From 26faf9fc3481324e811b9ddaf276af063e1cbb89 Mon Sep 17 00:00:00 2001
From: Riley Childs <me@rileychilds.me>
Date: Sat, 8 Aug 2020 13:51:40 -0400
Subject: [PATCH 1/4] added directions that the CMD must also be copied

added directions that the CMD must also be copied when you only want a single entry since the .ps1 requires the cmd. This is unclear in the current documentation
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 0d005b607d..1ee1bac728 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -70,7 +70,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
 3. The following step is only applicable if you're implementing a single entry for each device: <br>
     **For single entry for each device**:<br>
-        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

From fab6a8b123e86985cbdd51884db50cac17f9ee08 Mon Sep 17 00:00:00 2001
From: Russ Rimmerman <russ.rimmerman@microsoft.com>
Date: Sat, 8 Aug 2020 20:03:03 -0500
Subject: [PATCH 2/4] Update
 open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md

Navigation title not clear and title seems it is is one of the steps rather than a title
---
 ...nt-console-to-windows-firewall-with-advanced-security.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 8bea94a26f..315f5c9f9a 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
 ---
-title: Open the Group Policy Management Console to Windows Firewall with Advanced Security (Windows 10)
-description: Open the Group Policy Management Console to Windows Firewall with Advanced Security
+title: Group Policy Management of Windows Firewall with Advanced Security (Windows 10)
+description: Group Policy Management of Windows Firewall with Advanced Securit
 ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
 ms.reviewer: 
 ms.author: dansimp
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Open the Group Policy Management Console to Windows Firewall with Advanced Security
+# Group Policy Management of Windows Firewall with Advanced Security
 
 **Applies to**
 -   Windows 10

From e0b0d1fac79b8d209313fa81d86fe338281a3e3f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 10 Aug 2020 17:59:06 -0700
Subject: [PATCH 3/4] Various fixes for layout and code block types

Second-level list items only have the correct layout when we use automatic numbering (1., 1., 1.).

The complete list of valid types for code blocks is here: https://docsmetadatatool.azurewebsites.net/allowlists/#
---
 .../configure-endpoints-vdi.md                | 54 ++++++++++---------
 1 file changed, 29 insertions(+), 25 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 1ee1bac728..32e7e448f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -55,13 +55,13 @@ The following steps will guide you through onboarding VDI devices and will highl
 
 1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
-    a.  In the navigation pane, select **Settings** > **Onboarding**.
+    1.  In the navigation pane, select **Settings** > **Onboarding**.
 
-    b. Select Windows 10 as the operating system.
+    1. Select Windows 10 as the operating system.
 
-    c.  In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
+    1.  In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
 
-    d. Click **Download package** and save the .zip file.
+    1. Click **Download package** and save the .zip file.
 
 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 
@@ -69,35 +69,39 @@ The following steps will guide you through onboarding VDI devices and will highl
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
 
 3. The following step is only applicable if you're implementing a single entry for each device: <br>
-    **For single entry for each device**:<br>
-        a. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
+   **For single entry for each device**:
+    
+   1. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
 
-    >[!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
+   > [!NOTE]
+   > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
 
 4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
 
-    >[!NOTE]
-    >Domain Group Policy may also be used for onboarding non-persistent VDI devices.
+   > [!NOTE]
+   > Domain Group Policy may also be used for onboarding non-persistent VDI devices.
 
 5. Depending on the method you'd like to implement, follow the appropriate steps: <br>
-  **For single entry for each device**:<br>
-  Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`. <br><br>
-  **For multiple entries for each device**:<br>
-  Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
+   **For single entry for each device**:<br>
+   
+   Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.
+   
+   **For multiple entries for each device**:
+   
+   Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
 
 6. Test your solution:
 
-    a. Create a pool with one device.
+   1. Create a pool with one device.
       
-    b. Logon to device.
+   1. Logon to device.
       
-    c. Logoff from device.
+   1. Logoff from device.
 
-    d. Logon to device with another user.
+   1. Logon to device with another user.
       
-    e. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.<br>
-    **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
+   1. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.<br>
+      **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
 
 7. Click **Devices list** on the Navigation pane.
 
@@ -107,7 +111,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 As a best practice, we recommend using offline servicing tools to patch golden/master images.<br>
 For example, you can use the below commands to install an update while the image remains offline:
 
-```
+```console
 DISM /Mount-image /ImageFile:"D:\Win10-1909.vhdx" /index:1 /MountDir:"C:\Temp\OfflineServicing" 
 DISM /Image:"C:\Temp\OfflineServicing" /Add-Package /Packagepath:"C:\temp\patch\windows10.0-kb4541338-x64.msu"
 DISM /Unmount-Image /MountDir:"C:\Temp\OfflineServicing" /commit
@@ -124,15 +128,15 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 
 2. Ensure the sensor is stopped by running the command below in a CMD window:
 
-    ```
-    sc query sense
-    ```
+   ```console
+   sc query sense
+   ```
 
 3. Service the image as needed.
 
 4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
 
-    ```
+    ```console
     PsExec.exe -s cmd.exe
     cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
     del *.* /f /s /q

From 714aeb2b361695f7382726068e346d17cba61617 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 10 Aug 2020 18:01:31 -0700
Subject: [PATCH 4/4] Acrolinx spelling: Securit

---
 ...gement-console-to-windows-firewall-with-advanced-security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 315f5c9f9a..ae4136db06 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
 ---
 title: Group Policy Management of Windows Firewall with Advanced Security (Windows 10)
-description: Group Policy Management of Windows Firewall with Advanced Securit
+description: Group Policy Management of Windows Firewall with Advanced Security
 ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
 ms.reviewer: 
 ms.author: dansimp