC~+a+q0V
zVO&a%KFHqj`s#7&5vD1oSz&R?3h=+R1;X;sp?Yv2pmvP^))oLPe`}tZiPCljj7TG2
z#RVRX?!Z1?l>E4I$)M(zMN2}nku(Ev<0V&uMa!O71i3^tDMUqb1Bj4MyC3J*Z`Xy~
z&Pc;j8>yTKq){R>E_AOp;ee0Q04lMiy6zuYm!jeNK|`^Tp$xYL>^$o*J4i^L+Ph0_
zhGJm{RSJ_Ko&Y315gZ#drz^|mK?JedwMZ3lbF>2yrqw+b!ylK1$HnnFm26uyvmGph
zVKH2#Tg{HOm_K(Px6xQS-jVF9AOx&UC^jNPjS8R6J=U!T*zxatB9w<`$9hF~<mfHl
z9y4U591E&!b)ZZftDl?S1JHu5X-=9yI~X0LqBut#Kml6{cTVI(tI48U24fV4&*<#*
zsp%J{y1PB1dg!7lw1K9A>Vi@^3Av@_7?tX**>hv<KUGfnJJXg?T;0!MuxFE=!l%_F
z1ICOlA&*nh#9yby_jqj^H>3T{Mp1$LBjm0en2|u8kZ5LI$n}buChrL4@qGjmXl}az
zJL<k6JpgQ#$dC)3M_t06uL#7)OJkjEi0^fQ>={6%;vyhRBXqraptM>};SBGW#6uq=
z8wmSTHGlfZwGG<}W4PLdbY5Zq^EY`A`GZhxO+PQ}9_#o?D0Dc(6aW9Q=bvWyw{rBA
z4jlXf{Qb%#3WXR@L}`l37pmB20S_-(Oy7R|$WA=3nTjEJi1hGgG3nIX+_dGFZ<%*^
zbN_64<wSF->-gY%ZzF(t?4oi_#r0Xi>{vfoetx{0{zM<So*XBnErLBpOs-M+;BD_B
zoS50u$SyFCAknfU#VIt8$#<o(?C2;ZvvUh<oU4G)l!AB^ZEFutw(U?<2T*Y+F5H?L
zS>3d(dh$V3&(Z5uo-8m4C|0qD<U<gGZlG=lSL~Z2>1iE+M>Jwmt{F2pXZFIXBZ?|R
zGn^EMz{x5Ub_poPcHRAgRiA1*E)|M@01>5{Az?s+wx`!wJesS3lapAmV6ZPr;@t@*
z0q(R{&5^EYPS2$rV*Wjf4Tw;>3BnXl2l^qjnkh5>I{~Y5&b5|05bdazkUnExvMtg#
zcl^n}JW0UgJ4!!|`R@S9XOa7eB2*QRDbC7qlMx^PHbH5Q_-;Fp?&bJ^@=d%oA)_WW
zh%mXiXTu{HtyS!$1ao-3JSRQXW)AyAk@Ofm^o_m@8R2B31H9&6S%6_P&SS<TVNJ6&
zD-@&T>jryGSKJ)Kya59Q)AvclpCJkd(K*3WH_up(>BIJ}@nuG(C(axr)X`>@<3pIB
zYjiq3bE0)$2(3(Sl#RtgZ|3D9RM!yIzMiDT_z7e%SJ;h?S?Sm-C1z2n=Z*8qXM!Tk
zc2Y}@ByQPdOLiOq+&X=^eR$fPj8RSbb_)sfk6e5Rjj`Bh^z6>FGgxW|%t4Tc+|zAF
zQfzSj)O(QC$rDIFSi6W;!Y3J_%Haa9wAxw?#BSe@ps$$%b1i?-p;a(DX+~q?kIPed
zl-Bza6|nq4f0G0Ew4~%W`z7SKnpH_yIzAcRiE$IyYUvONP+3A$G0kSUgjt%w8+Y#E
zz6F^`T!{4k8HiDH13vB$Mm168cb<C`t(vUCIie)&A?dUq=TV!!bLiEy!9gI@hlnXC
zr*8v0*ghvbQod$XUcErcD6ZP!GgVbFcn<!{^d;}$|A++@g$aZJMx?joVmGwXTqL48
zKv*~=Dj;wC1}ZtBNG$q#iw;M`jwdlID?NJJkGzn`R9^0M?lg^?HN2ZvkkY9AhwW&(
z^pPZM4w$6M29JPdi|i*0fGm?qim~!GZI|ASvdz#P`&Xddn{0|_SyLmZEuHmD6G)D!
z+K&?0&>D?e_^;Cp_g>wo<mcciF6*e!yuo7@GbzJ)^c4<E<z5X0<l;q5+_9w~@t_E!
zCe%rDq>Mg|oKl=n3xM~YbCsQWUoDQBR%+`P7y$}~e>HtOb;0Zq1PF){;(waX`v27Q
z3%6Qt$XghAMTteS=;jvHrq~AK5QCxN$_w7|Mc+q!iT`Q(^AzCx`tG9?eKpW!u8}-?
zAPmJkxXh%3>STtn!ayecwzI00nJ(!L9Iq?K=bf1ktHTA}k3zy+R}%M62eh#qYi=8?
zEF^$V%+i?c@yU{7(gnkvjm%;wfpR?ku)c_*e{i#((S;72HhRUv{2kgz&>{9kmz2k?
z*unu;&Z%R=#h<ZVcu<S_L?42ZTuUaKy{gW;s`ig@rh{M%Mh)1XJDnd-zN(VahS4ld
zi1CwhKWo+*H2PXw<EmeKpi#{x`}H1hpF#jq-zlgFbT!6sY2V3cdwO3E>JzgnrCvB@
z5*L{xB8jFjCy2ac)CA+F8@8FWCJQ(v=Z$zj#LecVb`c(RkzrjV33tc5MOLl3CubO-
zAs?qH-Z`tIS0DT-Xi<s#{6S_BA$H6kYJrNR+NBhtUs(ja2;<NDz5nDqR~QEMXe$8(
zr`*Q*GX^-~GKTj&#`?XH$fNqVt|c4KXOLqM`4Jw7Xtr`OL-%GWCq~>zr3R-x3IIJ~
zp5Uo6IuFFC7gmS57{i)L6oiL$c~^k{TgR>A6%qQ0;6iGIJb^g4*|UIAq7n6sH8G9?
zr{OY}TT~mE_Wgt28n?s&f*svwZ)Mlfi+fin1;Eh#d_Ox1HVFDoQwBgwAQ&Nc;5j2G
zB0cgN#!f4XM5kDQ)xl<!A(wEu8lHap89kXK3sss;i@UyIjCztQTWDT0B(|-okcT~-
zyxH@(EyL;?UOP!|r}AJw1Hf6G7_HMED)yZmaHz*M1i^tjq#7(NLk89DacZ5SR#lK{
zTabCQyWimde_Yix%#Z^h0q&|#ZU|o|y5e+zfWAiid#cOH*~8k@>2EBY<5|UKh+TOV
zeLxPn5pIL#_|)Sc5U7zBSuE%j`VP6<*bNK>+z-huer~SnG8zPWU~&FNqT<&0W4y`I
z!E*kzG0hyTzVEqGN0IMH8VOPlZ{~loDDw8gd<HMtN7~-?OBOI9hUyT@d%bbDtUpY!
znsGdVLrl_(*35yt9Ate-KE|>%I@g737HIusdeWLAx4oz<xj8KQ(q9lrt9&|fBT(;b
z9qAq7H8IK(UevMGoRPhwft$6>#m=<a&?eHye92#FJ+gT8&97ZqWdq4|y!Qf@heIQ%
zDZA3xaKMGvOcG#gpf{#TU*|8^hc8Jg$<d!~aOlWF^^@$;xb@HP1eUUdNIfRg98P=&
z{0#Si9cvqA<WS!M=ks?YJr~rKim*9nYtG_57_e3_5hJ>0TjI?<MULy=LyhZ7Ewyb&
zQ$B0GSZ9w7jB)AgQqGdySI)d8T_{VA>bK#X8Dr;!_^N=#fN1)Z5Z%P2yXAxmvR(FI
zD`353dRM7IPm`S+&2$qlqO}!PL~gcRZgBW{CM?1L9WMxmfX}!3EkChU1B$jEwZ7P0
z>eb!qFIpeK*~Yuz!AAF3i^i&GP{mpdTfbw(3V393Eyqi1`T@nePCY!$nC77vs1CXH
zY^3H2rqcjWM|Lnbpgsj`xX^)k&x%rN7D8aKZVgc&xpR6|pmaMov6;2oJr>axUus6v
zG7!~aSfrk|J^EfgNHN_!l+pEKV^lh5gM;10pC9DYA-l&&Am6RI^$dItR@x=2oEb^D
zQQo*)ufomqz&EuR>D=H(P=qkAmq)n*`cNS$jwApGUhK!fb5)?nVX){0x|zoJ{Z3rC
zYsAG|ConJQrOO#C&9(cGprbe-mjy(O6CM&a{hb>j)foPVls#=p!@9Coy;M~&*fBM}
zd9f!(2t8iSpV&2Ct~z=-8Ri1zpxn!M(6rC|yD3H@Z<GiDLZIn~m^fYUO}ru@KDDPE
zMFs%7s&vus0zru4T+U7eyh7%G_-}~fdU};C0$H(gcqM*u;5vO;SWU(A7$5Oivn@$+
zi0rI`M(PbbK7P|%#W2D}kC(q)b%A1r;sF@VHlPi~?BNJ1FG}rDou{NjJt`xqZ4ZtR
zP6=iMYo5$P17PjpHc2_DfoL*I?UPQJaQgrdd|^y}AW$)d-5oE7;1??<tTJ14^Q-X?
z_>Ie;x@SO^=xs|ekpMqDkyVfW?Rv6G+1+svXYKg7gM2OG@1SKMG~hpxem283ZT~1Y
zM3)O>3*6u*t<(%yqov9~)n19nYB(ep&GUSk??eWJzqk=o1y-r(3RS2=DQBZ73Dg4Y
z-_=7=O?_hpvjX0Nxn#Xlaib$M{po4eyQV-X<Hk<Klh}$=6tXJ{VrQV%y%=EAm(I6%
z5Jyq!uBo4Hh(mM7COVo`JXBE3Ypm%gR3ySu-Qkz#Z%@L?DixApA!`q;0EvSso|`Su
zwscGxBf!^@poJXvOigY~s^Jec>s<iQnAZ$XK-N2Y&{vF5hqKSzy#E7fS>%R4>ox=g
z8itJO;c^!fDg930Wpv7Mk!uOw<9ntD{<JupYk@R7iNsGn1EX%>mEs<tKGR&4;Ny)0
zEl*mhL_jWqsMCxuH?c(t$wcS<rs<O#FE)mH*h5Urpq>^NAJ;b-|B&Y(<$4LYH19y3
z88Q7)FdfW@HePS}n$i(Po3`^rGP@8&4cvKXF{u$zBcLHIm<uf<p(%FLSVwz7+(Y$?
zdNKS7cOkm{TXPRMuEh3+ccd)kaUs_PG0hqRbN5G@JnMy}m}_P{u(+m*pK)E}ez-+G
z77l{wdgovUe1E)IZ0l2o{^b<Fmle-)uFD*?kUqXE49>9`3@P08dg-PAnc$@UU`8;V
zRu$e=W+3CJJ@go^a=SBK>4s4-gQA?m?=}a)Umo!o5|xO4wgH~_%JbL9;}WTR+h?iQ
zJ}J@Qi>DRl%G>TFW7PsW_zM@9x5YIi-E|>65ic(Wdcf{f4ek<?yN@HFyFu0C!fe&E
zm!lk<M<q{6=8c4Tlty0uJL(lbeXAY>Fu$hebd$<ik(2qRW_WJY-dd#yQP36Un`fl+
z7KcmsOs;FSiHA+X$~RfLN9rM)A656klDRDtn^{<A(`b0q?Kc;pYiP`a(ZG=$$44aK
zXRCqla8Zbo0;F5puL*Jh^O&AE8MV{9tPkuw|K7S)&IV_!`7w24!a>)Y<UQ@?+@-Dt
z{otOf%l(Q(2F4>Qp8E;@mcI`*a@`3t&+SiVTJrJgqhj=YCH%4nF2LWtVHRzOob>Aw
z&xv?|Be%@vM4yaSc`~_yC!Fx5C=9BQ7$xFc_?ERe?S5sYbOEj{R+BmBA(S+-DD{dc
z*=^CayI9~86n~py$~fpc$h9$hKW}8~cDJ;9+mV-b%<of|?#OGlkNl~S>5900DjqLb
zkC>~mkm(d+xfUCTiLJtA-4v=kEY7P>6P9t%q7)#<8CQYsYE9p;axP5;57x{r>Si08
z*cl1O`u;ghUjqn=aP3((dpkv99}<Df;h)20-Z_=gz#iw|_q5L=e?xDk&kp<K<^LU>
zoo)8Mso;zCu%KOdFSa(IEU!#Rn4SHDw2guP1Gnw_OTa|Is?D<fP;CCD*Eb!ei<i-t
zUI6s^H>3UFz!~a#;B(6Jf)4@T8Y)LSR~i~Vms~`zfj+jXr3?$HPmA2|yjCo9ARTHq
z2^N}4Xui5^;CdYtD@LmA4p;j5RlQ{He1Sn|_Chc<C^;XHf6t-<>WTu=hG2n!Ea-rM
zzRq3#vvM#ubTl<lc6PL|HT!1)QK@BPx6X<3p_lvVKU%_CdO)_m{==&ZGbC{nBel>!
zE0;63Hz37aJ4~dU#B}8K><_loO(f-d!aAZTPB0!q=<Um-_uDOb%!*DSx5~}@Sg@OK
zf6$#O()dXUAhBd*CaVIq7(Nv^HVG|9E=4HkZPn}jv|uU3ux24g?#D10VY}|djL2kD
z2@3IbYPgiK?Ufbx#VHv&?=Kc&89Wz;nHj*JVcsN)N%eHr9J$S$z27n+{LD<FJv!O?
zS$E%0YaeIt#7MG2yPsCrx?*)-k^ltuq{Y;_YCZg=fCZJFjZq@SJl2hp9h(C?=SW2E
zo$t1g>}&|A6kSvB=UV3c@Tj2Jb<_u+P;9au%uXv$7~=wTtR0+Yx?<``R2{rMPX$uB
zI*$Ys)t!;L06j&{9-{&2O7N<Q#ZTWF+m1co`*|D622AlV>X=~GwN=8GvN=m5`{(dD
z;IxrIK)n*Ji%C-DSEJELX`$?zUE3Qx*Xt&)LnNd!Xo|d84pU(!^(REhSM~+51_bG$
zSXvp;-Y6p{f?(jP+hs4jj~<_j>?{5q+8bFkkxddnDJ^mSU{L`t12mif%a!qufN)Gk
z@K*y~78q)R7h2Wv+DxFxVE#Sk1tylK9F=&$Px|l+i8Q(x!ARU;<=?_XlI6P!d%kf@
zv?NoFeGJBZ&LrM6sgzpvl7l76-bbEYrQ_#Db@ry!C>IfL;nTPbnq_{G>2Z^xd2181
zvf>5Wj1)yz7slHtZttP-s$gE4C?Hk1oMMZpPIJ_VBnRu~D$jInwazyUy%^m>t9mGa
z_z-(>Ar@XBFSPiuV98W9BYSa_n}NpwQCX#L%x+d2L)Ygq(%*-~D!=VjUz3?-tNiLV
zErW59Qjj_!o@a5DpODm)6o-8*Ts>)doyDa*v*Dy5UkXoHyVe>|N*v2<R;!1M*D48z
zZJ4(z?XX)hApf`&F4s$OuMM*5Vh-Z~sCs03z?MDgg1umk-)B%_2iL1z+y*1lD^noS
z!JUL(_Il&+IyuA+$n*GJOCYP(fQQ#)0fpNRbm{42efG(P767{HPJ2fzFCk!`xH=c9
z-ga?aEp_uq+c9V4J4JuV=yN1hI>-4~^m{<9lZyt4&I|wz<CoDMg9YqMAi!+_b}%b<
z<1Q_C%q+}P;QAy*6gkOV7<9tVYCuldj2s!9++l==?XzwhO&<GcRbD3LAeSEtdkPXt
z7~tJ;tf87;%t_9kWHt2~H7dR_eg~e*QguG*4flLYC#`xC2g^p2gQ-m!Q}4)<vFgFY
zqNN`-2$E-KZJkksx1$TB?C@{|kf)INSU!xpbaZhg5MIwsQl7Eo;B2f$y`3L=jzUZ@
zz1^~TET@FL;9{S4@P)u+rR!&VMem6hH;vMhRr3W}fNydt89!C1RC*g^(O;Ph#=8yf
zk@d$~M;%L3G2&t;lW3{fCFj&5t+Dch#l&Y6vgkS&jy`ZF?-2yh#_B);-br=kRQEfF
ze})bL6L>}%@3-<xiyYffnN5iBFkxz@LG`O-uu6iqTd>e^_WBS$Z=~)>NuII|aAgy`
zrs93x>5IdfhBaPc8*=!ySYcG_kjzwNiZFQD+QhBi2CHe}1_t>U&euI8^PRm5df7m%
zI+63a-k2E`l0Qa1O!8O)gx$;w+1Yq7dn9(m?qNb-wxBi?wsdgXi@Hx9UWysO?Dl?2
zZa7Q3G<ea+avs%ZX{|f?^6X}A#c&>NARl$|EXllA)}==TN}m9)Ga=I0ydE|d9VD*P
z@niQ%D2zOVBxp};JCz`*sz^0?6E21dMmsOpP|>Ig{L-Uz;mpbd)E|ACjMiEHLOE}S
z0)}CI=!O-Eyy~vlA@|kMIpoJ{v<yR`E-Htv6%R1lV(dp_6A&%D)2r-oAo>s^5H}s)
z0>>~hq*)7O{#L9aT`P(O{#_n;F*AE{gUHr3u;I-y3uQ~OzB-$eXYHi=RHQ@?s9i~U
z29i>`#h|g>r*vHkKzVQ^J@5I=-Q?jG_<Tp;-un@3|0YBEA=3l=rTO#c^WhYXONC{z
zNZOne^{S(%+?eYjdh*j;Bq9`gDi;{sE_=!Q**cCY=nW0&5TXRAmqWU*iHPMr2eqL*
zb?Za-Zn=mZ2ySKlm1?@O&sIrLnyL1Yd_PocMloMVuY}MiKn?nqcOS!Yy)+Z5o#e?e
zI^wjmy`Ie4MO9h#x>>K2|7EVG#5l2e={m}cZb0I*?Ay>Rk<;KaTd&2e%qsLAil<)J
zXCEKXIKDC^`^E4vtnyk@UCIEx;mvf+EHgnxX$sQwlLlz;)+K7v!~EjCc1An*ofFdf
zjT$hHoL`GDVEdlesLd6!cN6JRDR)3Ht)MLtN)~tII|1aPyp3Oq9=c_TL})QguVC+b
z$j*70iaGUD6woc;Ps_W^0R0s00{dhN!XNRFW+;1++)PtW`Fd7Gjq@PbmP`C0UN%y{
z&wh(tI8hM$p$DGc>vxEo3r}@flV3ET=`r9^4=+wMfMon?+dyL8nQxHwRFIHH=<UfL
zEb=JVBySLLcA(#{%Tp*p7fa6(ke(;|yF~KN&kcfUx@h_02s@@G2>b;U^2Sk@L8W+@
zF(6sX!+9&*S$Yj67E4E9Xvz&sWqwbW(}l<>rP5WWrb@Kh$*(N;X&i)jd`8C+UY;R1
z>Qm}&1DYrnTFI5NGwmpE0^9d%bxQX&h>3&mbNk-l3=~OQD8Av6pOB+_k?uGUAZ2#f
zmvy={=vQ9^3oiN|>w9`a1TC;nxwV7=#T9TJncskNG?dS;9xp3ot9`VWF!`p!?HZ&>
zB7RdTVt=~AH!HX%XqZVV@n$$l-Z+K$Znse_2tXH>ungrkgd3KMSs;$n5g$~*=dcQ-
zdfhvJdGK#f3LQJ`*cX#~RMu_UUZ%y&l3^_v>$-AKnZHg*wAaG93=9z0y5#?1v+toX
z{)p5JC#3mvWJJ8^_n}Uy_(|tI{&@GiLT){jabLHDrCVZyb774*$kalCivN8em$*7S
zJYXN&rKPM&xp5oETypcZ)>WZ7_7Q5skt+^#y~2hvuIduz1P;P5V#zVeXxK;7YczF-
zY5zhELct61pl_-M<MvT7DEq$LcvIu_c@p6z-rbYEb#=sfb8PGkE1rP-XQvjGRG#N^
zk{(29h)qYU-X#8@=7BMQc)*HmwTY+92*9#MC)A+ri;$u``Hhh~<F0#J`&0CggGTK#
z^*8;CY79ZVD`M$&7lFRH<jUn{ns4tFq;2g0N9xQ~b~FL~=F%Vr52Y%u>pAOU-*LTf
zd_?Tq3FCmAcwh!3q~MD7TSxaNQSxy0JC^Um(>4CSf+**8M0cIEcp~GBF(fzCDuDQ+
zNRtT7d3Pw5IXWE%C$d~zy7}$&a8v@tLD)RlH?j;iF7GZ%acDLCmut+*a(t+Q{|j}0
zF6M_HsiHIE<+_Ea7hbA#F{4#uw(zRs?}}$USS8PM7S2o)b46oe%9C^6wEUeYIDcaz
zv-Y{Q`(E@XVYi<Hk2@LDB*w(4;eZH*{54NF({#dcMAh_U3*+23DZyD$-INpC_*U0M
z)=VcrxTeg{xPB;6uG1nORJg)fG~j4PSH=W^S$#PkPv{`_VnbLsj@cmfk<w`5C?S@t
zAS9$^8Pj=9y=JXCkc#MIJ)#U~kW|L=lt9<M_2`%75mqD<eYyF#-zC`cT!3;UUf6w1
zoO3b@6X<IrNKnkYyaKQR;ly=HE0fOtWn@cM`uH#}Yd<O;bmNC)3wum(xa50?(6stJ
zYq;z6##$`ahHVmw(9#2ep9lo7yp(Cncd#phTmfVdp3t3noY>gWN1WIb5FM)X5ORg~
z8!At?OnZWU*s04k5xX@>8GuC@18gi_5Q?CIR6ow0or5P8*|rs)^{xE%2$wW7y2D_b
z0BI=&W}uYvU=nJPDS|$yp6#}~#c8}OddQOqF7A%`&AWj!br)36yC&wdhnK}^rRul&
zYL8~G7%*0KcvrU#fcFXnFRpB#5>-D$l5vE=d#P@e)Z@q3<<HMg(8Ls8#D+*79AKFJ
zm#zTHuhKOeNMbS%;lGtpdPh@hr^@&a+pp_sqK_c&kis2>WWtJQ4)ulL%+6GEhzh1_
z7)J2{rMz#CritAkV8?TkaT2<E**y9LdkPoCPDGW93o<I;$7Rqfi>EHPg@06sh79*0
zgi05oDpMlYGoE4Lsz)g<g?FV?;;a@^69_6zw}hRoDS-h}MMZeJ@m81Cj=pEywGCtY
z(}!C)mJWHERT)|bE-cE6KV+Dn?QAU9w+%&oF@YzNk(*mvfJJ^CAV^h3arIn1r(rWy
zoVyUtf8Nbbh<QM@zF*(e5x{nY@Md6ne=BarlAi@R#a|ch4MDJ0M({ck$Hj+{xPV4}
zqk`V}5%EIbAP@US3vF29u@9oiZJYpCS4&^mBW@njiD~<GaFCAE_wG&`H=E_Y5?PD+
z=ieh8rqAK}aSi3XWWWG#rM|ycrn?YV__5k~5-zIXg9gEy^GeXMe!=0o&Qr24T1p2D
zE=+C7H|tPfM{L|Z5fF}2*xKs7RJ#u&MK@@xRe{m`3YZ_hY&n0uY}RQYNvPLynchvo
zXR6P5c<+FBho;|d+2(~{#){lGDFEv+jTO;zB-larLRXhGL<Kx=3)N8e)gI~fC9aXy
z1h?+;CCo*j5yDINaMrIX4H%su=4HUK+Mm~oOUJ8MMC3FE<;B{u%S@)%b2#5wlz9Ah
zvV%|8Szwr@?Ki|y6K08yKdgD0>8N>}FE6SyR`aXeFpo1S9dI3xpSg<&-2xy{reelH
zL6wdM%g_=Hy#azo`oQr~o&1$zhoSo1rE*eV>0u-{$|T%QI0)fR<wwr1?C8cozGqy6
z)Nco|%A_BxDqvE9r?YsO`m*NqoZD(@M`|VQwxgZtZj6eJA`$|kGxYCb%l3u%XYK$a
z<!CNcKXqNmGpwkV%wlRFE}X+6?Emz464IKtD@vb8T*6Au8p<L4#x1&)woR;s!Dz7J
zF9C;!5FS{Z`MUbdoQNxm516nmkU$H0B)#V$dO%-(M;WpZ6pSV*5-%v!ZYaKRj2c$J
zNJ14a@O}Kg0?m%kAlAi9zx_E4u>I}5$&s<Y>gI#L<{?#W|MSTeImP9bRldi^MWRHK
zu)<Z-M(FJ5q~g!~OiRv3Yxv@0wEXr(b56+_R?BjOW{<{e@o7!}5}?K2486TL;;O~#
z=l%M$`h@R=k2O0>L|rDE>PE46@Y#=RfXL7CSGN|?$Y0hK8h{!O7jHiEBFTo<ZZAt=
z4iPr_N8S2AD;-bWuSA;*k@R<l=rsb?7-|)sJN$zZPnEYb_i;ZH(OzZgxGV*A?ok}!
ze{S5{w!Y0+kQ5GKNdl&zcZW3#;YY$WDx@!&ttB2vW!K7qo%A7NuO8|zTQW}XYsL(Z
z)Nffymmk*(CE@DU?htnl9PssWI~9Jjsr0$otDLL5`4tB$pjSNh9L4VE1)6PLBAEvX
zPnDE>>*^|VWoq?A^+}bvD&V_>2~GYrY9xf5x|BPq7>ZRKj0}*uVRqu5TfL|&vtBv>
z*({G?xGXk`3O?xX-RU4j;5CuGq=IEh*B=Bs$TdV+04}VNOg@d@pn+-pK;ZKTH<aD_
z?G*FLUoaG;i-ndPoUT#0QN^H-GB^qadsoC^7!Ea^S9MfvmOuE?1tva~NH{SDskqcJ
z9c5IC1epO^m<!;FmR!VGJ(*lrgdhEe-_8jhCJp3^Fq#aO7f=uohv%Rc5E+FDWya|Q
zC*01=4l?fA2JeDvwncDRLgWigHZ7=yDqcpV5HFb3W&(2%$VATBG|r@E>42Ps)~)Y+
z&))xwT$#E<B>8Az4jn7CO@y2n%c06CiHb^rK9h-yrWIi1UHEY_psa4Q+@lh%mtX1x
zb40zDmI~zrjYjMU=0Q%G8X!GdL829t1UPlY)_V!sHc5f&f)o~F^55aj;1;46G~AY}
zB5raVR|?^rrfUp2q}&T3O~p=^PT`@Gdw)bw?Ojlxho*Q!f!*b*V=ch0tM=;#P3=^H
zvrvK&iT=7$X_P1(#gB#8WthdQ02C<AttXg1{q|FuSir!H2`)sYFE8l|RQU%UGdrdP
zoN=#|jzQH3R<}xIcz1UxK%@1~t#uSJ2@Ml<ZE$pkS*-&dL;_W59@+yspKQO+#^nQQ
z|4=Y+#_6PgZJSb(g9!_?X3&XHZWgJKxoy^7NQB%x<N7bw?&x<gM-8lohQ;L`y8e-;
z_G`Bb>P!GKLa6>*{U#fdI3n)WqAp>q^lj~HXv6F2!0eSz7^5S>_x-qnow7aYy^}oC
z82{fNVE^o8<u<NK3Vs!XMZx~Jm*s3|^i>68_~#$<KZRlC4cm1htgf6!x7yZ{4^T*P
z7iwJVG9@-yt4E-PzW-~6vv|cOm|eV5E?>55OJup>TRy&mb3f00FRU$=Xn)`-p}keh
zp+>aPVMSQ}(p#bremgUBa;$lrb((#x3uArXp{ChqpZj0$v*%O#uzsqp!}~j1_?&Nl
zOM3Fn%irneWWU)Ht@oSmzToHfVeQ-2g2w`Cfm2$Qr*qAbxR(4|Uq#v6{+n>lSBpY*
z`KJnZ3m-Bays<97+-vsDP)0sAiy2?ce;%w+kWbCta&_+RPbmxES>5d7mrE9r`l#|e
z<KBu(|LdQeIu~<q`W-QbYQN3*&YzyIvhLERBRtbg&MG98@_yD)5}4fewB?uya4{N7
zSO2~p?K_XLutaArZ<OC3)8JOZsxjHr_Yd!KS@}2Se{1f)PQM>_|Bi0?9NAsBCpX^v
z?jljY@X|5;IQ~5cm+lr<V49u1uYA|UW?{7*7c8$IG|1e<Rc{#ae6`3T4SmIf63#J`
zOct%)^=0bbhJxZ*a;w_^uE@FYYHty%$KFGWst-+{@W^t>7t^K77N*KB7I~!OD4=TE
zsM2S+X7MT|m6eM{9u|AW_vW>36&F>n_s|!zTW;Q|u{Pk+2A(vHF2zM02ZfZmKF?CR
zWU%SfqZhtSyZ<!-2T%Ve+q69wl88?2F=ESXE9!V9`c3z^=o*e>iM1Y6%}>sp|Ef^r
zRIG=~W|tp&YQLp!?X~866ju7{?-ZQ}bMJiB`+olhzoT+*>GGQCg)=r<|6`oxeoWGm
z^Z)i*?q|`<-P6C!?LP}ybg)^-Q;(4gaY)K!FRwtx|C8r<$w{N1t^piSg@V+{SG|;^
z5j+1G7^GlQVEWT!A#Yt7)a~!c3T%0yo8cwJQ-O6D8xLr`12T}Eyue#q26c@aviuHJ
zkO7RwlMB5?WKfq)AS+v-4OV6XQa1Utw-nPJy~)qLRb|j;m=Suc%_eL3$jhJ)BqJ1*
z*iBCMabU{!nmp55b@C}60U1PFlYv1Qp%BPw^#&@E2D<W~k0dL&K{fflk0{eSpUK~R
zY?-$D1Cyu?)2+bC#lH4T=RziL@wJqJSL?v}Z_o%f0>p$)R&W)YEbk|vhh8)w6vak@
r2fa}W3b5z({iK*KL{C=mloku{W(BS<0U0mC5DHvD_y;)6&cFZw2ALap

