Merged PR 4752: 11/30 PM Publish

windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -127,7 +127,7 @@ See the following table for a summary of the management settings for Windows 10
 | [24. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
 | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
-|     [26.1 General](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
+|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
 | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
 
@@ -155,7 +155,7 @@ See the following table for a summary of the management settings for Windows Ser
 | [23. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 | [24. Windows Media Player](#bkmk-wmp) | | | | ![Check mark](images/checkmark.png) |
 | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
-|     [26.1 General](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
+|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |  | |
 | [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
 
 ### Settings for Windows Server 2016 Server Core

windows/deployment/windows-10-auto-pilot.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: DaniHalfin
 ms.author: daniha
-ms.date: 06/30/2017
+ms.date: 11/30/2017
 ---
 
 # Overview of Windows AutoPilot

windows/device-security/tpm/manage-tpm-commands.md

@@ -77,7 +77,7 @@ The following procedures describe how to manage the TPM command lists. You must
 
 ## Use the TPM cmdlets
 
-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
+You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatformModule PowerShell cmdlets](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
 
 ## Related topics
 

windows/threat-protection/TOC.md

@@ -136,6 +136,7 @@
 #### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
 ##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
 ##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
+### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 ### [Configure Windows Defender ATP preferences settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
 #### [Update general settings](windows-defender-atp\general-settings-windows-defender-advanced-threat-protection.md)
 #### [Turn on advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
@@ -145,8 +146,9 @@
 #### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
 #### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
+
 ### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
-### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
+### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
 ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)

windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -43,6 +43,11 @@ You can also [specify how long the file should be prevented from running](config
 > [!IMPORTANT]
 > There is no specific individual setting in System Center Configuration Manager to enable or disable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.
 
+
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+
+
 ## How it works
 
 When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. 

windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md

@@ -32,6 +32,12 @@ This topic lists the connections that must be allowed, such as by using firewall
 
 See the Enterprise Mobility and Security blog post [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) for some details about network connectivity.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+>- Cloud-delivered protection
+>- Fast learning (including Black at first sight)
+>- Potentially unwanted application blocking
+
 ## Allow connections to the Windows Defender Antivirus cloud
 
 The Windows Defender Antivirus cloud provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommend as it provides very important protection against malware on your endpoints and across your network.

windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md

@@ -41,6 +41,9 @@ Typical PUA behavior includes:
 
 These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify, and can waste IT resources in cleaning up the applications.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 ## How it works
 
 PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:

windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md

@@ -86,10 +86,10 @@ Use the following cmdlets to enable cloud-delivered protection:
 
 ```PowerShell
 Set-MpPreference -MAPSReporting Advanced
-Set-MpPreference -SubmitSamplesConsent 3
+Set-MpPreference -SubmitSamplesConsent Always
 ```
 >[!NOTE]
->You can also set -SubmitSamplesConsent to 1. Setting it to 0 will lower the protection state of the device, and setting it to 2 means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
+>You can also set -SubmitSamplesConsent to `None`. Setting it to `Never` will lower the protection state of the device, and setting it to 2 means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
 
 
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.

windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md

@@ -28,6 +28,13 @@ ms.date: 08/25/2017
 
 If you're an enterprise security administrator, and you want to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications, then you can use this guide to help you evaluate Microsoft protection.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
+>- Cloud-delivered protection
+>- Fast learning (including Black at first sight)
+>- Potentially unwanted application blocking
+
+
 It explains the important features available for both small and large enterprises in Windows Defender, and how they will increase malware detection and protection across your network.
 
 You can choose to configure and evaluate each setting independently, or all at once. We have grouped similar settings based upon typical evaluation scenarios, and include instructions for using PowerShell to enable the settings.

windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md

@@ -34,6 +34,11 @@ The tables list:
 - [Windows Defender AV client error codes](#error-codes)
 - [Internal Windows Defender AV client error codes (used by Microsoft during development and testing)](#internal-error-codes)
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
+>- Cloud-delivered protection
+>- Fast learning (including Black at first sight)
+>- Potentially unwanted application blocking
 
 <a id="windows-defender-av-ids"></a>
 ## Windows Defender AV event IDs
@@ -1637,8 +1642,8 @@ The Windows Defender client attempted to download and install the latest definit
 To troubleshoot this event:
 <ol>
 <li>Restart the computer and try again.</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<li>Download the latest definitions from the <a href="https://aka.ms/wdsi">Windows Defender Security Intelligence site</a>.
-Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
+Note: The size of the definitions file downloaded from the site can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
@@ -2708,8 +2713,8 @@ This error indicates that there might be a problem with your security product.
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/>Or,
 </li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<li>Download the latest definitions from the <a href="https://aka.ms/wdsi">Windows Defender Security Intelligence site</a>.
-Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
+Note: The size of the definitions file downloaded from the site can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 </ol>
 </li>

windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -40,6 +40,10 @@ src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc
 
 Cloud-delivered protection is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
+
 The following table describes the differences in cloud-delivered protection between recent versions of Windows and System Center Configuration Manager.
 
