Merge branch 'master' into tamper-protect

2025-05-12 13:27:23 +00:00 · 2019-09-26 10:42:38 -07:00 · 2019-09-26 10:42:38 -07:00 · 17478bf9d7
commit 17478bf9d7
parent 56c31a35ca 2ed1aa5656
30 changed files with 4892 additions and 375 deletions
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@ -168,6 +168,7 @@
 #### [AppRuntime](policy-csp-appruntime.md)
 #### [AppVirtualization](policy-csp-appvirtualization.md)
 #### [AttachmentManager](policy-csp-attachmentmanager.md)
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
 #### [Bitlocker](policy-csp-bitlocker.md)
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -56,6 +56,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  - [What is dmwappushsvc?](#what-is-dmwappushsvc)
 - **Change history in MDM documentation**
    - [September 2019](#september-2019)
    - [August 2019](#august-2019)
    - [July 2019](#july-2019)
    - [June 2019](#june-2019)
@ -137,7 +138,11 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li><a href="policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon" data-raw-source="[WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)">WindowsLogon/AllowAutomaticRestartSignOn</a></li>
 <li><a href="policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon" data-raw-source="[WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)">WindowsLogon/ConfigAutomaticRestartSignOn</a></li>
 <li><a href="policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation" data-raw-source="[WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)">WindowsLogon/EnableFirstLogonAnimation</a></li>
-</ul>
+<tr>
 <td style="vertical-align:top"><a href="policy-csp-audit.md" data-raw-source="[Policy CSP - Audit](applicationcontrol-csp.md)">Policy CSP - Audit</a></td>
 <td style="vertical-align:top"><p>Added new Audit policies in Windows 10, version 1903.</p>
 </td></tr>
 <tr>
 </td></tr>
 <tr>
 <td style="vertical-align:top"><a href="applicationcontrol-csp.md" data-raw-source="[ApplicationControl CSP](applicationcontrol-csp.md)">ApplicationControl CSP</a></td>
@ -470,7 +475,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>ShellLauncher</li>
 <li>StatusConfiguration</li>
 </ul>
-<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
+<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
@ -830,7 +835,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 </tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="messaging-csp.md" data-raw-source="[Messaging CSP](messaging-csp.md)">Messaging CSP</a></td>
-<td style="vertical-align:top"><p>Added new CSP. This CSP is only supported in Windows 10 Mobile and Mobile Enteprise editions.</p>
+<td style="vertical-align:top"><p>Added new CSP. This CSP is only supported in Windows 10 Mobile and Mobile Enterprise editions.</p>
 </td>
 </tr>
 <tr class="even">
@ -940,7 +945,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>WirelessDisplay/AllowProjectionToPCOverInfrastructure</li>
 <li>WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver</li>
 </ul><p>Removed TextInput/AllowLinguisticDataCollection</p>
-<p>Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in Windows 10 Mobile Enteprise and IoT Enterprise</p>
+<p>Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in Windows 10 Mobile Enterprise and IoT Enterprise</p>
 <p>Starting in Windows 10, version 1703, the maximum value of  Update/DeferFeatureUpdatesPeriodInDays has been increased from 180 days, to 365 days.</p>
 <p>Starting in Windows 10, version 1703, in Browser/HomePages you can use the &quot;&lt;about:blank&gt;&quot; value if you don’t want to send traffic to Microsoft.</p>
 <p>Starting in Windows 10, version 1703, Start/StartLayout can now be set on a per-device basis in addition to the pre-existing per-user basis.</p>
@ -1529,7 +1534,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 </ul></td>
 </tr>
 <tr class="odd">
-<td style="vertical-align:top"><p>Management tool for the Micosoft Store for Business</p></td>
+<td style="vertical-align:top"><p>Management tool for the Microsoft Store for Business</p></td>
 <td style="vertical-align:top"><p>New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.</p></td>
 </tr>
 <tr class="even">
@ -1899,6 +1904,12 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 ## Change history in MDM documentation
 ### September 2019
 |New or updated topic | Description|
 |--- | ---|
 |[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
 ### August 2019
 |New or updated topic | Description|
@ -2189,8 +2200,8 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.</li>
 <li>AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.</li>
 <li>LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.</li>
-<li>System/AllowFontProviders is not supported in Windows Holographic for Business.</li>
+<li>System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.</li>
-<li>Security/RequireDeviceEncryption is suported in the Home SKU.</li>
+<li>Security/RequireDeviceEncryption is supported in the Home SKU.</li>
 <li>Start/StartLayout - added a table of SKU support information.</li>
 <li>Start/ImportEdgeAssets - added a table of SKU support information.</li>
 </ul>
@ -2424,7 +2435,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <li>ShellLauncher</li>
 <li>StatusConfiguration</li>
 </ul>
-<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in Windows Holographic for Business edition. Added example for Windows Holographic for Business edition.</p>
+<p>Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="multisim-csp.md" data-raw-source="[MultiSIM CSP](multisim-csp.md)">MultiSIM CSP</a></td>
@ -2739,7 +2750,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <p>For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.</p>
 </td></tr>
 <tr class="odd">
-<td style="vertical-align:top"><a href="enterpriseapn-csp.md" data-raw-source="[EntepriseAPN CSP](enterpriseapn-csp.md)">EntepriseAPN CSP</a></td>
+<td style="vertical-align:top"><a href="enterpriseapn-csp.md" data-raw-source="[EnterpriseAPN CSP](enterpriseapn-csp.md)">EnterpriseAPN CSP</a></td>
 <td style="vertical-align:top"><p>Added a SyncML example.</p>
 </td></tr>
 <tr class="odd">
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -343,6 +343,188 @@ The following diagram shows the Policy configuration service provider in tree fo
  </dd>
 </dl>
 ### Audit policies  
 <dl>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditaccountlockout"id="audit-accountlogonlogoff-auditaccountlockout">Audit/AccountLogonLogoff_AuditAccountLockout</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditgroupmembership"id="audit-accountlogonlogoff-auditgroupmembership">Audit/AccountLogonLogoff_AuditGroupMembership</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditipsecextendedmode"id="audit-accountlogonlogoff-auditipsecextendedmode">Audit/AccountLogonLogoff_AuditIPsecExtendedMode</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditipsecmainmode"id="audit-accountlogonlogoff-auditipsecmainmode">Audit/AccountLogonLogoff_AuditIPsecMainMode</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditipsecquickmode"id="audit-accountlogonlogoff-auditipsecquickmode">Audit/AccountLogonLogoff_AuditIPsecQuickMode</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditlogoff"id="audit-accountlogonlogoff-auditlogoff">Audit/AccountLogonLogoff_AuditLogoff</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditlogon"id="audit-accountlogonlogoff-auditlogon">Audit/AccountLogonLogoff_AuditLogon</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditnetworkpolicyserver"id="audit-accountlogonlogoff-auditnetworkpolicyserver">Audit/AccountLogonLogoff_AuditNetworkPolicyServer</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditotherlogonlogoffevents"id="audit-accountlogonlogoff-auditotherlogonlogoffevents">Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-auditspeciallogon"id="audit-accountlogonlogoff-auditspeciallogon">Audit/AccountLogonLogoff_AuditSpecialLogon</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogonlogoff-audituserdeviceclaims"id="audit-accountlogonlogoff-audituserdeviceclaims">Audit/AccountLogonLogoff_AuditUserDeviceClaims</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogon-auditcredentialvalidation"id="audit-accountlogon-auditcredentialvalidation">Audit/AccountLogon_AuditCredentialValidation</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogon-auditkerberosauthenticationservice"id="audit-accountlogon-auditkerberosauthenticationservice">Audit/AccountLogon_AuditKerberosAuthenticationService</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogon-auditkerberosserviceticketoperations"id="audit-accountlogon-auditkerberosserviceticketoperations">Audit/AccountLogon_AuditKerberosServiceTicketOperations</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountlogon-auditotheraccountlogonevents"id="audit-accountlogon-auditotheraccountlogonevents">Audit/AccountLogon_AuditOtherAccountLogonEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-auditapplicationgroupmanagement"id="audit-accountmanagement-auditapplicationgroupmanagement">Audit/AccountManagement_AuditApplicationGroupManagement</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-auditcomputeraccountmanagement"id="audit-accountmanagement-auditcomputeraccountmanagement">Audit/AccountManagement_AuditComputerAccountManagement</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-auditdistributiongroupmanagement"id="audit-accountmanagement-auditdistributiongroupmanagement">Audit/AccountManagement_AuditDistributionGroupManagement</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-auditotheraccountmanagementevents"id="audit-accountmanagement-auditotheraccountmanagementevents">Audit/AccountManagement_AuditOtherAccountManagementEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-auditsecuritygroupmanagement"id="audit-accountmanagement-auditsecuritygroupmanagement">Audit/AccountManagement_AuditSecurityGroupManagement</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-accountmanagement-audituseraccountmanagement"id="audit-accountmanagement-