delta 13417
zcmbumWmH_vwgrm2ySr;}m*7Dgf@|<Va3{zHf;%)4JXp}+uE8z1LvRQdq;cnweCOPA
z?j3KuKd<{oOU<giYOT3uRqb81+Y9}W2~7l2f`!9_LV!Yof`X!k(sQy%tA&Pwx<{xc
zqJ{x_wMK18xv)A2?=Ye&`dAsmG$QAP3fS=y`QtC3`=`ovbXk!{1?$&3YHM&6oqiLM
zy69C)oIn03B3G%<Zm*=^0!QVl6JF|S5h>Sk{2;yD-5A)5Dh;RBJ>`0rKc{eDdk5*+
zHqDA>DZ!X2jurBoO;-*R1Ciq*cu)8LgdG9wvk&2{pj~HDw;<N`X7A8MH=(6f7}u&o
z3U?3g6)7B(ei(vgFMqWLma4}mdLrls9}K)RiH|m07XHMaZpk^pR~Y@SM0$I5o>|27
z$Mqmvzruc2Cb1Z~e2cr5k|nlWmeR$W^3Lv8ZQd)h4abeW30Zvy7~Ic6#%+hm^ME;E
z{KL#}=Kgi8y^4+c$|qE{7Eg$h$%%_H-K3?cao5|N&;xZGsvo~ko8S5n(_e$xx2mey
zmdu++69umrrybv|Ds;rOY)iGU5n7M=E-1o#nQV)=8Fqj%QmTVm4AmTE1BKpYdL1Q<
zJr?0lNdF+WsJmu^{owBb{cKJ-(e(=a3S+M()8`(40(SZr0WsUFJ<`v)&%{eNp}ZfL
zC}8U$lH1!dOy-N2MB~$Psreu7Fl%pNKf<CUmonT4!9qbbA%gu72?2Yx<yTlw;x^A+
zXP#g|M-|$ok~bvi$P94gzM0CKps2PX=l9r4z}licO0-Ss0;u{h)#tc*cWi!|bGbz-
z&hRSF-s*Gq0uhA45q0wC`02HloK*D3zVsk1`yT6?i0hk?hx4Lo6;{gQr7LJ?$?5S^
z{SuCva&eRM^h-wj0f1DH*+7p6Udh|>GHbhhZ$7iErG{)7qdYwV;RK7u8%@q2g=W_#
z1C!5j21Dj7lKIP8rR;p%dv|{{!_n=YiG;RqA^}af$sjcZynNxfvEvNwnpTwVRSime
zdS95EB7U^7J>=Nc=2BUX<qq~)WJv>&sgup32HAa5<c1SIK>%Z@mJYxZ4nx%DzM(2x
z55R8=P`}TaWJ*dYNk;0ur%DIbf34rzFthmAvKsZa9Fvy0e`SegnJcrT#^bc|f*JAX
zS+g6=jY3rKD%nDq8JK$jjius1mv5eFM9QZ~bY*-mUZ*EzsSlc>An*3aQYJTVO`c?W
zE=)w~$SK^F1UAyeV5pH=7v>L%z0d&B*4ODOq7n?KjK~qYMdA@frjp$eIZZQ{j8`*H
z$Yw)S!v_4tm*NUBLOt24BPa5Nb|Tpz5fT~5=JVp}Gq%_>f3&qkJ;I&P8dAr;$@YX&
zT|2(Yq=VIG&~o42{*jA0hNEomoSYgZ-rAAh&Za*)5M6TOC44(I`NQf)=uOd+S+(06
z5=4C{PKLMX^u2EgAi*EOY-6H5gCAvwcrm_MS<QU5Fo`}vD{R|V>7u{$cgIlqZaC#4
zePvOQHC!8XKxL9)a_$>{x~&c~y4}t$3i<Rc-~L;I^jIkwi>zAzP|^|xuVTCEmsHK4
zN!j1*ZvgGA>){_rnXfNqY6;`b;ue(V8I1+q7517j-n7l=-GMDzqW!Y`S9J29Cyjm;
z1>nS>8=M>SlxQdJU{3t1^dhdMK$#shhhCevFqeq7CuI6aJQ^-v#2>Nsoz_47b?y|e
z-rXXq9=qgiS0lN8e>xAJ!c7A7lok0t*YXJk|A@g#e+Sws@6aC0Y|F{FXAcNTUgb?f
zYHbEBC&L<tHlh5gm`R2IPphwWPeex?q#t?tEMkN*pJAY&o}Xc%{<l0TmV7n6dl5?c
zm+T^eLV^Zw7?ISnpdv#9iKDi?uh4=|LOMQ8wmT<2frf>Bm_yndmJwf7<AkZ$nU_d-
z-=`-X^H&w5PUO?^o^$=Mx)-|GB&T&>WoD`&gKJsJ7^_DyzE;z@rV6j;X}QM0k5;Jq
z#=*%yzVJa+&7xJ3rbJNVU0TnlBuxV{UQ6*WN~!$=uU$#ZSwB@^0xhz7zizXlJNdq(
z+eBumV|o4}>Gek&x^=W)<28zj>+mO?fDoe&MWBMe#In}}**q8%=)u5yXXhG%H+lwO
z^<>1I$#m$7l$zn*KJff7<8J)W9Y2dbiaMYvE?mfCz)9~~%Yqi?cW_tD$~!7?<)Zz3
zfcjq^!u_8SWSp2}mjNFNYC9f0K~D^JKt}+Kj9iz6Q+(G-A2B)F2ly|KG&4(jQ)sal
zzLm7!L&^sg%OmZ*>FJw!-rldJ(xu}$-C@BM9jpr4@MC<Lh6@)j=)(kV&v$M&=dYZ8
z9+@~IF78~eo87l8N*o(^u3<bKN>HwjA`%Wv-(5OCwgD@v7*7pi7*A&qljohDlSg1<
z0AkZBW`u`r9M|}%XnOzXady`Eyv|RLlJnYed46-S@o~e_kLAhx#^2pn#BM%LD?fF&
zY~%9s;=r=qhr9{t1e2NTYOUjlfBF9L*Y3#G<#rHR!}#G_uBWZ(<0D;ppT&Y;A3aL{
z2VbAY#m+W->W<@V&!SGP*NB9i8P`DBN#%Xd-JvU_`T0lx;b>n@*k-3G<hl6xYj;Ue
z>dLPwiQ~>Jj;KK$haV3R#|npvxeNvz;Hlu%;>|(TV?8UpXc)<ptMo8~O8JJ+!d?y<
zzkN{hzHr-fvrilO!<IkfcG@ioeJzGyx~~;t$MsR5^U3YmLA0Gzt#&-89}I*oKBJ5K
zd;P>mNzFOfta|hixk+koJkRKw9l)GLzF2ELI?2Djj+(wZq+H%T`c=m+JcK|9teu!V
zEtD%AIYfe6Zg)FV8MkX;M_g|X{h#yE8d%be2v;b|s4N=~M{TY@_%!-)EaXJGkv-3&
zTj*kJmJ)|NUw@RroYi}t?*aO@u9ok1&-W#+I#ZWdu8ZDs)j@XLG~^b3=b(Os?DmaR
zWPa=;ZhWe}yY;#D`q)AqEth&eWFeY0&hRN}bbQO^`Ap(iA@r)klB=%N5>o4sR#;D#
zZwbL=ALyw|=?gCvkIH$UhK`!h=@3^GW^~J(Pn(_R4ym>A6UtPp83Nphp38aa*!=T$
zoP34Sj0kt%wwYE(Yr%5(&l!zPi65Zr6G$9#grzRtw0tPm`=)eDSeJ>;InXm?x5~Z5
z>Zz((H1~K{_jI#S_3Wo!jw&l0=XmInJi3~?F^p?7wcR9Ck3d*dwDN0U*RN30*(KRt
zB00tpQMMoDLN{}xQyee`n(nkR8%SS?i^wIUhbDwXi&&va_qUtly|Fcmmg)~OkCyKL
zWNy*tW*?+1HB1=7jn1qT!i~zz8p4gq+$`0M%q*8{K~qnVxj7)zxVvqPf5%UgsuYdq
z?dGbdj3aO>V!@F?7!|sfFtJyg4`+@|vof1>#+w#}>3V`e007w%QSnZ>(NYRGUu3Xx
z{GF4`^n^X>=nUtQT<F==&XeI>kcp6W5tYj>f9m8Z&@gkcB{8KCy>RRz_J@cf?>V3B
zXqyO;g>hyTswLiLupcOI@Spz+huZ#C*XdVOEc3aZ(vp&c{1Q2R`c-<~*A?=MX>mMP
zGoUM<D6;Q7FyDgvC>BS>N5y7}BhU~=4rUHI^NOZt$cD3-+{QEM{n7`;v@3{ixzzRX
z`*_dl6m~BnY3!ZAe9-DkgV*U(+eR?no><c=)v?`6c!xj@KYgP#seFX(+qZ7^KPM$g
zy|LF#(RO45^5gkqab~}M<y}&sN)1Q|0Nf=Z)~?@(v#qV20y!E$LyAd1G3d$YOJ!6h
zlbz&Y>3g+Yx_YSS1yPtcnAGWQ74w7t)vE#~bprZr?UEyIbr+E&r=(&WK3Sb^a`dG5
zRBH+Z<}P&wWcdgd^|vJSbn!~x6}}5o$wrv<<dn+{9f7*l^Au<BjF3Hf0g%-1AOcY|
zjiCH^oLC&Kysx~9|5)ZO8HrP9ub7fY<M|$1RWmv?zbvq)gN(L0P$QH(QG|&e0~tnD
zGa+<ZK}tb2oVphVVo97Oz|<v6%S!(4Kwm4N)grL)BCEm8IUKCzkkhCmNH$1QxiJiq
zJEN)SHP!p+G@vz93h>%0)d|zGN}VCtcm^;8ns;p&Y3a$nN$n%<D{icS(N0cxg$}lG
zcGkCa4ujPTR@ePP3NX<+PXbVkPEk`%0b3)RAFnMF6jtjZhcp^(cXfN!Ehfu7my^Ym
zUahX*L@g*7rk{|gj?nZsc+*uf4})}5;O=7tJJ>85BftU*fO3k1wIjBCLLqPLP!y5D
zrm}V(_dvvmhO54XbJ%08ukt(r1<FXbvllj4^<xC)`Z&SR5UHwiN{g0VgJ3L;66Kol
zSYE{up`f$g<{UXSj9%}KZ!Vf8+gLmzJ;n&lw;P;qzIuZd0-2xLkVDCx@$?jx(nJjw
z*v{>oGn?4>0C{!`%ioQbla|n`PRaSK;sd5y1%1XeHI*pDm!Y_C3mxz?*y?jQ9j9((
zSIXo3DhG{7x%f}btD{<^Gv`>vGft`%Zl#D(9D9=l-TG4feIf=s*tVDcSa^IFAWLRh
za{)Qi3ra&A$YEns`Z-1`Qx!Ti9Lb$jy`U@l-dO=ifm4bT>;PFDM3^I0OZqNzi=S9@
zFHQ|CSR;>7yjbY$7>CuthTF1v4$>uPxHeCu?^-h#eYwUdsjA(R+qETj*zR~$+|i3+
z0>~o)xe2+qp9JkkNH7qkhQtE6lOle?GC3<SIpsBUZe%(Vv|xItaHxfw;|LOv$rg);
z00FtKqv`|5s%~<8WPX@2J%OOJhIVc|f?;$4-B<hB4n|1fD>KP`LHHl9Lk?oi)3p;~
zU<4yUeu}U?!BbFz&bga~(7{N-c?Kt<NysZco|#Rc6$JkXNUzljOCXrhNf~A!C_j9$
z=nF`^d*&7`WUIHYT!_6k78M#-Z&y7O=r(g9Gp1;@f5!3a>-!xGX6)rcCPR&-vC84@
zeU*y_t!ntgix`GFD2@3#au~$mQd!(<%GDYLuha|Srw`r^CX!;qk_{G@4Ld7o8za^t
z#2bs^a}?Z^MRdarr&4lz;Tzn%im&%?4s^E3R8E*=>hM2)#>2i#A__&OM*y5QdAc~c
zPL1G$Pr(Ao%dVD8Z@p{fBYJppTXCvn$V}i$g|P;(%mSHcE=ritZnZ^cy}w69fpp0A
zE7%Q@KM%`WC*@WlA>+gMMmV-x%9_sBl?rSLQHNro%3$ZJJ-+)4l7Jc@G*wi4(|?GF
zg#80<=^F%8T%O;TfY}?gwE}QaS;#7^QehjUf3IF=s<|kkM8iEmT<^7vn8(DTi4VCl
zLcWA$#~4ZkNl20bfq8e(&S=yG3W|ExGe!EKgjNc>9b4#8f?k_4f^{dVsGqNyrE_ay
z3FL=iRNaPb1$Pk*OZ4Nh2I!pF1VsTkzfySoW+f);jQn#%XZ;YfR6wGzD4u+P(-2e-
zwE`Ce1|iSF^g@1NQhR@rA!vb%g_p-JRjYrO1Y(C`<j`!>55RgIwBw;mjDp%X8^ny9
z3}Tlw=>WNxS>aANnMt|7(D6?N`j-mGe=FbwV0D0ank}_MrIMlOF;J61$dZ}w>8bur
z4d4$qa9$}E!v)|H@)#pahD$2zU22DRo3%J>j+jf)L;YV`M0PXf=0W|Tg)B5R3|C>C
zMrgMZlMbGj6@w<;L~3WShHRkVzuYftngmjRu|ujYF90hL>Fg@_h1r2Q`tPuDSWxyx
z2m@IFlwPi2U8+bVKNghy;7AxjXY5UU_+TWNcq?sU6fL|YK{lytFx(5<WWN*<{F^(P
zcycchciN=sWko^44yU5TQxEN?X>!<{PYGtknRwxuSb`*(bU1uo_(YNaOYbNHwxV9)
z{(7$1*sJFw!;qoMAO0syz)dmdx|b!nly>koI?l2Tqo{p=Alpcj+T#}*&&N=Pc}#_u
z*wz;Q5$}~)ZoE>;_s#`u>oSLk=(`UY>6#K$u`km9hWRl1UK5qYC6&#P{hgj|thm8M
z3}@6s$XN(CUP?$A22Ub=u6{sA8+}xK+iRM0#uuGe|E0G7?kzxxPA<|)>W2iExmPpi
zq#x|E0w?umEe|ckLvJ1KJU-aPuWwgvRA`(sVtbF3;4hC}vcD95E7%tLPxjBkykvi3
zw#*+!jH91MD;5)c;RNJnzoplx_C$;pA9t{AGD%&Qz(wP-K(F_PMC!m`(O@aw5m+*@
z;pxBty2ZhYP<Lk`r3P6ciQ&201mQGNl!y|lPN(a=vf(0Le?rkAON<ir9V1&-!Rho*
z)W}5t<iP(Q;I&xtOV&OpLjh6o>+64nLC9<KUs8hMpSix?6%mEydHN@|qxpY0LoWLN
z0R&*6s9~_T$(3LF6m-bYF{|PQ1Lb#1Gl2{BmtAb#1#u=X0&Q{xUZ2M<8m-)Nq6)e=
z90u))0}(i3RxpC<oeAId=$+2sV&AOmI^l8MH$9vkLW^`3F?a3Is+N8JJ?8jN^HxD4
z@|jJaSCRv?q%uVV|IzUuQ`29yVHn1s<XNHDWl{%1r_bsQDo6pV)j`DoZajU8t_Y5}
z_1?Y$Mak(>2>ZV^lLJUx2hRTX^!BBvk|zHB(x%urhT?aTQB-1&r8e#auU*ib|LQA-
zf8u{Tg}m*>Db!tEw5o=1`(rvPWwl7#>k;OERMPnr42OuRY8c$~Nj_W>Zh!rcr;#xz
zoHuC{Iy-Fjvt;ARq{;rMW89}4IzZ6tPa2VnO2N@6AXcJ<9E-9zdo`x4uVW7^bK@rB
zn*F2Jf;Vr1J|Vtj^3N_>8LA++(-&b6hC_@KgrrHTT?%{~<M}_PLS&n;ukI^0>VC&A
zc&{m(7o+XS`J-|Q&dv|&m>504hkMpGzFryuewD$gswSYn&<V)lY85}(_*4o1`GV^b
zzj;J$F7)x?wO(pdiM+tm_F#q0@-RFC!B>yVOQ8q&TtCwmqZc2|av1-uu8{a@T3oJ^
z#?w!YjnoeZ!Fj2T8Y8TG@LM@I0nS(C86?<V+^?@`ctZ7e{`fzhm-tTi!X^liMPzJo
z;LA+m{B8Lm%V=cu1)h?N;g*u?vCLN^lesW!p8Wk~!b86JG6oeOPY*b#;kWv+dt~Rl
zK1&{|=o{OspsrWw2^DEgA@t})DoS`5lZc_~41^{FrsBI8RR7KlHx6&=;<_pZ&Ga_w
z=8qRMb~CS<`sCzI<#q}ILwfb4MT_%mT_x8xnfH#EO8-nI)u&bmG}Q2wMr|q|U3ib2
z-^Rpt*NqHUD(2PIe*0CYB=Q25I7$TL{v8`_PR#R08s7}Uuoty^3>q)(h{zpdm0WWF
zxDpuIenR4cvEM#nlz304Z&3hkoR^&A(E?HVD~|<0dz^hXOGDbUvCroFrLBHq@(|*}
z5stO_F~K90h$#+7bI!@m7yRtM@a=Kx*(`D|@YeMgxb_R&ric))3R8QkBA)4JYMbLP
zy7_<5eAz5>pQnx2ny;o+Mbd7L?A`FbW_fV`{!$w~=Mf@f1Ee;VrtYn&iL8t<{87?B
z{k~OAUS7=fkY|~bI++EXwMJl<xZCfNPP*zZrGYJLm;(KMAB#m1V>^K)&oZ6fA>=<J
zNam#;rGY_0>s1_8UoD1)!JPAg+MMB?en^j=jzW^VQ(HN14GkS*@1LoJ-pQ7kb!1eb
zD|rDBTi&YhP0yNABw<(h4mp+DyMmSOE{NFap<Jo5mFA!Lsn@Iy<c(>tu_%!1c_!%B
zjuE)icyjF((H@e8*K$1W;pDcvXT@h?{TXm9+T*0Nm>UCb4Lu8D%Lm9=gwJ>sP3pfm
zCE<snvpmj`!`$u)ubk8Wt7YJ&=`Uj%Xn&fHBh~Chs^NGn=~k~9drGQReZtFqbj^BT
z{;Rf$m*P)#zK3>267VIohxHM&QSZXB%PB6>#bRVKi1-qlWPG8AB$f-wjj$R2>8AII
zImntB0ly%&Z2+CcEZDoqKH3VjA5<E@ZGhGJMMUCcDh{X!2mj6Sq_%74;##~g6b<>+
zEew3F?zU-qE!W~C&k$Zb<7?EG^K(^C$B6&IR=;4Q{$dIKU`OPMd2uRvB4u~l!1A(o
zfFEO=;$MPox5vq66?$pL2etWB%9lHstOag+#9vIkBSW87Jz=&0;uI^@XJLlAp#-0X
zR0)y=|4!Y4!Qv<8>Z~rQvhd8=Zt?nwvH7M``^mw_1eI!e1s?(}rn(@Bs)LdL@;Tif
zpBD*g#tSDNi)ac@W78<N{FGp!Q*Ch>NJ&&}G{#;uFh=@^CyG-_o+%GYD%LwFw9XX{
zK!R4fh=%+WdC8HowL#jX2*RY=gR;&G56K54rs->>OsxMEsl?TRoUykL%nGlkc1Q_N
zByG!3)}5S6eH<mrD^O9B=}e}|6PS+N5b?h~xEi^*{2k5ckNnUMMEkx3;e9pg;6y5z
zt7E+u+nJAI!=jy$E4X+~s}3v;<^D-Xm*T%8mEzL9;EZ>q^sEA{q7V5S&tgS1W3!~L
zXr@Dyh#F(pbZgu6;|xw2s=q|`qw^|te6dQ~qB<mjbN0SGal1VxbSBZg4{17zus(MC
z0~94MPGS4;QKm;kdAi`Jbj6GGmB$6Y$c5T&q}Wc~2RcB}N5%F{D~>ta;qRsQf=7yU
ziaw)4MMgAbUu#{L=m)R{?i4;>i66UFG`&@AmCLJ}FG#6l<=R%lCR}>I?ejqK-xt`e
zQ;MaIy-av@<o9FWkgF)uBSyxi@(sI<XV?hgRQ7er*(ENjy<ny%J03kn!Q`#qAQE8Q
z=6l)Jfy-*0Vmdenau4y??-UldZ!EgMw0VT|EZ^N<t<8m<w9aq!onIM1A}TqfO57Iw
zfYN9GrB1E)&iHpN5?NQAmz~)ShXeMIr(cI7W<{6wof5OpOmas3kLEsiw;t6JzZ)ux
zE^QitcJj6(%%Yx;o+O5%_&00UeF}lQ_l-snm+B4o4KctTvuK4O0OQ2-<z8gZ0T(OS
zSs(CQeRB5`B<JM6&#COg8i`T=WX${fK<}=Mr`_vv>*R4m{&Gm-NdjC=j}Nc5edi+v
zenmqEq%6lSy}}ATVZ9`$S(DzxvWCXiCW~w#OfD@A`+$q4OXqBx(NlWR>X`|p^r?2J
zqRvir?cr98*hloEXkmowI}PUqStL)f?J70`)@*y4i>>>-Y5CYGUV}*)3pS~7<=g?t
z0A_xEyhy#JvdEYC5+wWjv9OA=O?IV{gUC!v;M9WMLXppKIHt^HXs;AW5qJK&Z9;{4
z98~fu$)30O<ES}5Aw=9VjYF1BsTkqecEr_PU1^Kog*my^Z#6<T{ZnruqoD+0-r$?9
zjcEqlL=Ie{Yh*-T4^^Be-<wO0O6KFWcIKUGJjHT%!lad{^T$)f<L`wKt$qK8Zx&AL
zfTG9xFW3%++mqVhA*~Sr`>_2jTU%tB+t5aKCCx?Ad<Og72ApSiUr!tE&AE-W<lvVr
zPKN2%f`?mAjL)1TaoS`ZRm91(i^5X4qM4?Y&0Ff~k`h89r5UaRGg}(rS>C5`ClE=g
z>fpYw++-+Wuo=~K5fd;LWS6ZVzFn$)z?jc*obxU!FSJw9x^K=cXU}o-CJi#G-4l%5
zLd}IztpFAFtU5d@6LgnbwCT0Y+8zU{obL-Hyn_>h7~3Q~v7BtVx)CFeMG6XLZz1g?
zh<opCg(@gGV<QhJS)9x&G}akL`>OJh#}x<)gM!zMc4m}qMB(bqKCkOLdbec&C_L{K
z?Cl04UT-Xk#>59LhgA!>V8-{}L@SRgczs$Ac)%Pj2YH1UI(gJviyJHXAi(=zHlAFu
zKG`Xsf*{r*cOF1|O~Vr!%G0}u_OF;ak9wcK=u}%zBisIlKRP0=WA@``Akuu$%OwFo
zO7_#%6JIYDi8M+k)6h#tDDhkX0|3E(I46d>DN%w{a~CtR{hP!m{+;puc*U48J5ZKH
zZO(fkKlG&}2~z3O^B#oRThhAgmqs2IiEuPKD$z^N!%V~GK6>-py+uInVv#x4exITF
zZJ@C({(R~AfF|4?%i9J^Rv=xkL_f}PkG3x~mn*J;;dN<NFN^zb_0KqwBqO0B(yNeR
z^zkHc6`vbQB`U6J3TgbNVN_ca>fwUM`vn8TiiWB+tBK-vj=J!AtUDLeE75uKha1X2
znN&N>0U!b*M3dMT@K8`A!cb7?FHd&7>^NQByzMMqIlS!cejC_3ZVF;O`A<ED4X)YX
zC@_^El@;RI6s|^9l)IUzYz9=mi6)!w&OYv3TX;hSVsZ?uX)T%I_xKIjf_QOLjMqtw
z=7D^uMRVCa61>f+VtOggZA4ur=U;cuN$Jx#{oVrN`+8+v6ThfsnE*D7W)z7<T+~vq
zIL@1S)mUH=BegcJ2q%{w2D(rI=q+pl&^E1Dnp4oDj7OwYy91GmSU0a6b4cspa+pH!
z?YW!Axh`*45QdFHpW&pG{`QI=abNV7DH6!~YlxV=6~DJp2E-Rj>)t9e{9`6P8<v2i
zjy3RFQtXVNB40%KDkUl4%sENfK;VGYH3ve=tS8LKsmVckPzOs8C3C*OOTb}kfuH4Z
zrsC5@%~lz4p}K5Ny_FuI1;bF1P9#rf?;IyBysgQP>Lk<St#6cyZ);lXfep_;qG*JX
zhVjz|)3OZR95Oi}``D4|Z&6u;&^GbTHW5Jnkr=uW)ShC&sp+;v6&7^bgbB~?L-B+0
z`%j_<<zc#62l+$n0oPiGlQn8n>Pz~_Nk8W|>;=dy@ZXzk1Y=!4EVD1W9S}T}&Qe&7
z+WZC+LyTtXW<H1547#r%o;koZ27IyPH~5xf&Zj)0k(fj~Xi){_W$x;S%MFh;XE6vg
zVIHs&-VvPAemkg>#zDg3SCu!vHK{^=Am^rj7v;Gm-bYKY1wwIN&0oNsp?EJyDBD{!
zjWqc6-YV;ZOT1mQm=BX^nbXzpG_y5yv7C!pXnli_#3H|&$SlI~{ShZ}vld1ZQ($NL
zu!r#K-O#v5IM)L0hqXZ?6fI8AUupaR%*wBXSH6k*dnfO5*Oes&Q0u%%E@>g~bppC}
zXQY`DK}%y4Z!J>@3KCg0lxzrxgykn^t-8zt?28YeoN!ri(Mrl2Lm9zNt6??@QFQF?
z$z~=g5@Bw5F9Dgd`IMVTP<Y8w%y>kKxr$SDVJwu5HmHmZ=E;Fy_HIBYpUD9bS7xDG
zSUh5gi`FDDB1dkm0^=+<7U_<4C1VnU?KmsQ>&Cv9`c8MN>Xs&wFH0?bCtT}Zt~%B|
z&cQz9c-_v%%E{PpiVUb_P%@+JY^`1K)l?pR&?NX$d*JgbM)5Y(L{&AzI$?U6t-xM*
zLrNF(rlEV+?Y6L`T}s<wc~u0cO0h#J14Au5g~0X?L(H5(69qYAvYkqV4!ZAlofM^=
zxa<Y>p;Q2E!E)XWO=x^nMAHLR-h$2uf^6Kbeb-<5nw(+?V<m#j+JRzfW}OoeDzXY&
zW?+kGzbpOs+$uS)5}7{{4~P=9F`cF8;CFtuMK8N}+b*gVA$`6yQ4Rp|4O(_z=itZj
zr(ei2%TrE0r7;8{oXcm1%YRO^&4?C?$w4evE9AklnYzXBf0QWbQPyU1{LJ>gne+Fd
z4Bw9^v8z%!zxia3bv=oB*;hA-@UoPd72Ab4BtzhtX5+kx06gF53Bw=wdPDPFsRGHq
zM;p82ekaMkT4(i-{CgKbYnEaM%Wdg4YG$}Z!KCq`$<c6!31;@99T20S+$8GJdAZu=
z%2Ezjj`K<rc|oyCZ6{YZ;z2~3*SN6j3K_pFHhyp6W{Mjg?U;w-5Vmzwq5GgtZ_4Ie
zq<W4;{RfA*|N3&l*30GreaOY$0?(5BNPrVDyZ^dml+#(ax&S>;Z0VVzfi$gDk7_qq
z8+PK5?)cG_ul(5OoM{$(;-e(A*y-N!P%Z!wNpzm$F_@bYZ?LYiQ*K`T+;!&H591q-
z@-_iQZ*?raApr+nol)x7Ly7LKEEB37Q4X9JNo3b%VN}X^XGt#w($J9p;~SIDAUeZ3
zU;m^<X{)#C5$|{aQHJ>6u+R0(MI3k6xju&%6nB^UBYO?D+MgEq29B?68{F59F7IO1
z1&*ItEhw_%J&SSZsiRlwjuWwJaJ~5#(H^F2#$-dJP)v3_p?}kO6s_`#FMm}(6hN!B
z;&U#Wv*rJ-zs7&q{&m)`>fQso)z88|FE_&~eV?go*)vFvk7dsa|LKb^Y7|_bCqwQo
zYc6LkNaW?Y|NqOw{}mU>px=lu5B{mZ(c+|lo`K_51CGCh<TLC>ksZ`X_4QPpiXqWh
zw%H^dWB5GM7%e*&ziGrwViM=$<)d7KoxG;q&`}SKUI<Sn@z`ZX#+uHX9|YaHCA0Qr
zq=xmMLAkL7>8lO>YtPFa4qS&#kzVD=P4?eH>>pR3_ay}8gc0;D9SwMPr%Xi1NylV>
zZu>89b5B!s>~W4yO?ZwLW{@Zr)37)qMB2;BIJ1J4X3cWPl3MNk_OJBW-k!-bgl2HA
zjL(02ib;MXou@>ujn8e`Z+cP*6So(~Y{q?SKeuzDw$yaiSjnPTuUWz4-@*A9Q+G4_
zRW#TGYkHG=@_-VjO2kx}_AMf5HTSLr5S&etJtoR!To8FNRdbAg_)6n7(Om1nlZF*2
z^PYI1;?uDYu<G2@Vl^(7317K-+{kHJgGiAgv7(gxO_cV44trQH&Nx)g;PK$gLm3D=
zc;Hh_H=CAS9SeZ2LPiIlPc`#~F>3^)!-GQ%p<D2lMY@gIhX6IkWN_(vN_b=m_z_N-
z#!F+SS_>a%DYM%x7Q^^FqI4VjjCumv+hoE>$p{<PFjLg{I998O4VChmLI78}oC<IA
z6Xb_YQxjU+<We;{Y)ZIOe{vnN>y663uG&1E2is55h^{D+e)NlpH@0px>=&P6u(26x
zF`m<qtlnb(@`%{t^NG22i#+*x3}7aQ7;&U_jJn(Uf#dc&hSKpdnlh35q~L5T$ZUj3
zR-^?BWj;$FBzX~u#<<82CezbSH0Kg(`c+d^qP)|1($1`D3&9i088yN}HQBH$(<F*;
zqhsrVtvaD0h;XvXGC<o`=<>hmz@JP^ju`D(^>h~VS&vkE9X^fs6F+U68vv24HgXu|
z4kM$midlN}Q|t>0vEJ_Si|Khl&IIqEtlLvjUCc6UE!)d44ZXNSrZd35-+UIekuvpg
zM)braCq4eL=FR=FzW-C<&m|*CU#8`AZe121W$c@L&3l1KmXy+|BLPHnrni=utYo(l
z_O!mXqUYLi(`q6zr%c$Xvp`Va^_u`?&v@h3d7aLxsNKn3%x00(2;-YR7;g+m_rSKB
zK%?!F37!=er0I9Wv*+`$jI21@l0wb#;YKbpG8a;ENXNR?>LNH6@`~?nV%y?HFm5aG
zO|1$Hc<>mp2V4}7J5=cXJ0dkfN`v{`8_Z<zJu7lw`F!vkN=7q{(0~()AwWJvdChi^
zSM-(L?WD{c#$jZeos)Ja%?+Gxqvvd43?0d-kh}pTH5`V%jo_Ul_<3g=Pk-R(JC?J0
zC>7amVHXhV;{8EaW^umSk?Ye{$ttamIwC5sgqap6Q<+E(%9>F5!|%ft9?}ZN!Ew(d
zBT|F|d6XG7c^G{0T42uzzWz|&>f2xoitRX-zWS?(OSs$Na3hTJGk6NllCxN^#QvKE
z6_8&EycKN`da0~l*(ke`snMfSJW;dK^0cKv#P9bSLMPNrXG|dz5@(kA<|lkt+-z!t
z6DHZ_16xKkijLAEyHdP7=MAX13A}S@GcpA>Vw{51k5G>*jlgaeSkoueQ%vlt)8+9-
zZ5%aO#z0VhF(&@#Ael91s7*a_&-%O{I&HL7+gb$%2Lhkxy2YBYyd~>HiLlr<L*ett
zgFFSgvvl1MYosQ(ZB~KbIWuu-Qm^kZee&#{yAa3;v)^-UXzpCBSXa^DY0j|Ua}ZKF
ziT3$8`ct@b7uX`c_7&aAR<r(jzW?(TdhL=aiz-DSq8)>1Ufq5M?wcOQ@i$MV@U+rd
zsi=bv=uzXJ<g_M3t!|;eVulg#n}WEs55m8Qm6T_Wy;?l)<i60we~(=38Vm(Xa^DOq
z6Ls2gxJ%*h=9585p?_(`v<ht|1fdYRPxKVV#Xc;QxBw0cvfWZiyO!ZS^0j8moxDAy
zRz?F>*`T%y%(UZPxpV{$mhQa*<G&h`pcE+!S+5r1Ky(Vh1w(p>inpT#rVJ4bERLGe
zNjH1;&qrmHRXFNbd1LKwytfuCtFmh5U%PY{gMQ)dA=+~wcwXZNLTT#srRP*3ywCkX
z<<b2P4GUo7pi&|E8r!ky@K6DZ{9E|<3esEuHD|@{j`nA*{_itvlY%fL$cxK-J*Y#j
zL`UyfXmlgL42f;p2!P*?(d1;ZFfgq0N@L2cA<X)og_b*i+tlm9;Udzh<0P;fYwCo-
zTj5Y#4SA1D%y|eTB2YCEq8Q{|L$2+a+U0ebO~Zgwk2teBRR-Y-3yYUEG8@)aqeuXa
zzi>l(okM9)1%msBT7>W1$P@K&1mornkYl7K65Dj>Gtwb+jr+){jW@zi;%v)p$l+6*
zJ$vEwQ6b0y5|Z<=8^<M6x<tXz-%r<K2mGzDQym!WjisW3uW5URVTq`*e&lHurM=<9
z@Yw;nb8O_11svesnRub5TPMH>4tWyC-$0;duWHNa`4>I~s)!)Ij{SB1ljWqK1vc<h
zGz_P>1t+suYe6Q|HT$a>eK(1d1G*5TROl^2g>&Eo?mb(WON4ZFeHZfD$26hI`@5(i
zacEJe+$mh0PqHU&Y!p<Q>fRogR^cO1hm%hLp1LMARv|vh!N}R&mn?1fp!+TOVe(%B
zWXq~}yohf(FzreG*fTj$(s@eTkC_}+vFz?YmHw&{ES{BdmCkTsi`#`lXTS5nsnLct
zb{gWtf!@V_z0>-6soXMlxxSg}ePXI9XBE$voLi|j+sElHht6k#m-XTQ><I+7(<9e<
zE0RFN=l{5OiK~THp@Rm3HAWm>Hruul?nxlEjm*$~gYDK1Xc%OMM(LG}T>ZS$Z%UH@
z*Braq$w@z4Lk>3>Q_CZ=Kz@91@a;pb&c$nkTC1JBcf=%BiWx`gkBf%8scfipF^S*!
znyh@#ewW_fS;DIZT;41jgk|%FvI(bAegC$In}C~%=+&(nDy#V!P!QK&dlNa~*bF|U
zX&fxeyBQOqE1`QMPV~#c!vb6wv^aI-D?-AwzF-y>3d2cAFJX)9M<{Mbl!j|rWOK5q
zI^9&Xih?6lwic8f;<v_m_mPZt%;c=IQNVMnw3%O8JD^;T8LObA&#EtO{05~p%o<K{
zhgb$iRIx@Jn<tzL=v?n;G!7Ze%w5QT6)+#Wxm(y#E2Y`UJz@VaDj#z&ATHEaDVsK+
zBW5UxLzWQ4Rm)3S%J!8?!wT_N$J6Zx*U|LS;>b4LUwu1YOJ$A1qa2?@N5}8NG&NqP
zY<EAZ%g<bzOIXx7W%Y6dDbUg(So9lncQz8AC%y7RHxqs)pcSknQ7vF97N!1tK&-7)
zYlR1<s?G_<UZ!(wFZ<i^{#oC<nVP+<?>YZ|aQ#{4XC@ms=F1WNxsxVAb<CK3P90er
z6j(xIS;n%cRjKDgmQT_j<h)tD^t_76*!6WI?;sfhb#hK_;?O~sVRZJpwFBdbn_fpy
z#kUpZu*FaR>sqH!!E`~KR%->|k$X9EF?+qAx@-b8N6f}$sjVM1n0#F(x}J}c?OeM1
zdQjQD+UR7B+wwK?w9!ZZ;(ko$(ErfS&I2{F+K^Xk<*Osg{OCbvIIq_AylI?v?xIfh
zllsZQ&BrN4u$8;t^-QQkxNRCm>-Iu5CdB;uO<ReM(OwUOao_@t9seaT3`8cJ%I@YI
z=JHxIUrE$&7sETxekkU9?=c^?apqVQ5l>)F$Hy2>YMsDOMr-zsqj{u?dU2fBrVJtR
zo_`z3vGUNrv&<OCA@lIBRpxQ=t5iwv#VRv;#xka8+<;#~9bJ(k^hK2Kb9NPwp_VL;
zoE<RnhbT}8dtGf|z_$Z|qGFc&M=I{&U9+uwtrkI)(_0lzy2vqX40z5q=)+|0;imdT
zU38p0*E~i)JJ6HSTcxM3hFHj!kgzo*GY1_7#`?@pW~b9pq`%32b_x_MBC@P|hg4S6
z+iXs7XjZ<Of0CWMI9)!}xz30{hbDb7R+WTTH-Ry!@ft;r*&+!T#A1x(vHCo?-7MV@
z`NZs2`4%br6PmQJ)aSfmOGPTy2$?oIw4DWY&6MsYZk_%V59RH+i9Y1-KlY_1#_yUF
zzr1zQ#7d+cQ&gbYg6}3CBkKWui;lUoY+Vg&iHSPFyvB{q-uh0IC8UolU&0JZc%9m8
zfwCj5ujpi(Y+gPCn5BU6I!xRz#k+^;af{PG4J*ChM~NOW%uB?IZkiJsPQqg%9Q&M!
zZ^$Js1)Oh`lwB>`L~WDF7)c505D&D;d{zoTN}y$8dEJa>D5Z`+=@R^)*LZk3#R$h3
zW${@=7b_B(?N?uagb>5$<K}b?)*?2`@U5TSn(t$|9Ryv{fP`j?=IKq*kCe*r3VwV|
zz242YWGH#f@5%Cst1AK`K9PBs5KR@}g_HDr?qx_N0u&v8pdD@p!VtO?Y~f$*(ZKN&
z!a$p}5NQk!;E~-SNmQBiQ=7X6_Etfa_rlM8jNbTApT0M(_XwW#x2xd_4KMF4{!Y-w
zKmPp#J3=CJF_4Rw8JV5B-r;~buun3M!(dEpSAl0qwx}$HZ(5D@em5K|-C(yVceAaZ
zpEt(QTp}>D+|1eZ<6|qlc>jD>=Ldm}GXp2#hlBac+(5yPryq4Z{d{Xjz=xRD*Rw_W
z8zWezE26&LxpF;k9XVr)2m^mU{jarK?VJHWG|GQYwSWnX)S-Wa-y2bo{^yhg6cpx*
zGW_SI0nRm|A^qQbz5i4Ca;^frYQ#?VpN-B?P(=S-40VPEW;Es?6nn7*0qy@5s)Fr|
zS;4~`ST802es$4<B~0ka{_nlWe-}eRNwR|jOeo3zvjY7`%>Dx~;Q_~s6M!{Mu)yAm
z|J}5o2sl@X6ioDvgzWD)^>Vg{;KeTN|5SbXmMRL)c_#*ABmrK1Ckhkv8cb#?0plS9
yHZm0=`@aJEpNep@;2Ki~Fo_un4BQ*=Zv#>SkP<w?pK`31H$NN{)GNh5zy2TfMkC<>