 

windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -42,6 +42,13 @@ Some of the highlights of Windows Defender AV include:
 - [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
 - [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research
 
+
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working and see how they work:
+>- Cloud-delivered protection
+>- Fast learning (including Black at first sight)
+>- Potentially unwanted application blocking
+
 ## What's new in Windows 10, version 1703
 
 New features for Windows Defender AV in Windows 10, version 1703 include:

windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,39 @@
+---
+title: Access the Windows Defender ATP Community Center
+description: Access the Windows Defender ATP Community Center to share experiences, engange, and learn about the product.
+keywords: community, community center, tech community, conversation, announcements
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 11/30/2017
+---
+
+
+# Access the Windows Defender ATP Community Center
+
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+
+There are several spaces you can explore to learn about specific information:
+- Announcements 
+- What's new
+- Threat Intelligence
+
+
+There are several ways you can access the Community Center:
+- In the Windows Defender ATP portal navigation pane, select **Community center**.  A new browser tab opens and takes you to the Windows Defender ATP Tech Community page. 
+- Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
+
+
+You can instantly view and read conversations that have been posted in the community. 
+
+To get the full experience within the community such as being able to comment on posts, you'll need to join the community. For more information on how to get started in the Microsoft Tech Community, see [Microsoft Tech Community: Getting Started](https://techcommunity.microsoft.com/t5/Getting-Started/Microsoft-Tech-Community-Getting-Started-Guide/m-p/77888#M15).

windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -20,7 +20,7 @@ ms.date: 10/17/2017
 - Windows Server 2016
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
 

windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -58,6 +58,9 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
 - [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)<br>
 Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
 
+- [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)<br>
+The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. Access and join the community to learn and interact with other members on product specific information. 
+
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
 

windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

@@ -46,6 +46,9 @@ Attack surface reduction helps prevent actions and apps that are typically used
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
 
 The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:

windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md

@@ -40,6 +40,9 @@ This topic provides links that describe how to enable the audit functionality fo
 
 You can use Group Policy, PowerShell, and configuration servicer providers (CSPs) to enable audit mode.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+
 
 
 Audit options | How to enable audit mode | How to view events
@@ -58,7 +61,7 @@ You can also use the a custom PowerShell script that enables the features in aud
 
 2. Right-click **Windows PowerShell**, click **Run as administrator** and click **Yes** or enter admin credentials at the prompt.
 
-3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audie mode:
+3. Enter the following in the PowerShell window to enable Controlled folder access and Attack surface reduction in audit mode:
     ```PowerShell
     Set-ExecutionPolicy Bypass -Force
     <location>\Enable-ExploitGuardAuditMode.ps1

windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md

@@ -42,6 +42,9 @@ Controlled folder access helps you protect valuable data from malicious apps and
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
 
 All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.

windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -185,7 +185,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
  The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Defender Security Center. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
 
  >[!IMPORTANT]
- >Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overriden.
+ >Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overridden.
 
 
  You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
@@ -194,7 +194,16 @@ Exporting the configuration as an XML file allows you to copy the configuration
 Get-ProcessMitigation -Name processName.exe 
 ```
 
- Use `Set` to configure each mitigation in the following format:
+>[!IMPORTANT]
+>System-level mitigations that have not been configured will show a status of `NOTSET`. 
+>
+>For system-level settings, `NOTSET` indicates the default setting for that mitigation has been applied. 
+>
+>For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied. 
+>
+>The default setting for each system-level mitigation can be seen in the Windows Defender Security Center, as described in the [Configure system-level mitigations with the Windows Defender Security Center app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
+
+Use `Set` to configure each mitigation in the following format:
 
  ```PowerShell
 Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>

windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -49,6 +49,12 @@ You can enable Controlled folder access with the Windows Defender Security Cente
 
 For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
 
+>[!NOTE]
+>The Controlled folder access feature will display the state in the Windows Defender Security Center app under **Virus & threat protection settings**.
+>If the feature is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Defender Security Center app after a restart of the device.
+>If the feature is set to **Audit mode** with any of those tools, the Windows Defender Security Center app will show the state as **Off**, as protection offered by the feature will not work.
+>See [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md) for more details on how audit mode works.
+
 
 ### Use the Windows Defender Security app to enable Controlled folder access
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md

@@ -39,12 +39,15 @@ ms.date: 08/25/2017
 
 Attack surface reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md). 
 
-This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
+This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization.
 
 >[!NOTE]
 >This topic uses a customized testing tool and PowerShell cmdlets to make it easy to enable the feature and test it. 
 >For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Attack surface reduction topic](attack-surface-reduction-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 
 ## Use the demo tool to see how Attack surface reduction works
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md

@@ -38,12 +38,14 @@ Controlled folder access is a feature that is part of Windows Defender Exploit G
 
 It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
 
-This topic helps you evaluate Controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
+This topic helps you evaluate Controlled folder access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization.
 