audituseraccountmanagement">Audit/AccountManagement_AuditUserAccountManagement</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-dsaccess-auditdetaileddirectoryservicereplication"id="audit-dsaccess-auditdetaileddirectoryservicereplication">Audit/DSAccess_AuditDetailedDirectoryServiceReplication</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-dsaccess-auditdirectoryserviceaccess"id="audit-dsaccess-auditdirectoryserviceaccess">Audit/DSAccess_AuditDirectoryServiceAccess</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-dsaccess-auditdirectoryservicechanges"id="audit-dsaccess-auditdirectoryservicechanges">Audit/DSAccess_AuditDirectoryServiceChanges</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-dsaccess-auditdirectoryservicereplication"id="audit-dsaccess-auditdirectoryservicereplication">Audit/DSAccess_AuditDirectoryServiceReplication</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-auditdpapiactivity"id="audit-detailedtracking-auditdpapiactivity">Audit/DetailedTracking_AuditDPAPIActivity</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-auditpnpactivity"id="audit-detailedtracking-auditpnpactivity">Audit/DetailedTracking_AuditPNPActivity</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-auditprocesscreation"id="audit-detailedtracking-auditprocesscreation">Audit/DetailedTracking_AuditProcessCreation</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-auditprocesstermination"id="audit-detailedtracking-auditprocesstermination">Audit/DetailedTracking_AuditProcessTermination</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-auditrpcevents"id="audit-detailedtracking-auditrpcevents">Audit/DetailedTracking_AuditRPCEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-detailedtracking-audittokenrightadjusted"id="audit-detailedtracking-audittokenrightadjusted">Audit/DetailedTracking_AuditTokenRightAdjusted</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditapplicationgenerated"id="audit-objectaccess-auditapplicationgenerated">Audit/ObjectAccess_AuditApplicationGenerated</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditcentralaccesspolicystaging"id="audit-objectaccess-auditcentralaccesspolicystaging">Audit/ObjectAccess_AuditCentralAccessPolicyStaging</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditcertificationservices"id="audit-objectaccess-auditcertificationservices">Audit/ObjectAccess_AuditCertificationServices</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditdetailedfileshare"id="audit-objectaccess-auditdetailedfileshare">Audit/ObjectAccess_AuditDetailedFileShare</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditfileshare"id="audit-objectaccess-auditfileshare">Audit/ObjectAccess_AuditFileShare</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditfilesystem"id="audit-objectaccess-auditfilesystem">Audit/ObjectAccess_AuditFileSystem</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditfilteringplatformconnection"id="audit-objectaccess-auditfilteringplatformconnection">Audit/ObjectAccess_AuditFilteringPlatformConnection</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditfilteringplatformpacketdrop"id="audit-objectaccess-auditfilteringplatformpacketdrop">Audit/ObjectAccess_AuditFilteringPlatformPacketDrop</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-audithandlemanipulation"id="audit-objectaccess-audithandlemanipulation">Audit/ObjectAccess_AuditHandleManipulation</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditkernelobject"id="audit-objectaccess-auditkernelobject">Audit/ObjectAccess_AuditKernelObject</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditotherobjectaccessevents"id="audit-objectaccess-auditotherobjectaccessevents">Audit/ObjectAccess_AuditOtherObjectAccessEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditregistry"id="audit-objectaccess-auditregistry">Audit/ObjectAccess_AuditRegistry</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditremovablestorage"id="audit-objectaccess-auditremovablestorage">Audit/ObjectAccess_AuditRemovableStorage</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-objectaccess-auditsam"id="audit-objectaccess-auditsam">Audit/ObjectAccess_AuditSAM</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditauthenticationpolicychange"id="audit-policychange-auditauthenticationpolicychange">Audit/PolicyChange_AuditAuthenticationPolicyChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditauthorizationpolicychange"id="audit-policychange-auditauthorizationpolicychange">Audit/PolicyChange_AuditAuthorizationPolicyChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditfilteringplatformpolicychange"id="audit-policychange-auditfilteringplatformpolicychange">Audit/PolicyChange_AuditFilteringPlatformPolicyChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditmpssvcrulelevelpolicychange"id="audit-policychange-auditmpssvcrulelevelpolicychange">Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditotherpolicychangeevents"id="audit-policychange-auditotherpolicychangeevents">Audit/PolicyChange_AuditOtherPolicyChangeEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-policychange-auditpolicychange"id="audit-policychange-auditpolicychange">Audit/PolicyChange_AuditPolicyChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-privilegeuse-auditnonsensitiveprivilegeuse"id="audit-privilegeuse-auditnonsensitiveprivilegeuse">Audit/PrivilegeUse_AuditNonSensitivePrivilegeUse</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-privilegeuse-auditotherprivilegeuseevents"id="audit-privilegeuse-auditotherprivilegeuseevents">Audit/PrivilegeUse_AuditOtherPrivilegeUseEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-privilegeuse-auditsensitiveprivilegeuse"id="audit-privilegeuse-auditsensitiveprivilegeuse">Audit/PrivilegeUse_AuditSensitivePrivilegeUse</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-system-auditipsecdriver"id="audit-system-auditipsecdriver">Audit/System_AuditIPsecDriver</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-system-auditothersystemevents"id="audit-system-auditothersystemevents">Audit/System_AuditOtherSystemEvents</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-system-auditsecuritystatechange"id="audit-system-auditsecuritystatechange">Audit/System_AuditSecurityStateChange</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-system-auditsecuritysystemextension"id="audit-system-auditsecuritysystemextension">Audit/System_AuditSecuritySystemExtension</a>
  </dd>
  <dd>
    <a href="./policy-csp-audit.md#audit-system-auditsystemintegrity"id="audit-system-auditsystemintegrity">Audit/System_AuditSystemIntegrity</a>
  </dd>
 </dl>
 ### Authentication policies
 <dl>
@ -1131,6 +1313,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Education policies
 <dl>
  <dd>
    <a href="./policy-csp-education.md#education-allowgraphingcalculator"id="education-allowgraphingcalculator">Education/AllowGraphingCalculator</a>
  </dd>
  <dd>
    <a href="./policy-csp-education.md#education-defaultprintername" id="education-defaultprintername">Education/DefaultPrinterName</a>
  </dd>
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -6,17 +6,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 08/26/2019
+ms.date: 09/24/2019
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - Defender
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <hr/>
 <!--Policies-->
@ -2338,13 +2334,13 @@ ADMX Info:
 The following list shows the supported values:  
 - 0 (default) – Every day
-   1 – Monday
+- 1 – Sunday 
-   2 – Tuesday
+- 2 – Monday 
-   3 – Wednesday
+- 3 – Tuesday  
-   4 – Thursday
+- 4 – Wednesday
-   5 – Friday
+- 5 – Thursday  
-   6 – Saturday
+- 6 – Friday  
-   7 – Sunday
+- 7 – Saturday  
 - 8 – No scheduled scan
 <!--/SupportedValues-->
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@ -6,14 +6,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 03/12/2018
+ms.date: 09/23/2019
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - Education
-
+> [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
@ -21,6 +22,9 @@ manager: dansimp
 ## Education policies  
 <dl>
  <dd>
    <a href="#education-allowgraphingcalculator">Education/AllowGraphingCalculator</a>
  </dd>
  <dd>
    <a href="#education-defaultprintername">Education/DefaultPrinterName</a>
  </dd>
@ -32,6 +36,60 @@ manager: dansimp
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="education-allowgraphingcalculator"></a>**Education/AllowGraphingCalculator**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Added in next major release of Windows 10. This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Allow Graphing Calculator*
 -   GP name: *AllowGraphingCalculator*
 -   GP path: *Windows Components/Calculator*
 -   GP ADMX file name: *Programs.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:  
 - 0 - Disabled
 - 1 (default) - Enabled
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
@ -176,7 +234,7 @@ The following list shows the supported values:
 <!--Description-->
 Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
-The policy value is expected to be a ```&#xF000;``` seperated list of printer names.  The OS will attempt to search and install the matching printer driver for each listed printer.
+The policy value is expected to be a ```&#xF000;``` separated list of printer names.  The OS will attempt to search and install the matching printer driver for each listed printer.
 <!--/Description-->
 <!--/Policy-->
@ -190,6 +248,7 @@ Footnotes:
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
 -   6 - Added in Windows 10, version 1903.
 -   7 - Added in next major release of Windows 10.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@ -15,7 +15,7 @@ manager: dansimp
-These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user’s browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](https://docs.microsoft.com/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). 
+These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](https://docs.microsoft.com/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_). 