From c83e76a75f9034bee1fb03ec7fc0c6e29dc91cb9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 09:20:25 -0800
Subject: [PATCH 357/396] Update controlled-folders.md

---
 .../microsoft-defender-atp/controlled-folders.md | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 34b3992bb5..5d79d2db3f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -1,5 +1,5 @@
 ---
-title: Prevent ransomware and threats from encrypting and changing files
+title: Protect important folders from ransomware from encrypting your files with controlled folder access
 description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
 keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 audience: ITPro
-ms.date: 12/17/2020
+ms.date: 02/03/2021
 ms.reviewer: v-maave
 manager: dansimp
 ms.custom: asr
@@ -35,8 +35,8 @@ Controlled folder access helps protect your valuable data from malicious apps an
 
 Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-> [!NOTE]
-> Controlled folder access blocks do not generate alerts in the [Alert queue](../microsoft-defender-atp/alerts-queue.md). However, they do provide valuable information that will appear in the [Device Timeline](../microsoft-defender-atp/investigate-machines.md), [Advanced Hunting](../microsoft-defender-atp/advanced-hunting-overview.md) or can be used when building [Custom Detections](../microsoft-defender-atp/custom-detection-rules.md).
+> [!TIP]
+> Controlled folder access blocks don't generate alerts in the [Alerts queue](../microsoft-defender-atp/alerts-queue.md). However, you can view information about controlled folder access blocks in the [device timeline view](../microsoft-defender-atp/investigate-machines.md), while using [advanced hunting](../microsoft-defender-atp/advanced-hunting-overview.md), or with [custom detection rules](../microsoft-defender-atp/custom-detection-rules.md).
 
 ## How does controlled folder access work?
 
@@ -46,7 +46,7 @@ Controlled folder access works with a list of trusted apps. If an app is include
 
 Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically.
 
-Apps can also be added manually to the trusted list  by using Configuration Manager or Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for an app, can be performed from the Security Center Console.
+Apps can also be added manually to the trusted list by using Configuration Manager or Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for an app, can be performed from the Security Center Console.
 
 ## Why controlled folder access is important
 
@@ -120,17 +120,11 @@ The following table shows events related to controlled folder access:
 You can use the Windows Security app to view the list of folders that are protected by controlled folder access. 
 
 1. On your Windows 10 device, open the Windows Security app.
-
 2. Select **Virus & threat protection**.
-
 3. Under **Ransomware protection**, select **Manage ransomware protection**.
-
 4. If controlled folder access is turned off, you'll need to turn it on. Select **protected folders**.
-
 5. Do one of the following steps:
-
    - To add a folder, select **+ Add a protected folder**.
-   
    - To remove a folder, select it, and then select **Remove**. 
 
 > [!NOTE]

From 9d86f926aa161d959dff7efdff5a67d091eb5e4a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 09:25:53 -0800
Subject: [PATCH 358/396] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...ially-unwanted-apps-microsoft-defender-antivirus.md | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 15e0a33178..f56820cf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -11,7 +11,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date: 02/01/2021
+ms.date: 02/03/2021
 ms.reviewer: 
 manager: dansimp
 ms.technology: mde
@@ -112,21 +112,13 @@ For System Center 2012 Configuration Manager, see [How to Deploy Potentially Unw
 #### Use Group Policy to configure PUA protection
 
 1. Download and install [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
-
 2. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
-
 3. Select the Group Policy Object you want to configure, and then choose **Edit**.
-
 4. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
-
 5. Expand the tree to **Windows Components** > **Microsoft Defender Antivirus**.
-
 6. Double-click **Configure detection for potentially unwanted applications**.
-
 7. Select **Enabled** to enable PUA protection.
-
 8. In **Options**, select **Block** to block potentially unwanted applications, or select **Audit Mode** to test how the setting works in your environment. Select **OK**.
-
 9. Deploy your Group Policy object as you usually do.
 
 #### Use PowerShell cmdlets to configure PUA protection

From f74183c3cbffbf27266ff6b666de53199f4dd8f8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 3 Feb 2021 09:47:18 -0800
Subject: [PATCH 359/396] update