 >[!NOTE]
 >This topic uses PowerShell cmdlets to make it easy to enable the feature and test it. 
 >For instructions on how to use Group Policy, Mobile Device Management (MDM), and System Center Configuration Manager to deploy these settings across your network, see the main [Controlled folder access topic](controlled-folders-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 ## Use the demo tool to see how Controlled folder access works
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md

@@ -46,6 +46,8 @@ This topcs helps you evaluate Exploit protection. See the [Exploit protection to
 >This topic uses PowerShell cmdlets to make it easy to enable the feature and test it. 
 >For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit protection topic](exploit-protection-exploit-guard.md) .
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 
 ## Enable and validate an Exploit protection mitigation
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md

@@ -45,6 +45,9 @@ This topic helps you evaluate Network protection by enabling the feature and gui
 >[!NOTE]
 >The site will replicate the behavior that would happen if a user visted a malicious site or domain. The sites in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 ## Enable Network protection
 
 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**

windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md

@@ -33,7 +33,11 @@ Windows Defender Exploit Guard is a new collection of tools and features that he
 
 Windows Defender Exploit Guard is comprised of four features. We've developed evaluation guides for each of the features so you can easily and quickly see how they work and determine if they are suitable for your organization.
 
-Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisutes are.
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+
+
+Before you begin, you should read the main [Windows Defender Exploit Guard](windows-defender-exploit-guard.md) topic to get an understanding of each of the features and what their prerequisites are.
 
 
 - [Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md)
@@ -45,6 +49,8 @@ You might also be interested in enabling the features in audit mode - which allo
 
 - [Use audit mode to evaluate Windows Defender Exploit Guard features](audit-windows-defender-exploit-guard.md)
 
+
+
 ## Related topics
 
 Topic | Description 

windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md

@@ -42,6 +42,9 @@ Exploit protection automatically applies a number of exploit mitigation techniqu
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
 Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
 
  You [configure these settings using the Windows Defender Security Center app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once.

windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md

@@ -59,10 +59,13 @@ The [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) contains a sample
 
 Before you export a configuration file, you need to ensure you have the correct settings.
 
-You should first configure Exploit protection on a single, dedicated machine. See the [Customize Exploit protection](customize-exploit-protection.md) topic for descriptions about and instrucitons for configuring mitigations.
+You should first configure Exploit protection on a single, dedicated machine. See the [Customize Exploit protection](customize-exploit-protection.md) topic for descriptions about and instructions for configuring mitigations.
 
 When you have configured Exploit protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Defender Security Center app or PowerShell.
 
+
+
+
 ### Use the Windows Defender Security Center app to export a configuration file
 
 
@@ -114,6 +117,7 @@ After importing, the settings will be instantly applied and can be reviewed in t
 Change `filename` to the location and name of the Exploit protection XML file.
 
 >[!IMPORTANT]
+>
 >Ensure you import a configuration file that is created specifically for Exploit protection. You cannot directly import an EMET configuration file, you must convert it first.
 
 
@@ -123,6 +127,15 @@ You can convert an existing EMET configuration file to the new format used by Ex
 
 You can only do this conversion in PowerShell.
 
+>[!WARNING]
+>
+>You cannot directly convert the default EMET configuration files that are distributed with EMET. These files are intended to help set up EMET for a first-time user. Attempting to directly convert these files into an Exploit protection configuration file will not work.
+>
+>However, if you want to apply the same settings as in the default EMET configuration files, you must first import the default configuration file into EMET, then export the settings to a new file. 
+>
+>You can then convert that file using the PowerShell cmdlet described here before importing the settings into Exploit protection.
+
+
 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
@@ -132,6 +145,13 @@ You can only do this conversion in PowerShell.
 
 Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
 
+>[!IMPORTANT]
+>
+>If you have enabled Mandatory ASLR for any apps in EMET, export the EMET settings to an XML file, and then convert the XML file into an Exploit protection configuration file, you will need to manually edit the converted XML file to ensure the Mandatory ASLR mitigation setting is correctly configured:
+>
+> 1. Open the PowerShell-converted XML file in a text editor.
+> 2. Search for `ASLR ForceRelocateImages="false"` and change it to `ASLR ForceRelocateImages="true"` for each app that you want Mandatory ASLR to be enabled.
+
 
 ## Manage or deploy a configuration
 

windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -42,6 +42,10 @@ It expands the scope of [Windows Defender SmartScreen](../windows-defender-smart
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
+
+
 Network protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
 
 When Network protection blocks a connection, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.

windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -45,6 +45,9 @@ You can evaluate each feature of Windows Defender EG with the guides at the foll
 
 You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for the features, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
 
+>[!TIP]
+>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
+
 Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
 - [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
 - [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)