 <hr/>
@ -224,7 +224,7 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to
 <!--/Scope-->
 <!--Description-->
-Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user clicks on the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk broswser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
+Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user clicks on the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk browser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
 <!--/Description-->
 <!--/Policy-->
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@ -65,7 +65,7 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
+Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
 The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@ -922,11 +922,11 @@ Value type is integer.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info: 
-	GP English name: Let Windows apps access background spatial perception
+-	GP English name: *Let Windows apps access background spatial perception*
-	GP name: LetAppsAccessBackgroundSpatialPerception
+-	GP name: *LetAppsAccessBackgroundSpatialPerception*
-	GP element: LetAppsAccessBackgroundSpatialPerception_Enum
+-	GP element: *LetAppsAccessBackgroundSpatialPerception_Enum*
-	GP path: Windows Components/App Privacy
+-	GP path: *Windows Components/App Privacy*
-	GP ADMX file name: AppPrivacy.admx
+-	GP ADMX file name: *AppPrivacy.admx*
 <!--/ADMXMapped-->
@ -989,11 +989,11 @@ Value type is chr.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info: 
-	GP English name: Let Windows apps access background spatial perception
+-	GP English name: *Let Windows apps access background spatial perception*
-	GP name: LetAppsAccessBackgroundSpatialPerception
+-	GP name: *LetAppsAccessBackgroundSpatialPerception*
-	GP element: LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps_List
+-	GP element: *LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps_List*
-	GP path: Windows Components/App Privacy
+-	GP path: *Windows Components/App Privacy*
-	GP ADMX file name: AppPrivacy.admx
+-	GP ADMX file name: *AppPrivacy.admx*
 <!--/ADMXMapped-->
@ -1040,7 +1040,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1903. 
+Added in Windows 10, version 1903. 
 > [!NOTE]
 > Currently, this policy is supported only in HoloLens 2.
@ -1051,11 +1051,11 @@ Value type is chr.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info: 
-	GP English name: Let Windows apps access background spatial perception
+-	GP English name: *Let Windows apps access background spatial perception*
-	GP name: LetAppsAccessBackgroundSpatialPerception
+-	GP name: *LetAppsAccessBackgroundSpatialPerception*
-	GP element: LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps_List
+-	GP element: *LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps_List*
-	GP path: Windows Components/App Privacy
+-	GP path: *Windows Components/App Privacy*
-	GP ADMX file name: AppPrivacy.admx
+-	GP ADMX file name: *AppPrivacy.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
@ -1116,11 +1116,11 @@ Value type is chr.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info: 
-	GP English name: Let Windows apps access background spatial perception
+-	GP English name: *Let Windows apps access background spatial perception*
-	GP name: LetAppsAccessBackgroundSpatialPerception
+-	GP name: *LetAppsAccessBackgroundSpatialPerception*
-	GP element: LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps_List
+-	GP element: *LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps_List*
-	GP path: Windows Components/App Privacy
+-	GP path: *Windows Components/App Privacy*
-	GP ADMX file name: AppPrivacy.admx
+-	GP ADMX file name: *AppPrivacy.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@ -97,9 +97,6 @@ Supported values:
 <!--/Validation-->
 <!--/Policy-->
 <!--/Policies-->
 <hr/>
 Footnotes:
@ -110,3 +107,5 @@ Footnotes:
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
 -   6 - Added in Windows 10, version 1903.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -668,13 +668,7 @@ The following list shows the supported values:
 Enabling this policy prevents context menus from being invoked in the Start Menu.
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) – False (Do not disable).
 -   1 - True (disable).
 <!--/SupportedValues-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Disable context menus in the Start Menu*
@ -684,6 +678,10 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) – False (Do not disable).
 -   1 - True (disable).
 <!--/SupportedValues-->
 <!--Example-->
@ -1100,13 +1098,7 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon
 Value type is integer.
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) – False (do not hide).
 -   1 - True (hide).
 <!--/SupportedValues-->
 <!--ADMXMapped-->
 ADMX Info:  
 -   GP English name: *Remove the People Bar from the taskbar*
@ -1115,6 +1107,13 @@ ADMX Info:
 -   GP ADMX file name: *StartMenu.admx*
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) – False (do not hide).
 -   1 - True (hide).
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -395,7 +395,7 @@ The following list shows the supported values:
 -   0 – Disabled.
 -   1 (default) – Permits Microsoft to configure device settings only.
-   2 – Allows Microsoft to conduct full experimentations.
+-   2 – Allows Microsoft to conduct full experimentation.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -532,9 +532,9 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
+-   0 – Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
 -   1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
-   2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
+-   2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -763,16 +763,14 @@ Specifies whether to allow the user to factory reset the device by using control
 Most restricted value is 0.
 <!--/Description-->
 > [!TIP]
 > This policy is also applicable to Windows 10 and not exclusive to phone.
-> <!--SupportedValues-->
+<!--/Description-->
 > The following list shows the supported values:
 > orted values:
 <!--SupportedValues-->
 The following list shows the supported values:  
 -   0 – Not allowed.
 -   1 (default) – Allowed to reset to factory default settings.
 <!--/SupportedValues-->
 <!--/Policy-->
@ -1006,10 +1004,10 @@ This policy setting determines whether people can change their own telemetry lev
 If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them.
-If you set this policy setting to "Enable Telemetry opt-in Setings" or don't configure this policy setting, people can change their own telemetry levels in Settings.
+If you set this policy setting to "Enable Telemetry opt-in Settings" or don't configure this policy setting, people can change their own telemetry levels in Settings.
-Note:
+> [!Note]
-Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit.
+> Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit.
 <!--/Description-->
 <!--ADMXMapped-->
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@ -113,10 +113,11 @@ By default, this policy is not configured and the SKU based defaults are used fo
 <!--/SupportedValues-->
 <!--ADMXMapped-->
-ADMX Info:<br/>-   GP English name: <em>Troubleshooting: Allow users to access recommended troubleshooting for known problems</em>
+ADMX Info:  
-   GP name: <em>TroubleshootingAllowRecommendations</em>
+-   GP English name: *Troubleshooting: Allow users to access recommended troubleshooting for known problems*
-   GP path: <em>Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool</em>
+-   GP name: *TroubleshootingAllowRecommendations*
-   GP ADMX file name: <em>MSDT.admx</em>
+-   GP path: *Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool*
 -   GP ADMX file name: *MSDT.admx*
 <!--/ADMXMapped-->
@ -127,8 +128,6 @@ ADMX Info:<br/>-   GP English name: <em>Troubleshooting: Allow users to access r
 <!--/Validation-->
 <!--/Policy-->
 <!--/Policies-->
 <hr/>
 Footnotes:
@ -139,3 +138,4 @@ Footnotes:
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
 -   6 - Added in Windows 10, version 1903.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -13,6 +13,8 @@ manager: dansimp
 # Policy CSP - Update
 > [!NOTE]
 > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 <hr/>
@ -204,11 +206,6 @@ manager: dansimp
 <hr/>
 > [!NOTE]
 > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 <hr/>
 <!--Policy-->
 <a href="" id="update-activehoursend"></a>**Update/ActiveHoursEnd**  
@ -1379,49 +1376,6 @@ Added in Windows 10, version 1803. Enable IT admin to configure feature update u
 <hr/>
 <!--Policy-->
 <a href="" id="update-configurefeatureupdateuninstallperiod"></a>**Update/ConfigureFeatureUpdateUninstallPeriod**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days.
 <!--/Description-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="update-deferfeatureupdatesperiodindays"></a>**Update/DeferFeatureUpdatesPeriodInDays**  
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ b/windows/deployment/windows-autopilot/user-driven.md
@ -9,7 +9,8 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
@ -25,7 +26,7 @@ Windows Autopilot user-driven mode is designed to enable new Windows 10 devices
 - Connect it to a wireless or wired network with internet access.
 - Specify your e-mail address and password for your organization account.
-After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization.  Any additional prompts during the Out-of-Box Experience (OOBE) can be supressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
+After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization.  Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
 Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory.  Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release.  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
@ -54,6 +55,9 @@ For each device that will be deployed using user-driven deployment, these additi
 Also see the [Validation](#validation) section below.
 >[!NOTE]
 >If the device reboots during the device enrollment status page (ESP) in the user-driven Azure Active Directoy join scenario, the user will not automatically sign on because the user's credentials cannot be saved across reboots.  In this scenario, the user will need to sign in manually after the device ESP completes.
 ### User-driven mode for hybrid Azure Active Directory join
 Windows Autopilot requires that devices be Azure Active Directory joined. If you have an on-premises Active Directory environment and want to also join devices to your on-premises domain, you can accomplish this by configuring Autopilot devices to be [hybrid Azure Active Directory (AAD) joined](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan).  
@ -96,4 +100,4 @@ When performing a user-driven deployment using Windows Autopilot, the following
 - Once the device configuration tasks have completed, the user will be signed into Windows 10 using the credentials they previously provided.
 - Once signed in, the enrollment status page will again be displayed for user-targeted configuration tasks.
-In case the observed results do not match these expectations, consult the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
+If your results do not match these expectations, see the [Windows Autopilot Troubleshooting](troubleshooting.md) documentation.