---
 .../downloads/mdatp-urls.xlsx                 | Bin 25191 -> 26000 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx b/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx
index 136c11b15d47022e131bf797785eb4d226ef1590..b5683ec66f0cb1daf7e6e7c898378ba26a12bfdb 100644
GIT binary patch
delta 15091
zcmZ8o1y~(Tvb|`~puyeU-Q8V-dkF3>LvVKw?(P-{?jGDVxCFOgkL2I?cJ~b*7nrH8
zu0H2fbu&G)-v<^u3RdIv4))7|37!)K2qc%_{SF&Y{K<vxYhdvjuzMHFHC`A-mA_Xc
z?vLXCo-bN%y8%O5m-`n~?!%eW35U&>Iop2QIi8!^Nw*HC@!e*dl^pg2e#|w<1o(HP
z^GSKzYu^6A7@Sq4a`k7;DG6t5e*>+UPQB-c!Ci@=6mw#IWRUYSBx9oXK+{?Z{QUHb
z2%Q%2j<PY9UcDyCsm(w}qTIJT)e?8bC8Nuh`t1BYaq_-lXzL#NsMt44tzuWAcy=|g
zXW#CWXTSO6{jNr}j*4Ur>Sb~vzN_GJO^9%1oq>fb1*zYwek(fL`IUioAi?df?f1!>
z2MMLgDJs`_8kiuPGb!LQn~Q_^Or+)+FW?G@<<qHSU*P7eiSNeLf_hi62_up58Yz*}
zAXnLk{GBoH;hil*M{9*gFM(TO#DU{OW)qJpq6Ffpy1qky8SHx_T8@)Up{nHJa8CQ9
z=z-{n({fSn4Qa@l@L}HJg$D1StgaGcc0G1W=t6!hNDpMOs%n>J7J?q2n9TomVF?jX
za?i0Mg0$6q^lXQY_?c}-hR{wlqGE-^owgeU>#TKPuEBD7#fJ#7;Ff2AOo!c9m_ysR
z$Xm)xxj19-;O;Ej+zacl{h>Pgb|d3?aC#DH)c#iXF?Z!5u3jEM2wBfNMLVOZ{qi|T
z2r+-b$POiQHj3M4J4sva{4-w5yCnl4auQQ$iM$G9UROlP`L&ln@^k5Z`uIWplCbjU
zb+o7CPjP~od!)3o{<XUg`o`h~QuLge6vP)jB-DJp3j)N}18~TkinD1dE%>d-W)+|G
z`pJGf01%`-y3@mct0NzAlNLTq5p$^nhPyI7LPFG$>65KYp!cmsfiL~nnds!eu~%xg
z<l{Q*z(M}Avv3=?D5tS+9+(5~$D4*=es}%pqQIj$q@UVic$mS>>%~kPIG>igr+BQ(
zZ9UDhU~~gh(I(S^6?U`~1TN|A@V?D2;(pUOGPC^^;*m_*!640l{PWdhTX+FkkU*a#
z{mx&8J)yz-i{>PMIoh)5RcgT^&~=w+y&Z#Q4vF6GkDe?^GAI+@RsU3h^*}s4y~-GE
z>H<1qocLO6(}1l`3mXP8{fY3naZwhj$CGjqbEB;rf5ZHf(n-VX;WmW(Mhz<?W{kPM
zT<6Aw?c{f_gh^k44@C_x^DBBB*Orz;1di@ExFFE$D+EYM76K9-1Py|ze}q#4hcmMh
z<vBwKfqD}Xevo4)*dn3<5LgIg%0o15(z8h#>T^FEP2`NBOe}f7T9<ct4MNt%sT5Ah
zbfxybKC@;SIl9Fr-HkP(lue-Aitb#bmx|0D<M}+c;vvMD(^bN2m!|I@1mQY!`n=lK
zX?j|5WauElG!9P<EPuj-47O=07|=wl-jXkED8R72;bDr}Yxpb<)WPL3$w5eqM@0wL
zb_C^)s4xj=T2p%1#2}B;S`q{GC{c$N@oWAGYIbhpe$-1KV{#fJ18u5HGF-tbtHQ%F
z|5l__r9FH$Jd_LvyBUE_`*?o~Gc^kzqIZKCjH855`F?e1hjlMsnNlIs1>qOEG}W$~
z673z0#j9)XqiU`JNT-#;L0;vZgF9~rL0J<##BK3btXOLlq~I-U0ir_)>5Jz`ve6Ty
zbOkstd{=dk^c3#&t&16$d_x|KcL!~oUQSK76_#1<7KHBV-Gh*L05y3hllDc7E%X-k
zd!yF1)vCm0o-WcIH2<Wn59YT1d~jQ7gv3{~<1dr*Yn9yq50^)F^&?;MX$3H?-!0o(
zeq!GE+STuA(w%;9u?-`qe$K7SPrZut&Pf8vW;LS6))9U1g-Ke9XAE_xHnUddg{#9N
zLXbLFuoBg{y04j9x;Su=I>Bl31E(vs?u6zuaoaqhv1B)j_3x;o231kM(&x{qn`BW{
z3z;r5p_weqB);)MOv(#EKgKwWLfg$;SAwH>$otk=E}3CpQ)qs9?O<fGkopGqDnFh5
zf<ASBf=Z}B!Un7%E<ER1$qag!BJYvOFf%fDZdh?JxJ@<7=boHeXp_>v)A-bAFHb#Y
z3w8jnHxI|v)r1?b4}-71k5|1j*VikP0PwspxzhRUvds5<`*R_r_!;r(HaolX<$izn
z@eIh0!#zJ9JllA=IE;A&yuDv-*6-}DCJ3{lo1+M`0AB$g@7Il($+L~;yPuD48(sH_
z*u}xjH<6m3tUU+z$J{L}t-S`)tWG=!bUw*V%E$RAKIAFA=ikj!iss)fQ&Qk3r%Fu8
zLj5p8Rv^DQHjjQ&9MW=T`=XIx*AYKFqkreT=j*=Qq#i_^%~FW_k?T^M>WbL`mGw1)
zbN%HZ6=*p>t{4-!zbR5f@%0%_)Z>jkKUSeSv+vU<M<zoik7coUZ=E|Z?F^Huv(tZZ
z{HWwxR85slU33|gN0ZIzIuen8_0}FQ(@y3?sdrK82&Rm>KDaQrGB`Cv#gmQU9hjh#
zrs*WQ>aB>f*(9#c66baX*A*Sdw#>tTIt8^CP?TDSDU+o4uO@Vlr(Le20{`12&1~be
zPyN7Yeff}~%FH}#Ktj#qCryD@QEDru%$y#$QM;6Gae<tX-Ft}jvDFWDEdAF-O3rqd
z^AorpXqy(+JMw<zv7Bkfo~l%HxUi70Vz31Wt1nu1mR|>#mew$AkI8{MEfy!uj3M-y
zFp;UuAst@IKE2Da86wISIPN&=BD5ft%vhmVp+un(zrnDT*4fj(F+B$oRXIvHaW@jX
z(~Q_=^DJoYZuOxsIp$2N#G^n+f5<#Y6=*(%RgF7a%1^(-(b9~0l&M<LJgoKuKSE`C
z;OszZ5>vADJLf5tp`ijWsG+D**ymi#=48zu+%Cg0H&Z{UMgM~4Xm+*U1(!)1(WuHv
z<S~WeDk4o%r6(psMun9Y($;B;fs%2XN!@Fq4EU`Q+?KFlE$nM;(kSOp!n&5v&sbga
ztzLY+H>uQmS6;WYw`u3_*IulPoq%r50>n2|RGMiqc?Y|Q_X^-Zh^D&JXrG<z`|wXq
z9hhT?De*_mrm|J_pJmrqmq`43uzMR+m*9-nyAG%G5b!n|ns%mibjVPT^pok$s?8Kc
z@cS|7JsGp;qc`~-F4x0#uB>+Hbo;nC>~{H~$gOqoE^uA6b*OC7DAoGv%=nimXO*qf
z0`eb82IAb~GfSuer)4kr6%{V{rk(Lq<&JzWc*USejH+Ht=ClIFd&19?7{jnhCQB-}
zbrZ>B%GTJ!r&n4HO;6y1P5sfosHT=kZ1>I0Xm}k0zf-#`Vqo_(E|xb2ZF}y1Y~ljv
zJ)&wFi<|aovj4bOPwr%`11D)?DxcA8HnWSM;FgllE3jY$XqxtQ<TxI~LEVhh>QZ}Y
zQOXWq)s^x__1*D$*bonZ`BG{qSC`bg5AL70qs3<@m7a^pm5RD~r!_N{tS*a`wmZ`4
z%s)cFx+Er;k&P-wGa)H>)z#3uW=Mwp!lB@$9Z_>NHo7R9Bi6x-BXH5qr<z5hM2#Qu
z=CL7=O%rGaBFP?yQBJ#SeQJC8Wg0q84wENUjSRRp&W120y9T|r4XCy?qg}u&W0I6Y
z6m!O<esv}+WT8$#J(7u1A|KJ|E!2Etm0<u+EIrvJ5h@jx_+qm6GUCBUKlYk{bnKt6
z;B1e|6|PL0=_emO{%HqtkT0J`(m>3_$vn|ps#-1xh#HwWtxCOCYIX)so(zN^u$-V0
z5fP7M9qE?dq>_lbhUSP~2XQqiyV`-sdGZgIcooeQkv3QdIV}0R4VVazE82Lty1T>P
zq$J7gRFGfe;Edi?J5Hw;5>y|}3+A<Spj_1R$q~PUuWJ7VexPn#w;B!4B`+YMOL+|M
zP}Ca0^MSFqW<3>vlyNpM(xszOT^jArQwbT@J;TsdDsB%{G56<+i-i<pHYzxNbB^Ct
zD__(0o@y$M$jf;|Z4uJf+)v*AJDXpvHd+aiaE6o=cwQ>gw8<iuC&K0;MFT&yZ-pOf
zCG5Lze40g$v5H=aJk~v)w444sm9Vp}L<#^I8JMyhmIbx-y%rz4=bLvbn~)$c_-63;
zmuuK&G}iw4g?>D@(>hJ)RW8+aSV)0lBB;pyfpO4115-kvV)iYeYUyP}$i#yQNbSlC
zwUX-mxwz_1{~10Oq8%BjlF-IbeLH!wH`QYw5?bRuL)csEoV<X^I5+)h9i0;V0UX8B
zN56m_HDFR55hDLp2A@ynsZ`shg1%Q{(h8JwYtDp98|W*q!49fS8r+Rb1J5+3{g{=;
zE}y<bq3f4_81@FYkz9syyG&Q+2EP8$1x`QntI!#-xx&h~99OX5Lj=lvyi@R53k9M-
z?9yibAs`aR0u!*tKLxk9&OdQ|iwS)6riSGMNB9cVJC>0thOUp5%4XHAa3y%7B{#LG
zM{jay0B?%c_$vom5V>}KwBvY%T#z=H3_i!m6r2!#{fEs>$aj=HT(EfkV{sZ?^HXr3
zL5>+)s2nl#B5N;NRU_6brrX`ADY&kWO=-t2{`tT^0!<^O530;B1V!5vt*HowO~_#v
zB$l3&C+fg?f8x=G!zzChg6x<76+&T+OT(MW<ZE=`{s<vkkxJDF?Y<p~qkBr_Eoj(T
z6(WWI;}xGC%HA67BpF=BnPP~o{4HF#w{VS~_59(F8YqAtUhsWkfn-GCu>Ti=|KAWG
zAId`Cz#v94+0el|BQva+hxDZUzYxCExUeC2S;%vRU%zT|dpaS0<wc_^x%|sN3ilB_
zm%KqpEG=;^$vnyOMJw1*4SieOOLyk?Th8=VK_VR`bLwPcC-Vq7fOkZ#1jw0-Yw|O>
zMWWfiXilFM{1biBgZpouwm8?fHhb{R@QW!uQ;L`fGrvh*i=N&v_t|Rdjq`SBfM?Qh
z8YdxB>*M-@mjM~=2tJN7|LA(au&;N;j%+`6ti4Nzl@xLq8Q(3Q21j4tb*Lc5LK9<_
zEfjRc^@R+T2}oA|hpv*ht|q1!-sl>!#eAbH5rO<Iy{LSh{3fX++dw9b=4wmjw=Oh;
zJo)p3G9~#~?9*_I+}dE9ixNwfpu~fJdcf_k1pSf1Khg<NMh$Dw{F9KVTW--XNYOU_
z_*=?(tisTkZ<z%y>CVv&plmT~Sb>YXZ~rT=U^<<|-2V^;6N8!w%hK|PTCSdY*l3uT
zw-l%9`BOdps3;=E?lVby0!+RdO1dW=$i*rOB$d{{K52lyZib#?m9u{#;d3A%h7C3D
zkqX@4CgJ01f^`j)44Z&VBlu&8x3vT*894Z{5`abD3PXFFQqj>QNS-E8wz}VBwE^}f
zLC6Of)ik)Tu_3i7t<i2Erne~DA%y-Em>!A~N$|%vE{_GGyP|nyzu>=-Z)&JnB!VQ9
z$m2}mXR?R*ZvW^%G9gj$6>sxMk)2yb;D|1L`0z<wphxYkF7l`V0!NFVs@%Y<qIv$W
zicU1FD|89GGpt7gMSFNuWCR(kkMuT}??s$IQmN*Sl5*|sqTsE_9YM~vTiOzn{ewrr
zQ#<MIA3Tb^-|)!U5d8Tz%;?0JT5B}ZqR#nt0tzVwGKD`}#Bbh3L;m3+b5l7FU=^lt
z|5N5jyYt^p$?Y$+F7!gmocH}j1ode>Zu1W!XncRN2l8#gkhdpupRJXT^?264^Gqe;
zj^p|Zvi}Az>R*uk|AM@kRQe-dvhaQNJRU58OFB6#@t4?tO7nm9&MFN2yLTUoA70Nc
z)q`pO&uJwrBZ+UP#zfCiXu@3tLd=Mo{tnWGe|@Q7_zjfQRYNn$sLfS*09uLTTh4#W
z^olWX_4TdTY9oYRj0ybB>p`!W-1UN$;ZrNhA8er*eVCS9xoT)=B2&gVc#a7q+D2(9
z-n@;v&f^P><Xde|VGfDQ0Vu1V)#%>&ut2*c*Aa8v4Ga}luwb$jVU!JkEFw!o9R_~r
z{~ghGy%AX+Asz}o-c_qQH+<*P=#-~ta)g!{gS9C2bxm%;slTq$V5^rdeuffv;hzXE
zuvt-?kz`hVF=!_hiGaolxk+QQYi()xdHc<*tlcPl_TMv7FDKa&@txfu1+QtPE(!&r
zKO~>~JTalxoS8ak8869t+Ma2Uwc*z?D^-_#Pbw#i&lKf&O>9IM#7wlEuL*<{`6GUk
zN2vk<s<?DBMvtY$wfA#aB`JEYzUrvM6Se7PDGvAk)0MzUJX+{q{Vz$1Tt5lJF6Edl
z$%@#Trfi^lh!^&+Fb!^$KI{!WyJ=09OnH#Liaf}ZPKirEZ^GYNniap>_@{WDkk&rr
z^nFThH#Jsu<>fNT(N}Igy>vPaGt-nJYx9ou>AtT#xi0zow}Qv{kWmpP=8V;)pj!hY
zwvuKDv!e<dRGWAeLshX-uGo%@Se;3k1aE7`Khmy?5&Ic{8l`o6xzn1IX<K^x)8>yo
zEw;js8L<V|AhEhp$vMo(jS+>I`hPNcNizOS*dt@S&gnXnB7SY6<89oT8Z1u@+Hrcs
zaVM8s*HAy3>t-OV-)atkik$q+6>oL6(+EW-)vTj*1;s$kD<#{kX8p@7g%&%BEXFm8
z%<NsURx_F-`9G^~^d(8h6XoGr=Z1jUVTR7)Yq;sWlMGYEx~TxvO!jMKiXgG^&-U7L
zX3OoUlz-Rj=yQ@HM^k7j!rIFGn%ZiaqDRuM4onl_N4h|$dP>-}|MWO{aIBEjpGixN
zaJWQrm-uaImDZ5gnyJjJRDO^Z?LzKzSvx`YTbLYSp5XX;Hihe-genn0RgTFDg_{mP
zaupMgQgHe9Ns|k$d;&H}y*My@`m|O7Ht8?u%06Vd1pKfc3O>xqM$WAmmQ0l?bkgMk
z_ULomN7IC9c}iXtqg<Zk|7eY>ECzBmpEAe)Ed+ce<$Tr5c_x|b9g|Gy3Z7k6gbjk@
zM8$u=o|C*hoJvr98`;`KammyM^`UE-m}0UXX;{P@Cc*;2>GetSzhXTQKvjy#@_UQ*
zm#dI?l)l>%rV=21i3z8UdZ+;Vp{;R{mt5`dJRp7-7wCCSrWUK=+>AzJdEGjSDW!&b
zSVcCwXBBlPu!pH;8RLd6Row^scR4oy%!aD`#$YI1eB~Q=<*wGhTv7o0ocMxYG}52c
zVsX}B-~Q==`8&=3BE`Ph87?8ZX&pt9_>u^?6jz&?STVMJFQ*}EZM6!La`t=*Z%>av
z_*caWeFIqWFTe*jVrEm^9~G`kg(GKpdh=-CY-LJHR>K*%|5+BGyg{7B_XpysmB5ia
z+AUSzwu?vy>nZ$6CFSDw?@B`di*DW<x(R>KB>_Bfm9(69yUnjIhM(w=elF(mX6585
z(6-9uYi|E5i+@WA@OxZROJyEh+epM>oE75H7FX)>=1I8i7H{}YNjZOsbGY_zUxts|
zf&2%)+c-bZOGvd?&!t_YUw#c#ZKwjfm`@WWQ=<%kz5!|6NupA%ChZ@zfj`r(`0X3q
zmt<;D4dhF*<n6fmvzuQ_S+E}v2RUt63OuRRHi*i-=CWUj{_3B8y1myEXSmp{?ql^R
zlArIi)TL8mby7o4D{7!y-B$T~vd*ssaZ<M|%c8Dfx>lLLWjKlBVrNO(Pe?DW3;I-(
z^@wXvf*Oe0G(=s!fySjDoV4ty!}=0lLkw|Nl~=KPjwB8$5zcj;kp(ln9;crdq{zI;
z59`X=cktE8hwX4I$f&(`)t3H6X#vKe86j*jqYPJJz8-1qN#V5riO1Cw)ZSpP-GlCS
zMYLF}RiTu7Y*P%9U;h26RqxI32_-`+mP9z`PEqp*q>bmNi|5DcNdv&=`5piz*bsL>
zaX(j>TGlg>yn+F?JxmDV28AQ=i9%z8=rqE2B<ex47SpMp`}F}=^@DTU(1(;J$>GB&
zv%wDD%;39EpUd32U(r+Auc{6@zgA~y+R<t{Log0~5WSo7C78V2DO-f|Kz9D!>c-#M
zp%L*>zx-npnqx*RyPdtL_adJNdtj4WiD`Y?`g9c~)v*omlGU!}8w$(28$y)+dfgpE
zT0cNZ^=Om*07g-fNU%&<h<W1azqc)l;IaEISIk@2V*Va-ygvj>g<VOMYHKja`UZ_H
zh0s`PgE0`*SNB9iP}u2#IM~0{0EYajWwFxNfA3NhA?`9jsmIRz?yu?R$|s`4^DFqa
z&7nP1)<ERv;~$O{>ojvFPqd__N6(61H(PR})Azub74mUZOYsa+N!MAVh{QbO4P|(f
zuhd?k5)2rupiu8aZ5!)H$zQ;LkEgaPObFgdT}Vtibw6XeVVS%bQ6ZsN5I%-b9OwfD
zbdnSvGSdb&VfEfc3WKVH$GfMew^z=*_=7QbKwFIHR>a!P+2Q1kQp=f3ZQJTWicf8u
zo^K|gc=n{}fHxWW)UD*{=d1J}vpbn@RbKnV7ro2vUj&m^$U#IY>;wt0>nP1^2$MUs
zp%o<QlMgA8v@nh&$yYS^M`>D<l>8j*D-YY)o3p}gk+D1MPj9q@fMh@FM{XFj$>9gn
zZIRK1?k-f<C6aRblJnjv*A<*Wmml4Qyrn=M5hwlcSum$VBFw6z4rlE$m|05(`@#bA
zT+DdL19(jr1D?We0QL(4W{ZkS)}}~2NVmoEcb<TUe-7DbO&lvE`7SI&G#l7ZVBMkI
z^lBbf<g_yrjS2OHk$^78nsjS~H_^zsaESo5(ye6rxh0!zt+Yp;=WZdIghfnmNu=v4
zCLgDv1=^uk!q%O(3i4c95xqji{0LTF!mlTLN2rPn1S{!CAXr~(|9jqv^(Ju`8@`X4
zT*&%ooV-NMiLDQw)7RL9&WnknT2`Jv6kwFwx9acfGB`vB;PE;3l;+KSf7rq(Cr@sV
zUwR{O%bPg4PN|xeOwHisUzc>1WO&yKxAkjg%PB{)cyDTBKf9ky<vuybizH$jxK~E{
ze!o5#>~>~e0ki`ZSdDwb$@sD5U1o^NMnl8v&qoirTRjq{E!;EGY56`gMQ#TW&xe28
zDpcHX@<eEe;iuxWUKP*wh#awidH0FXsY<GJAb@Bj!{fV#g6LxYp}!$o+67T)-CMuh
z-wb2+p7#Uq7Xyeae~_Z*vwRyfiFv<UEKQI{M|d!m26#bjly=D>?(P#baD7WxC=x_Y
z8V>u8u^r$&w~Q#V^dh9T=Y648<GrU;^lUi}m7Fje@xu0wPJb7kVUUD^o^z$Vz1n&G
zqw-;qz@Un}=eK<+1GD!WUM&w*Mb87o=ubaMx(;WWf)8l%c{FC{i@Xc-y6}|8Z_|&<
zca|cAQ=kqB>0iMT`e_c~c9ZHmx!(2>uc7~LT1?TR113alVIpPn)1SR`PRq>)5xU_9
zDo**z=6vt)bEIhtLrPF%x_>@Ao2Oo!ycAeDf{qg{97lRXQ9l<@tJRMmR%ag@%7tC!
zQH$B&3>~s^c?!NhS-7&f?$dx2V}G<{XskD@4rEja!DFUl;9MsTSiarxw@tI656wfG
zW{=3H0!*|^g5L+0wg(xFs7Qar{<iSr9?UowgW$?7$#N~NXqTRg{={|zdinqZ1y`N+
zbybvl%JFxLP2`8KIL87PYEq7M?)~nR=4rmqGSajbQLKeXabv+5)uY)puxOVetyQlS
z2#RSz0Y^CZ;o*YGsDyeSFKFo=i0In7S~tv!y#V!{YrEwBWA#2t;dpvY;or#B0n&9+
z0U@8ig}P^uC0yJSW=_Hd;r}Wl!5GQ#-I@`XSn{5qoV0_Iyc?j<xAql6oQANpmubCN
z#i~E%5ZG1;6kD)62o>>k@gtvgQNYAAUw=Ln=fNdk6#rT2Gp}<;`aB*FE>m0m?B?_Y
zX9?(dpeyuR&!QBRI`9gFX{>$gaX>95W>&w4qbG=#%xA;hh@y(~+K=+}y!hUS6t@^G
zfVwf*4WtC~Mb+J}am~ZOzWcL31^V;h9WVSofCyQ<T7*joN~|0)zTq%$foWitK^r&s
z_IIW-X-)w=>ecfVA!`7O-paC-ja4NO{3071?kF?X=8JvL16!sZu#G(z4kr;-Spw!U
z>u*Mb-6(^@rSzR5l<14I67eqaB$b80!0n{YV@v+ff^!8(m1kFmTBV6X@qX0UPsjb9
zFIw@=U6}w6;S~bG3zxl1?Aw=dXnp7!6FiDLrimBM2y%jKOz&O;1fzQK3?xw?${Jps
zFwO?W@ErOO8u^4d=2QNW8Efr0binAIZGw~Qw*D&8{|%5WN*Jz32tmA>We22zf>Jos
z9#Q4#KUBafoEgYQ;_j(q<ofF4{(2XlCebkF0;`zL-{b2RY?vWC%JADx5&73PL$yQ@
zQ=E-+AX9{UfbBu^8g<xHrLgia#fwTHJS20`(E%O1fA}}z$KP(d=-sx5pz>9pJ_1?d
z%dL0yO$-U|;8=0A$%tS;AWppmRStRJlWP`lZ}i3~ovOQdRS3Qp2@Pi*714@4#-hG_
zUo~U>x)M5H-U|Ghvo#ya-4NP_Jn(FG64xHqQGr4NE@$M0<{&?`rytK}5=FPx=D;x&
zY>*snbqJ}ymb7D|TfoT2GsIHZL5D;pJJ>X2-qIY&m+-Om(WdPXJGyZSHp>J+OW^-1
zi%$3RrFX<t*T)vTgjakH(Wn?<wWG!<K>XwJFb@WY?x0ih4)k79#x5%E0s3kjTf8%A
z2J9yW&V)Q^N5SC733~1Xnr{amW=_$He-@gcDKceL%2RCruuF|@C+sP=?YX7NW5dUd
zK5PO1q6bb=i=oque0EXt)%}+-!m>@N&f@CTo`8)ZZbB(1Jz%x~{+&keBr){nyl1zb
zW#ZPavDSjX)KbU{4yVXONdWTOErLGe>w{S*SXiB~qT{gPGmB@nu21!K;}ZnmU>`hO
z{}D6IU>Oy%T%mr)H~c6Gw{(u#L}i1ZSGm4@UpH&UAMfcYwuQ{BB!1-dWW3w4hWQ2Z
z&t<`SA3}Pgp$w=O34p_RH-&>T7WK+NECy$hS&jRH=Ha%_YKA>3P-WJPe$RW+ZJ;YW
zDwiNfBD=5A@(pBuNfDY>zf-ty!}CR97HbaOzuY9598=6qcZVKG)f^l4Q04_;xLb8M
ztTN#_!RYlFknY1kE8=BjkaC|a<-C(>exH-CSAuoA%?oHS@}<~`@-DJb>Irv%UwB?c
z(T_cJgX*9|9*1DZSO`?UGTAlfl?UZ=kJwEVI;hUz*vmwS1aFmRADYyq_WsH`1qP0?
z@KYA{C}?7j{3h6adXk?A9b}bBIxycU<bIL6g1=dR(I(*Q75IF!rc%>9KSn~>)f<wJ
zhm-LxW)oO`j9G=<VXRSGCPEybL_)nDA6NyJwVie*79Za0L^V$PQF(hAu3O!|toPBb
zh|npaJg{Z!g%AbQTv6`v%POC6RiUt{AAv9jRTt@5QGOK@Rdj{L2&M<{LDWs>qrG5k
zVttpiR|9EqDQ{8Dm~i+bdLo;EppfyTecW!w;eqAa;gYW%Iz>N|q466QAoPwwmLI;&
zM@Il4Lb2v6(}2<V8jfgM_#Zana>)^vLATgaA3jsZ1}Zh0g+ghnB1YKbRA8?>v-YI-
zmyE~PaW@4ion&w@4#Um$W`Bz6viO|BUIv$=eZ${knWR+7Er37UQ=H-<Wx<n6{1JXp
zg9#|kEo`+Srk?5Jg_sZ4HNsgc5TkHlmT~Ei;99TIdeDIH@n>b8+l{3Rb=T5K%f+E>
zU>6_Cr0CBtqBGHQ6e$#AEo$@219Kx$W0MI^vxss6Q+kJrDVakc`Ay@DDq4tNS-KLY
z&pIg{1xBMwgl&Ur-dQ8hv}NJjsb=E#2M7SK*zNg3sPek1_pu7g5X78EQXReS;99y-
zpegrUgs4`zxlp}U4(ik<WJ4rL$KEd9(fS1!XdXuCeiLYu)OTS)#&=UAqm@X+Z?DCb
zk=&{L-dg+qzTQ)kG%B9*>uYe}cU{Ats6d2I(G5s9s&!6ol3NmdgehrJJo`OLRA@kd
zlStRLbi=GvJ9=u|ta-Yt$EYEdENKt5Y@P%HIVSSX()>q?I=?%4;T#W*p$duV;aby6
zVno^>#>-*%xQWfJ6iuB_4h%Jm-VyR8yoIH6#O3rzs539Aifp{r65v0F{PIm1yJ{E3
zr<d5W5fMX{9reQ|ptpwVC3T<1t7QOlL7exEeEJQrEEPlgV$j?=;Gtq|?p8iq-Z9Qg
zm-{*CDKbnymDl+e_{Gc(T`tDezK3}1@O8ff%XoE$@g^4TJO;Uj5p=_RaR|QcY$oU)
zeU@A!B?Kd$U(ji*8E2e8nDIAO&M~m*dPfZWkWpI(jrHn%A}(QmZZ*OWSfB*<d3BOf
zN|Nbyyz}E5MQbbi78!d2z6;&%SV6zyh90jGEh=j8JJX8?9rCiBHHazMINE5F7>eA(
z|B{R_-OzOD7|-#nGW}qWx<VnZAX>J~Q$No#MD}B)@Ju1mr5NsgkoiMT6UR3M2eYmx
z#NX<&-F1&dC;k`2uqFGr-q14u^Y}$b#;{1HFOfsAMVEv1{3PA!fb-MbqFWn2uzSD5
zKs9`Jt+|CX#rtw}4?pW6Q{elcxrGn7Jk4EbUUD1k1A52QmvBo%h5OgV*n<<@A&gC}
zAeK9Mp<(DclbZWR+RPBf<aWz4lN!F}CTE0sIOqU$j}@oNpeyJ#izNUzJ6SJ`*@h@+
zu6A3!&iJQx?OdEiY~(gYn_>8IxYJ0|)@U`+>1F%et{1KJS|)|2Faj_#&F@?J=_o39
z5Yv)CuPo8`tLe6Ub{M9)hP(Az&LxI1J11gNKc08^j0o7slv0t*!SnRV??TabI+!tV
z`kP8={r7?jediBuu7dyt`ubzLz)#JP8fpsT`=>bl9av89o)M*vhp7NB&aLVimkY6{
z{f8~v>ubK_yWq>-n&NemO3rD5EYI}c_vhDaxWhgV7aK$L3z(}8;|#mOUqjJv)>*eG
ztQREb-@V8#a-fhh;(2Ruy*HFJBD{Hb=_McMRj;FUSPJ2@i2I)1wsBof^|vC#&6d_z
z3zWsicsHZb_`GwSM(Xor{%(x&>8OBLRGT1q{{>blscr?St*HH(*MwT~4{%nbho=wl
zAW#8ALZkp4aB9=mJ`dk3Z5JWC+@+v|r(`HB+dwZyq8?ZG^ZDiufqW^NYBau?Fq{pJ
z8}I%8P1?i#pekN%p_EI>PH_VK*;63wVL4Ial_Dk5UAEVmVk(C&G@pu!H;)#)&*k9e
zZbXbWZg9H_z@vqg;C*n{*on-%kR=n?XYh$8>RWd;aQMACLG4_KF_6h&wv$irwUY2k
zDT~R#Y}%X0!_C2=hXwm(tdHu|F^n-Fh6m4^Eg(!PC6`g)c6`$$TVOX^ay9gu%);E6
z8x8xM-2#i08kPL3k+<pt?%H;MLQBlb7x}2(zF|W*h&I$^#oj(4i3*tqL6LFQEIK@n
zjt~|lfOec=LMwafgV+eeB%^OND%C=JZ{6K`e}|wQRYs@zPuU8n%F*#x-*VfwUEiA-
zd8&F!$xxc;AhzWt!r!ISmY?h&(qh3<2LtL<=v+(_E8c8|B4kCfs<(YFv2HIKfjwm8
zQdslc7)~>jTD5y5=|_rLiFyLr{z*DH@vca~Se76Ntn#Ya3-6^9sLnbU+@iabM;BYC
z0ZQnI^ZE+&`4nLhgjml_F#N+PnV=pG`B>p-2!7M4kJMy<B7!<MS!S78@3Yn7(yPNx
zrBcoD0x&oui(5j%6V&>12cC&cK8mGV1Q-<gABx>;Feo>Cst=vqzn{2qRZd!(v)lzn
zbjg=LJV0b}>eZ`&X~GkyA&EAo<bPG5;51Z_*;*OwBDW23Lo0{5ts{ff=5&m-BuXw&
zClDLSu2<b{-szbho&?vqhcok%5yR=hhaEo$o#=~^U{L7kgmvRf4<T*9W3Wr74XxU`
zU=G&nFg)Pl)}}|c4J2fEs0csK7t#Q;)WXz-ZE}o@n%W8@GCbNXl;aAWK<0P<y7fR=
z72`~*Qv7Om2KKbE!zCG4N|j?a2P0QcD3?1#T${d)PT9E`9HeCXN>1pDGMY(NJ93v9
z@tm04)sC=uWh$#V0RyZp7MIH(J+WB_1Y^bhteAIPPYtA4G3d%S+OhZZu(7~_>*{g;
z<JHE}q5EaErUw4K8vU9fm|#dVPmqCkzd|Lgv)J9vLs&E1^5JoGeA0VID)|-!qqc(3
zngcVet`^cHsCJ=Pyx}ifyifk>c+-0HPjram>BL-NRB-zRzk+BTp4ExkHRL#0LW-G8
z5j43Kt!~v*lVk{&4iAoK56^&tokLmpED2u!N`dqtPhXv6P5k*X>_|mFXFD`KPy0Lq
zU`LAf1>*~4Py)EM+2yz`<&0%AL_j|jcI0_?F!UXF*;b_qve^PsRi8?M;wiy5+vaAm
zOVX@mY%`xd)qLKzxNJRxsHM;RK|lw|+47XqMr>|}4U^iz*yZJ_6+R%yQYr3A>~IPt
zM|)lrm)>JgX#5l6*!hbjZTNRI0!kELQ&lkonJ-IyCFoOmp5;%8Nk597iR~j-$=V;v
zD8=Uw)S|s$>i8UquVb9K)#I*kbO<!wxnosC$C)@KhyGYmo=6U}HD;(|LJ2J8u!x6t
zo^jQ-_j@G1Y-9Wx6+a7D1v~Na-!gK)Y;{Isj38TVk@nbv>=qbwzljm>a)$}uE-n$(
z55ia0F+jsU_7s_%(t6E~3wv2XFPV_@yIz_b7m(hS{~F`96m|Pt$idF5*(tR}aRV3f
zdjn=oWkVOIHNWHV*Y6@m$g}Nq={09bmwGRT7_R-gui7h4>v#^p#8=V@53fFMyBKy=
zK`Wc0?M)TWF59tQnYIpYo5TAZ*HOVpL$Z>e-eAL(Cg<POLuqIVwS7a6dUGUN@#hnh
zXox;DCh}x3DlJ`gvhI9j{|xJ@69|IB@mhG7C+@!SctP%~tGg$N*I*fmN>f+{TO;Xj
zyus9i&MqWgaIIefJUS4)h!9AcjTk^-m>SV82e42Ssma!;V?hZhg3V=Q&8-pHx&_of
zIkuy2DA!eGaq%u6+8&7&>w{WVR43n2$!2$dc6n54PEr~XWRyQn+l;f=gIMhSa`bQu
zHni(je8PPNcU}3A{;;<OccV2Y7sgb$uU5Bvoe_UJMoV)6G-47W(=a%}VD;H3glKYB
zm4V$S#cg*Rp)N*0B9M}*l=moyd8>@i-N$~VX-9PQ^Gcy(4|k_nzd!WFzL7*Z=ep99
zga1)}wt_^kPzynC7yl~nqOM*Z5*XN*wdR2#;rGaP${hFw^`K>VCWW{eW<#M{A{0Bf
zNQX&dUp$i>Fp6kRH;#5gB<LMZG2+MnO6&SQpYIr}Js62SEeSe}bfUW3DuQ4_|2kFZ
z@#q=p7ns1=N5fhRz$&L^(+Agz`$UztYl&HFQ1!zcYTgf2E5Fyt6|};*YnSKwCISo_
zvcTEzqF)3sm2Qx2zzJ$~+aQE|VVbFh4vEHuceDcafjASwyZobKhWm+}@N-o^amIJ4
zWLnI<OHQRfM$fUgu3v3$In#pm(#1<`oEe`_CK1-Kx>7)zqjV(0(_%)oXoaheUZ_{I
zazC7q70y1>p&Ifuje|#b{sR4~Qe6;(rss)0)bcKx8q_L1aj51+*z$1Yj<w<DLME9a
zyCL+52SO>gnuXGJ&ciet#jr~x%vAk{%rVR;;LJo}X>||H4!<<4o~FHr@$!dL&uSqU
zTuz|k{-`eBu+rCp@?JDps#5QxGNPzihr7n9^>utJnM>Pu$W0$F5!Iij3GsV2g5Vh~
z)m~EHa-F{{WGWpi$ay$+<VwjNIZiv~#;XSLVFB|29k-<Ca#8XAsn+VaiE1ZNfrB1G
zR4)TXm(j}gx^3_QLcu>eudl(oDo*Fl&g8&SBo%*5?eN-Ss2A7IP~=_LJT>ML0$(Gy
z4Kt*XDAWo$exE~_=Wh_!PbL;WQ5`19Ut$Q@t&odch=FWlaO@EVWTIz@V|B&*l<+xq
z0s!ij%afzM==A)M;iHuu?TN3Ywmh#o$q~>ro|`-R_iSYr4Z~VojEHv%-K3RYW0r6{
z2$C=PAuR%wlJ_ny^r@REv5ur$PrO6w*4QzqKKFdAVT^A**`dQfJPs2=x}#Dz>@^&o
z8WY{{6qa{6qWF;6iJ=|etXqMfsCNvVs{=4dI-2VA(L-HUl#22MJbcZ|$IlOTG?*v2
zH1kIAXiEZ<waejaeVH?UVGjR6v%z+xBg;?tK?E0FaZ+MIUTz<;;CnR6p>p1Ec~TyF
zS&HJJ8K`K{Hs-j0^&wkc;Fgl*yGHz4YXS|~buYN+<L<tYl(@^#f%WtwkKHq6+6IvK
zaf$Am&viN88tEy4a;Fb3`&3-bT05)rmo&6h!x%e;>@EDSt9sw7!suNE$~jIJiK_yp
z%pOTT5I)58BJgHLR-NH(=Aqcz`@9O%RO&r4Ke63k@b4&zb6tdY)XGXGFiDv1OTj3S
zoED;xp*wF6$FM{xzfT`1ll+|ZFt-LsCy{Lj|A2eO=_Mc%J;crrugA<?!LPMLL&^oe
zQ4f4zc><HnJ1|^r7LC8<Vpxzf>a*Z|xg2w_8}O&&II5l8v`@}ujYiBZsJ}7{7vN-p
zjONaHkg#fY(%(dqcX+=MV#gB^8KnD(MkLJgm^snRmrOv-Ort33%Ox$8IH3!mRrDyn
zy{tHGKm5!tA!NY>pMbj?nD%R&>78URJRA2?FBzmbz<qYe?zfftiH}KDJiv@U-}RFq
z+_*EUNS7si(m1Bal4U<!C|91>7i$U_-JVFj=nv4<Zbt@$qEfLw+<l^s+2(w^B_ii^
zu?C-O5(?tT`yw(Wb%TPVQ4x>;dE5MoxC^)qijt`oF_K@kD8Y|vk#Raj-FoOuYV*8!
z#w{`R)O~g{J;oj5#_2@(dC3qKJnl5-IfnW(jE3)aVdAk4$j^hfO-<RdewxzZo=A+B
z0}s1IWIu(8{E-+9GEN6Y4LS@v(Vd)`gGru{-MfpqW!FbB#ldts+8Y^wP3F`kf40&f
z<y+K}BqfEcxy0`Q^?See>fNK1H;rePDGm#U$RP|%wNLU!=1vIskfb9&Dh=S8Ln^1R
zhW5kct$joB9k(aVD&V2GzwBRkY<QaKQ0}V6lXk9JKe@GZ2k!71Y}ke5cF}Q_v*`RQ
zjc=LF1nvd@-ba0V*gxSLIbywsOaM3>S|1%+&)aDcu!KxmLV%6I-Nu^1(ahQ@Fs9qG
zmkC+yEa)j<(Tj{XL@AuyK!$jM;u$2azmj(=^SPP);qhQGP$at7WSvP5(89cl2r?mo
zue22+4q_8ar}NGfXsXWn$cN}F9f(mi^rLND_AV?UMSGk3lg6BgwGqa!-GF_n!%c;%
zM473a*^P=xnt|Ny){5e1SNVF*-D-%{OjUen_+6%k9EAnll<c+{t^vO@>Zb~+%gMlD
z@_0k;JSqMm_0!QnW8q`T+f=vTc(9SjV{1-sZ+ig$^-jav_=rKpWhq{D^6X$h6@6eI
zR8wy82dp0m_^vZl9CMbk{(ZCK8;VW3l-S{G*Y^a3LzGo^`j1ua-N;e(xEhs^v_Jf3
z27Ymz4Bj?<|0GUk)_9cBkH~9i%6U47WOa_J+jZ9MfndsnF+3~*>)V?Z`hAD52kn-o
zD!zx}aw<q)+23fe-QT=XR3F{}81^D7{6H;$lkDqYT3;C4KYb?3iT!zV(I_UFq*~*H
zpe3v*;f76WDw>(y!RCy@RZH<Y4$HR^gM6*PUZ#rRPdKFG1{c|G8^4OxWlaVvKw53{
zM8irUr|E>*hac`bUx}0$7>Q7jmEz#jJ_?0DU?T;<^HA&|6cR+C_+KOn0E~B;AL3h8
z<9<!s3E<3TBQ0%hXvaf&GyjA#?MAUkWf`r{Wl(`*F~1$)V>9TmwbRmx&`#VgLtj{F
zjf;xK%=V4?ntc;fx+5Yuc?}Gfp}SD0+qjT3G87_HM%zK3I){ea@ArHsr2E{eEPE*R
zOM1#z0eO|Ta7Nbl75t5u`Z~oHD5w;YV9oJ*J9Sww06Hs_SmWyp@przeUid`J@U~!@
z`}fh|&qwcnI3t%C-@M#C#ql|xpRC}6N7<J=T+bFXbIvh9Yue?V#l!kG4C-ywpyFuB
zQEgA-Byt}i_ck#3OY497CCSsq&yj@qRd42YnB-&`#v{*<D>jBxVc5iOX(k;`v{F3P
z{tH(z7GTz32vc6y_ss<3*m!I`|12wa5p6;28C;O*Kq<#9xUe86$Tc(>jt;9ZR+&UJ
zgK8qxh$NvHZi(i1@sD-|;!9N1&(kP9=;{or;9AmT+vG-6gVA|)=mSaLSehF0<2pq#
zi$M;sU6Wwn;)&Gk)sW*!CuHp7F2J`C%%hE@G=TvLp(TdqT-%=~E4|O?eT-lFxTUPN
zso0@tSV~w^<Z`{4iXe+MxCdnD8T{jW?jowzC9qmeWz14aE;F=S!GE%(l#oG^R=Gs8
zkVB0Gu~L{rX-3A(3i`Mom7V@hp_!6JcTw2VHN(3?HDdTeA{I?l4Y{jg59^^WHX3)S
zxCSuv%4Q>HjK$~P8A?%6e6ozv_3!D*)E2eeO)Nxk$k6$WIIcW^D9OOel0xUEo$>n&
zzs#?+x(H3-oE)Ri$=E`I)mRVA=N*GbDb{oWdMHkBY9B=k7Qn>i*~{aR1A<O*{_f9`
zX@l)V4GD8X7u+37&6SAiYd8`qI<N;GW&|L741=$@!Rk%1WS&~Uyg`D$^T~>07BeN6
zfNH97xI*Bl>K9^xVo&Vp$Sam^sa{$06=`W<GE~jvM&{5AXNk6^AdX<tgK2OQgBh=M
zT2*qu`GlK3&|I4>^d8>CwdwcoX7PJ01J0K!y`U?`o~`o;gZVb-?E|BqZLP;Y9V`e5
zTwm>74Scw8I*?E#CVE5g9NG9>ye;_n8^)MpSF-=yKB>3Tasr0}t~Gy&Cv2(Fi?T2n
zTi6;K<{&WDG1aeu;dEC_4s{K64Kqco1d>7xZJUQ08iP-x$c+h2$8`sac*Qodif|L9
z!-fi914Q<B2okl>f8DO@lz{!m>yI&d3gA%i2^)HJxc`0u3k1S?t6%><loBZPX>tEP
zL-AJUpb`H6b(aKdeOkP~4+ubkK&=@6|M~}tgnE4%ynk<&{(l1yUBY)-oCGxk<b)9h
z<TwBSd)P822pW*%{(F-M1Va4ZYkz;9CIALRc>liD1OmOiLiQgAmtaDy0LEX>9y0&w
z*+e!WR~9z`%a9G+NAB%c@&s2sWW0aRO&}2If4BjG_T>NAL;ant5*+kC;QcA?v0xw&
z#v3Fk|7CipkdST24_>33ux`i)KBt<1XCw$dtdXE+#Etj22)(sndE4^(??^Q@6Y7kF
zz%_Idu8k=0{u2M@b@lC=^1r+f>%BQ5gZit71UO?Fa8><;6CGR(C0QuwKZY1@UypAz
J00w{l`X4m;O11z1