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@ -32,6 +32,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
      <tr><td><div id='729msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#729msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>September 26, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='714msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#714msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
      <tr><td><div id='713msg'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><br>Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.<br><br><a href = '#713msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:58 PM PT</td></tr>
      <tr><td><div id='690msg'></div><b>Screenshots and Snips have an unnatural orange tint</b><br>Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed<br><br><a href = '#690msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>September 11, 2019 <br>08:54 PM PT</td></tr>
@ -68,6 +69,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='729msgdesc'></div><b>Audio in games is quiet or different than expected</b><div>Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a>.</div><br><a href ='#729msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>Resolved:<br>September 26, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='714msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#714msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='713msgdesc'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><div>Microsoft has received&nbsp;reports that a small number of&nbsp;users are having issues related to the <strong>Start </strong>menu and Windows Desktop Search.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> At this time, Microsoft has not found a <strong>Search</strong> or <strong>Start</strong> issue significantly impacting users originating from <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas.&nbsp;If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub <strong>(Windows + F)</strong> then try the Windows 10 Troubleshoot settings (found in <strong>Settings</strong>).&nbsp;If you are having an issue with search, see&nbsp;<a href=\"https://support.microsoft.com/en-us/help/4520146/fix-problems-in-windows-search\" target=\"_blank\">Fix problems in Windows Search</a>.</div><br><a href ='#713msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:58 PM PT<br><br>Opened:<br>September 11, 2019 <br>05:18 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='690msgdesc'></div><b>Screenshots and Snips have an unnatural orange tint</b><div>When creating screenshots or using similar tools (such as Snipping Tool or Snip &amp; Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage.&nbsp;This issue started on or around September 5, 2019.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: None</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;For guidance on this issue, see the Lenovo support article <a href=\"https://forums.lenovo.com/t5/Lenovo-Vantage-Knowledge-Base/Screenshots-and-Snips-have-an-unnatural-orange-tint/ta-p/4522439\" target=\"_blank\">Screenshots and Snips have an unnatural orange tint</a>. There is no update for Windows needed for this issue.</div><br><a href ='#690msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>Last updated:<br>September 11, 2019 <br>08:54 PM PT<br><br>Opened:<br>September 11, 2019 <br>08:54 PM PT</td></tr>
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@ -65,10 +65,10 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='729msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#729msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>September 26, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='714msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#714msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
      <tr><td><div id='713msg'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><br>Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.<br><br><a href = '#713msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:58 PM PT</td></tr>
      <tr><td><div id='706msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Microsoft and NEC have found incompatibility issues with some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903.<br><br><a href = '#706msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td><div id='701msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#701msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td><div id='690msg'></div><b>Screenshots and Snips have an unnatural orange tint</b><br>Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed<br><br><a href = '#690msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>September 11, 2019 <br>08:54 PM PT</td></tr>
      <tr><td><div id='681msg'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><br>Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.<br><br><a href = '#681msgdesc'>See details ></a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>September 10, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
@ -99,10 +99,10 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='729msgdesc'></div><b>Audio in games is quiet or different than expected</b><div>Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a>.</div><br><a href ='#729msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>Resolved:<br>September 26, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='714msgdesc'></div><b>IME may become unresponsive or have High CPU usage</b><div>Some Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (ChsIME.EXE) and Chinese Traditional (ChtIME.EXE) with Changjie/Quick keyboard.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><br></div><div><strong>Resolution:</strong> Due to security related changes in <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>, this issue may occur when <strong>Touch Keyboard and Handwriting Panel Service</strong> is not configured to its default startup type of <strong>Manual</strong>. To resolve the issue, perform the following steps:</div><ol><li>Select the <strong>Start </strong>button and type <strong>Services</strong>.</li><li>Locate <strong>Touch Keyboard and Handwriting Panel Service</strong> and double click on it or long press and select <strong>Properties</strong>.</li><li>Locate <strong>Startup type:</strong> and change it to <strong>Manual</strong></li><li>Select <strong>Ok</strong></li><li>The <strong>TabletInputService&nbsp;</strong>service is now in the default configuration and IME should work as expected.</li></ol><br><a href ='#714msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:08 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='713msgdesc'></div><b>Some users report issues related to the Start menu and Windows Desktop Search</b><div>Microsoft has received&nbsp;reports that a small number of&nbsp;users are having issues related to the <strong>Start </strong>menu and Windows Desktop Search.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong> At this time, Microsoft has not found a <strong>Search</strong> or <strong>Start</strong> issue significantly impacting users originating from <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas.&nbsp;If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub <strong>(Windows + F)</strong> then try the Windows 10 Troubleshoot settings (found in <strong>Settings</strong>).&nbsp;If you are having an issue with search, see&nbsp;<a href=\"https://support.microsoft.com/en-us/help/4520146/fix-problems-in-windows-search\" target=\"_blank\">Fix problems in Windows Search</a>.</div><br><a href ='#713msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>September 19, 2019 <br>04:58 PM PT<br><br>Opened:<br>September 11, 2019 <br>05:18 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='706msgdesc'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><div>Microsoft and NEC have found incompatibility issues with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards when running Windows 10, version 1903 on&nbsp;specific models of NEC devices.&nbsp;If these devices are updated to Windows 10, version 1903, they will no longer be able to use any Wi-Fi connections.&nbsp;The Wi-Fi driver may have a&nbsp;yellow exclamation point in device manager.&nbsp;The task tray icon for networking may show the icon for no internet and&nbsp;<strong>Network &amp; Internet settings</strong>&nbsp;may not show any Wi-Fi networks.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on the affected devices from being offered Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Workaround:</strong> If you are using an affected device and you have already installed Windows 10, version 1903, you can mitigate the issue disabling then re-enabling the Wi-Fi adapter in Device Manager. You should now be able to use Wi-Fi until your next reboot.</div><div><br></div><div><strong>Next steps:</strong> Microsoft and NEC are working on a resolution and will provide an update in an upcoming release.</div><div><br></div><div><strong>Note&nbsp;</strong>We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#706msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>September 13, 2019 <br>05:25 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='701msgdesc'></div><b>Audio in games is quiet or different than expected</b><div>Microsoft has received reports that audio in certain games is quieter or different than expected. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, open settings in the impacted game and disable multi-channel audio, if this option is available. You can also search in the Windows <strong>Control Panel </strong>for 3rd party audio device control panels and disable Multi-channel audio or Virtual Surround Sound, if these options are available.&nbsp;&nbsp;</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and estimates a solution will be available in late September.</div><br><a href ='#701msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>September 13, 2019 <br>05:25 PM PT<br><br>Opened:<br>September 13, 2019 <br>05:25 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='690msgdesc'></div><b>Screenshots and Snips have an unnatural orange tint</b><div>When creating screenshots or using similar tools (such as Snipping Tool or Snip &amp; Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage.&nbsp;This issue started on or around September 5, 2019.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: None</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;For guidance on this issue, see the Lenovo support article <a href=\"https://forums.lenovo.com/t5/Lenovo-Vantage-Knowledge-Base/Screenshots-and-Snips-have-an-unnatural-orange-tint/ta-p/4522439\" target=\"_blank\">Screenshots and Snips have an unnatural orange tint</a>. There is no update for Windows needed for this issue.</div><br><a href ='#690msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516115' target='_blank'>KB4516115</a></td><td>Resolved External<br></td><td>Last updated:<br>September 11, 2019 <br>08:54 PM PT<br><br>Opened:<br>September 11, 2019 <br>08:54 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='681msgdesc'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><div>Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been&nbsp;disabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a>.</div><br><a href ='#681msg'>Back to top</a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved:<br>September 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 04, 2019 <br>02:25 PM PT</td></tr>
      </table>
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@ -61,7 +61,6 @@ sections:
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='722msg'></div><b>You may receive an error when opening or using the Toshiba Qosmio AV Center</b><br>Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.<br><br><a href = '#722msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4516048' target='_blank'>KB4516048</a></td><td>September 24, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='663msg'></div><b>Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV</b><br>Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed<br><br><a href = '#663msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved External<br></td><td>August 27, 2019 <br>02:29 PM PT</td></tr>
      <tr><td><div id='642msg'></div><b>IA64 and x64 devices may fail to start after installing updates</b><br>After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.<br><br><a href = '#642msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>August 17, 2019 <br>12:59 PM PT</td></tr>
      </table>
      "
@ -87,7 +86,6 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='663msgdesc'></div><b>Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV</b><div>Symantec identified the potential for a negative interaction that may occur after Windows Updates code signed with SHA-2 only certificates are installed on devices with Symantec or Norton antivirus programs installed. The software may not correctly identify files included in the update as code signed by Microsoft, putting the device at risk for a delayed or incomplete update.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>The safeguard hold has been removed.&nbsp;Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs. See the <a href=\"https://support.symantec.com/us/en/article.tech255857.html\" target=\"_blank\">Symantec support article</a> for additional detail and please reach out to Symantec or Norton support if you encounter any issues.</div><br><a href ='#663msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved External<br></td><td>Last updated:<br>August 27, 2019 <br>02:29 PM PT<br><br>Opened:<br>August 13, 2019 <br>10:05 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='642msgdesc'></div><b>IA64 and x64 devices may fail to start after installing updates</b><div>IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:</div><div><strong>\"File: \\Windows\\system32\\winload.efi</strong></div><div><strong>Status: 0xc0000428</strong></div><div><strong>Info: Windows cannot verify the digital signature for this file.\"</strong></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Take Action: </strong>To resolve this issue please follow the steps outlined in the&nbsp;<a href=\"https://support.microsoft.com/help/4472027\" target=\"_blank\">SHA-2 support FAQ</a> article for error code 0xc0000428.</div><br><a href ='#642msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>August 17, 2019 <br>12:59 PM PT<br><br>Opened:<br>August 13, 2019 <br>08:34 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@ -50,7 +50,8 @@ sections:
    text: "
      <table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
-      <tr><td><a href = 'https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1367' target='_blank'><b>Advisory: Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)</b></a><br><div>On September 23, 2019, Microsoft released a security update to address a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user permissions as the current user. For example, if a user is logged on with administrative rights, an attacker could take control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights.&nbsp;Alternatively, an attacker could host a specially crafted website targeting Internet Explorer and then entice a user to open web page or a malicious document attached to an e-mail. For more information about the vulnerability, see the Microsoft Security Guide&nbsp;<a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1367\" target=\"_blank\">CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability.&nbsp;</a></div><div>&nbsp;</div><div>Mitigation for this vulnerability is available from the&nbsp;<a href=\"https://portal.msrc.microsoft.com\" target=\"_blank\">Microsoft Security Update Guide</a>. Additionally, on September 24, 2019, mitigation for this vulnerability will be available via Windows Update (WU) and Windows Server Update Services (WSUS) as part of the 9C optional update for all supported versions of Windows, with the exception of Windows 10, version 1903. For devices running Windows 10, version 1903, mitigation for this vulnerability will be available via Windows Update and WSUS as part of the optional 9D update (targeted for September 26, 2019.) You can get the update in Windows via <strong>Settings &gt; Windows Update &gt; Check for Updates</strong>. (Note: Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)</div><div><br></div><div>For the best protection, we recommend you apply the latest Windows updates and follow security best practices and do not open attachments or documents from an untrusted&nbsp;source. For more information about the vulnerability, see the Microsoft Security Guide:&nbsp;<a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1367\" target=\"_blank\">CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability</a>.&nbsp;</div></td><td>September 24, 2019 <br>11:00 AM PT</td></tr>
+      <tr><td><a href = 'https://support.microsoft.com/help/4517211' target='_blank'><b>September 2019 Windows 10, version 1903 \"D\" optional release is available</b></a><br><div>The September 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>September 26, 2019 <br>08:00 AM PT</td></tr>
      <tr><td><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367' target='_blank'><b>Advisory: Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)</b></a><br><div>On September 23, 2019, Microsoft released a security update to address a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could gain the same user permissions as the current user. For example, if a user is logged on with administrative rights, an attacker could take control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights.&nbsp;Alternatively, an attacker could host a specially crafted website targeting Internet Explorer and then entice a user to open web page or a malicious document attached to an e-mail. For more information about the vulnerability, see the Microsoft Security Guide&nbsp;<a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367\" target=\"_blank\">CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability</a>.&nbsp;</div><div>&nbsp;</div><div>Mitigation and more information for this vulnerability is available from the&nbsp;Microsoft Security Update Guide at <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367\" target=\"_blank\">CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability</a>.&nbsp;For the best protection, we recommend you apply the latest Windows updates and follow security best practices and do not open attachments or documents from an untrusted&nbsp;source.&nbsp;</div><div><br></div><div><strong>Update:</strong> Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update, via Windows Update (WU) and Microsoft Update Catalog, for all supported versions of Windows 10, with the exception of Windows 10, version 1903 and Windows 10, version 1507 (LTSB). For devices running Windows 10, version 1903, mitigation for this vulnerability will be included as part of the 9D optional update via WU, WSUS and the Microsoft Update Catalog (targeted for September 26, 2019.)&nbsp;To apply this update, go to <strong>Settings &gt; Windows Update &gt; Check for Updates</strong>. (<strong>Note</strong> Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)&nbsp;</div><div><br></div><div>For customers running Windows 8.1/ Windows Server 2012 R2 or below, the 9C update is also available on Windows Server Update Services (WSUS).&nbsp;For other supported versions of Windows, IT admins using WSUS can import this update&nbsp;into WSUS/SCCM manually from Microsoft Update Catalog. See instructions on the <a href=\"https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site\" target=\"_blank\"><u>WSUS and the Catalog Site</u></a>.</div></td><td>September 24, 2019 <br>05:00 PM PT</td></tr>
      <tr><td><b>Status update: September 2019 Windows \"C\" optional release available</b><br><div>The September 2019 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>September 24, 2019 <br>08:10 AM PT</td></tr>
      <tr><td><b>Plan for change: Windows Media Center Electronic Program Guide retiring in January 2020</b><br><div>Starting in January 2020, Microsoft is retiring its Electronic Program Guide (EPG) service for all versions of Windows Media Center. To continue receiving TV Program Guide information on your Windows Media Center, you’ll need to configure an alternate TV listing provider.</div></td><td>September 24, 2019 <br>08:00 AM PT</td></tr>
      <tr><td><b>Status of September 2019 “C” release</b><br><div>The optional monthly “C” release for September 2019 for all supported versions of Windows and Windows Server prior to Windows 10, version 1903 and Windows Server, version 1903 will be available in the near term. For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow <a href=\"https://twitter.com/windowsupdate\" target=\"_blank\"><u>@WindowsUpdate</u></a> for the latest on the availability of this release.</div></td><td>September 19, 2019 <br>04:11 PM PT</td></tr>
@ -94,48 +95,5 @@ Given the potential impact to customers and their businesses, we have also relea
 </ul>
 For more information about the Windows 10  update servicing cadence, please see the <a href='https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376' target='_blank'>Window IT Pro blog</a>.</div>
 </td><td>May 10, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/4493730/servicing-stack-update-for-windows-server-2008-sp2' target='_blank'><b>Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support</b></a><br>A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update.</td><td>April 19, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847' target='_blank'><b>The benefits of Windows 10 Dynamic Update</b></a><br><div>Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. </div><br>
 <div>Find out which components are updated by Dynamic Update, how Dynamic Update is initiated, and how to enable or disable it.</div></td><td>April 17, 2019 <br>11:26 AM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency' target='_blank'><b>Improvements to the Windows 10 update experience are coming</b></a><br>Find out about the changes coming to the Windows update process that will improve the experience, offer users more control, and improve the quality of Windows updates.</td><td>April 04, 2019 <br>09:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244' target='_blank'><b>Take action: review your Windows Update for Business deferral values</b></a><br><div>If devices under your management are still running Windows 10 Pro or Windows 10 Pro for Workstations, version 1709, your devices will reach end of service on April 9, 2019 if you have configured both of the following Windows Update for Business policies:<br>
 <ul>
 <li>	Branch readiness is configured as Semi-Annual Channel (SAC)</li>
 <li>	Feature update deferral is configured as 274 days or more</li>
 </ul>
 In order avoid this, you need to set your feature update deferral policy to 273 days or less.</div></td><td>April 03, 2019 <br>05:47 PM PT</td></tr>
      <tr><td><a href = 'https://docs.microsoft.com/windows/windows-10/release-information' target='_blank'><b>Find a list of currently supported versions and previous releases</b></a><br>Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it is no longer serviced or supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade, or make other changes to your software. Check out the updated Windows 10 release information page for a list of current versions by servicing option as well as end of service dates.</td><td>March 28, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540' target='_blank'><b>Windows 10, version 1809 designated for broad deployment</b></a><br>Based on the data and the feedback we’ve received from consumers, OEMs, ISVs, partners, and commercial customers, Windows 10, version 1809 has transitioned to broad deployment. With this, the Windows 10 release information page will now reflect Semi-Annual Channel (SAC) for version 1809.</td><td>March 28, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet' target='_blank'><b>Reminder: Additional servicing for the Windows 10 Enterprise, Education, and IoT Enterprise, version 1607 ends April 9, 2019</b></a><br><div>The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ends on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</div><br><div>Devices running Windows 10 Enterprise 2016 LTSB will continue to receive updates until October 2026 per the Fixed Lifecycle Policy. Windows 10, version 1607 devices running the Intel “Clovertrail” chipset will continue to receive updates until January 2023.</div></td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet' target='_blank'><b>Reminder: Windows 10 Home, Pro, Pro for Workstations, and IoT Core,  version 1709 will reach end of service on April 9, 2019</b></a><br><div>Windows 10, version 1709, will reach end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstations, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</div><br><div>Windows 10 Enterprise, Education, and IoT Enterprise editions will continue to receive servicing for 12 months at no cost per the lifecycle announcement on October 2018.