delta 14298
zcmZ{LV{~Orw{`4vY}>YN+fF*}IO*`j_6a&2t7F@?I#$PK$HtfL=Y8&b#~tI_KhD^w
zS~Y9UwPw{mwJUxM^q?QK+65Z618qpg7#swI3Frfj18^wgM)otZeh1&q3~Yhs5P;*d
zFT5$XaakE6!;-It!^W8{D4hfdnNg8jx2?pq;!#j$UHV*44D{_a*{@nL1tTT7xeyp=
zw@S7KCfDmt-4d1kf^oA)Zl-hU<7Hhm8p#2)Jzd9*A?{2mMGM%1{6uu=z|4!2ccHeK
z+1?7g1r&fQ41A4(w0m5^_fmA^nF|hYWU(K+n!ub@+#nHu!AH>4s3)eO8%%LEh3=IJ
zg8WHjvx0=CtCs=3X!^!~C)u+?NStLQHc$pO-_RIdxk#|{P!dqxG(6jg-zoSK4;dxk
z2{uoq#lXOgr%k~Kvhpk84PB^KK6t&*_?ZX#06@}0NyVhTaM2z4Y-GMiRQ*DRUHis{
z8@Qm_fhuy<8NN@@y!<q8A%S;QZEJvd|LXB;RF<Q4VN=AM0;3?~1k`Rhv>olDCQfR_
zf5BaJY+<5IjBmpk(HL^8DWh|98{<5<GP$7Fj7;<A3Q#Qm`EC5J;4DQ-?a2Xhar51+
z6#xNu{{RUivb5J}RMlhlaBXkmE#kku^leYXw7CQWkHwjv%;j}yYMS)Ua*|0J^FBXt
zOJ(kvm||bw!$L=}^vi|&3^5(9wdc+I=QE*DA3tr%H71;}_DQ59yHGRUUCmX&nM!lK
zVNGLi<jIqIu6X)mNoyi&n&X!9;7;H8SAfJ}E7T}wZ6We8W68vA6M3d*l*B%^^=Vk>
zNlQF@5>;p>{WeI82;o6xo_Us|DiFN6q-deUW<wrJK~6@ZHPP{GXbts;KQH+;;@(bz
z>u8l6c|Jc!7uCS<)}$@0JaDSfaR{lgRPJrymcbGd2MRku>irxx^m-bgy7NV$9zda&
zt<6n^Sy|6qGz|X>{b$Zqu4p>RSm-1DJ#2J!XmM;)0pfDx9`T%75HiWZa06xlhYKQI
zkfBRontgDk8D2#CN*b2AHKup%$u4)?TU;&_7P#m1O;&un?f5|C&Nj|EqensHCCI%P
z#sEZTk+~UDGy^nsE6*q*)&xCStby<1#muiuuq4W~RHBhl2z4WTn%t6dSWL38UQp|X
zxZUr+3!zOK&`#5Tui3?(t8&1*FTA^65au}yr-faIu^~}zIB0TNW*K}g%Z_WYspyJv
z*FtP5C1fqaHGG8vs%W7DC5=DTk-!Up!Ohe|4VI#VfDFU~V@Pp;UB-~WP{dDwAQo)t
zym$?FU@@JB#{AjV3X5WOAWK7LU*mC`2XVXsjRtN7L^LSiU8oNM*p^S*(ZQ^FOe@xp
z6i-E4>7rxLdUJN-%q*VeRz9jzLYI(hX)?Wb^V&8dl3u|O>_|wh&M6k+a*J&?2A})w
z){TMoYu$n*3v|=xAbWd=F+FKOGB-jX1RW)vt15Q79{Y_KL(4bYPPIH|Diku=ePV##
z@XDP{<OXTcx8?I=(8W@yh-CUg?=KPwMGp^7YSw+46m!1hNlw45Het4+z0&U<Lx73D
ztjZQAp)GtyA8TJw2u%j3WK(Z9$i=8RO_|c6I;BG#<RbblD=sAHz4EmI&X~4>sW`vQ
zvvN1C2VUtTq`AW}M@)rhCD^f{>K^?mk=RM@*>IU=g{*i-C|sLMM%hd=b8&D0__4@Y
ziYuT`i~~KLy56xBS>iO!XvU)P_j0zk{W>&)9BA6Tbs(SH(pHieR-pjFF`(GXn6}Z_
z9?ndJ;;^d+6PxdL6(+EN#)s2queF0}yMvdyOXr%;Z8N^pVMwB1;GhTRl(r=UPEZ^B
z=GAH+myHLPYGR<%+DOGzc9C|zQTDM*5^m@e&Bx8+&0JEUdd(&xdnf*qoQVxyN?>n~
z369oP3MY^ewK|d2Zc0)})?!oS#obQ3>obwxCT};iT}eRZV=eGw%79`PSrj=mN@wn0
zXYHt%Q;`xqWf05$xd|vq>|~nABU3vrBFC0^Kd1g8wao+q>_Nf-EI@7Fo=%4Q!1ggu
zh7mhCuIn2L<(njsw&_;vXZIPD%<XC%1<lXIW&vIw-d<nF7VoRFv)*4GyEfil9+>%G
z?oNb^-d|7d8~{X|NL{aA-yf>G0yf^BPhJnY7&qP@d_})>KgS7mzFuEXJp+8a-Z;;m
z<E#(jkcL(V<B+-lgn|O^w?~(ceMZ??LO$R-E~Xi@gFjgfztvdd7@_Wzl-AheSXS29
z;#5Vj@M}ukG3+Vi;_Hq|<l^g%YUF0<jutCt>B=fo2gP#+vgrWli9S0C{d!@b-0-0Q
zhIO1D^}jw;SCqkt2~x?jRXgrdsQob8Cjb0KVc-7hlGS_xI4K_&eYh=ENAc^R7_B6f
zesCK}LgF^9LdB*)CPzkd{MtNkW!@DbUF(qb=B};mmsdrdP5t94Esr*vlXEmG|N5go
zerA;{Mu|_}w^2)36+^Imh(HKaFzv_H?sIUz?aJXS>K~_Rd81jJ3$+gYJWl&McKyj$
z$z=$tcj7Dni>V~iHV8>r2-tpz>eD9hRfgw&g9HH;`DHeXMBgSftz0H++x)iXluS=t
zJe9rVviS1|)8i}}2@lxl6Nz443Q9O{m&1$C+m&B|)IYe=^1OkKoa@8sAWCLr4q*Br
z?K0@I>GCw|(#A=`@xt=mXW4r{8q=mG_ZuDcm|CU)i4kqv;(6Z`%_GmnS5~-5&J!)O
zpm=&Th9ksTGKZ74ga3o=YesX0+?t~NFAOTw0asErSE`wXL0C`ked~BM{g4c4^w|h`
z8pZ##;y)Czdc1zt-*4bVsv=LtD&awDZ=Zo&mcynLl(9*>`?o<^CsD9`z+YeSE6U@H
z*bij3Z$onbzzNB33z%pi&};Em{ZX4tM_u>{2Q2nTdJA0+1_u^4Se&?lVbwEW<`;V?
z&G|@9XVTXBE{9$`(TO&L8vZfDz17qho!u9^gnLH|T0KuRt>bD2>((|J^R;v&tWyp$
zEz!Y1brrQ=tARmiJzD^c`8n3h)x^NOw2I%5YJC(%PYlb6$Mh?SoLr6JIgW$Ox9W|e
z-?SXR*HeQ-b2l(p->hIpL|ZV8rL-@yQsu>(MqzefO<_u15ORAu3{*T8I$|=K;-@!V
zWd))(GQ>W_@HQ}@H$|{v_SaenEKAL)*rf&LKa&n7e2vd6CUF8Bd&93L^1wG1Ox&t;
z=6k~{g-l^q_F=K46)-&z6;EM~;J^>nQv9~aWQfRLngOmB)mhm;LdM!h5v-}?)kyrB
zoElYk--hwj_~<5Uq*1k&J^a9JZ;hQ3g!`YiNDH6swyMW1<+hg^&0|-Fak(AFevIK{
z>@!Mv_*C{)0*1qVMfO%O;EqGgS`zPT6;m<}EYv&>BYt~at%yd0zbKaH87f;|#!hW{
zQ;`eNscnUPQw=+RV0AE3ZfOir_1@BMEWd{)J*K9TQ%WJiHzCY;GB?pX<&Hz0;E;FM
zOe#6;@7>lY6Kmuq6*!)gR4JxXBqrZ~WM3JVOXF<10gylUpq%y8_}26Z$j)`19;HmF
znHX_z{2s=V>K^j3F{0kaigg34h{I3`Q_4|LI`0B5W}zxVu9AyUAs^ElELOL$$TEU`
zG_yx4Tp}hJV7C9(o0g6F<9%egby|grn;Qjxpg2phn{wbYn{%L9mP$xIQ(nzSCBXu%
zAH9-*!Xr*Cd9UJhKF~4CUPv<yOLP)5k!ZHjo`_9q$=e$!&e(Mj?nV`N2M`L}{KI8F
zB?~2_4YVOn8-X4pW}=hwHeT-hAT<08m{`-#N>U~}ht&RN>1l1B;4KL}!0u|N^W{S(
zc6og~^`~C3qAk)}3@u&fU_U8BNU_uvA=NkmZb-UoChDJ&si!m2oNJ2ZEts&PWC=K3
zI`kYxGM`XoGhw$OL`jhcg0m|72B+OXhB$l9d2__g0#B!D)J)JGGC?_eE@wanOBHei
zA)LTSP{K_`mEt~duzcW9zQ=y30h67h#NWNrPa72xJX1NYhCQk9hd-X9R9+3>4gkc%
zh_mDt6;^LqUd|nY4snt+5n!G({DR{i_OMJUsfLYB0Xtrjb68ewPU*NZ^&uxmMh&2*
zykSS?jD-T@Zh(dMQkeNdoFnc+`O_w*NYt00BG%^>BjY#$l;lsQX-6I2E{Ka045Vbe
z^$bo6febYcoD+TEhp%YEe+91qd|KW<B+60r4aj=~{eaIhH8i`pd{+;DzT2Rs*J2=C
z1b<B50AJm5DZ!YVRHAGoRYv9uI@JCdWAY`Et^pq3?Qa^RS*^}8HUk%<Wgl1h1C%YN
zsbe3Zy^wgEjwc}-;F;ykxN-KZuyPdLz))B*`<rKY{s{~B9>Bsh<A+a2zhLEvlU3^@
z(W#l_Hybz-=i{G&MQh+C-_w@)_tr$~648C6y1Ejb@rf0rzZsrI6PR)y=P~u-_^5g@
zM$Vi`K7Iwr9E%?4r^&-j2xzLn{BO&%a7(<ppqopdS1Le~tj3e<9V}?=KI0B{@_*dM
z9{Zqp@~{~2Z|KOGoLJF(P-fkPuAIlB21R2*>jS%&0+yZj!N6cCQ|_E9@ki!>smLE%
z)7TL(Kswr?ou+`vvQrKpppB|8LHIcYC^*)mGi%y|HK2#1!9)n7qj~AV=}F0f;;%xq
z75bybz_L!zs^z8xs)i|O15!5wc^hB>H|t>kM$NwvjQ>Iq>7>n*4^fcrTe`;_;)BI5
z;|y4r`5y?xb_9qJjy7nqq_17*vFrMM`-2d0rTiGjCsuCav0mUs$0x|n6z25d4dL$X
zU;KIP#wv>dj#O2zF_ia6!<chAk%ddYmPls-v8))!L{@GE44dCxgL>26HGxmi{jkCP
z{6tDdmWzK$_1SU<eNN<gItnzgG1}co%1$n+X8PsMoyZjH4mwy`sS_Lx$)ZU7$Lkrw
zYQeXi1g&zOi#~`D_}8tP-0+fxCb;?Ljw(My$LJluqa{Sknk`c)?~hZ(i%UiWEav~o
z#?m5#YL|NW?wXj|RY>Y-YznamRt(O_4g5{E(P_qR?OU9WSn$p4t(h#ot@)5U$=iA`
z_gKxp+CcY58~(J=E9pe%ALCpP_Q8Vsx-F+HX~13NA09|wCQ-I}Y80x;`2R4r`Ny-H
zFjJJ=08;)xsSBf&AuJ7%_w6UzmPafMQmlO-!InxMiwG3fN6dgpedX*y*<$%%R^scw
zY5>#aBL4MH48X*F5PLOJ^no^D1I`!?ABE6to>DpZkIw#ymWT^JsbJ_2*@(TMp8iHW
zoByXE8Grg__{9gOfB;hdfB6sI;34JbZiKz#1Nl>u$b|MoU}l)_R2MHl{S_DwkiT)Y
z6zr>H{Gr2sYeOhYDwZ_WW-exd2&bd!hawTGVUrM!<Lz6U`UDx%J^v9psy!tk=;kLi
zh1jGx-l)&cynw_w<_{9nVv_)Iyp3rmnf_(@|C2a87P<~p#@S%i%dj9r?fjUNy-W^;
zCdX{oGVUKb|8oxo|N06h)}GQ0Y}AmV2^saDNLPJZPq_NyVKu=I5C8m~efg0SQlmrK
zjj*h<Mq`F`u!(5lXn&-O{Go%aC&(<_nCfei6+k{7)-Vk&eN+0P*esoR_OaoVBV8Ca
zi~FyR25#`7{_%)=pj5;lMB3&DX4qJW56G~rRsVmR|Cki;Qa`@1nMl}FDbi&{V@3TB
zPSlt6gv~!V(f&pP0HW$66dcLF&ecpocvW?sa%BG>plazC<lFahTlD3z+@3-s7sc{>
zGH=LC-04^O+77~{MIDejU($^TG7@N^MM>jVTe#k9uXox*9sID3H_(oM?>6wKfj{$e
zKbwYmA*f~J_mMH^we)lk?y6_UZE+<5Dr0n%ZWn78Ydy&{K7Gus7|lKjh`cKrK9^{J
zdNM~irneBY`x28Nr(?lrE>EK#4XTQxhP)G<+aW3XXRw(H%?kH(6nAwTKhfNxfBDQL
zb+V<x_&K?y8nNZ4otWY(PD@U#+kG=Hx7pV2Xh1wnzoop=FF|UjXO(h(p&)et9~*yU
z^0XWYgLYql_tzvY_c<#ivd20AuFM-0IQOlL7-%{-8OcY*;NLr8S^mCMQDdlMS+g#_
zO{B|b;V}Wa5_=W;6bYyJwU0&R7TldVt_`6S=Kl;+wfEx3L8v7<cNwV)%V)|Tg_kW3
zwEh$>({aZMW1=<~12FQC{f&Q8Z>8`oL244bdU|ig;pEe+bW*0``mcEV4}9ty_$}{@
zCpa9q4!cIwT{h&c!^0pxJ%$aZH=F6)AJD`TI;c2_l9tA659IAezd&0e%+bm=8TeHS
zRG-2{n5V|oFkyG4WD>feQT-V`YwscUf>4t_U<E1wmd}c#KX4u4L1qMDEMuUKFp8Z+
z?kv{M_SyeUb&0zyE1!=MVJs_K|Kl#hykGmDepplV!FpjIu2jZLyFV5`1zy@NA31UU
z+mkB+>bN?cJMmTn_%bDtk!&i-!U0=8p>V;G!zk1Wj#`@B_+kNQ#SXtDfKpji|39<p
z@~0ZAh4m5J6RCK+c@bSzf^=I6CDujS43qd$I&xKl3|TkP%HZhWKhqJ3+bnc%bya$T
z6XJ^EELw)rNgj8mIJamsq7%3XKU1g-UAHv1e+@?-3!vN{Mil>B6vd56iv`<K!i}-N
z6fnl`C31A!syHky{YS6Vf6Ek0?V)_ktRm|3S~Hbdlq;xT7Xo`#Dw*+>kEYI*iv<^s
z(wLn7iM~89C1C+CFj{H4(p69l4%~SQK@IN6;|wJox6vYM1EP~8rHH>H;k@_N(KJv=
zL{~*1OuGX%6nA1isI$H(;Q`=YN^bBd(#fS>8t0B9^*@l$1wd~PVLu=ret}k>vvMo4
zh{ja5#>tP@_K+?9ChXg;CQ9*FU|s(JRuYA@mhj-q&66zSTT^WamTjdgh#78mz^)Wr
zKRROg7p=FFxPTYw2in$E6bugCwY@R~0B%GTo2<CS8clwl`-fG@f31#uSe1k<neKQJ
z-R|&s08`Z!nehm!X-Li#)EMST=`1M4NQ?n>JPyhvrTxb~OqAboM6t(}t~lffCP4w@
zbWH<BW~b~o!pjA6R0BG43Fso!%y>GIzu6>?(m|D*#SaU>D8QIL36_=Om95VkyUiCh
zold4|B<B_IlGr=G68#S=;@LB4_sM%|k<LxTDjgc6*|~xBq+X@<t_3dT_=jvk*h7Ld
z$)e<5+jCN_;+5F8`~QiOn=Bu%t6jBt-03|jEF)pvV>n|Mmtrj<5&5Yk^~4v&I!OTO
z@)0cUU1^-#2+luLEqj9<kDw`w*jS`yBY;_}xbL+Tz4#`u+0?JY$QW^;jwr%nc+c1V
z>wohP|5GW6&P(eh3TVxsm8u3Yv5cBG7PN|z&a)M@tEq)D355&)?Z<-jwdO_%RrdOb
zDJ)r6*}V?Mh$R3oq&}w=HTY;XYDM@;&c6yb!h9-!qE>EK_c$q4|KoMDAJ^LAcSI2t
zMON+UpN9pI%gMNW%a)6u`)cWurSHbmEK-LX5IDyec>=g=Bz2d)XO3iKis;)UNtfBI
zMcfNRUl_M_(qmqdHp)J3U0c<iqPC>))}8(tk8I@%k~^p}vXUG}Yi-FB1%R05O6f%o
zGm|Ikj{{|OoCFI7bP~Nm^_fBu(c4YGt0oscOk>935C#y|e*cttL+bMLd4GG`J9%DI
zdWQxMkaR*S?LK*1)P<A2g90LZnUN)o3U?uG*mtmMsu!?mBo0Z7m$p0KCZ)C3E(fFE
zXYS(hzfiH&{JwiOSwv94U@FSqu60_+cx~aiYuBC9pGIsa)<RhG@LtN=9nq-4xRU#M
zc`|tW@}#R^>RDmB96RhTzTe(Mv<?0mW&<<vTY2QOM@NZ)lJbHce>Ols!!H~beh)gA
z;%;ZS{1SH5Z_LBbAC|2!><$*T!*~&m9gE1cSN2hadTS{8bBxkYeV=d=jeL$k)kh~1
zy;q2dy)f)6S|NzSm*%Akzrg(~F@zF6bu#L`p@A>AXzZy(rqUZoA5S&ig+yE)NkRjk
zx?p4<A0rGd2KP~ekr_K&t#~vYl3icSgQGj%?a^*v@`n7I74mUaWrmRU!<!ILVG^>)
z<Gq~diPRpkfXx)PkVK_n1GRP3ly9JbZzi$n%*Y{Cs80TY0sbY@1)@x-5_E;7a}}J^
zcTbrtl%GFm0Z*$YVhQh}Jbl>A+YQ&(zX&Nc%{sk&eQ$c^Mt7@edlPtVA%wf{pm9&d
z^IgJfTisiHyuX=z#~8XCA0?tMgg-<|u2O&FZ|xu&o7&ON%D0Ln)wLnREwG9O<hj$?
zw6ztJJ9q@u&y+#w$U@yqw6sPfe`!<EqTy1RyS6a3y=q$a5`e0lVKgj1nqv`Gso)IF
zgCYW7L)#1~+qFP8)ZK%OtjD5WF=KMg=!Vxql2C(XI{FccprBmPA*>SDaq|;iYog__
zSTx}dOoC>LlnEWykx_sCVCF-Z6s6~^nH&p~__snxLE9ZQvgN88({iW>Sbq)UM5<l|
zV@aifd=_2KkRSb(h+RJ8UQHW>eo#%sm_94h66KdO`Vdf>B<v}O+Dm8kD^TW9{5G->
zP2F>XyL{Aq$Ty%xM2;(=(*dk=F(I&Y9e+jCv_TUpTyf^n<N!{08D}98V1;Oy>td+U
z$mIwWPm9IJSnElb7fUwX!*BeVIcUj!$ebjmW4U6BYMOjm=cwb3mu-^UXZ*?HbsXt?
zsPbM+cF4rlBerweprd<2iD~hXE7uThjAi-g02cTPgTC*KM9l|6TZ=0-Gs&>4S;a_=
z6(r4%D>+FaLV2tuPE)`kI|FCA^fVgntXXd9RB)u_R%+3K^fjkK(Uvo>eosyhzFs?X
zbVHuQT;l9KkHDw;I2?3FPS@!vY|TB^VCa3`$re*t4uoFX9q7vBG33we9mGo!<IFIn
z2tgOREzQP~*RKb#mn=a!Ha{8A%UE4>VsHpXm8d+6YyF7x*?t2sUKAm{Y^a4Se~LOU
zXO<HckB&#QV_pR{+c*WOFCeK~WHFt?EllB$x_0qigN*^_qI|vwVOCv1jyi?Yj8*ub
z<{ZRmBx`dIsfu~Zxa`JzR;O+4dpE3c5sLO8VTmXj*~9m@&WH__u9%iq&QUW<X|(xH
zRFw6fLjJUP%H0DK0s&Ic9l>p;&ROn*fq+m${atEcp+^T?!y&3j&y&YAHfc1()tQAF
z4-A%{@t4l~-4jRyHD!@hD2$;(A145(mp5<47|TI!GxZcPec`B9AtmN*G)GfJWybOm
z*X<R}tPDvvkoX<hzOSqT*lliz{#4Rd1~PcR+hENU*>hUp6`&a;ZOl0CA8feB-7vp$
zkXsKVQjY@C_G=5Ndi&RVncWy5>0_3xtzKbGMV#WE49NIAepoxfE4s9;xdkw{iuLQ#
z9vMMVQ|QWPaaPp$R8;>q%Wx8j#jJw(eWU;R!B0a*&LoDd0V!cz@q5)OlXg#YbA07<
z7c83Pc(36d-b1LYAQcUvf%XU<{VO?rSNGFiEie;MF8jna1)OJ%j3S=E8YA|W*Az*Z
ztlMPK9na^MnKk8qld_zZ-TriMfCBF(L$p2OBff0MJ3hq(3w=LH^~zltvwRmoMUO_(
z696`i1hr*#R}E4q+bXLZ^UNmfO_Xrj>+?JNvCJg6OHWl~!edk@y^kwCeQ?Kfq}K<T
zBDxo_aVb-OI)xI8B=qTym~JBnD{N<)dThvpOtyd0Gat|;=>?f8uYX5^c4oV8fH|m>
zL`Ae;lY0RG0Ree`|NCQ?pz^7g7$LMu)C+`*mopO-H3rGhOb7EIXc8e~u}PzjWj7%B
zrG7(7q^<MhrQ|YZe&+%;9~8D%;Cov>V2!ZnIHeD~2#Ohc3z0jLD#|mrZsfSUP-21&
zR10ES4SE5Or|#jGzv+W{vS_*Gq?G#$=CBuqnzha)6R>4Pog)11=*5xGV-eoS<kCfM
zGnEhL5dg{V!fcmzSGMcogiAZBEdmMJCR=A6+OOq^TkR6Ptd3mWgu<uS`GN=nY@x8J
z^I-x&!+q6w@c0A+0urwegyd2Hth2SToj$BhvW95wdM(vZ<vEi@fz={f2As`{zdW&?
zAWHO*wRZee7?MPDisQdryIC|EBwS8E9K$6c?M83pLRk#9JEs_7TNs|{z_Sdpd$2fa
zPEp*PH;`E$lz8gR529B)9=j5*b+wD~3H2TuW{W6n+h|PB+S10$+~nZ|uq@ZLi1)Cb
z3zgdq%^y(ux2mbHA-j)upTYBSX$LoCm7AILx$#@dd@(j0(P69!Q0yU)A(P?iO*7ti
zW~2E|es9+N`&S}cNn(^Ci$yj!0TV&`*T5}1dsdV%zdqN~S7bvsw577}8CN^*A3Jam
z%@E?I42@q%)^}96E`JTw!>_6~Rks{W_^xzg1NFHX03o)ZhRKZXvi)A>TUR=1=HA3B
zOYBIz967v@h_fu%M1lI=P)vdEFSQ%~lFP<aEuX9Xa5}UqJGGv4-$1j>wjo1IZ?Wgi
zG|*vw=rV2mij~agQ^2zsEw1VX{MdHs;%mgR3d2Nm%Bkfbvr@L01b60y@Bryi#z6?{
zOYkZy2GFt*fkJd@OMobzGHQUNIe17;tz7T0Ni_M<GFy~@X$-<6ceU&=b_+mD8swr5
zul_JYV}Lc@+n)daMll(>eTWPuXvb@4?7O$rDpTRgOv;P;!rOciVU-KHuFK5efiQ$B
zigmd-%oEsy22FJ!{mGm25Ok&j{4g9IBi|sy3~<})!h^R$@`L9H?g^uKF`cckdKVge
z7#Hk3pO|^fQ`)|_eJ!*SGhm;(t0igBK*6?~rUDKpw#qLz?#T30mv`ekPL;R2zF~H{
zm2fFI@8S(C{iD!!imCVu^`}5l@U(p_+>X}<e(_M>>f^RTV~2_~2|?jtBq<(O7eanf
zE5L7|E8_UBZdL0bcI<3^>7QJ9F7MX16A64~2YhxM3$k3|TdUwvhJE+<l!nWgrg#_$
zO4rM7Fsv|q0MqF@^nutNToJW-*)5vWlr)%oHDt}r{vo0Xkt|T1qiI+Gyd%Oo88<Bm
zT}H8E(h&<@50pSSi$54lY(Zz+(>~<c62P2YeuH6lIRT2Gei7W@1jGiTWg#{S;Eyl9
z?Ag0nOJ1(9JqqTkmk_^~r%NITUIIo3`5pOtBSORG=TZ|4#UPHLH6gNcoxl}(nshY1
zrO3>>eF}+OuZP)o6bQt#D@hGd^|FpI<qFhN4yvLc-QAm77@7%6b_iS04Y+gm8-Th8
z1G&X_FU#%~Womg3P8vR7Gj3t%wgi}iv1aFdpnXr8!2Di3Rq<CHqcjs-x*HCO;mjWc
z`9Jv0beu&C#n~#`{Br{wN!i(DL({Dl96^<#aj~RwvV>a}4yj{>1=<pIQNkZ-Da^>U
z17N0o^0jAmA`(#y5AKXqBDD}4GXU$izoBgkJqV^f20*~WQP4cyZepY4UKu+~kGalr
zY#_V*P7EO*<_B}Ek*CLzg(#-rw2Zw|z6NSdHC810`ryJUk(H|wQb;4|Hxek0ZBRqA
zF!;Ra_~s-?j-c&#k&rNHeTz?s?-@_H%XN}<KR>r>Lzx<~_?$l(!i+vzYXf*rX^W=+
zw)H?dJr_(1+P-f+t{qt=tSu*!11m4BBY9O{Lw`onMe~z(KH>pyE~b^Tu?rGUdUMSu
zN`d;YfM<+^Zsike=i4_W_A?tv_lyKkDIIlxvzn;g2<tp-+)om#?fvP9y$P0a%@65D
z=M#SH_%<^gR%iu`2_4}G&W!*F<Oui6g{R&}!lT-~DUmdK4McbOzVw6EutS9M&Gt0a
zD`t^&s!}Td>+DYfN=S#$XvB=ub%-PvUO(UN7s$T0ycc`#k`ebmdD&tuy=;#&SIl8R
zKJh^KSYJXjToxb_^Yde31a41M;VrOy^>yy7)9^gAT=webDuv`z&y@wpzmT#H(<vzl
zqFo3vHXA~L3hC%fHmIKzx>&92MC3&8tdxrr2VY>lctyExaJh9(<+xXxd)g;1Q7S0j
z(+=2wuDA`6$!Qu}&%{2NM8~IXy*dk9L1*oc0gd81JRpTUSq^$dh(?kTCfnG2PE@pt
z?TVMzJif_%!^sWku2}|f*STWPj%b+?^}Ams@8~t=EOgWvg>+q<@0J0Xm=9?9ZpVb0
z{#;Zkb|y|ewmzKbDkW$QOEL-+2`TKkfeQM-&D#^Z7}WqziTOaIHY{f(9!!_{GI&A9
zTnJ>Tj4P0tr4yP27InEDerBe0Tv{(DbI(GlYG+a#7E*J50buBLupuU@{IbB3cQSBN
zY+?0zT+1@(Y-;s!peSjZ-K8zwQqpN1`dud95qbUaV>Ev?a;C~!zFm~<QgRe7t^$vJ
zU9^1vM{eymF?lClYGDf8QFYjk=Cn0i*Wy&j5S^UDPL7eWt)U2P!S_kVs^CcXu0_k2
zV`R<&afEE482}#Z*0H=c&M23Vmt!u)3q~VjR`@%=(65-REX&t*Wk2k@IlY2g$(24e
zB{d?VtgO#uElfghcrAiYfn)j0_KS`Kae3?Bl=>`ZPs2~$0N7PZ)7_AuDcV}lQ|i<F
zH(|dj8fOQ0IywQj93=0)o{EKZYuR_}96^3tHU_XZO^T~TYaLZ|KLZX(!#1iVQ;k-q
z3!}V>Zt|}JLBZ&bqHtBH*>BK)K5T)jDGdBJ01pCU%>Yyuq6e(5e)g`w3I(oXrWOQb
z=5Xh92c}r*g^QPxS`0m({Kk>JilSakTt$+=4Z;5ucKtN&^KwlQyQE*ht9~^*65`?4
z8+@aIJbF|FEE<~1EJOQ&m<k$~gr2RKBAWfO?EQM2zYuCtHJ7dUd61l_)!=MOe7vCu
zmE<xtLe}idg)M;h?3f&b|0f%XJiZ&#)D+<NAb%3oxK<i_w&HsB&M)~;Ay$^*F8wT{
z%p1Yu>ig*%Nz%-)&W9zAjyQv-Bmki!*$-L+%`TzhIrXl!VPchB_O+rd`#lHOC?wu3
z!7tF99G}prIwlZLb*+RD(ZF$PX!qV>I21ftU6vj&M}@^1*xR@*4J5UYY1;U^9`a>#
z^zRABD%+zB0EQ~uU8a3<<&YI)^Y4CDU)py3ZfEVO>#(H4X=6j!SC)yMN@i?K9Umir
zox+%aFIV{Pmkr+g$jBwIRJn0n7Gf+~4@ff4oO6<OpX3JO=;bB4qfK21LqIF87rpV{
zx_ryBE`+w|uN2V5*GU1z^dx!xh57tUun59z7iOOWBe0kupN;w1;Ajb-=ru;GGeDw3
zgmzfxSlAx2)f2umMx051V~7=r!W&fkB{m=fDBV`x@r!4nC!MJ8VKVD+CH0|8rPi&L
z=`T|AIq>Qz9z8X!akQvJJ&Syan8ah!De;d=iysfmT^XBJkjmF%rYgKRGuuS<cnwR?
zfbiBq1*^d0mYhd(nW04@-CI3Xe`IK>cD<_W#_SYbHbhMbb(9ii;|K9ZPY4f@N!2t3
zI7*>j_1y<bD5z4hdf2WFT%N|t2@Xh>Q|?q=l3Qk}|Ln9Vfpe2pmOUbwWph^=lhKip
zg1;|VK5BZN#-l#5=cb}qh)7(y)a_FRj$|}y)<P%f7Dd3<&Ds{XIV>4dyq$}c8m4@$
z4z}%J4d>GE%<_aUxi^4#!XCX%r^X2Z)M}nxhoCU3Q6VuP97UXW`{44sIK}lT@%dj$
zqi9q?MpR{jM11M%Fx1a{?@<iP2XxdNcMsW|L%~1rw9nJLY~#7x803<*VofQvOZ=2K
z;z}xajrX<g^@LfakO-ET>H`@hD4{=u2;7zags`!NRlXg6ZnI@+ZIy!1BO|T?;HGe6
z(vLW)0z2X`b!Kw;3MV$`n0Z}qe&0*4{xq%#y?9^Hm7iF|g!mQL4yN(RiuB|`LC3IO
zyNr@q5OgL}!}X{;!s{iCtl~imA`4v+t~zBzt1VOBwhJGdo^jYXSc#Lpc}fM*fgy;x
z&C{78h1A#PZrH7@gC~*ba%P+waKe_2yS5zta=Py|3^m5`a?Rnnm=gMghjZK}5DJ%>
zW|ZX}vm^DRVVIG;QXt40a-Cb%?4eA(+{ZYR@xn?Z!J~hNyf@A+`cRIB84o9!R9D?0
zIlC5lg<S|DHX*%$&A_!__>MPuhcJ*nP9Nr#%s^3Nw|($?*Z?S@SCrW<pjk*x{Lr4p
za!j0$1xx1}Os{%6y9{`%H5&tWw=dD-TI!ap%rQqFPZr^GD*pS8krcc|c>M*A373D9
zEoP-Y=~P9AIFt7m`}pPS5KSGtpkQB<*_yj#fs<DeZ+oa^7YYIQD@)S?iu<U$aXuR{
z532%B4nC|d=`G1yxUi=U0L+^5hCXg<Vdv4^(+?&Hhn?>-Yp!x`b>56|+y}Lpx~ndJ
zeA^itvD^o1C<pC)3-Yh!HEEGSaz~)6EJ$?r&-?X-d%#r&A)Fp*<)KHgM7^<1mm*{h
zb=d|VqWLh97}v!r8afT(pN7<K+?lzx2k+*?H8wv{Pa9!C;n?pw0r28c7oBBW6n^^p
z`$G8jHsPqWg{837Qh}x$%)RIw!V(2HhUINe#BY*>QWm2dkeKEsbSpuult0wvswJ=?
z1(iVOGqUE_h`+c8)x9`pqHd_vR%UVYtsGSzix(M!w5qC2K~u{$8P~V^7O%=u?;Xg^
zdQpBgzq<xK-4ed_0o+6EUZtzuWq3k9HNJm;+@FARE3^3_{%yvEcG=lWam0NeBl%$_
z3JC@yl?MW0o3rTkWEEEf{ECij07)9$+bPY@T-@fCi`GPmw)w7eyHwl(46nTQLL*Jh
zccUoyn}yziQZGz%`VWE7ZfVhXP1tMxT}+$R;tZHp(g)|5NWgJ>Yc08*n}(XkWusxc
z(9=v+kr}XY;WFBip-=j~gmPe-*rorGquY8~ei?QL)yuHsy+;6Klt7J|^K9@CUTvkJ
zCZ&(j<Z3c@nw7AuI0gCfK^r_|;~XvNZg&1wFTIub#szuxN)r@U(Z5M-^OoPV#T~kP
z9r<20r%&WtKA;5%qkuOgNC-WzWbdD1h+$JC9rgpRTcmq6bnCQ4-HP@h8sr-AyXjTF
zk8y&2j&nTa({HKJMi@u&oD2(YrCN3s?bBfRrgMS;ehxDK_g?F51PL(5fjhqL%U7tY
zGcPR#^PhC!X|a&9cTX;K$pn>Of=KwMD4}a<prK7MS^>##Y)Yt?q%TnM4&Z{9r76_l
z^Tns1kRQi;JH&HOPmM$9I_L%BiP|Q{2m^$bb4Sq@!DabaF`?N@Blyd{vUQtC&leBD
z(UqDM%m11zWe8PNO=YM|O_gqTP+D5-(cTO7e2<AIIzRd3Y(#Ca*+4bdOre^U;Xr*A
z)Vf=(UkupQCLsyA&FOhTFjgUJqN2p3IHJJtCfjl%M9%1}EopbFGpalb5t;WpH1hI-
z3ZCPf@MsDLiO=Ubu(|^0sw<scK3r7J(tK+zV)08w*f#zqgG8xb$oX(VV3~hOST~ha
z<im87ymkyF=&)8Pf*~et6UJ+TFen>4M-s0u)elf6;Ia*(dEPmFx(jGc3L80Y+m%$j
zS2JkXT%^a!lxNQ$>9}xGpS?^3I_lz{2L(#$o(p}p-}TfUy+>|D5Y_oUG$d8{YhS-u
z>ZtveV6<~qIj0uJtfy1j#sgUAT2LhgHZhm49&j7PBc+9ixQpY~R8pZ<zlm!lv;JJ|
zt_*05yN6kG=7|SiEwiVNuQ-Q0LVz-fTyTyy9rV@l9!}k2**(*QQuapL>zSy+yuKF+
z&blo%Th~5*9RKu`@YRd6d3nfnePrYWJAshmd%G@;Y_8X1k|9)asC`?r;W$CR&Yl^7
zq|cUoxq+|5lx>4Sv`)|OQ;OO+B{OgOO($Sd?_FY_i%#=A^%vulMl4~1J5upw2ceOb
z%+mS#H^1%+=r7fMT&YtRSuuo+>kIvueAF6v?x*bYJ%_b^36XIxN6dYSQbFm^&>~BE
zFKwOg#L0t|uh@Qf50?bH$`ag{k)1ViQb6V@GiY9zWs<W(9b$CX?SVMfm^3)ts8WEG
zT;t2}{;)KvlbBVAUsMTveC|!O%D{5OPxsiR#e^{BfG67C9IQ8gG8I?m^HpmJZ~Rob
zAI!G(Sz^o1zser*;Z?m(*|;;ztyIj!sE<zhzvXR3BLtWcTei-u+;(F;h<SYPyWdKm
zBsC*RjfhmvTk%4$NF$0s(nw3THp>CL$cju$7^ED1NoaNlvS+veB6Q@x$M?cW@EjNN
zp&=AZql3mUyE7*WPa7%ndBFyA{xE?@;F=EB8Y+$<i56wc3`Ry?l((4GF>KVW0V|6+
zG$c-k1xsZ<O$l=ES&eyG9AZZ{H&UF9|5b#e#8ZmQ55J3rdrEF?4tr?|4UPrK&CQ4C
z69cYN+nTrcE~415GbV(4+xgS*VVK<|TRUPwA|&5Jg?+2tu|v3At*^#ruiGS*4lCXh
z{{D#&o}c>L;tl+g2u~n6loxD!E;kNN%mFvf7*w0aER<q_<C^-zHOr2OKThgmRpfS6
zQu@5SF%C9A7*%jzsz3ME*4~4)x<bnm-|9x*YNXpYONRXr`#?EaWmb@s(hyQw@d?5n
zm#)p0oB2unOh)LVNFLs{+4Y;g6D>D1ubT$ele?$+N!7}i*-Fnw?^p<SEkt*ZHGt0&
z6hEFqk19<sRFYYw@oTX`wCw#G(%;Y1%}tSk5Q;d!bW^yx0y$+c2#d!Eqq=8B4p77j
z#Nd9&#@r$d?4JmDKmlbOz?UzEPnBN>kz?xgG%FzJeg@7Co;RI7pEv5)ktWvax=n7U
z5U|vy-@UdWeuZV+Y}(|9V#SWyHP46WvWOEmbSB(F@y5`SF+qFW6s@A}sXj350j`i$
zg*0yqB+f*l6CuiVan~-Z_L&|b<)$OBJDyfc$t7r&MP}Cr=f*j30_4ZjYPno*tcyH<
zxi}!E>CZ7u)AyQSYl^YOB<xo`Otn?r&z2U}m}&Z#uUW;L7x%gMDNWr(hHU_lsZ+7y
zVPJ}fL*(g+2VR1QdLRkVTmn?%24Q->%4VlNGs4NNl}LLWaS<ULD-E4qI53QW38r6y
z)ouo}%ct!vD`U|>YNoMyTlleOcb$IG(Tmbe+HOTZF<2Xx97ZAn#H1VD#Fgxd3QgSr
zhDy=hXucb`QKZ|_ELg@?L7lmVM>_uQZ6~6)YE_Xtl0KK2Hc>?Wg;#hj_vIbz4-a*n
zDn*cxP-1=aQ*}04a-e{f0vUvwl^dk3JtqRgoOb139O^wDj_Rjc9{xXqlrhTgyAI-Z
zbAv25&XKKx#U_f1C_6ez+*z8v(0o(nFY*P>;lh%C4x5Uiq%P!)tAt_y2tkp*Vs#Ok
zSw5>Nv0FO*-l&9WvM4!>2H79r)9xfo=slLTppI?B&>IZj&ocm^&W9A!PNtY7sME$W
zyCd|yM;ORzraZ=a2oMPa>tLg&fMlo_t5-Mfp$>^g#n~2j8bm-#<JTD0oE8c>cY{kv
zB^Cq5BL66MPD34*B}HL^72|P7PcCGx98az(B#3z-Xyt|smjm(pG@J~P8<-y$kME=z
z7!{2LW6AA;Al3?C<pdjbZ$Wg!v)mv&FCzAXC7%@0MUyI_QBDxaY%z!13u2+*ZWv|J
zv~fa7Lhm$kz2)rvNufsDCZ2pSH-mwl+9FOtg6&k{l0-wJ%$UK#L)UETQ}A}wr>14U
z*rgs}m{;rqcR;)IEfvNE7M;Wy!jpnJHBfH2j8ymI1E*tvJC5N~@TPeRLI<>%C`-T=
ze>$%yqln3-Vg*Tq^QdYl_asAo=sxvMC|N2_np_GWgW~J`Cynkotyx&A2UPfNo*MRi
zoSI7iPVm%rbp&fwIPn-0c~hWVv=BCahe;;CGDwgduc1iV<jZ$C5@BOY7KBjwp4_Ah
zaJA3)tejW?X#}%wS$*S*A?!}|sEE$aVt{t@?`ykg5>h%A+Uk&)bjxZd2B<`u;#~AQ
z3;~5+-?j5QwBCUb(DdW+fa(_2Bqwt=Se@V_(VR>&QL8VRJE4)Y%&R}yJ7ZoUoVBs*
z>gE@_7<z{uS}#4$XfpsPpTdk@YS%fCrI7G8<_(BQ<K(WZpTp{&kNc)Ce8ZWY2?clK
z^S4TN<aUm7En)+Hy+Qm9TXQ`ZusRdNV$lD!uME{#5$p;MXlhK4|KB|?ARyQus~G=1
z1Q3A<q!=H&U@-9iu6}>)NP|N7zl8`$KMLUj;Y^VKS>y#0nP7l5Qvg{gae>Mv$oT(V
z=lZ`jbLjq>PcUHuYi9)Znov;vcijO51o6K(KF;_!K|sFRF}b*U+F7^&LCw+e|NGYl
z2*}5do&R;X3IYX9g~4oPfzzgVAEL<)79#g?%7On!Hse7-KrlZ#g7UvAfPkFK16|An
zkQ<ahK+GM?l${+MU6@Q99se{0oHN4(TTuaCm<fSRssmZfdH#_Apo2LEn7#%u)La<M
iKnFN%P6-sVzy<rM2Q;!E`-J|1NdpoD<VF8aJO2+*uGhW*


From 403df6ea34a463a92d4abb940693c53c0f16b99f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 09:51:58 -0800
Subject: [PATCH 360/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a93bfb03a8..2d53dff295 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
-ms.date: 01/07/2021
+ms.date: 02/03/2021
 ms.technology: mde
 ---
 

From d5327b6bd8d4339e0dc62d6d102872dc1607d0b3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 09:54:19 -0800
Subject: [PATCH 361/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...-baselines-microsoft-defender-antivirus.md | 35 +++++++++++++++----
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 2d53dff295..cbe42f4fbb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -77,6 +77,27 @@ All our updates contain
 - integration improvements (Cloud, Microsoft 365 Defender).
 <br/><br/>
 
+<details>
+<summary> January-2021 (Platform: 4.18.2101.X | Engine: 1.1.17800.5)</summary>
+ 
+&ensp;Security intelligence update version: **1.331.20.0**  
+&ensp;Released: **February 1, 2021**  
+&ensp;Platform: **4.18.2101.X**  
+&ensp;Engine: **1.1.17800.5**  
+&ensp;Support phase: **Security and Critical Updates**
+    
+### What's new
+
+- Additional failed tampering attempt event generation when Tamper Protection is enabled
+- Shellcode exploit detection improvements
+- Increased visibility for credential stealing attempts
+- Apply CPU throttling policy to manually initiated scans
+
+### Known Issues
+
+No known issues  
+<br/>
+</details>
 
 <details>
 <summary> November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)</summary>
@@ -115,7 +136,13 @@ No known issues
 
 No known issues  
 <br/>
-</details><details>
+</details>
+
+### Previous version updates: Technical upgrade support only
+
+After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. 
+<br/><br/>
+<details>
 <summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
 
 &ensp;Security intelligence update version: **1.325.10.0**  
@@ -141,12 +168,6 @@ No known issues
 No known issues  
 <br/>
 </details>
-
-### Previous version updates: Technical upgrade support only
-
-After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only. 
-<br/><br/>
-
 <details>
 <summary> August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)</summary>
 

From 884d384cf63f028be7b21647bd15b53a8c92807c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 10:01:03 -0800
Subject: [PATCH 362/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...updates-baselines-microsoft-defender-antivirus.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index cbe42f4fbb..ad73a5db57 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -80,12 +80,12 @@ All our updates contain
 <details>
 <summary> January-2021 (Platform: 4.18.2101.X | Engine: 1.1.17800.5)</summary>
  
-&ensp;Security intelligence update version: **1.331.20.0**  
-&ensp;Released: **February 1, 2021**  
-&ensp;Platform: **4.18.2101.X**  
-&ensp;Engine: **1.1.17800.5**  
-&ensp;Support phase: **Security and Critical Updates**
-    
+&ensp;Security intelligence update version: **1.331.20.0**     
+&ensp;Released: **February 1, 2021**     
+&ensp;Platform: **4.18.2101.X**     
+&ensp;Engine: **1.1.17800.5**     
+&ensp;Support phase: **Security and Critical Updates**   
+
 ### What's new
 
 - Additional failed tampering attempt event generation when Tamper Protection is enabled

From a49311b4f69abfd812ca801a6490f6f054546c01 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 3 Feb 2021 20:18:20 +0200
Subject: [PATCH 363/396] Update gov.md

Streaming API & Azure Sentinel are now available for GCC.
---
 .../security/threat-protection/microsoft-defender-atp/gov.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 3ec12f3876..972dc7f639 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -123,12 +123,12 @@ Email notifications | ![No](../images/svg/check-no.svg) Rolling out | ![No](../i
 Evaluation lab | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Management and APIs: Device health and compliance report | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Management and APIs: Integration with third-party products | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
-Management and APIs: Streaming API | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development
+Management and APIs: Streaming API | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Management and APIs: Threat protection report | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Threat & vulnerability management | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Threat analytics | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Web content filtering | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development
-Integrations: Azure Sentinel | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development
+Integrations: Azure Sentinel | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development
 Integrations: Microsoft Cloud App Security | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
 Integrations: Microsoft Compliance Center | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog
 Integrations: Microsoft Defender for Identity | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog

From 2603ade54ea12f6251f01773561cc472192e2b88 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 10:50:32 -0800
Subject: [PATCH 364/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...-baselines-microsoft-defender-antivirus.md | 21 ++++++++-----------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index ad73a5db57..2224680d0e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -78,28 +78,25 @@ All our updates contain
 <br/><br/>
 
 <details>
-<summary> January-2021 (Platform: 4.18.2101.X | Engine: 1.1.17800.5)</summary>
- 
-&ensp;Security intelligence update version: **1.331.20.0**     
-&ensp;Released: **February 1, 2021**     
-&ensp;Platform: **4.18.2101.X**     
-&ensp;Engine: **1.1.17800.5**     
-&ensp;Support phase: **Security and Critical Updates**   
+<summary> January-2021 (Platform: 4.18.2101.x | Engine: 1.1.17800.5)</summary>
 
+&ensp;Security intelligence update version: **1.327.1854.0**  
+&ensp;Released: **February 1, 2021**  
+&ensp;Platform: **4.18.2101.x**  
+&ensp;Engine: **1.1.17800.5**  
+&ensp;Support phase: **Security and Critical Updates**
+    
 ### What's new
 
 - Additional failed tampering attempt event generation when Tamper Protection is enabled
 - Shellcode exploit detection improvements
 - Increased visibility for credential stealing attempts
-- Apply CPU throttling policy to manually initiated scans
+- Apply CPU throttling policy to enable manually initiated scans
 
 ### Known Issues
-
 No known issues  
 <br/>
-</details>
-
-<details>
+</details><details>
 <summary> November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)</summary>
 
 &ensp;Security intelligence update version: **1.327.1854.0**  

From a4bab478a00ca0b5de0f3300566d3aae3983b4fb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 12:07:29 -0800
Subject: [PATCH 365/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...dates-baselines-microsoft-defender-antivirus.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 2224680d0e..15da63111f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -78,20 +78,21 @@ All our updates contain
 <br/><br/>
 
 <details>
-<summary> January-2021 (Platform: 4.18.2101.x | Engine: 1.1.17800.5)</summary>
+<summary> January-2021 (Platform: 4.18.2101.8 | Engine: 1.1.17800.5)</summary>
 
 &ensp;Security intelligence update version: **1.327.1854.0**  
-&ensp;Released: **February 1, 2021**  
-&ensp;Platform: **4.18.2101.x**  
+&ensp;Released: **February 2, 2021**  
+&ensp;Platform: **4.18.2101.8**  
 &ensp;Engine: **1.1.17800.5**  
 &ensp;Support phase: **Security and Critical Updates**
     
 ### What's new
 
-- Additional failed tampering attempt event generation when Tamper Protection is enabled
+- Additional failed tampering attempt event generation when [Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md) is enabled
 - Shellcode exploit detection improvements
 - Increased visibility for credential stealing attempts
-- Apply CPU throttling policy to enable manually initiated scans
+- Improvements in antitampering features in Microsoft Defender Antivirus services
+- Improved support for ARM x64 emulation
 
 ### Known Issues
 No known issues  
@@ -107,7 +108,7 @@ No known issues
     
 ### What's new
 
-- Improved SmartScreen status support logging
+- Improved [SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) status support logging
 - Apply CPU throttling policy to manually initiated scans
 
 ### Known Issues
@@ -337,6 +338,7 @@ Engine: **1.1.16700.2**
 - Fix 4.18.1911.3 hang
    
 ### Known Issues
+
 [**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection.  Affected machines appear to the customer as having not updated to the latest antimalware platform.  
 <br/>
 > [!IMPORTANT]

From 1be537b367ca4c82a3954837ea5863b2f1340388 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 12:22:42 -0800
Subject: [PATCH 366/396] Update attack-surface-reduction.md

---
 .../microsoft-defender-atp/attack-surface-reduction.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 6bc883ca30..0835bbe05e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -135,7 +135,7 @@ You can review the Windows event log to view events generated by attack surface
 You can create a custom view that filters events to only show the following events, all of which are related to controlled folder access:
 
 |Event ID | Description |
-|---|---|
+|:---|:---|
 |5007 | Event when settings are changed |
 |1121 | Event when rule fires in Block-mode |
 |1122 | Event when rule fires in Audit-mode |

From 2cf9637f14c669ff72412518643b5cceb5edbcb1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 12:24:44 -0800
Subject: [PATCH 367/396] Update controlled-folders.md

---
 .../microsoft-defender-atp/controlled-folders.md              | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 7ded77ec21..8602493f71 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -99,13 +99,9 @@ DeviceEvents
 You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app:
 
 1. Download the [Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the device.
-
 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
-
 3. On the left panel, under **Actions**, select **Import custom view...**.
-
 4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views.md).
-
 5. Select **OK**.
 
 The following table shows events related to controlled folder access:

From 7bf688acee9507e9c1222636ed3094c17f7119ea Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:04:04 -0800
Subject: [PATCH 368/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index ea1d8dbfb2..94438fbcf3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -27,17 +27,17 @@ ms.collection:
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-<!--ASR guidance for deploying rules (links to Antonio’s blog, recommendations for deploying rules to small set of devices first, code signing, link to ASR Power BI template, and link to M365 security center reports) and 8.	Policy conflict (details about what happens with conflicting policies, what happens when settings from different policies are merged)
--->
+Attack surface reduction rules help reduce vulnerabilities by targeting certain software behaviors. These behaviors include:
 
-The instructions to deploy attack surface reduction (ASR) rules in the most optimal way are available in [Demystifying attack surface reduction rules - Part 2](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565).
+- Launching executable files and scripts that attempt to download or run files;
+- Running obfuscated or otherwise suspicious scripts; and 
+- Performing behaviors that apps don't usually initiate during normal day-to-day work.
 
-It is highly recommended to test the ASR rules on a sample-like smaller set of devices. For information on the reasons for this recommendation and on how to deploy the ASR rules on a smaller set of devices, see **Use a phased approach** section, below, in this article.
+This article includes tips, best practices, and important considerations regarding attack surface reduction rules.
 
- > [!NOTE]
-> Whether you're about to enable or have already deployed ASR rules for your organization, see the information in this article. By using the tips and best practices in this article, you can employ attack surface reduction rules successfully and avoid potential issues.
 
-**Results of applying ASR rules**
+
+## Results of applying ASR rules
 
 - The process of applying ASR rules on devices provides scope to query for reports. These queries can be implemented in the form of templates.
 
@@ -49,7 +49,7 @@ It is highly recommended to test the ASR rules on a sample-like smaller set of d
 <!-- Denise, could we discuss as to why only the **Microsoft 365 security center** source is being cited here; Just for better understanding, I am putting forward this query
 -->
 
-**Applicable to rules' states**
+## Applicable to rule states
 
 This section describes the best practices with regard to the states which any ASR rule can be set to, irrespective of the method used to configure or deploy the ASR rule.
 