</div></td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus' target='_blank'><b>Take action: Install standalone security updates  to introduce SHA-2 code sign support for Windows 7 amd Windows Server 2008 R2</b></a><br>A <a href='https://support.microsoft.com/help/4474419' target='_blank'>standalone SHA-2 code signing support update for Windows Server 2008 R2 and Windows 7</a> is now available, as is a <a href='https://support.microsoft.com/help/4490628' target='_blank'>servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1</a> that includes the SHA-2 code signing support update.</td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/4484071/windows-server-update-services-update-kb4484071' target='_blank'><b>Take action: Install standalone update for WSUS 3.0 SP2 to support the delivery of SHA-2 signed updates</b></a><br>A standalone update, KB4484071 is available on Windows Update Catalog for WSUS 3.0 SP2 that supports delivering SHA-2 signed updates. For those customers using WSUS 3.0 SP2, this update should be manually installed no later than June 18, 2019.</td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426' target='_blank'><b>Reminder: Final Delta update for Windows 10, version 1607, 1703, 1709, and 1803 will be April 9, 2019</b></a><br>March 12th and April 9th will be the last two Delta updates for Windows 10, version 1607, 1703, 1709, and 1803. Security and quality updates will continue to be available via the express and full cumulative update packages.</td><td>March 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience' target='_blank'><b>How do we measure and improve the quality of Windows?</b></a><br><div>Measuring the quality of Windows is a complex undertaking that requires gathering a variety of diagnostic signals from millions of devices within the Windows ecosystem. In addition to rigorous internal testing, we rely heavily on the feedback provided through diagnostic data to detect and fix problems before we release new updates of Windows to the general population, and to monitor the impact of those updates after each release.</div><br>
 <div>Get insight into some of the practices we employ to measure and improve the quality of Windows.</div></td><td>March 06, 2019 <br>10:23 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079' target='_blank'><b>Getting to know the Windows update history pages</b></a><br><div>Windows update history pages offer detailed information about each Windows update: the type of update, which operating systems it affects, the improvements and fixes included, and how to get the update. See how simple it is to use this important resource to access information for Windows 10, Windows Server 2019, and earlier versions of the Windows and Windows Server operating systems.</div></td><td>February 21, 2019 <br>06:37 PM PT</td></tr>
      <tr><td><a href = 'https://aka.ms/release-notes-survey' target='_blank'><b>Share your feedback: Windows update history</b></a><br>We read every comment you leave on our update history pages, and are always looking to improve these pages and the monthly knowledge base (KB) articles that accompany each monthly update. Take our survey and let us know how we can improve our transparency further and make these more compelling and useful to you and your organization.</td><td>February 21, 2019 <br>12:00 PM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523' target='_blank'><b>Plan for change: Windows Update for Business and the retirement of SAC-T</b></a><br>Beginning with Windows 10, version 1903 (the next feature update for Windows 10), the Windows 10 release information page will no longer list SAC-T information for version 1903 and future feature updates. Instead, you will find a single entry for each new SAC release. In addition, if you are using Windows Update for Business, you will see new UI and behavior to reflect that there is only one release date for each SAC release. If you use System Center Configuration Manager, Windows Server Update Services (WSUS), or other management tools, there will now only be one feature update published to WSUS, and this will occur at the time of release. Learn how this change will affect Windows Business for Update customers.</td><td>February 14, 2019 <br>12:00 PM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175' target='_blank'><b>Champs corner: Classifying Windows updates in common deployment tools</b></a><br>If you utilize automated update deployment tools, such as Windows Server Update Services (WSUS) or System Center Configuration Manager, you likely use automatic rules to streamline the approval and deployment of Windows updates. Using the correct update classification is, therefore, an important component of your organization’s device update process. Explore the options available and how to approach it in a WSUS or Configuration Manager environment.</td><td>February 05, 2019 <br>10:34 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426' target='_blank'><b>Update: Delta updates for Windows 10, version 1607, 1703, 1709, and 1803 will be available until April 9, 2019</b></a><br>Based on customer feedback, we are extending Delta update publication for Windows 10 versions 1607, 1703, 1709, and 1803. We will continue to provide Delta updates via the Microsoft Update Catalog through April 9th, 2019, which will be the last delta update available.</td><td>February 05, 2019 <br>09:00 AM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/4493784' target='_blank'><b>Global DNS outage affecting Windows Update customers</b></a><br>Windows Update customers were affected by a network infrastructure event on January 29, 2019 (21:00 UTC), caused by an external DNS service provider’s global outage. A software update to the external provider’s DNS servers resulted in the distribution of corrupted DNS records that affected connectivity to the Windows Update service. The DNS records were restored by January 30, 2019 (00:10 UTC), and the majority of local Internet Service Providers (ISP) have refreshed their DNS servers and customer services have been restored.<div><br><div>
 While this was not an issue with Microsoft’s services, we take any service disruption for our customers seriously. We will work with partners to better understand this so we can provide higher quality service in the future even across diverse global network providers.<div><br><div>
 If you are still unable to connect to Windows Update services due to this problem, please contact your local ISP or network administrator. You can also refer to our new KB4493784 for more information to determine if your network is affected, and to provide your local ISP or network administrator with additional information to assist you.</td><td>January 29, 2019 <br>04:15 PM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2019/01/15/application-compatibility-in-the-windows-ecosystem' target='_blank'><b>Application compatibility in the Windows ecosystem</b></a><br>Our application ecosystem is incredibly diverse, encompassing tens of millions of applications (apps) with numerous versions, languages, architectures, services and configuration options. While our ecosystem is complex, our vision is simple. All apps on Windows devices should just work! Explore the various programs and technologies we use to improve application compatibility.</td><td>January 15, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Modern-desktop-servicing-the-year-in-review/ba-p/304395' target='_blank'><b>Modern desktop servicing: the year in review</b></a><br>2018 was a pivotal year for the modern desktop and the servicing transformation journey we have been taking with you and your organization. In this post, John Wilcox takes a look back and recaps the progress that has been made, highlighting significant events, and provideing nsight into what 2019 has in store.</td><td>December 19, 2018 <br>02:20 PM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem' target='_blank'><b>Driver quality in the Windows ecosystem</b></a><br>Ensuring Windows 10 works great with all the devices and accessories our customers use is a top priority. We work closely with this broad mix of partners to test new drivers, monitor health characteristics over time, and make Windows and our ecosystem more resilient architecturally. Our goal is to ensure that all the updates and drivers we deliver to non-Insider populations are validated and at production quality (including monthly optional releases) before pushing drivers broadly to all. Explore the driver distribution chain and learn how we measure driver quality and prevent conflicts.</td><td>December 19, 2018 <br>10:04 AM PT</td></tr>
      <tr><td><a href = 'http://m365mdp.mpsn.libsynpro.com/001-windows-10-monthly-quality-updates' target='_blank'><b>Introducing the Modern Desktop podcast series</b></a><br>In this new podcast series, we'll explore the good, the bad, and, yes, the ugly of servicing and delivery for Windows 10 and Office 365 ProPlus. We'll talk about modern desktop management through Enterprise Mobility, security, and cloud-attached and co-managed environments. Listen to the first episode, in which we discuss monthly quality updates fpr Windows 10, the Microsoft 365 Stay Current pilot program, and interview a real customer to see how they ingest monthly updates in their organization.</td><td>December 18, 2018 <br>01:00 PM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Measuring-Delivery-Optimization-and-its-impact-to-your-network/ba-p/301809' target='_blank'><b>Measuring Delivery Optimization and its impact to your network</b></a><br>If you've familiarized yourself with the configuration options for Delivery Optimization in Windows 10, and have started to configure the settings you feel will be the best fit for your organization’s network topology, now is the time to see how well those settings are working. This article provides tips on how evaluate performance at the device level or organization level.</td><td>December 13, 2018 <br>03:48 PM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2018/12/10/windows-monthly-security-and-quality-updates-overview' target='_blank'><b>Windows monthly security and quality updates overview</b></a><br>Today’s global cybersecurity threats are both dynamic and sophisticated, and new vulnerabilities are discovered almost every day. We focus on protecting customers from these security threats by providing security updates on a timely basis and with high quality. Find out how we deliver these critical updates on a massive scale as a key component of our ongoing Windows as a service effort.</td><td>December 10, 2018 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181' target='_blank'><b>LTSC: What is it, and when should it be used?</b></a><br>With the Semi-Annual Channel, devices receive two feature updates per year, and benefit from the best performance, user experience, security, and stability. This servicing option continues to be our recommendation for managing Windows 10 updates; however, we acknowledge that certain devices and use cases (e.g. medical systems and industrial process controllers) dictate that functionality and features don’t change over time. Find out how we designed the Long-Term Servicing Channel (LTSC) with these types of use cases in mind, and what is offered through the LTSC.</td><td>November 29, 2018 <br>07:02 PM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Local-Experience-Packs-What-are-they-and-when-should-you-use/ba-p/286841' target='_blank'><b>Plan for change: Local Experience Packs: What are they and when should you use them?</b></a><br>When we released Windows 10, version 1803, we introduced Local Experience Packs (LXPs), which are modern language packs delivered through the Microsoft Store or Microsoft Store for Business. Learn about the biggest advantage to LXPs, and the retirement of legacy language packs (lp.cab) for all Language Interface Packs (LIP).</td><td>November 14, 2018 <br>11:10 AM PT</td></tr>