@@ -59,7 +59,7 @@ Prior to describing the best pratices for the ASR rules' states, it is important
 - **Block**: This is the state in which the ASR rule is enabled. YThe code for this state is 1.
 - **Audit**: This is the state in which the ASR rule is evaluated about its impactive behavior toward the organization or environment in which it is deployed.
 
-**Recommendation**
+## Recommendation
 
 The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best pratice are:
 
@@ -77,7 +77,7 @@ Before you roll out attack surface reduction rules in your organization, select
 The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
 
 - **Better prospects for display of ASR rules impact** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
-- **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of **applicable-not applicable**  devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
+- **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of applicable/not applicable devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
 
 > [!IMPORTANT]
 > You can implement the process of applying ASR rules to a smaller device set by utilizing dynamic membership rules.

From 94c9bd9c9b3b8221838388477ef1555b9ac5e6cc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:40:53 -0800
Subject: [PATCH 369/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 ...ractices-attack-surface-reduction-rules.md | 32 +++++++------------
 1 file changed, 11 insertions(+), 21 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index 94438fbcf3..b4bf06284a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -76,7 +76,7 @@ Before you roll out attack surface reduction rules in your organization, select
 
 The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
 
-- **Better prospects for display of ASR rules impact** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
+- **Better prospects for seeing the impact of attack surface reduction rules** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
 - **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of applicable/not applicable devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
 
 > [!IMPORTANT]
@@ -139,29 +139,19 @@ Reports relating to ASR rule events can be generated for the preceding-6-months
 
 ## Avoid policy conflicts
 
-If a conflicting policy has emerged as a result of a policy being applied from Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM takes precedence. See [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
+If a conflicting policy has emerged as a result of a policy being applied from Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM takes precedence. For more information, see [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
 
-Attack surface reduction (ASR) rules for MEM-managed devices now support a new behavior for merger of settings from different policies, to create a superset of policies for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either of the profiles would be deployed. ASR rule merge behavior is as follows: 
+You can now create a superset of policies for attack surface reduction rules that apply to [MEM-managed devices](/mem/intune/enrollment/device-management-capabilities). When you do this, only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either of the profiles would be deployed. Attack surface reduction rule merge behavior works like this:
 
-Attack surface reduction (ASR) rules for MEM (Microsoft Endpoint Manager)-managed devices support a new behavior in terms of merger of the settings of policies. This behavior is described below:
-
-- If two or more policies have multiple settings configured in each of them, the settings without a conflict are merged into the superset of the policies they are mapped to.
-- If two or more policies encounter a conflict over a single setting from the various settings they are configured with,  only that single setting with a conflict is held back from being merged into the superset of the policies. 
-- The bundle of settings as a whole are not held back from being merged into the superset because of the single conflict-affected setting.
-- The policy as a whole is not flagged as **being in conflict** because of one of its settings being conflict affected.
-  
-
-- ASR rules from the following profiles are evaluated for each device the rules apply to:  
-    - Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > [Attack Surface Reduction](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction).
-    - Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
-    - Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Profiles >  Profile Name > Properties > Configuration settings > Attack Surface Reduction Rules
-
-- Settings that do not have conflicts are added to a superset of policy for the device.
-
-- When two or more policies have conflicting settings, the conflicting settings are not added to the combined policy, while settings that don’t conflict are added to the superset policy that applies to a device.
-
-- Only the configurations for conflicting settings are held back.
+| Situation | What happens |
+|:---|:---|
+| Two or more policies have multiple settings configured | The settings that do not conflict are merged into the superset of the policies they are mapped to. |
+| Two or more policies have a conflict with a single setting | Only the single setting with a conflict is held back from being merged into the superset of the policies. <p>The bundle of settings as a whole is not held back from being merged into the superset because of a single conflict-affected setting. <p>The policy as a whole is not flagged as **being in conflict**. |
 
+The policy superset can include settings from the following profiles:  
+- Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > Attack Surface Reduction.
+- Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
+- Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Profiles >  Profile Name > Properties > Configuration settings > Attack Surface Reduction Rules
 
 ## See the demystifying blogs
 

From 89d32f80d3b5400d5a8147d441422d198b58c7f1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:41:22 -0800
Subject: [PATCH 370/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index b4bf06284a..fa2799337d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -77,7 +77,7 @@ Before you roll out attack surface reduction rules in your organization, select
 The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
 
 - **Better prospects for seeing the impact of attack surface reduction rules** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
-- **Ease in determining ASR rule exclusion** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of applicable/not applicable devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
+- **Ease in determining exclusions for attack surface reduction rules** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of applicable/not applicable devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
 
 > [!IMPORTANT]
 > You can implement the process of applying ASR rules to a smaller device set by utilizing dynamic membership rules.

From 368ea48c52303fe0de9e20010fb96fc97dfbc009 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:50:55 -0800
Subject: [PATCH 371/396] Update
 best-practices-attack-surface-reduction-rules.md

---
 .../best-practices-attack-surface-reduction-rules.md  | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
index fa2799337d..a4d1e2ca6c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
@@ -61,7 +61,7 @@ Prior to describing the best pratices for the ASR rules' states, it is important
 
 ## Recommendation
 
-The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best pratice are:
+The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best practice are:
 
 1. **Access to logs and reviews**: When an ASR rule is set to **audit** mode, you can get access to the logs and reviews pertaining to it. These logs and reviews are data that helps you to analyze the impact of the ASR rule.
 2. **Rule-related decision**: The analysis findings guided by the logs and reviews help you take a decision whether to deploy or exclude the ASR rule or not. For information on ASR rule exclusion see
@@ -77,14 +77,7 @@ Before you roll out attack surface reduction rules in your organization, select
 The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
 
 - **Better prospects for seeing the impact of attack surface reduction rules** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
-- **Ease in determining exclusions for attack surface reduction rules** - Testing ASR rules on a smaller device set gives you scope to implement flexibility in exclusions. The flexibility refers to the devising combinations of applicable/not applicable devices for ASR rules applicability. These combinations vary depending on the results of the ASR rules testing on the smaller device set.
-
-> [!IMPORTANT]
-> You can implement the process of applying ASR rules to a smaller device set by utilizing dynamic membership rules.
-
-**How to configure dynamic membership rules**
-
-<!--Denise, we might need Jody's help in acquiring inputs for this procedural section  of setting up dynamic membership rules.-->
+- **Ease in determining exclusions for attack surface reduction rules** - Testing attack surface reduction rules on a smaller set of devices gives you flexibility in identifying and defining exclusions. You can determine whether any devices are not applicable for attack surface reduction rules. 
 
 ## Use code signing for applications
 

From 4924722b91522b38ecd02482824b7d2734ec7fed Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:53:12 -0800
Subject: [PATCH 372/396] ASR content updates

---
 windows/security/threat-protection/TOC.md     |   1 -
 ...ractices-attack-surface-reduction-rules.md | 159 ------------------
 2 files changed, 160 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e62fbe4434..805b02475c 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -82,7 +82,6 @@
 
 #### [Attack surface reduction controls]()
 ##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
-##### [Best practices with attack surface reduction rules](microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md)
 ##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
 ##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
 ##### [View attack surface reduction events](microsoft-defender-atp/event-views.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md b/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
deleted file mode 100644
index a4d1e2ca6c..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/best-practices-attack-surface-reduction-rules.md
+++ /dev/null
@@ -1,159 +0,0 @@
----
-title: Tips and best practices for attack surface reduction rules
-description: Prevent issues from arising with your attack surface reduction rules by following these best practices
-keywords: Microsoft Defender ATP, attack surface reduction, best practices
-search.product: eADQiWindows 10XVcnh
-ms.pagetype: security
-author: denisebmsft
-ms.author: deniseb
-manager: dansimp
-ms.reviewer: jcedola
-audience: ITPro 
-ms.topic: article 
-ms.prod: w10 
-ms.localizationpriority: medium
-ms.custom: 
-- asr
-ms.collection: 
-- m365-security-compliance 
-- m365initiative-defender-endpoint 
----
-
-# Tips and best practices for attack surface reduction rules
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-**Applies to:**
-
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-Attack surface reduction rules help reduce vulnerabilities by targeting certain software behaviors. These behaviors include:
-
-- Launching executable files and scripts that attempt to download or run files;
-- Running obfuscated or otherwise suspicious scripts; and 
-- Performing behaviors that apps don't usually initiate during normal day-to-day work.
-
-This article includes tips, best practices, and important considerations regarding attack surface reduction rules.
-
-
-
-## Results of applying ASR rules
-
-- The process of applying ASR rules on devices provides scope to query for reports. These queries can be implemented in the form of templates.
-
-<!--Denise, could you clarify as to whether the ASR PowerBI template is anything to do with the templates used to generate/retrieve reports as specified in Blog-3? In other words, does the link to PowerBI template have relevance in this section and context?
--->
-
-- Once applying ASR rules to devices leads to querying for reports, there are a few sources from which reports can be queried. One of such sources is the [Microsoft 365 security center](https://security.microsoft.com)
- 
-<!-- Denise, could we discuss as to why only the **Microsoft 365 security center** source is being cited here; Just for better understanding, I am putting forward this query
--->
-
-## Applicable to rule states
-
-This section describes the best practices with regard to the states which any ASR rule can be set to, irrespective of the method used to configure or deploy the ASR rule.
-
-Prior to describing the best pratices for the ASR rules' states, it is important to know the states which an ASR rule can be set to:
-
-- **Not configured**: This is the state in which the ASR rule has been disabled. The code for this state is 0.
-- **Block**: This is the state in which the ASR rule is enabled. YThe code for this state is 1.
-- **Audit**: This is the state in which the ASR rule is evaluated about its impactive behavior toward the organization or environment in which it is deployed.
-
-## Recommendation
-
-The recommended practice for a deployed ASR rule is to start it in **audit** mode. The reasons for recommendation of this best practice are:
-
-1. **Access to logs and reviews**: When an ASR rule is set to **audit** mode, you can get access to the logs and reviews pertaining to it. These logs and reviews are data that helps you to analyze the impact of the ASR rule.
-2. **Rule-related decision**: The analysis findings guided by the logs and reviews help you take a decision whether to deploy or exclude the ASR rule or not. For information on ASR rule exclusion see
-<!--To cite here the topic that describes guidance provided for the process of implementing ASR rules' exclusions-->
-<!--To cite here the topic that describes guidance provided for the process of deploying or configuring ASR rules-->
-
-<!--Denise, if we can seek information about the common built-in features across all the 5 configuration mechanisms, we can specify the best practice regarding which is the best configuration mechanism to use to deploy the ASR rules-->
-
-## Use a phased approach
-
-Before you roll out attack surface reduction rules in your organization, select a small set of managed devices to start. 
-
-The reasons for selecting a smaller set of devices as the sample object on which the ASR rules are to be applied are:
-
-- **Better prospects for seeing the impact of attack surface reduction rules** - This approach enables you to see how attack surface reduction rules work in your environment. When lesser number of devices are used, the impact becomes more apparent because the ASR rules can sometimes impact a particular device to a larger extent.
-- **Ease in determining exclusions for attack surface reduction rules** - Testing attack surface reduction rules on a smaller set of devices gives you flexibility in identifying and defining exclusions. You can determine whether any devices are not applicable for attack surface reduction rules. 
-
-## Use code signing for applications
-
-As a best practice, use code signing for all the applications and scripts that your organization is using. This includes internally developed applications. Using code signing helps avoid false positives with attack surface reduction rules. It can also help avoid issues with attack surface reduction rules for developers and other users within your organization. 
-
-## View reports from various sources in Microsoft
-
-### From the Microsoft 365 security center
-
-In the Microsoft 365 security center ([https://security.microsoft.com](https://security.microsoft.com)), go to **Reports** > **Devices** > **Attack surface reduction**. (MORE TO COME!)
-
-To retrieve and view the reports generated in ([https://security.microsoft.com](https://security.microsoft.com)), ensure that the device for which you seek a report is onboarded on to Microsoft Defender ATP.
-
-### By Microsoft Defender ATP advanced hunting
-
-Advanced hunting is a query-based threat-hunting tool of Microsoft Defender ATP. This tool generates reports based on the findings of the threat-hunting process.
-
-The **advanced hunting** tool enables the users to audit the **Of-the-last-30-days** data collected from various devices by Microsoft Defender ATP Endpoint Detection and Response (EDR). It facilitates proactive logging of any suspicious indicators and entities in the events that you explore. This tool provides flexibility in accessing data (without any restriction in category of data to be accessed). This flexibility enables the user to detect known threats and spot new threats.
-
-The reports for the ASR rules' events are generated by querying the **DeviceEvents** table.
-
-**Template of DeviceEvents table**
-
-DeviceEvents
-| where Timestamp > ago (30d)
-| where ActionType startswith "Asr" 
-| summarize EventCount=count () by ActionType
-
-**Procedure**
-
-1. Navigate to **Advanced hunting** module in the **Microsoft Defender Security Center** portal.
-2. Click **Query**.
-3. Click **+ New** to create a new query.
-4. Click **Run query**. The report based on the query parameters (specified in the **Template of DeviceEvents table** section) is generated.
-
-### By Microsoft Defender ATP machine timeline
-
-Machine timeline is another report-generating source in Microsoft Defender ATP, but with a narrower scope.
-
-Reports relating to ASR rule events can be generated for the preceding-6-months period on a specific endpoint or device. 
-
-**Summarized procedure to generate report**
-
-1. Log in to **Microsoft Defender Security Center** and navigate to the **Machines** tab.
-2. Choose a machine for which you want to view the reports of its ASR rule-related events.
-3. Click **Timeline** and choose the time range for which the report is to display data.
-
-
-## Get the Power BI report template
-
-<!--The Power BI report templates are here: https://github.com/microsoft/MDATP-PowerBI-Templates-->
-
-## Avoid policy conflicts
-
-If a conflicting policy has emerged as a result of a policy being applied from Mobile Device Management (MDM, using Intune) and Group Policy, the setting applied from MDM takes precedence. For more information, see [Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10#attack-surface-reduction-rules).
-
-You can now create a superset of policies for attack surface reduction rules that apply to [MEM-managed devices](/mem/intune/enrollment/device-management-capabilities). When you do this, only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules. Previously, if two policies included conflicts for a single setting, both policies were flagged as being in conflict, and no settings from either of the profiles would be deployed. Attack surface reduction rule merge behavior works like this:
-
-| Situation | What happens |
-|:---|:---|
-| Two or more policies have multiple settings configured | The settings that do not conflict are merged into the superset of the policies they are mapped to. |
-| Two or more policies have a conflict with a single setting | Only the single setting with a conflict is held back from being merged into the superset of the policies. <p>The bundle of settings as a whole is not held back from being merged into the superset because of a single conflict-affected setting. <p>The policy as a whole is not flagged as **being in conflict**. |
-
-The policy superset can include settings from the following profiles:  
-- Devices > Configuration policy > Endpoint protection profile > Microsoft Defender Exploit Guard > Attack Surface Reduction.
-- Endpoint security > Attack surface reduction policy > Attack surface reduction rules.
-- Endpoint security > Security baselines > Microsoft Defender ATP Baseline > Profiles >  Profile Name > Properties > Configuration settings > Attack Surface Reduction Rules
-
-## See the demystifying blogs
-
-The following table lists several blog posts that you might find helpful. All of these blogs are hosted on the [Microsoft Tech Community site](https://techcommunity.microsoft.com), under [Microsoft Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog).
-
-|Blog  |Description  |
-|---------|---------|
-|[Demystifying attack surface reduction rules - Part 1: Why and What](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-1/ba-p/1306420)     | Get a quick overview of the Why and the What through eight questions and answers.          |
-|[Demystifying attack surface reduction rules - Part 2: How](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565)     | See how to configure attack surface reduction rules, how exclusions work, and how to define exclusions.         |
-|[Demystifying attack surface reduction rules - Part 3: Reports and Troubleshooting](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-3/ba-p/1360968)     | Learn how to view reports and information about attack surface reduction rules and their status, and how to troubleshoot issues with rule impact and operations.         |
-|[Demystifying attack surface reduction rules - Part 4: Migrating](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-rules-part-4/ba-p/1384425)     | If you're currently using a non-Microsoft host intrusion prevention system (HIPS) and are evaluating or migrating to attack surface reduction capabilities in Microsoft Defender for Endpoint, see this blog. You'll see how custom rules you were using with your HIPS solution can map to attack surface reduction rules in Microsoft Defender for Endpoint.         |
-

From 70580c16ad5f361a79660284ce0d5bbcd47d1c76 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 13:58:12 -0800
Subject: [PATCH 373/396] Update controlled-folders.md

---
 .../microsoft-defender-atp/controlled-folders.md            | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 8602493f71..b6ab784185 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -42,7 +42,7 @@ Controlled folder access works best with [Microsoft Defender for Endpoint](../mi
 
 Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders. 
 
-Controlled folder access works with a list of trusted apps. If an app is included in the list of trusted software, it works as expected. If not, the app is prevented from making any changes to files that are inside protected folders. 
+Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders. 
 
 Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically.
 
@@ -52,7 +52,7 @@ Apps can also be added manually to the trusted list by using Configuration Manag
 
 Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware). In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
 
-The [protected folders](#review-controlled-folder-access-events-in-windows-event-viewer) include common system folders (including boot sectors), and you can [add additional folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders.
+The [protected folders](#review-controlled-folder-access-events-in-windows-event-viewer) include common system folders (including boot sectors), and you can [add more folders](customize-controlled-folders.md#protect-additional-folders). You can also [allow apps](customize-controlled-folders.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders.
 
 You can use [audit mode](audit-windows-defender.md) to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
@@ -131,4 +131,4 @@ You can use the Windows Security app to view the list of folders that are protec
 
 - [Evaluate controlled folder access](evaluate-controlled-folder-access.md)
 - [Customize controlled folder access](customize-controlled-folders.md)
-- [Protect additional folders](customize-controlled-folders.md#protect-additional-folders)
+- [Protect more folders](customize-controlled-folders.md#protect-additional-folders)

From b3579aab3320bead1ea7ef70196acda23e07aa43 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 14:00:38 -0800
Subject: [PATCH 374/396] Update attack-surface-reduction.md

---
 .../microsoft-defender-atp/attack-surface-reduction.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 0835bbe05e..bce0f8e035 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -43,11 +43,11 @@ For more information about configuring attack surface reduction rules, see [Enab
 
 ## Assess rule impact before deployment  
 
-You can assess how an attack surface reduction rule might impact your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm). 
+You can assess how an attack surface reduction rule might affect your network by opening the security recommendation for that rule in [threat and vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/#tvm). 
 
 :::image type="content" source="images/asrrecommendation.png" alt-text="Security reco for attack surface reduction rule":::
 
-In the recommendation details pane, check the user impact to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adverse impact to user productivity.
+In the recommendation details pane, check for user impact to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adversely affecting productivity.
 
 ## Audit mode for evaluation
 

From 49b748a730aa40bc625bc3b57a406143667092bf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 3 Feb 2021 14:04:00 -0800
Subject: [PATCH 375/396] Update attack-surface-reduction.md

---
 .../attack-surface-reduction.md                  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index bce0f8e035..846bc4dbca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -51,7 +51,7 @@ In the recommendation details pane, check for user impact to determine what perc
 
 ## Audit mode for evaluation
 
-Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity.
+Use [audit mode](audit-windows-defender.md) to evaluate how attack surface reduction rules would affect your organization if they were enabled. Run all rules in audit mode first so you can understand how they affect your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they might perform tasks in ways that seem similar to malware. By monitoring audit data and [adding exclusions](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without reducing productivity.
 
 ## Warn mode for users
 
@@ -95,13 +95,13 @@ Notifications and any alerts that are generated can be viewed in the Microsoft D
 
 You can use advanced hunting to view attack surface reduction events. To streamline the volume of incoming data, only unique processes for each hour are viewable with advanced hunting. The time of an attack surface reduction event is the first time that event is seen within the hour.
 
-For example, suppose that an attack surface reduction event occurs on ten devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you'll see one instance of that event (even though it actually occurred on ten devices), and its timestamp will be 2:15 PM. 
+For example, suppose that an attack surface reduction event occurs on 10 devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you'll see one instance of that event (even though it actually occurred on 10 devices), and its timestamp will be 2:15 PM. 
 
 For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](advanced-hunting-overview.md).
 
 ## Attack surface reduction features across Windows versions
 
-You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+You can set attack surface reduction rules for devices that are running any of the following editions and versions of Windows:
 - Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
 - Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
 - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
@@ -169,9 +169,9 @@ If you are configuring attack surface reduction rules by using Group Policy or P
 
 ### Block Adobe Reader from creating child processes
 
-This rule prevents attacks by blocking Adobe Reader from creating additional processes.
+This rule prevents attacks by blocking Adobe Reader from creating processes.
 
-Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading.
+Through social engineering or exploits, malware can download and launch payloads, and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading.
 
 This rule was introduced in: 
 - [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809)
@@ -188,7 +188,7 @@ GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c`
 
 This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access.
 
-Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run additional payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings.
+Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run more payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings.
 
 This rule was introduced in: 
 - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709)
@@ -353,7 +353,7 @@ GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84`
 
 This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions.
 
-This rule protects against social engineering attacks and prevents exploit code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised.
+This rule protects against social engineering attacks and prevents exploiting code from abusing vulnerabilities in Outlook. It also protects against [Outlook rules and forms exploits](https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/) that attackers can use when a user's credentials are compromised.
 
 > [!NOTE]
 > This rule applies to Outlook and Outlook.com only.
@@ -426,7 +426,7 @@ GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4`
 
 This rule prevents VBA macros from calling Win32 APIs.
 
-Office VBA provides the ability to make Win32 API calls. Malware can abuse this capability, such as [calling Win32 APIs to launch malicious shellcode](https://www.microsoft.com/security/blog/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/) without writing anything directly to disk. Most organizations don't rely on the ability to call Win32 APIs in their day-to-day functioning, even if they use macros in other ways.
+Office VBA enables Win32 API calls. Malware can abuse this capability, such as [calling Win32 APIs to launch malicious shellcode](https://www.microsoft.com/security/blog/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/) without writing anything directly to disk. Most organizations don't rely on the ability to call Win32 APIs in their day-to-day functioning, even if they use macros in other ways.
 
 This rule was introduced in:
 - [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709)

From 7ca558ba2347ccad48dd3db0e644a6c10f5b306f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Wed, 3 Feb 2021 16:02:31 -0800
Subject: [PATCH 376/396] Added automatic image border, indented note in list
 item

---
 ...er-application-control-policies-using-intune.md | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 1f84641636..d44af33f24 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -58,15 +58,20 @@ Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationCo
 The steps to use Intune's Custom OMA-URI functionality are:
 
 1. Know a generated policy's GUID, which can be found in the policy xml as `<PolicyID>`
+
 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
+
 3. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**.
+
 4. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**.
+
 5. Add a row, then give your policy a name and use the following settings:
     - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy
     - **Data type**: Base64
     - **Certificate file**: upload your binary format policy file. You do not need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf.
 
-    ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png)
+    > [!div class="mx-imgBorder"]
+    > ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png)
 
 #### Removing policies
 
@@ -78,15 +83,18 @@ Upon deletion, policies deployed through Intune via the ApplicationControl CSP a
 The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are:
 
 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
+
 2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**.
+
 3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**.
+
 4. Add a row, then give your policy a name and use the following settings:
     - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy)
     - **Data type**: Base64
     - **Certificate file**: upload your binary format policy file
     
-> [!NOTE]
-> Deploying policies via the AppLocker CSP will force a reboot during OOBE.
+   > [!NOTE]
+   > Deploying policies via the AppLocker CSP will force a reboot during OOBE.
 
 #### Removing policies
 

From 68a4c1dddae4e0ab457802d54180545168b58ce9 Mon Sep 17 00:00:00 2001
From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com>
Date: Wed, 3 Feb 2021 16:28:12 -0800
Subject: [PATCH 377/396] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                 | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 1f03573655..7f1df6920d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -25,9 +25,6 @@ ms.technology: mde
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
 
-> [!WARNING]
-> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
-
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ## Before you begin

From b7ff50c0ecc9ad5290c8b2f796714d4b0a315b5f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 3 Feb 2021 16:31:28 -0800
Subject: [PATCH 378/396] Default update for AutomaticMaintenanceWakeUp

---
 windows/client-management/mdm/policy-csp-update.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index df70a21a7c..ac89864af8 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1113,8 +1113,8 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values:  
--   0  - Disable (Default)
--   1  - Enable
+-   0  - Disable
+-   1  - Enable (Default)
 <!--/SupportedValues-->
 <!--Example-->
 

From 650ec848bbef230bfad7b9992a99daecc0c44bbe Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Wed, 3 Feb 2021 16:55:50 -0800
Subject: [PATCH 379/396] Fixed list of categories that was displayed as a
 paragraph

---
 .../mdm/policy-csp-update.md                  | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index ac89864af8..8698b88092 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1733,18 +1733,19 @@ OS upgrade:
 Update:
 - Maximum deferral: 1 month
 - Deferral increment: 1 week
-- Update type/notes:
-  If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
-      - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
-      - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
-      - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
-      - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
-      - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
-      - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
-      - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
-      - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+- Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
+  
+  - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+  - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+  - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+  - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+  - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+  - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+  - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+  - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
 
 Other/cannot defer:
+
 - Maximum deferral: No deferral
 - Deferral increment: No deferral
 - Update type/notes:

From b8132898d8b37a888292975338cca8616418d5a4 Mon Sep 17 00:00:00 2001
From: MatiG <matig@microsoft.com>
Date: Thu, 4 Feb 2021 16:28:24 +0200
Subject: [PATCH 380/396] change default to prod

---
 .../linux-install-manually.md                 | 36 +++++++++++++------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index c45701fbed..f41fa4b080 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -32,10 +32,18 @@ ms.technology: mde
 
 This article describes how to deploy Microsoft Defender for Endpoint for Linux manually. A successful deployment requires the completion of all of the following tasks:
 
-- [Configure the Linux software repository](#configure-the-linux-software-repository)
-- [Application installation](#application-installation)
-- [Download the onboarding package](#download-the-onboarding-package)
-- [Client configuration](#client-configuration)
+- [Deploy Microsoft Defender for Endpoint for Linux manually](#deploy-microsoft-defender-for-endpoint-for-linux-manually)
+  - [Prerequisites and system requirements](#prerequisites-and-system-requirements)
+  - [Configure the Linux software repository](#configure-the-linux-software-repository)
+    - [RHEL and variants (CentOS and Oracle Linux)](#rhel-and-variants-centos-and-oracle-linux)
+    - [SLES and variants](#sles-and-variants)
+    - [Ubuntu and Debian systems](#ubuntu-and-debian-systems)
+  - [Application installation](#application-installation)
+  - [Download the onboarding package](#download-the-onboarding-package)
+  - [Client configuration](#client-configuration)
+  - [Log installation issues](#log-installation-issues)
+  - [Operating system upgrades](#operating-system-upgrades)
+  - [Uninstallation](#uninstallation)
 
 ## Prerequisites and system requirements
 
@@ -71,7 +79,13 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
     ```
 
-    For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
+    For example, if you are running CentOS 7 and wish to deploy MDE for Linux from the *prod* channel:
+
+    ```bash
+    sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/prod.repo
+    ```
+
+    Or if you wish to explore new features on selected devices, you might want to deploy MDE for Linux to *insiders-fast* channel:
 
     ```bash
     sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo
@@ -99,10 +113,10 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
     ```
 
-    For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
+    For example, if you are running SLES 12 and wish to deploy MDE for Linux from the *prod* channel:
 
     ```bash
-    sudo zypper addrepo -c -f -n microsoft-insiders-fast https://packages.microsoft.com/config/sles/12/insiders-fast.repo
+    sudo zypper addrepo -c -f -n microsoft-prod https://packages.microsoft.com/config/sles/12/prod.repo
     ```
 
 - Install the Microsoft GPG public key:
@@ -133,10 +147,10 @@ In order to preview new features and provide early feedback, it is recommended t
     curl -o microsoft.list https://packages.microsoft.com/config/[distro]/[version]/[channel].list
     ```
 
-    For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
+    For example, if you are running Ubuntu 18.04 and wish to deploy MDE for Linux from the *prod* channel:
 
     ```bash
-    curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/insiders-fast.list
+    curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/prod.list
     ```
 
 - Install the repository configuration:
@@ -144,10 +158,10 @@ In order to preview new features and provide early feedback, it is recommended t
     ```bash
     sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
     ```
-    For example, if you chose *insiders-fast* channel:
+    For example, if you chose *prod* channel:
     
     ```bash
-    sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-fast.list
+    sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list
     ```   
 
 - Install the `gpg` package if not already installed:

From 845958b66d328bfa36723e14c91065249fb96398 Mon Sep 17 00:00:00 2001
From: MatiG <matig@microsoft.com>
Date: Thu, 4 Feb 2021 17:30:24 +0200
Subject: [PATCH 381/396] "closest" meaning

---
 .../microsoft-defender-atp/linux-install-manually.md        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index f41fa4b080..046ec05444 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -68,7 +68,7 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo yum install yum-utils
     ```
 
-- Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`.
+- Note your distribution and version, and identify the closest entry (by major, then minor) for it under `https://packages.microsoft.com/config/`. For instance, RHEL 7.9 is closer to 7.4 than to 8.
 
     In the below commands, replace *[distro]* and *[version]* with the information you've identified:
 
@@ -105,7 +105,7 @@ In order to preview new features and provide early feedback, it is recommended t
 
 ### SLES and variants
 
-- Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`.
+- Note your distribution and version, and identify the closest entry(by major, then minor) for it under `https://packages.microsoft.com/config/`.
 
     In the following commands, replace *[distro]* and *[version]* with the information you've identified:
 
@@ -139,7 +139,7 @@ In order to preview new features and provide early feedback, it is recommended t
     sudo apt-get install libplist-utils
     ```
 
-- Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config`.
+- Note your distribution and version, and identify the closest entry (by major, then minor) for it under `https://packages.microsoft.com/config`.
 
     In the below command, replace *[distro]* and *[version]* with the information you've identified:
 

From 5de115d5a01426ef854582bc19e44bb1430bb386 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 4 Feb 2021 07:35:49 -0800
Subject: [PATCH 382/396] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 7f1df6920d..a03a960bb6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -13,14 +13,13 @@ ms.topic: article
 author: dansimp
 ms.author: dansimp
 ms.custom: nextgen
-ms.date: 09/10/2020
+ms.date: 02/04/2021
 ms.reviewer: 
 manager: dansimp
 ms.technology: mde
 ---
 
 # Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
-6 minutes to read 
 
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
@@ -28,37 +27,37 @@ Applies to:
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ## Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
 
 > [!NOTE]
-> Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
+> Depending on your choice of onboarding method, devices can appear in MMicrosoft Defender Security Center as either: 
 > - Single entry for each virtual desktop 
 > - Multiple entries for each virtual desktop 
 
-Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Security Center is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender Security Center. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
-Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
 > [!NOTE]
 > The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
 
-### Scenarios
+## Scenarios
 There are several ways to onboard a WVD host machine:
 
 - Run the script in the golden image (or from a shared location) during startup.
 - Use a management tool to run the script.
 
-#### *Scenario 1: Using local group policy*
+### Scenario 1: Using local group policy
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
 Use the instructions in [Onboard non-persistent virtual desktop infrastructure VDI devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
 
 Follow the instructions for a single entry for each device.
 
-#### *Scenario 2: Using domain group policy*
+### Scenario 2: Using domain group policy
 This scenario uses a centrally located script and runs it using a domain-based group policy. You can also place the script in the golden image and run it in the same way.
 
-**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center**
+#### Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center
 1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
     - In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
     - Select Windows 10 as the operating system. 
@@ -66,7 +65,7 @@ This scenario uses a centrally located script and runs it using a domain-based g
     - Click **Download package** and save the .zip file. 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called **OptionalParamsPolicy** and the files **WindowsDefenderATPOnboardingScript.cmd** and **Onboard-NonPersistentMachine.ps1**.
 
-**Use Group Policy management console to run the script when the virtual machine starts**
+#### Use Group Policy management console to run the script when the virtual machine starts
 1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**. 
 1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
@@ -81,7 +80,7 @@ Enter the following:
 
 Click **OK** and close any open GPMC windows.
 
-#### *Scenario 3: Onboarding using management tools*
+### Scenario 3: Onboarding using management tools
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
@@ -93,18 +92,18 @@ For more information, see: [Onboard Windows 10 devices using Configuration Manag
 > [!TIP]
 > After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
 
-#### Tagging your machines when building your golden image 
+## Tagging your machines when building your image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
 [Add device tags by setting a registry key value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
-#### Other recommended configuration settings 
+## Other recommended configuration settings 
 
-When building your golden image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+When building your image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
 In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
-**Exclude Files:** 
+### Exclude Files
 
 > %ProgramFiles%\FSLogix\Apps\frxdrv.sys <br>
 > %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys <br>
@@ -116,12 +115,12 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 > \\storageaccount.file.core.windows.net\share\*\*.VHD <br>
 > \\storageaccount.file.core.windows.net\share\*\*.VHDX <br>
 
-**Exclude Processes:**
+### Exclude Processes
 
 > %ProgramFiles%\FSLogix\Apps\frxccd.exe <br>
 > %ProgramFiles%\FSLogix\Apps\frxccds.exe <br>
 > %ProgramFiles%\FSLogix\Apps\frxsvc.exe <br>
 
-#### Licensing requirements 
+## Licensing requirements 
 
 Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender for endpoint can be found at: [Licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From 901da52c20e3c7874098728ee391e7a7f8deade5 Mon Sep 17 00:00:00 2001
From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com>
Date: Thu, 4 Feb 2021 11:26:26 -0500
Subject: [PATCH 383/396] VDI File share feature backported to 1703

Adding note that the change has been backported and works in 1703+
---
 .../deployment-vdi-microsoft-defender-antivirus.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
index 3849774f8b..ef143bfe39 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md
@@ -50,7 +50,7 @@ You can also download the whitepaper [Microsoft Defender Antivirus on Virtual De
 
 ## Set up a dedicated VDI file share
 
-In Windows 10, version 1903, we introduced the shared security intelligence feature, which offloads the unpackaging of downloaded security intelligence updates onto a host machine—thus saving previous CPU, disk, and memory resources on individual machines. You can set this feature with a Group Policy, or PowerShell.
+In Windows 10, version 1903, we introduced the shared security intelligence feature, which offloads the unpackaging of downloaded security intelligence updates onto a host machine—thus saving previous CPU, disk, and memory resources on individual machines. This feature has been backported and now works in Windows 10 version 1703 and above. You can set this feature with a Group Policy, or PowerShell.
 
 ### Use Group Policy to enable the shared security intelligence feature:
 

From 6f46373573a78e6cde7c9d40b292d4805d31e877 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Thu, 4 Feb 2021 11:08:59 -0800
Subject: [PATCH 384/396] pencil edit

---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index a03a960bb6..3abe07fc71 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -30,7 +30,7 @@ Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows
 Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). Although [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment, and thus impacts what entries are created and maintained in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), potentially reducing visibility for your security analysts.
 
 > [!NOTE]
-> Depending on your choice of onboarding method, devices can appear in MMicrosoft Defender Security Center as either: 
+> Depending on your choice of onboarding method, devices can appear in Microsoft Defender Security Center as either: 
 > - Single entry for each virtual desktop 
 > - Multiple entries for each virtual desktop 
 

From bcf853a0c6d7be245aa5771142910694bbc0e2ab Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 4 Feb 2021 12:52:16 -0800
Subject: [PATCH 385/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...tes-baselines-microsoft-defender-antivirus.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a93bfb03a8..3e94248b41 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
-ms.date: 01/07/2021
+ms.date: 02/04/2021
 ms.technology: mde
 ---
 
@@ -387,6 +387,20 @@ We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
 For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images).
 
 <details>
+<summary>1.1.2102.03</summary>
+
+&ensp;Package version: **1.1.2102.03**    
+&ensp;Platform version: **4.18.2011.6**   
+&ensp;Engine version: **1.17800.5**  
+&ensp;Signature version: **1.331.174.0**    
+    
+### Fixes
+- None
+
+### Additional information
+- None  
+<br/>
+</details><details>
 <summary>1.1.2101.02</summary>
 
 &ensp;Package version: **1.1.2101.02**    

From 50ae6bdaf97483e5006027f062ad773dc1244b8b Mon Sep 17 00:00:00 2001
From: Tristan Kington <TristankMS@users.noreply.github.com>
Date: Fri, 5 Feb 2021 08:28:07 +1100
Subject: [PATCH 386/396] Update hello-hybrid-cert-whfb-settings-pki.md

Certification Authority is the actual console name for Certificate Authority servers. Spelling/grammar fixes, some clarity and wording fixes. PKIView tip for NTAuth.
---
 .../hello-hybrid-cert-whfb-settings-pki.md    | 69 ++++++++++---------
 1 file changed, 35 insertions(+), 34 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index ec12645e1d..2b5e042c13 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -25,13 +25,13 @@ ms.reviewer:
 - Hybrid Deployment
 - Certificate Trust
 
-Windows Hello for Business deployments rely on certificates.  Hybrid deployments uses publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer.
+Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer.
 
-All deployments use enterprise issued certificates for domain controllers as a root of trust.  Hybrid certificate trust deployments issue users sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers.  Additionally, hybrid certificate trust deployments issue certificate to registration authorities to provide defense-in-depth security for issuing user authentication certificates.
+All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users with a sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates.
 
 ## Certificate Templates
 
-This section has you configure certificate templates on your Windows Server 2012 or later issuing certificate authority.
+This section has you configure certificate templates on your Windows Server 2012 (or later) Active Directory Certificate Services issuing certificate authority.
 
 ### Domain Controller certificate template
 
@@ -39,13 +39,13 @@ Clients need to trust domain controllers and the best way to do this is to ensur
 
 Domain controllers automatically request a domain controller certificate (if published) when they discover an enterprise certificate authority is added to Active Directory.  However, certificates based on the *Domain Controller* and *Domain Controller Authentication* certificate templates do not include the **KDC Authentication** object identifier (OID), which was later added to the Kerberos RFC. Inclusion of the **KDC Authentication** OID in domain controller certificate is not required for key trust authentication from Hybrid Azure AD joined devices. The OID is required for enabling authentication with Windows Hello for Business to on-premises resources by Azure AD joined devices. The steps below to *Create a Domain Controller Authentication (Kerberos) Certificate Template* and *Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template* to include the **KDC Authentication** OID in the domain controller certificate may be skipped if you only have Hybrid Azure AD Joined devices in your environment, but we recommend completing these steps if you are considering adding Azure AD joined devices to your environment in the future.
 
-By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template.  However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs.  To ensure domain controllers request the proper certificate with the best available cryptography, use the **Kerberos Authentication** certificate template as a baseline to create an updated domain controller certificate template.
+By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template. However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the **Kerberos Authentication** certificate template as a baseline to create an updated domain controller certificate template.
 
 #### Create a Domain Controller Authentication (Kerberos) Certificate Template
 
 Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Right-click **Certificate Templates** and click **Manage**.
 
@@ -66,15 +66,15 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 
 #### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template
 
-Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template for domain controllers--the domain controller certificate template.  Later releases provided a new certificate template--the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension.  
+Many domain controllers may have an existing domain controller certificate. Active Directory Certificate Services provides a default certificate template for domain controllers--the Domain Controller certificate template.  Later releases provided a new certificate template--the Domain Controller Authentication certificate template. These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension.
 
-The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later).
+The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers (2008 or later).
 
-The auto-enrollment feature in Windows enables you to effortlessly replace these domain controller certificates.  You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template.
+The auto-enrollment feature in Windows enables you to effortlessly replace these domain controller certificates. You can use the following configuration to replace older domain controller certificates with a new certificate based on the Kerberos Authentication certificate template.
 
 Sign-in a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Right-click **Certificate Templates** and click **Manage**.
 
@@ -86,31 +86,32 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
 
 6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.
 
-7. From the **Add Superseded Template dialog**, select the **Kerberos Authentication** certificate template and click **OK**.
+7. From the **Add Superseded Template dialog**, select the **Kerberos Authentication** certificate template, and click **OK**.
 
 8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
 
 9. Click **OK** and close the **Certificate Templates** console.
 
-The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list.  However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
+The certificate template is configured to supersede all the certificate templates listed in the superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
 
 > [!NOTE]
-> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail.
+> A domain controller's certificate must chain to a certificate in the NTAuth store in Active Directory. By default, online "Enterprise" Active Directory Certificate Authority certificates are added to the NTAuth store at installation time. If you are using a third-party CA, this is not done by default. If the domain controller certificate does not chain to a trusted CA in the NTAuth store, user authentication will fail. 
+> You can view an AD forest's NTAuth store (NTAuthCertificates) using PKIVIEW.MSC from an ADCS CA. Open PKIView.msc, then click the Action menu -> Manage AD Containers.
 
 ### Enrollment Agent certificate template
 
-Active Directory Federation Server used for Windows Hello for Business certificate enrollment performs its own certificate life-cycle management.  Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
+Active Directory Federation Server used for Windows Hello for Business certificate enrollment performs its own certificate lifecycle management. Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request, or when the service first starts.
 
-Approximately 60 days prior to enrollment agent certificate's expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
+Approximately 60 days prior to the enrollment agent certificate's expiration, the AD FS service attempts to renew the certificate until it is successful. If the certificate fails to renew and expires, the AD FS server will request a new enrollment agent certificate. You can view the AD FS event logs to determine the status of the enrollment agent certificate.
 
 > [!IMPORTANT]
-> Follow the procedures below based on the AD FS service account used in your  environment.
+> Follow the procedures below based on the AD FS service account used in your environment.
 
 #### Creating an Enrollment Agent certificate for Group Managed Service Accounts
 
-Sign-in a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+Sign-in to a certificate authority or management workstation with _Domain Admin_ equivalent credentials.
 
-1. Open the **Certificate Authority Management** console.
+1. Open the **Certification Authority Management** console.
 
 2. Right-click **Certificate Templates** and click **Manage**.
 
@@ -123,7 +124,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
 
    > [!NOTE]
-   > The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
+   > The preceding step is very important. Group Managed Service Accounts (GMSA) do not support the _Build from this Active Directory information_ option, which will result in the AD FS server failing to enroll the enrollment agent certificate. You must configure the certificate template with _Supply in the request_ to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
 
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
 
@@ -139,9 +140,9 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 
 #### Creating an Enrollment Agent certificate for typical Service Accounts
 
-Sign-in a certificate authority or management workstations with *Domain Admin* equivalent credentials.
+Sign-in to a certificate authority or management workstation with *Domain Admin* equivalent credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Right-click **Certificate Templates** and click **Manage**.
 
@@ -163,11 +164,11 @@ Sign-in a certificate authority or management workstations with *Domain Admin* e
 
 ### Creating Windows Hello for Business authentication certificate template
 
-During Windows Hello for Business provisioning, the Windows 10, version 1703 client requests an authentication certificate from the Active Directory Federation Service, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring.
+During Windows Hello for Business provisioning, a Windows 10 client requests an authentication certificate from the Active Directory Federation Service, which requests an authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You set the name of the certificate template when configuring it.
 
-Sign-in a certificate authority or management workstations with _Domain Admin equivalent_ credentials.
+Sign-in to a certificate authority or management workstation with _Domain Admin equivalent_ credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Right-click **Certificate Templates** and click **Manage**.
 
@@ -175,10 +176,10 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
 
-5. On the **General** tab, type **WHFB Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
+5. On the **General** tab, type **WHFB Authentication** or your choice of template name in **Template display name**. Note the short template name for later use with CertUtil. Adjust the validity and renewal period to meet your enterprise's needs.
 
    > [!NOTE]
-   > If you use different template names, you'll need to remember and substitute these names in different portions of the deployment.
+   > If you use different template names, you'll need to remember and substitute these names in the relevant portions of the deployment. 
 
 6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
 
@@ -231,39 +232,39 @@ CertUtil: -dsTemplate command completed successfully."
 ```
 
 > [!NOTE]
-> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
+> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
 ## Publish Templates
 
 ### Publish Certificate Templates to a Certificate Authority
 
-The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
+The certificate authority only issues certificates for certificate templates which are published by that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
 #### Publish Certificate Templates to the Certificate Authority
 
 Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Expand the parent node from the navigation pane.
 
 3. Click **Certificate Templates** in the navigation pane.
 
-4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
+4. Right-click the **Certificate Templates** node. Click **New**, and click **Certificate Template to issue**.
 
-5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, **WHFB Enrollment Agent** and **WHFB Authentication** templates you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
+5. In the **Enable Certificates Templates** window, Ctrl-select the **Domain Controller Authentication (Kerberos)**, **WHFB Enrollment Agent** and **WHFB Authentication** templates you created in the previous steps. Click **OK** to publish the selected certificate templates to the certificate authority.
 
 6. Close the console.
 
 #### Unpublish Superseded Certificate Templates
 
-The certificate authority only issues certificates based on published certificate templates.  For defense in depth security, it is a good practice to unpublish certificate templates that the certificate authority is not configured to issue.  This includes the pre-published certificate template from the role installation and any superseded certificate templates.
+The certificate authority only issues certificates based on published certificate templates. For defense-in-depth security, it is a good practice to unpublish certificate templates that the certificate authority is not configured to issue. This includes any pre-published certificate templates from the role installation and any superseded certificate templates.
 
-The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates.  Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
+The newly-created Kerberos authentication-based Domain Controller certificate template supersedes any previous domain controller certificate templates. Therefore, you should unpublish these certificate templates from all issuing certificate authorities.
 
-Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
+Sign-in to each certificate authority, or a management workstation with _Enterprise Admin_ equivalent credentials.
 
-1. Open the **Certificate Authority** management console.
+1. Open the **Certification Authority** management console.
 
 2. Expand the parent node from the navigation pane.
 

From 7f67353b01d6be65d5556b6ce8fdbd16831ab6d7 Mon Sep 17 00:00:00 2001
From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com>
Date: Thu, 4 Feb 2021 13:49:07 -0800
Subject: [PATCH 387/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a93bfb03a8..cc3faf4943 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -90,7 +90,6 @@ All our updates contain
 ### What's new
 
 - Improved SmartScreen status support logging
-- Apply CPU throttling policy to manually initiated scans
 
 ### Known Issues
 No known issues  

From a056b6666433d506ac2794163026df64a3c0e070 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 4 Feb 2021 13:52:11 -0800
Subject: [PATCH 388/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index cc3faf4943..cc8b19bee3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
-ms.date: 01/07/2021
+ms.date: 02/04/2021
 ms.technology: mde
 ---
 

From e6a1e82edd6d6dd9427832e0f857808c0695b4e4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 4 Feb 2021 14:09:05 -0800
Subject: [PATCH 389/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 15da63111f..5ea9e5c827 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: dansimp
-ms.date: 02/03/2021
+ms.date: 02/04/2021
 ms.technology: mde
 ---
 
@@ -88,6 +88,7 @@ All our updates contain
     
 ### What's new
 
+- Apply CPU throttling policy to manually initiated scans
 - Additional failed tampering attempt event generation when [Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md) is enabled
 - Shellcode exploit detection improvements
 - Increased visibility for credential stealing attempts
@@ -109,7 +110,6 @@ No known issues
 ### What's new
 
 - Improved [SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) status support logging
-- Apply CPU throttling policy to manually initiated scans
 
 ### Known Issues
 No known issues  

From 018173a3225d77714b35db9887c3c81ff81d0132 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 4 Feb 2021 14:19:20 -0800
Subject: [PATCH 390/396] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index f994f634f9..0d5c3a2ccf 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -88,7 +88,6 @@ All our updates contain
     
 ### What's new
 
-- Apply CPU throttling policy to manually initiated scans
 - Additional failed tampering attempt event generation when [Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md) is enabled
 - Shellcode exploit detection improvements
 - Increased visibility for credential stealing attempts

From bf4e78eb163328ce27ca5ee63c0745156ac27656 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 4 Feb 2021 15:11:26 -0800
Subject: [PATCH 391/396] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index bfa5bf0c44..7f68650da3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -46,7 +46,7 @@ It's important to understand the following prerequisites prior to creating indic
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
 - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
-- For support of indicators on iOS, please [see](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators)
+- For support of indicators on iOS, please see [Configure custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators).
 
 
 >[!IMPORTANT]

From f894c637829a7df259eceb508003089fd5a9522f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 4 Feb 2021 15:11:36 -0800
Subject: [PATCH 392/396] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 7f68650da3..988db9e418 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -49,7 +49,7 @@ It's important to understand the following prerequisites prior to creating indic
 - For support of indicators on iOS, please see [Configure custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators).
 
 
->[!IMPORTANT]
+> [!IMPORTANT]
 > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
 > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement: <br>
 > NOTE:

From e8e39fe4bac27f2e3ffebac0252920d48352958f Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 4 Feb 2021 15:12:17 -0800
Subject: [PATCH 393/396] Update indicator-ip-domain.md

---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 988db9e418..4491cd3549 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -46,7 +46,7 @@ It's important to understand the following prerequisites prior to creating indic
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
 - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
-- For support of indicators on iOS, please see [Configure custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators).
+- For support of indicators on iOS, see [Configure custom indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features#configure-custom-indicators).
 
 
 > [!IMPORTANT]

From 4a5634de8151504ebb2496e294fecff9c83bc387 Mon Sep 17 00:00:00 2001
From: garycentric <v-gmoor@microsoft.com>
Date: Thu, 4 Feb 2021 20:40:04 -0800
Subject: [PATCH 394/396] Removed /en-us from a Microsoft URL, added in the
 public repo

---
 windows/deployment/volume-activation/install-vamt.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 8fc4fde224..38d957f492 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -49,7 +49,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 ### Install VAMT using the ADK
 
-1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install).
+1. Download the latest version of [Windows 10 ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
    If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
 2. Enter an install location or use the default path, and then select **Next**.
 3. Select a privacy setting, and then select **Next**.

From c82ba327856af197b4d72feef4adff8bfec5bc4e Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Fri, 5 Feb 2021 09:45:44 -0700
Subject: [PATCH 395/396] Update waas-manage-updates-wufb.md

Reworded. Note to contributor: do not use "patch." The right word is "update."
---
 windows/deployment/update/waas-manage-updates-wufb.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index c6548529a8..a7b29f46e8 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -49,7 +49,7 @@ Windows Update for Business provides management policies for several types of up
 - **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
 - **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
 - **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
-- **Microsoft product updates**: Updates for other Microsoft products, such as Office MSI (Office Click-to-Run is not patched through Windows update). Product updates are off by default. You can turn them on by using Windows Update for Business policies.
+- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
 
 
 ## Offering

From 75feb0d923f4523c1d6f9a9d25957cb647fcc2b4 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Fri, 5 Feb 2021 10:30:24 -0800
Subject: [PATCH 396/396] =?UTF-8?q?Revert=20"Need=20to=20update=20Windows?=
 =?UTF-8?q?=2010=20Release=20Information=20Page=20Url=20in=20all=20the=20d?=
 =?UTF-8?q?oc=E2=80=A6"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 windows/client-management/mdm/policy-csp-update.md            | 2 +-
 windows/deployment/planning/features-lifecycle.md             | 2 +-
 .../update/update-compliance-schema-waasinsiderstatus.md      | 2 +-
 .../update/update-compliance-schema-waasupdatestatus.md       | 2 +-
 windows/deployment/update/waas-manage-updates-wufb.md         | 4 ++--
 windows/deployment/update/waas-overview.md                    | 2 +-
 windows/deployment/update/waas-wufb-csp-mdm.md                | 2 +-
 windows/deployment/upgrade/windows-10-upgrade-paths.md        | 2 +-
 windows/hub/TOC.md                                            | 2 +-
 windows/hub/breadcrumb/toc.yml                                | 2 +-
 windows/hub/index.yml                                         | 2 +-
 ...ent-changes-to-security-settings-with-tamper-protection.md | 2 +-
 .../mcafee-to-microsoft-defender-prepare.md                   | 4 ++--
 .../mcafee-to-microsoft-defender-setup.md                     | 2 +-
 .../switch-to-microsoft-defender-prepare.md                   | 4 ++--
 .../switch-to-microsoft-defender-setup.md                     | 2 +-
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 .../symantec-to-microsoft-defender-atp-setup.md               | 2 +-
 windows/whats-new/index.md                                    | 2 +-
 windows/whats-new/ltsc/index.md                               | 2 +-
 20 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1a7026a930..8698b88092 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4333,7 +4333,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/).
+Available in Windows 10, version 1803 and later. Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index 2b515fbbd0..9469d47cb7 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -42,4 +42,4 @@ The following terms can be used to describe the status that might be assigned to
 
 ## Also see
 
-[Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information)
+[Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 52147e7fab..2ddf505e62 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -26,7 +26,7 @@ WaaSInsiderStatus records contain device-centric data and acts as the device rec
 |**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
 |**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
 |**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
 |**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
 |**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
 |**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index 72389ab819..0b5adb4096 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -33,7 +33,7 @@ WaaSUpdateStatus records contain device-centric data and acts as the device reco
 |**OSArchitecture**        |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`amd64` |The architecture of the Operating System. |
 |**OSName**                |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
 |**OSVersion**             |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild**               |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`18363.720`                |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-health/release-information). |
+|**OSBuild**               |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`18363.720`                |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
 |**OSRevisionNumber**      |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int)     |`720`                      |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
 |**OSCurrentStatus**       |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Current`                  |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, as well as the latest Quality Update for that Feature Update. |
 |**OSEdition**             |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string)  |`Enterprise`               |The Windows 10 Edition or SKU.  |
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 3490e22ae0..1a27cda457 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -67,7 +67,7 @@ The branch readiness level enables administrators to specify which channel of fe
 - Windows Insider Release Preview
 - Semi-Annual Channel
 
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 #### Defer an update
 
@@ -188,7 +188,7 @@ The branch readiness level enables administrators to specify which channel of fe
     - Windows Insider Release Preview 
     - Semi-Annual Channel for released updates
  
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
+Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
 
 ### Recommendations
 
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index e7abdaa3eb..01f89be64e 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -101,7 +101,7 @@ In Windows 10, rather than receiving several updates each month and trying to fi
 
 To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. 
 
-With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).
+With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
 
 The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
 
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index 82617b0e13..d7a01438ab 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -105,7 +105,7 @@ Now all devices are paused from updating for 35 days. When the pause is removed,
 
 #### I want to stay on a specific version
 
-If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-health/release-information).
+If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the [Update/TargetReleaseVersion](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) (or Deploy Feature Updates Preview in Intune) instead of using feature update deferrals. When you use this policy, specify the version that you want your device(s) to move to or stay on (for example, "1909"). You can find version information at the [Windows 10 Release Information Page](https://docs.microsoft.com/windows/release-information/).
 
 ### Manage how users experience updates
 
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index ca70223a2c..37da456194 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -30,7 +30,7 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi
 > 
 > **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
 > 
-> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-health/release-information) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
+> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported.  **Note**: Windows 10 LTSC 2015 did not block this upgrade path.  This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
 > 
 > **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
 > 
diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index eaeb093642..25ef07d002 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -1,6 +1,6 @@
 # [Windows 10](index.yml)
 ## [What's new](/windows/whats-new)
-## [Release information](/windows/release-health)
+## [Release information](/windows/release-information)
 ## [Deployment](/windows/deployment)
 ## [Configuration](/windows/configuration)
 ## [Client management](/windows/client-management)
diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml
index e2971f2d84..a28aaa3b77 100644
--- a/windows/hub/breadcrumb/toc.yml
+++ b/windows/hub/breadcrumb/toc.yml
@@ -27,7 +27,7 @@
               topicHref: /windows/client-management/mdm/index
         - name: Release information
           tocHref: /windows/release-information/
-          topicHref: /windows/release-health/release-information
+          topicHref: /windows/release-information/index
         - name: Privacy
           tocHref: /windows/privacy/
           topicHref: /windows/privacy/index
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index bac6a47a7b..75355791f6 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -33,7 +33,7 @@ landingContent:
           - text: What's new in Windows 10, version 1909
             url: /windows/whats-new/whats-new-windows-10-version-1909
           - text: Windows 10 release information
-            url:  https://docs.microsoft.com/windows/release-health/release-information
+            url:  https://docs.microsoft.com/windows/release-information/
 
   # Card (optional)
   - title: Configuration
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index d56e4a120b..4a620da214 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -98,7 +98,7 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
 1. Make sure your organization meets all of the following requirements to use Intune to manage tamper protection:
 
     - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.)
-    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).)
+    - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).)
     - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above).
     - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index e3c03a1566..8108d9e245 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -110,10 +110,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 47f377115a..d98440f9bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -168,7 +168,7 @@ The specific exclusions to configure depend on which version of Windows your end
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add McAfee to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
index 6898a5ff90..a49d62bf03 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md
@@ -100,10 +100,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
index 8f9fe0c132..6b6dd2a9cd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md
@@ -164,7 +164,7 @@ The specific exclusions to configure depend on which version of Windows your end
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add your existing solution to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 1833f80a00..4d58af47fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -80,10 +80,10 @@ To enable communication between your devices and Microsoft Defender for Endpoint
 
 |Capabilities  | Operating System | Resources |
 |:----|:----|:---|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft -Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections)  |
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index dca6e54231..da69f9acd3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -138,7 +138,7 @@ This step of the setup process involves adding Microsoft Defender for Endpoint t
 
 |OS |Exclusions |
 |--|--|
-|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender Antivirus
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 89b398d5a5..559ab66233 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -28,7 +28,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 
 ## Learn more
 
-- [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information/)
+- [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)
 - [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004)
 - [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history)
 - [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new)
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 61f137f85b..09f32c39f4 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -49,4 +49,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as
 ## See Also
 
 [What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.<br>
-[Windows 10 - Release information](https://docs.microsoft.com/windows/release-health/release-information): Windows 10 current versions by servicing option.
+[Windows 10 - Release information](https://docs.microsoft.com/windows/windows-10/release-information): Windows 10 current versions by servicing option.