      <tr><td><a href = 'https://blogs.windows.com/windowsexperience/2018/11/13/windows-10-quality-approach-for-a-complex-ecosystem' target='_blank'><b>Windows 10 Quality approach for a complex ecosystem</b></a><br>While our measurements of quality show improving trends on aggregate for each successive Windows 10 release, if a single customer experiences an issue with any of our updates, we take it seriously. In this blog post, Windows CVP Mike Fortin shares an overview of how we work to continuously improve the quality of Windows and our Windows as a service approach. This blog will be the first in a series of more in-depth explanations of the work we do to deliver quality in our Windows releases.</td><td>November 13, 2018 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-rollout-resumes-now-available-on-VLSC/ba-p/284217' target='_blank'><b>Windows 10, version 1809 rollout resumes; now available on VLSC</b></a><br>Today we are resuming the rollout of the latest Windows 10 feature update—Windows 10, version 1809—via the Software Download Center (via Update Assistant or the Media Creation Tool), Windows Server Update Services (WSUS), and Windows Update for Business. Windows 10, version 1809 is also now available on the Volume Licensing Service Center (VLSC).</td><td>November 13, 2018 <br>10:00 AM PT</td></tr>
      <tr><td><a href = 'https://docs.microsoft.com/windows-server/get-started/express-updates' target='_blank'><b>Express updates for Windows Server 2016 re-enabled for November 2018 update</b></a><br>Starting with the November 13, 2018 Update Tuesday release, Windows will again publish Express updates for Windows Server 2016. That means that system administrators for WSUS and System Center Configuration Manager will once again see two packages for the Windows Server 2016 update: a Full update and an Express update. Read this article for more details.</td><td>November 12, 2018 <br>03:00 PM PT</td></tr>
      <tr><td><a href = 'https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus' target='_blank'><b>Plan for change: 2019 SHA-2 code signing support requirement for Windows and WSUS</b></a><br><div>To protect your security, Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to authenticate that updates come directly from Microsoft and were not tampered with during delivery. Due to weaknesses in the SHA-1 algorithm and to align to industry standards Microsoft will only sign Windows updates using the more secure SHA-2 algorithm exclusively.<div><br><div>Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. To help prepare you for this change, we will release support for SHA-2 signing in 2019. Windows Server Update Services (WSUS) 3.0 SP2 will receive SHA-2 support to properly deliver SHA-2 signed updates. Please make note of the dates in the migration timeline and plan accordingly.</div></td><td>November 09, 2018 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@ -60,6 +60,9 @@ A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant B
 The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
 > [!IMPORTANT]
 > From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://blogs.technet.microsoft.com/tip_of_the_day/2014/01/22/tip-of-the-day-bitlocker-without-tpm-or-usb/).
 > [!NOTE]
 > TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@ -33,25 +33,26 @@ This event generates when a logon session is created (on destination machine). I
 <br clear="all">
 ***Event XML:***
-```
+```xml
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+<?xml version="1.0"?>
- <System>
+<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
+  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/>
    <EventID>4624</EventID>
    <Version>2</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
- <TimeCreated SystemTime="2015-11-12T00:24:35.079785200Z" /> 
+    <TimeCreated SystemTime="2015-11-12T00:24:35.079785200Z"/>
    <EventRecordID>211</EventRecordID>
- <Correlation ActivityID="{00D66690-1CDF-0000-AC66-D600DF1CD101}" /> 
+    <Correlation ActivityID="{00D66690-1CDF-0000-AC66-D600DF1CD101}"/>
- <Execution ProcessID="716" ThreadID="760" /> 
+    <Execution ProcessID="716" ThreadID="760"/>
    <Channel>Security</Channel>
    <Computer>WIN-GG82ULGC9GO</Computer>
- <Security /> 
+    <Security/>
  </System>
- <EventData>
+  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data>
    <Data Name="SubjectDomainName">WORKGROUP</Data>
@ -80,8 +81,7 @@ This event generates when a logon session is created (on destination machine). I
    <Data Name="TargetLinkedLogonId">0x0</Data>
    <Data Name="ElevatedToken">%%1842</Data>
  </EventData>
- </Event>
+</Event>
 ```
 ***Required Server Roles:*** None.
@ -145,16 +145,16 @@ This event generates when a logon session is created (on destination machine). I
 ## Logon types and descriptions
 | Logon Type | Logon Title         | Description                                                                                                                                                                                                                                                                                                                |
-|------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|:----------:|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 2          | Interactive       | A user logged on to this computer.                                                                                                                                                                                                                                                                                         |
+|  `2`       | `Interactive`       | A user logged on to this computer.                                                                                                                                                                                                                                                                                         |
-| 3          | Network           | A user or computer logged on to this computer from the network.                                                                                                                                                                                                                                                            |
+|  `3`       | `Network`           | A user or computer logged on to this computer from the network.                                                                                                                                                                                                                                                            |
-| 4          | Batch             | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.                                                                                                                                                                                         |
+|  `4`       | `Batch`             | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.                                                                                                                                                                                         |
-| 5          | Service           | A service was started by the Service Control Manager.                                                                                                                                                                                                                                                                      |
+|  `5`       | `Service`           | A service was started by the Service Control Manager.                                                                                                                                                                                                                                                                      |
-| 7          | Unlock            | This workstation was unlocked.                                                                                                                                                                                                                                                                                             |
+|  `7`       | `Unlock`            | This workstation was unlocked.                                                                                                                                                                                                                                                                                             |
-| 8          | NetworkCleartext  | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |
+|  `8`       | `NetworkCleartext`  | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |
-| 9          | NewCredentials    | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.                                                                                                                 |
+|  `9`       | `NewCredentials`    | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.                                                                                                                 |
-| 10         | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop.                                                                                                                                                                                                                                      |
+| `10`       | `RemoteInteractive` | A user logged on to this computer remotely using Terminal Services or Remote Desktop.                                                                                                                                                                                                                                      |
-| 11         | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.                                                                                                                                                    |
+| `11`       | `CachedInteractive` | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.                                                                                                                                                    |
 -   **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@ -109,6 +109,7 @@ The following list contains some of the Windows components and Microsoft product
 - Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
 - BitLocker® Drive Full-volume Encryption
 - IPsec Settings of Windows Firewall
 - Server Message Block (SMB) 3.x 
 ## Information for System Integrators
@ -1290,7 +1291,7 @@ Validated Editions: Ultimate Edition
 <td><strong>Algorithms</strong></td>
 </tr>
 <tr class="even">
-<td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
+<td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp76.pdf">5.0.2150.1</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/76">76</a></td>
 <td><p><em>FIPS Approved algorithms:</em> Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28">#28</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29">29</a>); RSA (vendor affirmed)</p>
@ -1317,7 +1318,7 @@ Validated Editions: Ultimate Edition
 <td><strong>Algorithms</strong></td>
 </tr>
 <tr class="even">
-<td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
+<td>Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider</td>
 <td><a href="http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp75.pdf">5.0.1877.6 and 5.0.1877.7</a></td>
 <td><a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/75">75</a></td>
 <td><p><em>FIPS Approved algorithms:</em> Triple-DES (vendor affirmed); SHA-1 (Certs. <a href="https://social.msdn.microsoft.com/forums/en-us/f93c9ee5-89b9-41a4-96c4-6eb9346625b9/msrai-msra-parsing-remote-assistance-packets-in-network-monitor?forum=os_windowsprotocolshttps://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20">#20</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21">21</a>); DSA/SHA-1 (Certs. <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25">#25</a> and <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26">26</a>); RSA (vendor- affirmed)</p>
@ -6219,7 +6220,7 @@ Version 6.3.9600</td>
 <strong>SHA-256</strong> (BYTE-only)<br />
 <strong>SHA-384</strong> (BYTE-only)<br />
 <strong>SHA-512</strong> (BYTE-only)</td>
-<td><p>Windows 7and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">#1081</a></p>
+<td><p>Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081">#1081</a></p>
 <p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) <a href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816.">#816</a></p></td>
 </tr>
 <tr class="odd">
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@ -8,7 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: macaparas
+ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@ -61,6 +61,9 @@ You can also delete tags from this view.
 >- Windows Server, version 1803 or later
 >- Windows Server 2016
 >- Windows Server 2012 R2
 >- Windows Server 2008 R2 SP1
 >- Windows 8.1
 >- Windows 7 SP1
 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
@ -48,11 +48,11 @@ Download the installation and onboarding packages from Windows Defender Security
    Extract the contents of the .zip files:
    ```bash
-    ls -l
+    $ ls -l
    total 721152
    -rw-r--r--  1 test  staff       6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    $ unzip WindowsDefenderATPOnboardingPackage.zip
    Archive:  WindowsDefenderATPOnboardingPackage.zip
    inflating: WindowsDefenderATPOnboarding.py
    ```
@ -92,7 +92,7 @@ If you did not enable Microsoft's driver during installation, then the applicati
 You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available:
 ```bash
-mdatp --health
+$ mdatp --health
 ...
 realTimeProtectionAvailable             : false
 realTimeProtectionEnabled               : true
@ -112,7 +112,7 @@ In this case, you need to perform the following steps to enable Real-Time Protec
 1. In Terminal, attempt to install the driver. (The operation will fail)
    ```bash
-    sudo kextutil /Library/Extensions/wdavkext.kext
+    $ sudo kextutil /Library/Extensions/wdavkext.kext
    Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
    Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
    Diagnostics for /Library/Extensions/wdavkext.kext:
@ -125,13 +125,13 @@ In this case, you need to perform the following steps to enable Real-Time Protec
 4. In Terminal, install the driver again. This time the operation will succeed:
 ```bash
-sudo kextutil /Library/Extensions/wdavkext.kext
+$ sudo kextutil /Library/Extensions/wdavkext.kext
 ```
 The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available:
 ```bash
-mdatp --health
+$ mdatp --health
 ...
 realTimeProtectionAvailable             : true
 realTimeProtectionEnabled               : true
@ -145,20 +145,20 @@ realTimeProtectionEnabled               : true
    The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
    ```bash
-    mdatp --health orgId
+    $ mdatp --health orgId
    ```
 2. Run the Python script to install the configuration file:
    ```bash
-    /usr/bin/python WindowsDefenderATPOnboarding.py
+    $ /usr/bin/python WindowsDefenderATPOnboarding.py
    Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
    ```
 3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
    ```bash
-    mdatp --health orgId
+    $ mdatp --health orgId
    E6875323-A6C0-4C60-87AD-114BBE7439B8
    ```
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
@ -50,28 +50,29 @@ Download the installation and onboarding packages from Microsoft Defender Securi
    Extract the contents of the .zip files:
    ```bash
-    mavel-macmini:Downloads test$ ls -l
+    $ ls -l
    total 721688
    -rw-r--r--  1 test  staff     269280 Mar 15 11:25 IntuneAppUtil
    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    $ unzip WindowsDefenderATPOnboardingPackage.zip
    Archive:  WindowsDefenderATPOnboardingPackage.zip
    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
      inflating: intune/kext.xml
      inflating: intune/WindowsDefenderATPOnboarding.xml
      inflating: jamf/WindowsDefenderATPOnboarding.plist
    mavel-macmini:Downloads test$
    ```
 7. Make IntuneAppUtil an executable:
-    ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
+    ```bash
    $ chmod +x IntuneAppUtil
    ```
 8. Create the wdav.pkg.intunemac package from wdav.pkg:
    ```bash
-    mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
+    $ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
    Microsoft Intune Application Utility for Mac OS X
    Version: 1.0.0.0
    Copyright 2018 Microsoft Corporation
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@ -51,17 +51,16 @@ Download the installation and onboarding packages from Windows Defender Security
 5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so:
    ```bash
-    mavel-macmini:Downloads test$ ls -l
+    $ ls -l
    total 721160
    -rw-r--r--  1 test  staff      11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
    -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
-    mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
+    $ unzip WindowsDefenderATPOnboardingPackage.zip
    Archive:  WindowsDefenderATPOnboardingPackage.zip
    warning:  WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
    inflating: intune/kext.xml
     inflating: intune/WindowsDefenderATPOnboarding.xml
     inflating: jamf/WindowsDefenderATPOnboarding.plist
    mavel-macmini:Downloads test$
    ```
 ## Create JAMF policies
@ -166,7 +165,7 @@ Once the policy is applied, you'll see the Microsoft Defender ATP icon in the ma
 You can monitor policy installation on a device by following the JAMF log file:
 ```bash
-    mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
+    $ tail -f /var/log/jamf.log
    Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
    Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
    Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
@ -179,7 +178,7 @@ You can monitor policy installation on a device by following the JAMF log file:
 You can also check the onboarding status:
 ```bash
-mavel-mojave:~ testuser$ mdatp --health
+$ mdatp --health
 ...
 licensed                                : true
 orgId                                   : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
@ -195,7 +194,7 @@ orgId                                   : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45"
 You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
 ```bash
-mdatp --health healthy
+$ mdatp --health healthy
 ```
 The above command prints "1" if the product is onboarded and functioning as expected.
@ -219,6 +218,8 @@ Create a script in **Settings > Computer Management > Scripts**.
 This script removes Microsoft Defender ATP from the /Applications directory:
 ```bash
   #!/bin/bash
   echo "Is WDAV installed?"
   ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@ -66,7 +66,7 @@ Whether real-time protection (scan files as they are accessed) is enabled or not
 Whether the antivirus engine runs in passive mode or not. In passive mode:
 - Real-time protection is turned off
- On demand scanning is turned on
+- On-demand scanning is turned on
 - Automatic threat remediation is turned off
 - Security intelligence updates are turned on
 - Status menu icon is hidden
@ -149,6 +149,16 @@ Used to exclude content from the scan by file name.
 | **Possible values** | any string |
 | **Comments** | Applicable only if *$type* is *excludedFileName* |
 #### Allowed threats
 List of threats (identified by their name) that are not blocked by the product and are instead allowed to run.
 |||
 |:---|:---|
 | **Domain** | com.microsoft.wdav |
 | **Key** | allowedThreats |
 | **Data type** | Array of strings |
 #### Threat type settings
 The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product.
@ -243,7 +253,7 @@ The *userInterface* section of the configuration profile is used to manage the p
 #### Show / hide status menu icon
-Whether the status menu icon (shown in the top right corner of the screen) is hidden or not.
+Whether the status menu icon (shown in the top-right corner of the screen) is hidden or not.
 |||
 |:---|:---|
@ -425,7 +435,7 @@ The following configuration profile contains entries for all settings described
        </array>
        <key>allowedThreats</key>
        <array>
-            <string>eicar</string>
+            <string>EICAR-Test-File (not a virus)</string>
        </array>
        <key>threatTypeSettings</key>
        <array>
@ -540,7 +550,7 @@ The following configuration profile contains entries for all settings described
                    </array>
                    <key>allowedThreats</key>
                    <array>
-                        <string>eicar</string>
+                        <string>EICAR-Test-File (not a virus)</string>
                    </array>
                    <key>threatTypeSettings</key>
                    <array>
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@ -31,7 +31,7 @@ If you can reproduce a problem, please increase the logging level, run the syste
 1. Increase logging level:
   ```bash
-   mdatp --log-level verbose
+   $ mdatp --log-level verbose
   Creating connection to daemon
   Connection established
   Operation succeeded
@ -39,10 +39,10 @@ If you can reproduce a problem, please increase the logging level, run the syste
 2. Reproduce the problem
-3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
+3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
   ```bash
-   mdatp --diagnostic --create
+   $ sudo mdatp --diagnostic --create
   Creating connection to daemon
   Connection established
   ```
@ -50,7 +50,7 @@ If you can reproduce a problem, please increase the logging level, run the syste
 4. Restore logging level:
   ```bash
-   mdatp --log-level info
+   $ mdatp --log-level info
   Creating connection to daemon
   Connection established
   Operation succeeded
@ -82,13 +82,13 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |-------------|-------------------------------------------|-----------------------------------------------------------------------|
 |Configuration|Turn on/off real-time protection           |`mdatp --config realTimeProtectionEnabled [true/false]`                |
 |Configuration|Turn on/off cloud protection               |`mdatp --config cloudEnabled [true/false]`                             |
-|Configuration|Turn on/off product diagnostics            |`mdatp --config diagnostic [true/false]`                               |
+|Configuration|Turn on/off product diagnostics            |`mdatp --config cloudDiagnosticEnabled [true/false]`                               |
 |Configuration|Turn on/off automatic sample submission    |`mdatp --config cloudAutomaticSampleSubmission [true/false]`           |
 |Configuration|Turn on PUA protection                     |`mdatp --threat --type-handling potentially_unwanted_application block`|
 |Configuration|Turn off PUA protection                    |`mdatp --threat --type-handling potentially_unwanted_application off`  |
 |Configuration|Turn on audit mode for PUA protection      |`mdatp --threat --type-handling potentially_unwanted_application audit`|
 |Diagnostics  |Change the log level                       |`mdatp --log-level [error/warning/info/verbose]`                       |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic`                                                   |
+|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic --create`                                                   |
 |Health       |Check the product's health                 |`mdatp --health`                                                       |
 |Protection   |Scan a path                                |`mdatp --scan --path [path]`                                           |
 |Protection   |Do a quick scan                            |`mdatp --scan --quick`                                                 |
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@ -69,7 +69,7 @@ To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/ap
 If you prefer the command line, you can also check the connection by running the following command in Terminal:
 ```bash
-curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
 ```
 The output from this command should be similar to the following: