diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index fd4eac6e4d..bf899e6c8e 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -23,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
Supported operations are Get and Add.
Sample syncml:
-
+
+```
./Vendor/MSFT/Update/ApprovedUpdates/%7ba317dafe-baf4-453f-b232-a7075efae36e%7d
-
+```
**ApprovedUpdates/*Approved Update Guid*/ApprovedTime**
Specifies the time the update gets approved.
@@ -166,7 +167,7 @@ If the conditions are not true, the device will not Roll Back the Latest Quality
**Rollback/FeatureUpdate**
Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions:
-- Condition 1: Device must be Windows Update for Business Connnected
+- Condition 1: Device must be Windows Update for Business Connected
- Condition 2: Device must be in Paused State
- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
- Condition 4: Machine should be within the uninstall period
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index ea12784169..731adeeb60 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -20,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
Roll Back Latest Feature Update, if the machine meets the following conditions:
- Condition 1: Device must be WUfB Connnected
+ Condition 1: Device must be WUfB Connected
Condition 2: Device must be in Paused State
Condition 3: Device must have the Latest Feature Update Installed on the device (Current State)
Condition 4: Machine should be within the uninstall period
@@ -615,7 +615,7 @@ The XML below is for Windows 10, version 1803.
- Returns the result of last RollBack QualityUpdate opearation.
+ Returns the result of last RollBack QualityUpdate operation.
@@ -637,7 +637,7 @@ The XML below is for Windows 10, version 1803.
- Returns the result of last RollBack FeatureUpdate opearation.
+ Returns the result of last RollBack FeatureUpdate operation.
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index 3e277d92c5..b3e8aef28c 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
This topic shows the OMA DM device description framework (DDF) for the **VPN** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 8b233ba1e3..7db7e01ffb 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -25,7 +25,7 @@ Programming considerations:
- Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
-- The *name\_goes\_here* must match *name\_goes\_here*.
+- The \*name\_goes\_here*\\ must match \\ *name\_goes\_here*\\.
- For the WiFi CSP, you cannot use the Replace command unless the node already exists.
- Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
@@ -43,10 +43,10 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is
Supported operation is Get.
-****
+**\**
Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted.
-SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, ./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml.
+SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, \./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml\.
The supported operations are Add, Get, Delete, and Replace.
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index dffd9c60c8..2c51e50a62 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **WiFi**
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
Copy *.* D:\BootBackup
Bcdboot <**OSDrive* >:\windows /s <**SYSTEMdrive* >: /f ALL
```
- For example: if we assign the ,System Drive> (WinRE drive) the letter R and the is the letter D, this command would be the following:
+ For example: if we assign the `` (WinRE drive) the letter R and the `` is the letter D, this command would be the following:
```cmd
Bcdboot D:\windows /s R: /f ALL
diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
index 7022b0feb4..2d7183fc7b 100644
--- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md
+++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md
@@ -156,7 +156,7 @@ Netsh trace stop
Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) or Message Analyzer and filter the trace for
-- Ipv4.address== and ipv4.address== and tcp.port==135 or just tcp.port==135 should help.
+- `Ipv4.address==` and `ipv4.address==` and `tcp.port==135` or just `tcp.port==135` should help.
- Look for the “EPM” Protocol Under the “Protocol” column.
@@ -166,7 +166,7 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md)
- Check if we are connecting successfully to this Dynamic port successfully.
-- The filter should be something like this: tcp.port== and ipv4.address==
+- The filter should be something like this: `tcp.port==` and `ipv4.address==`
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index e2e249e9d1..1ca640e263 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
- "ms.author": "jdecker",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 5d0f225bd4..327042ee5c 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -94,7 +94,7 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi
The following XML sample works for **Shell Launcher v1**:
-```
+```xml
@@ -112,7 +112,7 @@ The following XML sample works for **Shell Launcher v1**:
For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` is not specified, it implies the shell is Win32 app.
-```
+```xml
@@ -150,7 +150,7 @@ For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scri
For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
-```
+```powershell
# Check if shell launcher license is enabled
function Check-ShellLauncherLicenseEnabled
{
@@ -293,7 +293,7 @@ Value|Description
2|Shut down the device
3|Do nothing
-These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](https://docs.microsoft.com/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
``` xml
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index cbfd69c344..a906cf7e68 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -91,7 +91,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
6. In the **Available customizations** pane, click the **LicenseProductId** that you just added.
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 0529a3a1fb..b6d2e80dc0 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -27,7 +27,7 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform
When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
>[!IMPORTANT]
->If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Cilent, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
+>If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
## Settings for UWP apps
@@ -103,7 +103,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
6. In the **Available customizations** pane, click the **LicenseProductId** that you just added.
-7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed **.**ms-windows-store-license**, and select the license file.
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *\*.**ms-windows-store-license**, and select the license file.
[Learn more about distributing offline apps from the Microsoft Store for Business.](/microsoft-store/distribute-offline-apps)
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 782997dd02..62e14f6e7a 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -44,7 +44,7 @@ icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath:
| /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
| /StoreFile | NoSee Important note. | For partners using a settings store other than the default store(s) used by Windows Configuration Designer, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows Configuration Designer.**Important** If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
-| /Variables | No | Specifies a semicolon separated and macro pair. The format for the argument must be =. |
+| /Variables | No | Specifies a semicolon separated `` and `` macro pair. The format for the argument must be `=`. |
| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows Configuration Designer auto-generates the decryption password and includes this information in the output.Precede with + for encryption or - for no encryption. The default is no encryption. |
| Overwrite | No | Denotes whether to overwrite an existing provisioning package.Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 2d3e412440..61ab4d40ae 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -189,7 +189,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
## Guidance for accounts on shared PCs
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
+* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 68f04ffda2..299ba40be7 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -643,7 +643,7 @@ This element defines the settings for a single application or a suite of applica
Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters:
-``` syntax
+```xml
; ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.10166`
-- is automatically replaced with the OEM name. This is the same as the PhoneManufacturer setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
-- is replaced with the device name or phone name. This is the same as the PhoneModelName setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
+- `` is automatically replaced with the OEM name. This is the same as the PhoneManufacturer setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
+- `` is replaced with the device name or phone name. This is the same as the PhoneModelName setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
**Limitations and restrictions:**
diff --git a/windows/configuration/wcd/wcd-messaging.md b/windows/configuration/wcd/wcd-messaging.md
index df739bb51d..9dd957088d 100644
--- a/windows/configuration/wcd/wcd-messaging.md
+++ b/windows/configuration/wcd/wcd-messaging.md
@@ -338,7 +338,7 @@ By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber
| ADDR | Specify the absolute MMSC URL. The possible values to configure the ADDR parameter are:- A Uniform Resource Identifier (URI)- An IPv4 address represented in decimal format with dots as delimiters- A fully qualified Internet domain name |
| APPID | Set to `w4`. |
| MS | (optional) Specify the maximum size of MMS, in KB. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized. |
-| NAME | (optional) Enter user–readable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:- Character string containing the name- no value specifiedIf no value is specified, the registry location will default to . If **NAME** is greater than 40 characters, it will be truncated to 40 characters. |
+| NAME | (optional) Enter user–readable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:- Character string containing the name- no value specifiedIf no value is specified, the registry location will default to ``. If **NAME** is greater than 40 characters, it will be truncated to 40 characters. |
| TONAPID | Specify the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/napdef-csp). |
| TOPROXY | Specify one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy. |
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index be459e9731..5ccfcbb449 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -117,7 +117,7 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | X | X | X | | X |
[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | X | X | | | |
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | X | | | | |
-| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 addtional search engines for MDM-enrolled devices. | X | X | X | | X |
+| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | X | X | X | | X |
| [ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | X | | | | |
| [ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | X | | | | |
| [ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | X | | | | |
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index d39bede8cc..dfeaba4ae4 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -58,7 +58,7 @@ On a test machine:
1. **Install the Microsoft Store for Business application you previously added** to your image.
2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**.
3. Open Windows PowerShell with administrator privileges.
-4. Use `Export-StartLayout -path .xml` where ** is the path and name of the xml file your will later import into your Windows Image.
+4. Use `Export-StartLayout -path .xml` where *\\* is the path and name of the xml file your will later import into your Windows Image.
5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image.
Now, on the machine where your image file is accessible:
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index af5362ff55..2abea6edac 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -32,7 +32,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md
index 96987d01b7..72d8385c62 100644
--- a/windows/deployment/update/device-health-using.md
+++ b/windows/deployment/update/device-health-using.md
@@ -188,7 +188,7 @@ To work around this, click the **App Reliability** tab above the results to see
#### Clicking "See all…" from the App Reliability Events blade followed by clicking an app from the expanded list results in raw records instead of the App Reliability view
To work around this, replace all of the text in the Log Search query box with the following:
-*DHAppReliability | where AppFileDisplayName == ""*
+*DHAppReliability | where AppFileDisplayName == "\"*
For example:
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 453f81384b..df669aaff6 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -27,8 +27,8 @@ Use the following information to deploy feature updates during a maintenance win
1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
3. On the **Home** tab, in the **Properties** group, choose **Properties**.
-4. In the **Maintenance Windows** tab of the Properties dialog box, choose the New icon.
-5. Complete the Schedule dialog.
+4. In the **Maintenance Windows** tab of the `` Properties dialog box, choose the New icon.
+5. Complete the `` Schedule dialog.
6. Select from the Apply this schedule to drop-down list.
7. Choose **OK** and then close the **\ Properties** dialog box.
diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md
index 2298c263fd..962f5cdcfd 100644
--- a/windows/deployment/update/update-compliance-wd-av-status.md
+++ b/windows/deployment/update/update-compliance-wd-av-status.md
@@ -36,3 +36,7 @@ Here are some important terms to consider when using the Windows Defender AV Sta
## Windows Defender data latency
Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.
+
+## Related topics
+
+- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index 54c06b6319..7d473f04c2 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -26,8 +26,8 @@ The following table provides information about common errors you might run into
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again:
Rename the following folders to \*.BAK:
- %systemroot%\system32\catroot2
To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
- Ren %systemroot%\SoftwareDistribution\Download \*.bak
Ren %systemroot%\system32\catroot2 \*.bak |
| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that we do not have any policies that control the start behavior for the Windows Module Installer. This service should not be hardened to any start value and should be managed by the OS. |
| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there is no Firewalls that filter downloads. The Firewall filtering may lead to invalid responses being received by the Windows Update Client.
If the issue still persists, run the [WU reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). |
-| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
http://.update.microsoft.com
https://.update.microsoft.com
Additionally , you can take a network trace and see what is timing out. |
-| 0x80072EFD
0x80072EFE
0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
Take a network monitor trace to understand better. |
+| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to Internet. To fix this issue, following these steps: make sure these URLs are not blocked:
http://.update.microsoft.com
https://.update.microsoft.com
Additionally , you can take a network trace and see what is timing out. \ |
+| 0x80072EFD
0x80072EFE
0x80D02002 | TIME OUT ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
Take a network monitor trace to understand better. \ |
| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. |
| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the WU Service is shutting down. | This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade. |
| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Please login to the system to initiate the installation and allow the system to be rebooted. |
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index fdcd498da9..2344d36ef8 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -142,7 +142,7 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped
27:00, Info SP ExecuteProgress: Elapsed events:1 of 4, Percent: 12
-27:00, Info [0x0802c6] MIG Processing GATHER for migration unit: \UpgradeFramework (CMXEAgent)
+27:00, Info [0x0802c6] MIG Processing GATHER for migration unit: <System>\UpgradeFramework (CMXEAgent)
27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
27:08, Info SP ExecuteProgress: Elapsed events:2 of 4, Percent: 25
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index a938d6cf16..8c44441ec6 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -404,9 +404,9 @@ Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-cod
### XML log sample
-```
+```xml
-
+
1.5.0.0
FindSPFatalError
A4028172-1B09-48F8-AD3B-86CDD7D55852
@@ -449,7 +449,7 @@ Error: 0x00000057
LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057]
LogEntry: 2019-06-06 21:47:11, Error SP Error converting install time 5/2/2019 to structure[gle=0x00000057]
-Refer to "https://docs.microsoft.com/en-us/windows/desktop/Debug/system-error-codes" for error information.
+Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" for error information.
Err = 0x00000057, LastOperation = Gather data, scope: EVERYTHING, LastPhase = Downlevel
```
diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
index 83db3a42b1..9e087abb3e 100644
--- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
+++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md
@@ -179,5 +179,5 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
>
> Then run the Enterprise Config script (RunConfig.bat) again.
>
-> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well.
+> If the script still fails, then send mail to uasupport@microsoft.com including log files from the RunConfig.bat script. These log files are stored on the drive that is specified in the RunConfig.bat file. By default this is set to **%SystemDrive%\UADiagnostics**. The log file is named with the format **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. There will be some additional logs generated under your **\\Windows\Temp** directory with the names similar to **AslLog_....txt**. You should send those logs as well.
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index c1fea98e25..8e536f61c9 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -383,7 +383,7 @@ Syntax: ``` `
Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index a0fa56bd65..39269803a9 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -134,7 +134,7 @@ The following is a custom .xml file named CustomFile.xml that migrates My Videos
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index 581f97e79a..0c2253be96 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -90,7 +90,7 @@ To preserve the functionality of existing applications or scripts that require t
The space requirements report provides two elements, <**storeSize**> and <**temporarySpace**>. The <**temporarySpace**> value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The <**storeSize**> value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***<path to a file>*.
-``` syntax
+```xml
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 34f4626318..fad90a25bf 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -272,7 +272,7 @@ The directory of **C:\\data\\New Folder** contains:
To migrate these files you author the following migration XML:
-``` syntax
+```xml
@@ -368,7 +368,7 @@ The **C:\\Data\\New Folder\\** contains:
You author the following migration XML:
-``` syntax
+```xml
@@ -422,7 +422,7 @@ However, upon testing the migration you notice that all the text files are still
Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows:
-``` syntax
+```xml
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index 303b19e350..1473adef20 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -306,7 +306,7 @@ This section contains several procedures to support Zero Touch installation with
WDSUTIL /Set-Server /AnswerClients:None
```
-1. Deterime the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1:
+1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1:
```
(Get-NetAdapter "Ethernet").MacAddress
@@ -793,7 +793,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce
## Replace a client with Windows 10 using Configuration Manager
->Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoto.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter.
+>Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoso.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter.
@@ -840,7 +840,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
Checkpoint-VM -Name PC1 -SnapshotName BeginState
```
-3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarcy Configuration** and click on **Discovery Methods**.
+3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**.
4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox.
5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times.
6. When a popup dialog box asks if you want to run full discovery, click **Yes**.
@@ -930,7 +930,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**.
-5. Use the following settings in the Deploy Sofware wizard:
+5. Use the following settings in the Deploy Software wizard:
- General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
- Deployment Settings > Purpose: **Available**
- Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
@@ -1052,8 +1052,8 @@ In the Configuration Manager console, in the Software Library workspace under Op
1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**.
2. Right-click the computer account for PC1, point to **Client Notification**, click **Download Computer Policy**, and click **OK** in the popup dialog box.
-3. On PC1, in the notification area, click **New sofware is available** and then click **Open Sofware Center**.
-4. In the Sofware Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example:
+3. On PC1, in the notification area, click **New software is available** and then click **Open Software Center**.
+4. In the Software Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example:
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
index dd731fbc59..25a363fea8 100644
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -35,7 +35,7 @@ The ESP will track the installation of applications, security policies, certific
The Enrollment Status Page tracks a subset of the available MDM CSP policies that are delivered to the device as part of the complete device configuration process. The specific types of policies that are tracked include:
- Certain types of app installations.
- - Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Managment CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisemodernappmanagement-csp).
+ - Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisemodernappmanagement-csp).
- Enterprise desktop apps (single-file MSIs) installed by the [Enterprise Desktop App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisedesktopappmanagement-csp).
- Certain device configuration policies. The following types of policies and installations are not tracked:
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index c177340864..3d3883c068 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -62,7 +62,7 @@ See the following examples.
#### Install required modules
- ```
+ ```powershell
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module AzureAD -Force
Install-Module WindowsAutopilotIntune -Force
@@ -71,7 +71,7 @@ See the following examples.
3. Enter the following lines and provide Intune administrative credentials
- In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
- ```
+ ```powershell
Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com
```
The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
@@ -87,7 +87,7 @@ See the following examples.
#### Retrieve profiles in Autopilot for existing devices JSON format
- ```
+ ```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
```
@@ -126,7 +126,7 @@ See the following examples.
5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below: (use the horizontal scroll bar at the bottom if needed to view the entire command string)
- ```
+ ```powershell
Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII
```
**IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII/ANSI.
@@ -302,7 +302,7 @@ The Task Sequence will download content, reboot, format the drives and install W
>[!NOTE]
->If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information.
+>If joining devices to Active Directory (Hybrid Azure AD Join), it is necessary to create a Domain Join device configuration profile that is targeted to "All Devices" (since there is no Azure Active Directory device object for the computer to do group-based targeting). See [User-driven mode for hybrid Azure Active Directory join](https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven#user-driven-mode-for-hybrid-azure-active-directory-join) for more information.
### Register the device for Windows Autopilot
diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md
index 4495c6c055..3e55879db7 100644
--- a/windows/deployment/windows-autopilot/known-issues.md
+++ b/windows/deployment/windows-autopilot/known-issues.md
@@ -24,13 +24,15 @@ ms.topic: article
| Issue | More information
+ | | White glove gives a red screen and the Microsoft-Windows-User Device Registration/Admin event log displays HResult error code 0x801C03F3 | This can happen if Azure AD can’t find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.
+
To obtain troubleshooting logs use: Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab
|
| White glove gives a red screen | White glove is not supported on a VM.
|
| Error importing Windows Autopilot devices from a .csv file | Ensure that you have not edited the .csv file in Microsoft Excel or an editor other than Notepad. Some of these editors can introduce extra characters causing the file format to be invalid.
|
| Windows Autopilot for existing devices does not follow the Autopilot OOBE experience. | Ensure that the JSON profile file is saved in ANSI/ASCII format, not Unicode or UTF-8.
|
| Something went wrong is displayed page during OOBE. | The client is likely unable to access all the required AAD/MSA-related URLs. For more information, see Networking requirements.
|
-
## Related topics
+[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
[Troubleshooting Windows Autopilot](troubleshooting.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
index 52b66ab257..ece1531dec 100644
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -113,4 +113,9 @@ If you need to reboot a computer during OOBE:
- Press Shift-F10 to open a command prompt.
- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.
-For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
\ No newline at end of file
+For more information, see [Windows Setup Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options).
+
+## Related topics
+
+[Windows Autopilot - known issues](known-issues.md)
+[Diagnose MDM failures in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10)
diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json
index 7c76654379..0dbfe2d2e9 100644
--- a/windows/device-security/docfx.json
+++ b/windows/device-security/docfx.json
@@ -31,11 +31,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
- "ms.author": "justinha",
"ms.date": "04/05/2017",
"_op_documentIdPathDepotMapping": {
"./": {
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 31963629cf..78a9eb10fb 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -34,11 +34,9 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
- "ms.author": "brianlic",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml
index a981edf38a..e858c87806 100644
--- a/windows/hub/windows-10.yml
+++ b/windows/hub/windows-10.yml
@@ -40,7 +40,7 @@ sections:
- items:
- type: markdown
text: "
- Get answers to commom questions, or get help with a specific problem.
+ Get answers to common questions, or get help with a specific problem.
"
diff --git a/windows/known-issues/docfx.json b/windows/known-issues/docfx.json
index 102f32f826..ebcaf22f82 100644
--- a/windows/known-issues/docfx.json
+++ b/windows/known-issues/docfx.json
@@ -35,7 +35,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json
index 9221109b4d..5a6da07e0b 100644
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@@ -32,7 +32,6 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 98ab45165f..6130327341 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -41,7 +41,7 @@ Applying the Windows Restricted Traffic Limited Functionality Baseline is the sa
It is recommended that you restart a device after making configuration changes to it.
Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
-To use Microsoft InTune cloud based device managment for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
+To use Microsoft InTune cloud based device management for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
@@ -604,7 +604,7 @@ For a complete list of the Microsoft Edge policies, see [Available policies for
### 14. Network Connection Status Indicator
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog).
In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was `http://www.msftncsi.com`.
@@ -1465,7 +1465,7 @@ To turn this Off in the UI:
### 18.23 Voice Activation
-In the **Vocie activation** area, you can choose turn Off apps ability to listen for a Voice keyword.
+In the **Voice activation** area, you can choose turn Off apps ability to listen for a Voice keyword.
To turn this Off in the UI:
@@ -1671,7 +1671,7 @@ In Group Policy, configure:
-OR-
-- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\\Sofware\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
+- Create a REG_DWORD registry setting named **EnableSmartScreen** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**.
-and-
diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md
index 35f3ef35ee..1d4984ab8f 100644
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@@ -422,6 +422,10 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
| svchost | HTTPS | *.update.microsoft.com |
| svchost | HTTPS | *.delivery.mp.microsoft.com |
+These are dependent on enabling:
+- [Device authentication](manage-windows-1709-endpoints.md#device-authentication)
+- [Microsoft account](manage-windows-1709-endpoints.md#microsoft-account)
+
The following endpoint is used for content regulation.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md
index 983d8bce4b..4c1d88e554 100644
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@@ -427,6 +427,10 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
| svchost | HTTPS | *.update.microsoft.com |
| svchost | HTTPS | *.delivery.mp.microsoft.com |
+These are dependent on enabling:
+- [Device authentication](manage-windows-1803-endpoints.md#device-authentication)
+- [Microsoft account](manage-windows-1803-endpoints.md#microsoft-account)
+
The following endpoint is used for content regulation.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index eb0dfe93cd..45e7568fd3 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -146,8 +146,8 @@ Office|The following endpoints are used to connect to the Office 365 portal's sh
|||HTTP|cs9.wac.phicdn.net|
|||HTTP|emdl.ws.microsoft.com|
||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
-|||HTTP|*.windowsupdate.com*|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.|HTTPS|*.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|HTTPS|*.delivery.mp.microsoft.com|
|||HTTPS|*.update.microsoft.com|
||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md
index 735c4e5527..c905dea447 100644
--- a/windows/release-information/TOC.md
+++ b/windows/release-information/TOC.md
@@ -1,36 +1,36 @@
# [Windows 10 release information](index.md)
-## [Message center](windows-message-center.yml)
-## Version 1903
-### [Known issues and notifications](status-windows-10-1903.yml)
-### [Resolved issues](resolved-issues-windows-10-1903.yml)
-## Version 1809 and Windows Server 2019
-### [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
-### [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
-## Version 1803
-### [Known issues and notifications](status-windows-10-1803.yml)
-### [Resolved issues](resolved-issues-windows-10-1803.yml)
-## Version 1709
-### [Known issues and notifications](status-windows-10-1709.yml)
-### [Resolved issues](resolved-issues-windows-10-1709.yml)
-## Version 1703
-### [Known issues and notifications](status-windows-10-1703.yml)
-### [Resolved issues](resolved-issues-windows-10-1703.yml)
-## Version 1607 and Windows Server 2016
-### [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
-### [Resolved issues](resolved-issues-windows-10-1607.yml)
-## Version 1507
-### [Known issues and notifications](status-windows-10-1507.yml)
-### [Resolved issues](resolved-issues-windows-10-1507.yml)
-## Previous versions
-### Windows 8.1 and Windows Server 2012 R2
-#### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
-####[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
-### Windows Server 2012
-#### [Known issues and notifications](status-windows-server-2012.yml)
-####[Resolved issues](resolved-issues-windows-server-2012.yml)
-### Windows 7 and Windows Server 2008 R2
-#### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
-####[Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
-### Windows Server 2008 SP2
-#### [Known issues and notifications](status-windows-server-2008-sp2.yml)
-####[Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
\ No newline at end of file
+# [Message center](windows-message-center.yml)
+# Version 1903
+## [Known issues and notifications](status-windows-10-1903.yml)
+## [Resolved issues](resolved-issues-windows-10-1903.yml)
+# Version 1809 and Windows Server 2019
+## [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
+## [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
+# Version 1803
+## [Known issues and notifications](status-windows-10-1803.yml)
+## [Resolved issues](resolved-issues-windows-10-1803.yml)
+# Version 1709
+## [Known issues and notifications](status-windows-10-1709.yml)
+## [Resolved issues](resolved-issues-windows-10-1709.yml)
+# Version 1703
+## [Known issues and notifications](status-windows-10-1703.yml)
+## [Resolved issues](resolved-issues-windows-10-1703.yml)
+# Version 1607 and Windows Server 2016
+## [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
+## [Resolved issues](resolved-issues-windows-10-1607.yml)
+# Version 1507
+## [Known issues and notifications](status-windows-10-1507.yml)
+## [Resolved issues](resolved-issues-windows-10-1507.yml)
+# Previous versions
+## Windows 8.1 and Windows Server 2012 R2
+### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
+###[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
+## Windows Server 2012
+### [Known issues and notifications](status-windows-server-2012.yml)
+### [Resolved issues](resolved-issues-windows-server-2012.yml)
+## Windows 7 and Windows Server 2008 R2
+### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
+### [Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
+## Windows Server 2008 SP2
+### [Known issues and notifications](status-windows-server-2008-sp2.yml)
+### [Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
\ No newline at end of file
diff --git a/windows/release-information/breadcrumb/toc.yml b/windows/release-information/breadcrumb/toc.yml
index 61d8fca61e..5c9f236497 100644
--- a/windows/release-information/breadcrumb/toc.yml
+++ b/windows/release-information/breadcrumb/toc.yml
@@ -1,3 +1,11 @@
- name: Docs
tocHref: /
- topicHref: /
\ No newline at end of file
+ topicHref: /
+ items:
+ - name: Windows
+ tocHref: /windows
+ topicHref: /windows/windows-10
+ items:
+ - name: Release information
+ tocHref: /windows/release-information/
+ topicHref: /windows/release-information/index
diff --git a/windows/release-information/cat-windows-docs-pr - Shortcut.lnk b/windows/release-information/cat-windows-docs-pr - Shortcut.lnk
new file mode 100644
index 0000000000..1c599245a0
Binary files /dev/null and b/windows/release-information/cat-windows-docs-pr - Shortcut.lnk differ
diff --git a/windows/release-information/docfx.json b/windows/release-information/docfx.json
index a91619d79b..5bab1ca43c 100644
--- a/windows/release-information/docfx.json
+++ b/windows/release-information/docfx.json
@@ -35,7 +35,7 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+ "breadcrumb_path": "/windows/release-information/breadcrumb/toc.json",
"ms.prod": "w10",
"ms.date": "4/30/2019",
"titleSuffix": "Windows Release Information",
diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml
index d5caa67124..ec7048f6d7 100644
--- a/windows/release-information/resolved-issues-windows-10-1703.yml
+++ b/windows/release-information/resolved-issues-windows-10-1703.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4509476 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 15063.1868
June 11, 2019
KB4503279 | Resolved
KB4503289 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4503279 | June 11, 2019
10:00 AM PT |
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details > | OS Build 15063.1805
May 14, 2019
KB4499181 | Resolved
KB4505055 | May 19, 2019
02:00 PM PT |
@@ -63,6 +64,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509476.
Back to top | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4509476 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503289.
Back to top | OS Build 15063.1868
June 11, 2019
KB4503279 | Resolved
KB4503289 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503279.
Back to top | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4503279 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
index 0a611e7088..cc9dc8578b 100644
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@@ -1,10 +1,10 @@
### YamlMime:YamlDocument
documentType: LandingData
-title: Resolved issues in Windows 10, version 1709 and Windows Server, vesion 1709
+title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
metadata:
document_id:
- title: Resolved issues in Windows 10, version 1709 and Windows Server, vesion 1709
+ title: Resolved issues in Windows 10, version 1709 and Windows Server, version 1709
description: Resolved issues in Windows 10, version 1709 and Windows Server 1709
keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1709"]
ms.localizationpriority: high
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4509477 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 16299.1217
June 11, 2019
KB4503284 | Resolved
KB4503281 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4503284 | June 11, 2019
10:00 AM PT |
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details > | OS Build 16299.1143
May 14, 2019
KB4498946 | Resolved
KB4505062 | May 19, 2019
02:00 PM PT |
@@ -65,6 +66,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499147. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509477.
Back to top | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4509477 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503281.
Back to top | OS Build 16299.1217
June 11, 2019
KB4503284 | Resolved
KB4503281 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503284.
Back to top | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4503284 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
index ae7d8ff09a..d68cf6db85 100644
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4509478 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4503288 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4503286 | June 11, 2019
10:00 AM PT |
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details > | OS Build 17134.765
May 14, 2019
KB4499167 | Resolved
KB4505064 | May 19, 2019
02:00 PM PT |
@@ -65,6 +66,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499183. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509478.
Back to top | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4509478 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503288.
Back to top | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4503288 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503286.
Back to top | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4503286 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index e0eab68c77..95d9adad11 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4509479 | June 26, 2019
04:00 PM PT |
Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
@@ -77,6 +78,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509479.
Back to top | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4509479 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Devices with Realtek Bluetooth radios drivers may not pair or connect as expected In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server 2019
Resolution: This issue was resolved in KB4501371.
Back to top | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4501371 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 14, 2019
05:45 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501371.
Back to top | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4501371 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503327.
Back to top | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4503327 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
index 07a61ea961..226786acae 100644
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 18362.175
June 11, 2019
KB4503293 | Resolved
KB4501375 | June 27, 2019
10:00 AM PT |
Duplicate folders and documents showing in user profile directory
If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
KB4497935 | May 29, 2019
02:00 PM PT |
Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
| June 07, 2019
04:26 PM PT |
AMD RAID driver incompatibility
Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
| June 06, 2019
11:06 AM PT |
@@ -46,6 +47,15 @@ sections:
"
+- title: June 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501375.
Back to top | OS Build 18362.175
June 11, 2019
KB4503293 | Resolved
KB4501375 | Resolved:
June 27, 2019
10:00 AM PT
Opened:
June 12, 2019
11:11 AM PT |
+
+ "
+
- title: May 2019
- items:
- type: markdown
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index 74ca531bab..02732e5e58 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -61,7 +61,7 @@ sections:
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 14393.2999
May 23, 2019
KB4499177 | Investigating
| June 21, 2019
10:08 AM PT |
- Devices with Hyper-V enabled may see BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000
See details > | OS Build 14393.2969
May 14, 2019
KB4494440 | Mitigated
| June 21, 2019
05:23 PM PT |
+ Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000
See details > | OS Build 14393.2969
May 14, 2019
KB4494440 | Mitigated
| June 24, 2019
10:46 AM PT |
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)
See details > | OS Build 14393.2941
April 25, 2019
KB4493473 | Mitigated
| June 07, 2019
04:25 PM PT |
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -70,7 +70,6 @@ sections:
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 14393.3025
June 11, 2019
KB4503267 | Resolved
KB4503294 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 14393.2999
May 23, 2019
KB4499177 | Resolved
KB4503267 | June 11, 2019
10:00 AM PT |
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details > | OS Build 14393.2848
March 12, 2019
KB4489882 | Resolved
KB4503267 | June 11, 2019
10:00 AM PT |
- Update not showing as applicable through WSUS or SCCM or when manually installed
Update not showing as applicable through WSUS or SCCM or when manually installed
See details > | OS Build 14393.2969
May 14, 2019
KB4494440 | Resolved
KB4498947 | May 14, 2019
10:00 AM PT |
"
@@ -98,8 +97,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Devices with Hyper-V enabled may see BitLocker error 0xC0210000Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.
Affected platforms: - Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps: - Retrieve the 48 digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
- From the recovery screen, press the enter key and enter the recovery password when prompted.
- If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
- select Advanced options then Troubleshoot then Advanced options then Command Prompt.
- Unlock OS drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
- Suspend BitLocker using the command: Manage-bde -protectors -disable c:
- Exit the command window using the command: exit
- Select Continue from recovery environment.
- The device should now start Windows.
- Once started, launch an Administrator Command Prompt and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
Note The workaround needs to be followed on every system restart unless BitLocker is suspended before restarting.
To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1 Note This command will suspend BitLocker for 1 restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 14393.2969
May 14, 2019
KB4494440 | Mitigated
| Last updated:
June 21, 2019
05:23 PM PT
Opened:
May 21, 2019
08:50 AM PT |
- Update not showing as applicable through WSUS or SCCM or when manually installedKB4494440 or later updates may not show as applicable through WSUS or SCCM to the affected platforms. When manually installing the standalone update from Microsoft Update Catalog, it may fail to install with the error, \"The update is not applicable to your computer.\"
Affected platforms: - Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Resolution: The servicing stack update (SSU) ( KB4498947) must be installed before installing the latest cumulative update (LCU). The LCU will not be reported as applicable until the SSU is installed. For more information, see Servicing stack updates.
Back to top | OS Build 14393.2969
May 14, 2019
KB4494440 | Resolved
KB4498947 | Resolved:
May 14, 2019
10:00 AM PT
Opened:
May 24, 2019
04:20 PM PT |
+ Devices with Hyper-V enabled may receive BitLocker error 0xC0210000Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4494440 and restarting.
Affected platforms: - Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps: - Retrieve the 48-digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
- From the recovery screen, press the enter key and enter the recovery password when prompted.
- If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
- Select Advanced options then Troubleshoot then Advanced options then Command Prompt.
- Unlock drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
- Suspend BitLocker using the command: Manage-bde -protectors -disable c:
- Exit the command window using the command: exit
- Select Continue from recovery environment.
- The device should now start Windows.
- Once started, launch an elevated Command Prompt (i.e. run Command Prompt as administrator) and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
Note The steps in this workaround need to be followed on every system start unless BitLocker is suspended before restarting.
To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1 Note This command will suspend BitLocker for one restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 14393.2969
May 14, 2019
KB4494440 | Mitigated
| Last updated:
June 24, 2019
10:46 AM PT
Opened:
May 21, 2019
08:50 AM PT |
"
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 5b45e36e2d..f16e1f1264 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -60,9 +60,9 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 15063.1839
May 28, 2019
KB4499162 | Investigating
| June 21, 2019
10:08 AM PT |
- Devices with Hyper-V enabled may see BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000
See details > | OS Build 15063.1805
May 14, 2019
KB4499181 | Mitigated
| June 21, 2019
05:23 PM PT |
+ Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000
See details > | OS Build 15063.1805
May 14, 2019
KB4499181 | Mitigated
| June 24, 2019
10:46 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 15063.1563
January 08, 2019
KB4480973 | Mitigated
| April 25, 2019
02:00 PM PT |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4509476 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 15063.1868
June 11, 2019
KB4503279 | Resolved
KB4503289 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4503279 | June 11, 2019
10:00 AM PT |
@@ -80,7 +80,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
Back to top | OS Build 15063.1839
May 28, 2019
KB4499162 | Investigating
| Last updated:
June 21, 2019
10:08 AM PT
Opened:
June 20, 2019
04:46 PM PT |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499162. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509476.
Back to top | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4509476 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503289.
Back to top | OS Build 15063.1868
June 11, 2019
KB4503279 | Resolved
KB4503289 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503279.
Back to top | OS Build 15063.1839
May 28, 2019
KB4499162 | Resolved
KB4503279 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
@@ -91,7 +91,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Devices with Hyper-V enabled may see BitLocker error 0xC0210000Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.
Affected platforms: - Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps: - Retrieve the 48 digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
- From the recovery screen, press the enter key and enter the recovery password when prompted.
- If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
- select Advanced options then Troubleshoot then Advanced options then Command Prompt.
- Unlock OS drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
- Suspend BitLocker using the command: Manage-bde -protectors -disable c:
- Exit the command window using the command: exit
- Select Continue from recovery environment.
- The device should now start Windows.
- Once started, launch an Administrator Command Prompt and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
Note The workaround needs to be followed on every system restart unless BitLocker is suspended before restarting.
To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1 Note This command will suspend BitLocker for 1 restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 15063.1805
May 14, 2019
KB4499181 | Mitigated
| Last updated:
June 21, 2019
05:23 PM PT
Opened:
May 21, 2019
08:50 AM PT |
+ Devices with Hyper-V enabled may receive BitLocker error 0xC0210000Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing KB4499181 and restarting.
Affected platforms: - Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Workaround: If your device is already in this state, you can successfully start Windows after suspending BitLocker from the Windows Recovery Environment (WinRE) using the following steps: - Retrieve the 48-digit BitLocker recovery password for the OS volume from your organization's portal or from wherever the key was stored when BitLocker was first enabled.
- From the recovery screen, press the enter key and enter the recovery password when prompted.
- If your device starts in the Windows Recovery Environment and asks for recovery key again, select Skip the drive to continue to WinRE.
- Select Advanced options then Troubleshoot then Advanced options then Command Prompt.
- Unlock drive using the command: Manage-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
- Suspend BitLocker using the command: Manage-bde -protectors -disable c:
- Exit the command window using the command: exit
- Select Continue from recovery environment.
- The device should now start Windows.
- Once started, launch an elevated Command Prompt (i.e. run Command Prompt as administrator) and resume the BitLocker to ensure the system remains protected, using the command: Manage-bde -protectors -enable c:
Note The steps in this workaround need to be followed on every system start unless BitLocker is suspended before restarting.
To prevent this issue, execute the following command to temporarily suspend BitLocker just before restarting the system: Manage-bde -protectors -disable c: -rc 1 Note This command will suspend BitLocker for one restart of the device (-rc 1 option only works inside OS and does not work from recovery environment).
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 15063.1805
May 14, 2019
KB4499181 | Mitigated
| Last updated:
June 24, 2019
10:46 AM PT
Opened:
May 21, 2019
08:50 AM PT |
"
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index 6187c0b9bb..94dd18ce88 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -60,8 +60,8 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 16299.1182
May 28, 2019
KB4499147 | Investigating
| June 21, 2019
10:08 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 16299.904
January 08, 2019
KB4480978 | Mitigated
| April 25, 2019
02:00 PM PT |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4509477 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 16299.1217
June 11, 2019
KB4503284 | Resolved
KB4503281 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4503284 | June 11, 2019
10:00 AM PT |
@@ -79,7 +79,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499147. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
Back to top | OS Build 16299.1182
May 28, 2019
KB4499147 | Investigating
| Last updated:
June 21, 2019
10:08 AM PT
Opened:
June 20, 2019
04:46 PM PT |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499147. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509477.
Back to top | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4509477 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503281.
Back to top | OS Build 16299.1217
June 11, 2019
KB4503284 | Resolved
KB4503281 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503284.
Back to top | OS Build 16299.1182
May 28, 2019
KB4499147 | Resolved
KB4503284 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index a5ed80857f..1f5acbbcbd 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -60,9 +60,9 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17134.799
May 21, 2019
KB4499183 | Investigating
| June 21, 2019
10:08 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Mitigated
| June 14, 2019
04:41 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 17134.523
January 08, 2019
KB4480966 | Mitigated
| April 25, 2019
02:00 PM PT |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4509478 | June 26, 2019
04:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4503288 | June 18, 2019
02:00 PM PT |
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
See details > | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4503286 | June 11, 2019
10:00 AM PT |
@@ -80,8 +80,8 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499183. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
Back to top | OS Build 17134.799
May 21, 2019
KB4499183 | Investigating
| Last updated:
June 21, 2019
10:08 AM PT
Opened:
June 20, 2019
04:46 PM PT |
| Startup to a black screen after installing updates We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
- Server: Windows Server 2019
Workaround: To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17134.829
June 11, 2019
KB4503286 | Mitigated
| Last updated:
June 14, 2019
04:41 PM PT
Opened:
June 14, 2019
04:41 PM PT |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499183. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509478.
Back to top | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4509478 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503288.
Back to top | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4503288 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503286.
Back to top | OS Build 17134.799
May 21, 2019
KB4499183 | Resolved
KB4503286 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 47564591eb..4227882d72 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -65,10 +65,10 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17763.529
May 21, 2019
KB4497934 | Investigating
| June 21, 2019
10:08 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Mitigated
| June 14, 2019
04:41 PM PT |
Devices with some Asian language packs installed may receive an error
After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F
See details > | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| May 03, 2019
10:59 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| April 09, 2019
10:00 AM PT |
+ Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.
See details > | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4509479 | June 26, 2019
04:00 PM PT |
Devices with Realtek Bluetooth radios drivers may not pair or connect as expected
Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Resolved
KB4501371 | June 18, 2019
02:00 PM PT |
@@ -89,8 +89,8 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
Back to top | OS Build 17763.529
May 21, 2019
KB4497934 | Investigating
| Last updated:
June 21, 2019
10:08 AM PT
Opened:
June 20, 2019
04:46 PM PT |
| Startup to a black screen after installing updates We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803
- Server: Windows Server 2019
Workaround: To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.557
June 11, 2019
KB4503327 | Mitigated
| Last updated:
June 14, 2019
04:41 PM PT
Opened:
June 14, 2019
04:41 PM PT |
+ Difficulty connecting to some iSCSI-based SANsDevices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509479.
Back to top | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4509479 | Resolved:
June 26, 2019
04:00 PM PT
Opened:
June 20, 2019
04:46 PM PT |
| Devices with Realtek Bluetooth radios drivers may not pair or connect as expected In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server 2019
Resolution: This issue was resolved in KB4501371.
Back to top | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4501371 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 14, 2019
05:45 PM PT |
| Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501371.
Back to top | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4501371 | Resolved:
June 18, 2019
02:00 PM PT
Opened:
June 12, 2019
11:11 AM PT |
| Opening Internet Explorer 11 may fail Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503327.
Back to top | OS Build 17763.529
May 21, 2019
KB4497934 | Resolved
KB4503327 | Resolved:
June 11, 2019
10:00 AM PT
Opened:
June 05, 2019
05:49 PM PT |
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
index b4cca0b008..85e00c90d8 100644
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -70,13 +70,13 @@ sections:
Loss of functionality in Dynabook Smartphone Link app
After updating to Windows 10, version 1903, you may experience a loss of functionality when using the Dynabook Smartphone Link application.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| May 24, 2019
03:10 PM PT |
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Investigating
| May 21, 2019
04:47 PM PT |
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Investigating
| May 21, 2019
07:17 AM PT |
- Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 18362.175
June 11, 2019
KB4503293 | Mitigated
| June 13, 2019
02:21 PM PT |
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| June 11, 2019
12:34 PM PT |
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 24, 2019
11:02 AM PT |
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:48 PM PT |
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Mitigated
| May 21, 2019
04:46 PM PT |
+ Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
See details > | OS Build 18362.175
June 11, 2019
KB4503293 | Resolved
KB4501375 | June 27, 2019
10:00 AM PT |
Duplicate folders and documents showing in user profile directory
If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
KB4497935 | May 29, 2019
02:00 PM PT |
Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
| June 07, 2019
04:26 PM PT |
AMD RAID driver incompatibility
Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.
See details > | OS Build 18362.116
May 21, 2019
KB4505057 | Resolved
| June 06, 2019
11:06 AM PT |
@@ -96,7 +96,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: To mitigate this issue, see KB4508640.
Next steps: We are working on a resolution and estimate a solution will be available in late June.
Back to top | OS Build 18362.175
June 11, 2019
KB4503293 | Mitigated
| Last updated:
June 13, 2019
02:21 PM PT
Opened:
June 12, 2019
11:11 AM PT |
+ | Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4501375.
Back to top | OS Build 18362.175
June 11, 2019
KB4503293 | Resolved
KB4501375 | Resolved:
June 27, 2019
10:00 AM PT
Opened:
June 12, 2019
11:11 AM PT |
"
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index d407ef1215..14b733039f 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -32,14 +32,12 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
"ms.technology": "windows",
"ms.topic": "article",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "ms.author": "justinha",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.security",
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 364908841f..d63ee0bd86 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -193,7 +193,7 @@ The DSMA is a well-known user account type.
It is a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic.
The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop.
-The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21--503
+The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21-\-503
The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581.
diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md
index 576e8b4fd0..d8db3e63d2 100644
--- a/windows/security/identity-protection/access-control/security-identifiers.md
+++ b/windows/security/identity-protection/access-control/security-identifiers.md
@@ -283,6 +283,14 @@ The following table describes changes in SID implementation in the Windows opera
| Most of the operating system files are owned by the TrustedInstaller security identifier (SID)| Windows Server 2008, Windows Vista| The purpose of this change is to prevent a process that is running as an administrator or under the LocalSystem account from automatically replacing the operating system files. |
| Restricted SID checks are implemented| Windows Server 2008, Windows Vista| When restricting SIDs are present, Windows performs two access checks. The first is the normal access check, and the second is the same access check against the restricting SIDs in the token. Both access checks must pass to allow the process to access the object. |
+## Capability SIDs
+
+Capability Security Identifiers (SIDs) are used to uniquely and immutably identify capabilities. Capabilities represent an unforgeable token of authority that grants access to resources (Examples: documents, camera, locations etc...) to Universal Windows Applications. An App that “has” a capability is granted access to the resource the capability is associated with, and one that “does not have” a capability is denied access to the resource.
+
+All Capability SIDs that the operating system is aware of are stored in the Windows Registry in the path `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities'. Any Capability SID added to Windows by first or third-party applications will be added to this location.
+
+All Capability SIDs are prefixed by S-1-15-3
+
## See also
- [Access Control Overview](access-control.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
index ec2e495b92..6865d59384 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md
@@ -182,7 +182,7 @@ The User Portal and Mobile Application web services need to communicate with the
1. Open **Active Directory Users and Computers**.
2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Right-click the **Users** container, select **New**, and select **User**.
-3. In the **New Object – User** dialog box, type **PFWSDK_** in the **First name** and **User logon name** boxes, where ** is the name of the primary MFA server running the Web Services SDK. Click **Next**.
+3. In the **New Object – User** dialog box, type **PFWSDK_\** in the **First name** and **User logon name** boxes, where *\* is the name of the primary MFA server running the Web Services SDK. Click **Next**.
4. Type a strong password and confirm it in the respective boxes. Clear **User must change password at next logon**. Click **Next**. Click **Finish** to create the user account.
#### Add the MFA SDK user account to the Phonefactor Admins group
@@ -192,7 +192,7 @@ Adding the WebServices SDK user account to the Phonefactor Admins group provides
1. Open **Active Directory Users and Computers**.
2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactor Admins** security group and select Properties.
3. Click the Members tab.
-4. Click **Add**. Click **Object Types..** Type the PFWSDK_ user name in the **Enter the object names to select** box and then click **OK**.
+4. Click **Add**. Click **Object Types..** Type the PFWSDK_\ user name in the **Enter the object names to select** box and then click **OK**.
* The computer account for the primary MFA Server
* The Webservices SDK user account
* Group or user account that will manage the User Portal server.
@@ -507,7 +507,7 @@ Sign in the primary AD FS server with _local administrator_ equivalent credentia
Sign in the primary AD FS server with _local administrator_ equivalent credentials.
-Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file.
+Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **\** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file.
### Run the AD FS Adapter PowerShell cmdlet
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 561401fa44..d1342ab11f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -66,7 +66,7 @@ The minimum required enterprise certificate authority that can be used with Wind
* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name).
* The certificate Key Usage section must contain Digital Signature and Key Encipherment.
* Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None].
-* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1).
+* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.
* The certificate template must have an extension that has the BMP data value "DomainController".
* The domain controller certificate must be installed in the local computer's certificate store.
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
index 9b6ae813f1..eb46ba61fe 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md
@@ -182,7 +182,7 @@ The User Portal and Mobile Application web services need to communicate with the
1. Open **Active Directory Users and Computers**.
2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Right-click the **Users** container, select **New**, and select **User**.
-3. In the **New Object – User** dialog box, type **PFWSDK_** in the **First name** and **User logon name** boxes, where ** is the name of the primary MFA server running the Web Services SDK. Click **Next**.
+3. In the **New Object – User** dialog box, type **PFWSDK_\** in the **First name** and **User logon name** boxes, where *\* is the name of the primary MFA server running the Web Services SDK. Click **Next**.
4. Type a strong password and confirm it in the respective boxes. Clear **User must change password at next logon**. Click **Next**. Click **Finish** to create the user account.
#### Add the MFA SDK user account to the Phonefactor Admins group
@@ -192,7 +192,7 @@ Adding the WebServices SDK user account to the Phonefactor Admins group provides
1. Open **Active Directory Users and Computers**.
2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactors Admin** security group and select Properties.
3. Click the Members tab.
-4. Click **Add**. Click **Object Types..** Type the PFWSDK_ user name in the **Enter the object names to select** box and then click **OK**.
+4. Click **Add**. Click **Object Types..** Type the PFWSDK_\ user name in the **Enter the object names to select** box and then click **OK**.
* The computer account for the primary MFA Server
* The Webservices SDK user account
* Group or user account that will manage the User Portal server.
@@ -507,7 +507,7 @@ Sign in the primary AD FS server with _local administrator_ equivalent credentia
Sign in the primary AD FS server with _local administrator_ equivalent credentials.
-Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file.
+Edit the **Register-MultiFactorAuthenticationAdfsAdapter.ps1** script adding `-ConfigurationFilePath ` to the end of the `Register-AdfsAuthenticationProvider` command where **\** is the full path to the **MultiFactorAuthenticationAdfsAdapter.config** file.
### Run the AD FS Adapter PowerShell cmdlet
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 2a808c73fa..e3226ec136 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -1713,7 +1713,7 @@ In **Configure user storage of BitLocker recovery information**, select whether
Select **Omit recovery options from the BitLocker setup wizard** to prevent users from specifying recovery options when they enable BitLocker on a drive. This means that you cannot specify which recovery option to use when you enable BitLocker. Instead, BitLocker recovery options for the drive are determined by the policy setting.
-In **Save BitLocker recovery information to Active Directory Doman Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS.
+In **Save BitLocker recovery information to Active Directory Domain Services**, choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select **Backup recovery password and key package**, the BitLocker recovery password and the key package are stored in AD DS.
Storing the key package supports recovering data from a drive that has been physically corrupted. To recover this data, you can use the **Repair-bde** command-line tool. If you select **Backup recovery password only**, only the recovery password is stored in AD DS.
For more information about the BitLocker repair tool, see [Repair-bde](https://technet.microsoft.com/library/ff829851.aspx).
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index a5e58c1e6b..8dd40cf580 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -101,7 +101,7 @@ To install the role using Windows PowerShell, use the following command:
Install-WindowsFeature WDS-Deployment
```
-You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Doman Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard.
+You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Domain Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard.
### Confirm the WDS Service is running
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index a251c95b5e..7f618aa9ba 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -43,7 +43,7 @@ It is important to note that this binding to PCR values also includes the hashin
## What happens when PCR banks are switched?
-When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. For the same input, each hash algorithm will return a different cryptographic signature for the same inputs.
+When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm will return a different cryptographic signature for the same inputs.
As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR\[12\] and subsequently changed the PCR banks to SHA-256, the banks wouldn’t match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows 10 will not be able to unseal it if the PCR banks are switched while BitLocker is enabled.
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 3946fe4807..e054a66443 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -72,6 +72,7 @@
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
+#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
@@ -515,7 +516,7 @@
##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
-###### [How to list XML elements in ](auditing/how-to-list-xml-elements-in-eventdata.md)
+###### [How to list XML elements in \](auditing/how-to-list-xml-elements-in-eventdata.md)
###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
index 53043698bd..b4e0ee8ba1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
@@ -4,6 +4,10 @@
### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
#### [Configuration score](configuration-score.md)
+#### [Security recommendation](tvm-security-recommendation.md)
+#### [Remediation](tvm-remediation.md)
+#### [Software inventory](tvm-software-inventory.md)
+#### [Weaknesses](tvm-weaknesses.md)
#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
@@ -75,6 +79,7 @@
### [Automated investigation and remediation](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
+#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md)
@@ -82,14 +87,12 @@
### [Microsoft Threat Experts](microsoft-threat-experts.md)
-### [Threat analytics](threat-analytics.md)
-
### [Advanced hunting](overview-hunting.md)
#### [Query data using Advanced hunting](advanced-hunting.md)
##### [Advanced hunting reference](advanced-hunting-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections](overview-custom-detections.md)
-#####[Create custom detections rules](custom-detection-rules.md)
+##### [Create custom detections rules](custom-detection-rules.md)
### [Management and APIs](management-apis.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
@@ -119,7 +122,7 @@
### [Assign user access to the portal](assign-portal-access.md)
### [Evaluate Microsoft Defender ATP](evaluate-atp.md)
-####Evaluate attack surface reduction
+#### Evaluate attack surface reduction
##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
@@ -133,7 +136,7 @@
## [Configure and manage capabilities](onboard.md)
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
-###Hardware-based isolation
+### Hardware-based isolation
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
@@ -368,7 +371,7 @@
### Configure Microsoft Threat Protection integration
#### [Configure Conditional Access](configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
-####[Configure information protection in Windows](information-protection-in-windows-config.md)
+#### [Configure information protection in Windows](information-protection-in-windows-config.md)
### [Configure Microsoft Defender Security Center settings](preferences-setup.md)
@@ -390,14 +393,14 @@
##### [Enable Threat intel](enable-custom-ti.md)
##### [Enable SIEM integration](enable-siem-integration.md)
-####Rules
+#### Rules
##### [Manage suppression rules](manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
##### [Manage indicators](manage-indicators.md)
##### [Manage automation file uploads](manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
-####Machine management
+#### Machine management
##### [Onboarding machines](onboard-configure.md)
##### [Offboarding machines](offboard-machines.md)
@@ -406,7 +409,7 @@
## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md)
-###Troubleshoot sensor state
+### Troubleshoot sensor state
#### [Check sensor state](check-sensor-status.md)
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
@@ -416,7 +419,7 @@
### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
#### [Check service health](service-status.md)
-###Troubleshoot attack surface reduction
+### Troubleshoot attack surface reduction
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
new file mode 100644
index 0000000000..8945fc0931
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@@ -0,0 +1,54 @@
+---
+title: Manage actions related to automated investigation and remediation
+description: Use the action center to manage actions related to automated investigation and response
+keywords: action, center, autoir, automated, investigation, response, remediation
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage actions related to automated investigation and remediation
+
+The Action center aggregates all investigations that require an action for an investigation to proceed or be completed.
+
+
+
+The action center consists of two main tabs:
+- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
+- History - Acts as an audit log for:
+ - All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
+ - All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
+ - Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
+
+
+
+
+Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
+
+From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
+
+
+>[!NOTE]
+>The tab will only appear if there are pending actions for that category.
+
+### Approve or reject an action
+You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
+
+Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
+
+From the panel, you can click on the Open investigation page link to see the investigation details.
+
+You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
+
+## Related topics
+- [Automated investigation and investigation](automated-investigations.md)
+- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index a4e69d1eab..7e77ed48e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -56,7 +56,7 @@ During an Automated investigation, details about each analyzed entity is categor
The **Log** tab reflects the chronological detailed view of all the investigation actions taken on the alert.
-If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions.
+If there are pending actions on the investigation, the **Pending actions** tab will be displayed where you can approve or reject actions. You can also go to the **Action center** to get an aggregated view all pending actions and manage remediaton actions. It also acts as an audit trail for all Automated investigation actions.
### How an Automated investigation expands its scope
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
index edc1463dfc..87fc6dcbbf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
@@ -1,6 +1,5 @@
---
title: Overview of Configuration score in Microsoft Defender Security Center
-ms.reviewer:
description: Expand your visibility into the overall security configuration posture of your organization
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
search.product: eADQiWindows 10XVcnh
@@ -9,8 +8,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: mjcaparas
-author: mjcaparas
+ms.author: dolmont
+author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@@ -25,7 +24,7 @@ ms.date: 04/11/2019
[!include[Prerelease information](prerelease.md)]
>[!NOTE]
-> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page.
+> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
The Microsoft Defender Advanced Threat Protection Configuration score gives you visibility and control over your organization's security posture based on security best practices.
@@ -54,4 +53,8 @@ The goal is to improve your configuration score by remediating the issues in the
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
index 1abeaeef86..1939474a15 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@@ -1,8 +1,8 @@
---
title: Evaluate Microsoft Defender Advanced Threat Protection
ms.reviewer:
-description:
-keywords:
+description: Evaluate the different security capabilities in Microsoft Defender ATP.
+keywords: attack surface reduction, evaluate, next, generation, protection
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -16,7 +16,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 08/10/2018
---
# Evaluate Microsoft Defender ATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png
new file mode 100644
index 0000000000..02ad4445e6
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/event-hub-resource-id.png b/windows/security/threat-protection/microsoft-defender-atp/images/event-hub-resource-id.png
new file mode 100644
index 0000000000..a83123905f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/event-hub-resource-id.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/machine-info-datatype-example.png b/windows/security/threat-protection/microsoft-defender-atp/images/machine-info-datatype-example.png
new file mode 100644
index 0000000000..41c451506b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/machine-info-datatype-example.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-event-schema.png b/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-event-schema.png
new file mode 100644
index 0000000000..d9409e3ab1
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-event-schema.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-resource-id.png b/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-resource-id.png
new file mode 100644
index 0000000000..cbd0d20303
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/storage-account-resource-id.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png
new file mode 100644
index 0000000000..aeab8c3b5c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-menu.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png
index d321e0ca67..580b189700 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_dashboard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png
index 6e474ccfa6..2b22b3f8b3 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_details.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png
index 095eb7424c..a55fa7fdf8 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_software_page_details.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
index c5abbcade3..22efe55158 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-reports.md
@@ -22,8 +22,7 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[!include[Prerelease information](prerelease.md)]
-
+
The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.
The dashboard is structured into two sections:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
index 046e0f4f05..093f9b62b0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
@@ -68,13 +68,13 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
2. Select **Create a suppression rule**.
- You can create a suppression rule based on the following attributes:
+ You can create a suppression condition using these attributes. An AND operator is applied between each condition, so suppression occurs only if all conditions are met.
- * File hash
- * File name - wild card supported
- * File path - wild card supported
- * IP
- * URL - wild card supported
+ * File SHA1
+ * File name - wildcard supported
+ * Folder path - wildcard supported
+ * IP address
+ * URL - wildcard supported
3. Select the **Trigerring IOC**.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 4db5431253..1edf8dcca8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up
-When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
+When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).
-The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
-
-
-
-Use the Customize columns drop-down menu to select columns that you'd like to show or hide.
-
-From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
-
-Pending actions are grouped together in the following tabs:
-- Quarantine file
-- Remove persistence
-- Stop process
-- Expand pivot
-- Quarantine service
-
->[!NOTE]
->The tab will only appear if there are pending actions for that category.
-
-### Approve or reject an action
-You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
-
-Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
-
-
-
-From the panel, you can click on the Open investigation page link to see the investigation details.
-
-You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations.
-
## Related topic
- [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
+- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 070ec84568..4e503d2f19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -1,6 +1,5 @@
---
title: Next-generation Threat & Vulnerability Management
-ms.reviewer:
description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
keywords: threat and vulnerability management, MDATP-TVM, vulnerability management, threat and vulnerability scanning
search.product: eADQiWindows 10XVcnh
@@ -9,8 +8,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: mjcaparas
-author: mjcaparas
+ms.author: dolmont
+author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@@ -24,16 +23,14 @@ ms.topic: conceptual
[!include[Prerelease information](prerelease.md)]
-Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrustructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
+Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrastructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
It helps organizations discover vulnerabilities and misconfigurations in real-time, based on sensors, without the need of agents or periodic scans. It prioritizes vulnerabilities based on the threat landscape, detections in your organization, sensitive information on vulnerable devices, and business context.
## Next-generation capabilities
Threat & Vulnerability Management is built-in, real-time, cloud-powered, fully integrated with Microsoft endpoint security stack, the Microsoft Intelligent Security Graph, and the application analytics knowledgebase.
-It is the first solution in the industry to automate the remediation process through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) for patching, configuration changes, or upgrades.
->[!Note]
-> Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will be available in the coming weeks.
+It is the first solution in the industry to bridge the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
It provides the following solutions to frequently-cited gaps across security operations, security administration, and IT administration workflows and communication.
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
@@ -44,21 +41,21 @@ It provides the following solutions to frequently-cited gaps across security ope
To discover endpoint vulnerabilities and misconfiguration, Threat & Vulnerability Management uses the same agentless built-in Microsoft Defender ATP sensors to reduce cumbersome network scans and IT overhead, and provides:
- Real-time device inventory. Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard.
-- Visibility into software and vulnerabilities. Optics into the organization’s software inventory, as well as software changes like installations, uninstallations, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
-- Application runtime context. Constant visibility into application usage patterns for better prioritization and decision-making. Critical dependencies, such as vulnerable runtime libraries being loaded by other applications, are made visible.
-- Configuration posture. Visibility into organizational security configuration, surfacing issues like disabled antivirus, enabled SMBv1, or misconfigurations that could allow escalation of privileges. Issues are reported in the dashboard with actionable security recommendations.
+- Visibility into software and vulnerabilities. Optics into the organization’s software inventory, and software changes like installations, uninstallations, and patches. Newly discovered vulnerabilities are reported with actionable mitigation recommendations for 1st and 3rd party applications.
+- Application runtime context. Visibility on application usage patterns for better prioritization and decision-making.
+- Configuration posture. Visibility into organizational security configuration or misconfigurations. Issues are reported in the dashboard with actionable security recommendations.
### Intelligence-driven prioritization
Threat & Vulnerability Management helps customers prioritize and focus on those weaknesses that pose the most urgent and the highest risk to the organization. Rather than using static prioritization by severity scores, Threat & Vulnerability Management in Microsoft Defender ATP highlights the most critical weaknesses that need attention by fusing its security recommendations with dynamic threat and business context:
- Exposing emerging attacks in the wild. Through its advanced cyber data and threat analytics platform, Threat & Vulnerability Management dynamically aligns the prioritization of its security recommendations to focus on vulnerabilities that are currently being exploited in the wild and emerging threats that pose the highest risk.
- Pinpointing active breaches. Microsoft Defender ATP correlates Threat & Vulnerability Management and EDR insights to provide the unique ability to prioritize vulnerabilities that are currently being exploited in an active breach within the organization.
-- Protecting high-value assets. Microsoft Defender ATP’s integration with Azure Information Protection allows Threat & Vulnerability Management to call attention to exposed machines with business-critical applications, confidential data, or high-value users.
+- Protecting high-value assets. Microsoft Defender ATP’s integration with Azure Information Protection allows Threat & Vulnerability Management to identify the exposed machines with business-critical applications, confidential data, or high-value users.
### Seamless remediation
Microsoft Defender ATP’s Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.
-- One-click remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune with one click. We plan to expand this capability to other IT security management platforms.
+- Remediation requests to IT. Through Microsoft Defender ATP’s integration with Microsoft Intune and System Center Configuration Manager (SCCM), security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
- Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
- Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization.
@@ -66,3 +63,7 @@ Microsoft Defender ATP’s Threat & Vulnerability Management allows security adm
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
new file mode 100644
index 0000000000..74282e67bc
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -0,0 +1,89 @@
+---
+title: Stream Microsoft Defender Advanced Threat Protection events.
+description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Event Hub.
+keywords: raw data export, streaming API, API, Azure Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Azure Event Hubs
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+
+## Before you begin:
+
+1. Create an [event hub](https://docs.microsoft.com/en-us/azure/event-hubs/) in your tenant.
+2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to **Microsoft.insights****.
+
+## Enable raw data streaming:
+
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) with a Global Admin user.
+2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
+3. Click on **Add data export settings**.
+4. Choose a name for your new settings.
+5. Choose **Forward events to Azure Event Hubs**.
+6. Type your **Event Hubs name** and your **Event Hubs resource ID**.
+ In order to get your **Event Hubs resource ID**, go to your Azure Event Hubs namespace page on [Azure](https://ms.portal.azure.com/) > properties tab > copy the text under **Resource ID**:
+
+ 
+
+7. Choose the events you want to stream and click **Save**.
+
+## The schema of the events in Azure Event Hubs:
+
+```
+{
+ "records": [
+ {
+ "time": ""
+ "tenantId": ""
+ "category": ""
+ "properties": { }
+ }
+ ...
+ ]
+}
+```
+
+- Each event hub message in Azure Event Hubs contains list of records.
+- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
+- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md).
+
+## Data types mapping:
+
+To get the data types for event properties do the following:
+
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) and go to [Advanced Hunting page](https://securitycenter.windows.com/hunting-package).
+2. Run the following query to get the data types mapping for each event:
+
+```
+{EventType}
+| getschema
+| project ColumnName, ColumnType
+
+```
+
+- Here is an example for Machine Info event:
+
+
+
+## Related topics
+- [Overview of Advanced Hunting](overview-hunting.md)
+- [Microsoft Defender ATP streaming API](raw-data-export.md)
+- [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)
+- [Azure Event Hubs documentation](https://docs.microsoft.com/en-us/azure/event-hubs/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
new file mode 100644
index 0000000000..1cea01f7d1
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -0,0 +1,89 @@
+---
+title: Stream Microsoft Defender Advanced Threat Protection events.
+description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account.
+keywords: raw data export, streaming API, API, Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+
+## Before you begin:
+
+1. Create a [Storage account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview) in your tenant.
+2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to **Microsoft.insights****.
+
+## Enable raw data streaming:
+
+1. Log in to [Microsoft Defender ATP portal](https://securitycenter.windows.com) with Global Admin user.
+2. Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on Microsoft Defender Security Center.
+3. Click on **Add data export settings**.
+4. Choose a name for your new settings.
+5. Choose **Forward events to Azure Storage**.
+6. Type your **Storage Account Resource Id**. In order to get your **Storage Account Resource Id**, go to your Storage account page on [Azure portal](https://ms.portal.azure.com/) > properties tab > copy the text under **Storage account resource ID**:
+
+ 
+
+7. Choose the events you want to stream and click **Save**.
+
+## The schema of the events in the Storage account:
+
+- A blob container will be created for each event type:
+
+
+
+- The schema of each row in a blob is the following JSON:
+
+```
+{
+ "time": ""
+ "tenantId": ""
+ "category": ""
+ "properties": { }
+}
+```
+
+- Each blob contains multiple rows.
+- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
+- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md).
+
+## Data types mapping:
+
+In order to get the data types for our events properties do the following:
+
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com) and go to [Advanced Hunting page](https://securitycenter.windows.com/hunting-package).
+2. Run the following query to get the data types mapping for each event:
+
+```
+{EventType}
+| getschema
+| project ColumnName, ColumnType
+
+```
+
+- Here is an example for Machine Info event:
+
+
+
+## Related topics
+- [Overview of Advanced Hunting](overview-hunting.md)
+- [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md)
+- [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md)
+- [Azure Storage Account documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
new file mode 100644
index 0000000000..1349b4a57b
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -0,0 +1,43 @@
+---
+title: Stream Microsoft Defender Advanced Threat Protection event
+description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to Event Hubs or Azure storage account
+keywords: raw data export, streaming API, API, Event hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Raw Data Streaming API (Preview)
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
+
+## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
+
+Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting.md) to an [Event Hubs](https://docs.microsoft.com/en-us/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/en-us/azure/event-hubs/).
+
+## In this section
+
+Topic | Description
+:---|:---
+[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to Event Hubs.
+[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to your Azure storage account.
+
+
+## Related topics
+- [Overview of Advanced Hunting](overview-hunting.md)
+- [Azure Event Hubs documentation](https://docs.microsoft.com/en-us/azure/event-hubs/)
+- [Azure Storage Account documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 5d53cdeabf..3b639a0b80 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -1,108 +1,133 @@
----
-title: Threat & Vulnerability Management scenarios
-ms.reviewer:
-description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats.
-keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: mjcaparas
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
----
-
-# Threat & Vulnerability Management scenarios
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-[!include[Prerelease information](prerelease.md)]
-
-## Before you begin
-Ensure that your machines:
-- Are onboarded to Microsoft Defender Advanced Threat Protection
-- Running with Windows 10 1709 (Fall Creators Update) or later
-- Have the following mandatory updates installed:
-- (1) RS3 customers | [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441)
-- (2) RS4 customers | [KB4493464](https://support.microsoft.com/en-us/help/4493464)
-- Have at least one security recommendation that can be viewed in the machine page
-- Are tagged or marked as co-managed
-
-
-## Reduce your threat and vulnerability exposure
-Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats.
-
-The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
-- Weaknesses, such as vulnerabilities and misconfigurations discovered on the device
-- External and internal threats such as public exploit code and security alerts
-- Likelihood of the device getting breached given its current security posture
-- Value of the device to the organization given its role and content
-
-The exposure score is broken down into the following levels:
-- 0 to 29: low exposure score
-- 30 to 69: medium exposure score
-- 70 to 100: high exposure score
-
-You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization.
-
-To lower down your threat and vulnerability exposure:
-
-1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. This opens the **Security recommendation** page.
-
- >>
-
- >[!NOTE]
- > There are two types of recommendations:
- > - Security update which refers to recommendations that require a package installation
- > - Configuration change which refers to recommendations that require a registry or GPO modification
- > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon or the possible alert activity [possible alert activity](images/tvm_alert_icon.png) icon.
-
-2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It shows the vulnerability details, such as the associated exploits affecting what machines and its business impact. Click **Open software page** option from the flyout menu. 
-
-3. Click **Installed machines** and select the affected machine from the list to open the flyout page with the relevant machine details, exposure and risk levels, alert and incident activities. 
-
-4. Click **Open machine page** to connect to the machine and apply the selected recommendation. 
-
-5. Allow a few hours for the changes to propagate in the system.
-
-6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate won't be listed there anymore, and the exposure score should decrease.
-
-## Improve your security configuration
->[!NOTE]
-> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). We’ll keep the secure score page available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page.
-
-Remediating issues in the security recommendations list will improve your configuration. As you do so, your configuration score improves, which means building your organization's resilience against cybersecurity threats and vulnerabilities stronger.
-
-1. From the Configuration score widget, select **Security controls**. This opens the **Security recommendations** page showing the list of issues related to security controls.
-
- >>
-
-2. Select the first item on the list. This opens the flyout menu with the description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**.
- 
-
-3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
-
- > >.
- >
- > You will see a confirmation message that the remediation task has been created.
- > 
-
-4. Save your CSV file.
- 
-
-5. Send a follow up email to your IT Administrator and allow the time that you have alloted for the remediation to propagate in the system.
-
-6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
-
-
-## Related topics
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
-- [Configuration score](configuration-score.md)
-
+---
+title: Threat & Vulnerability Management scenarios
+description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats.
+keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Threat & Vulnerability Management scenarios
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Before you begin
+Ensure that your machines:
+- Are onboarded to Microsoft Defender Advanced Threat Protection
+- Running with Windows 10 1709 (Fall Creators Update) or later
+
+>[!NOTE]
+>Threat & Vulnerability Management can also scan machines running on Windows 7 and Windows Server 2019 operating systems and detects vulnerabilities coming from patch Tuesday.
+
+- Have the following mandatory updates installed:
+- (1) RS3 customers | [KB4493441](https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441)
+- (2) RS4 customers | [KB4493464](https://support.microsoft.com/en-us/help/4493464)
+- Are onboarded to Microsoft Intune and System Center Configuration Manager (SCCM). If you are using SCCM, update your console to the latest May version 1905
+- Have at least one security recommendation that can be viewed in the machine page
+- Are tagged or marked as co-managed
+
+
+## Reduce your threat and vulnerability exposure
+Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats.
+
+The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
+- Weaknesses, such as vulnerabilities discovered on the device
+- External and internal threats such as public exploit code and security alerts
+- Likelihood of the device getting breached given its current security posture
+- Value of the device to the organization given its role and content
+
+The exposure score is broken down into the following levels:
+- 0 to 29: low exposure score
+- 30 to 69: medium exposure score
+- 70 to 100: high exposure score
+
+You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization.
+
+To lower down your threat and vulnerability exposure:
+
+1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. This opens the **Security recommendation** page.
+
+ >>
+
+ >[!NOTE]
+ > There are two types of recommendations:
+ > - Security update which refers to recommendations that require a package installation
+ > - Configuration change which refers to recommendations that require a registry or GPO modification
+ > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon and possible active alert  icon.
+
+2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It shows the vulnerability details, such as the associated exploits affecting what machines and its business impact. Click **Open software page** option from the flyout menu. 
+
+3. Click **Installed machines** and select the affected machine from the list to open the flyout page with the relevant machine details, exposure and risk levels, alert and incident activities. 
+
+4. Click **Open machine page** to connect to the machine and apply the selected recommendation. 
+
+5. Allow a few hours for the changes to propagate in the system.
+
+6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate won't be listed there anymore, and the exposure score should decrease.
+
+## Improve your security configuration
+>[!NOTE]
+> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). We’ll keep the secure score page available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page.
+
+Remediating issues in the security recommendations list will improve your configuration. As you do so, your configuration score improves, which means building your organization's resilience against cybersecurity threats and vulnerabilities stronger.
+
+1. From the Configuration score widget, select **Security controls**. This opens the **Security recommendations** page showing the list of issues related to security controls.
+
+ >>
+
+2. Select the first item on the list. This opens the flyout menu with the description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**.
+ 
+
+3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
+
+ >>.
+
+ >You will see a confirmation message that the remediation task has been created.
+ >
+
+4. Save your CSV file.
+ 
+
+5. Send a follow up email to your IT Administrator and allow the time that you have alloted for the remediation to propagate in the system.
+
+6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be be listed there anymore, and your configuration score should increase.
+
+## Request a remediation
+>[!NOTE]
+>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
+
+The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT Administrators through the remediation request workflow.
+Security Administrators like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
+
+1. Click on a security recommendation you would like to request remediation for, and then click **Remediation options**.
+
+2. Select **Open a ticket in Intune (for AAD joined devices)**, select a due date, and add optional notes for the IT Administrator. Click **Submit request**.
+
+3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment.
+
+4. Go to the **Remediation** page to view the status of your remediation request.
+
+See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/atp-manage-vulnerabilities) for details.
+
+>[!NOTE]
+>If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Configuration score](configuration-score.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 2f3d53c781..6c634edeed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -1,6 +1,5 @@
---
title: What's in the dashboard and what it means for my organization's security posture
-ms.reviewer:
description: What's in the Threat & Vulnerability Management dashboard and how it can help SecOps and Security Administrators arrive at informed decisions in addressing cybersecurity threat vulnerabilities and building their organization's security resilience.
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
search.product: eADQiWindows 10XVcnh
@@ -9,8 +8,8 @@ ms.prod: eADQiWindows 10XVcnh
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: ellevin
-author: levinec
+ms.author: dolmont
+author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@@ -22,18 +21,15 @@ ms.topic: conceptual
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-[!include[Prerelease information](prerelease.md)]
-
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+[!include[Prerelease information](prerelease.md)]
+
Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Invaluable machine vulnerability context during incident investigations
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager (SCCM)
- >[!NOTE]
- > Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) integration will be available in the coming weeks.
-
You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
- View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines
- Correlate EDR insights with endpoint vulnerabilities and process them
@@ -44,7 +40,7 @@ When you open the portal, you’ll see the main areas of the capability:
- 
+ 
- (1) Menu in the navigation pane
- (2) Threat & Vulnerability Management icon
@@ -55,23 +51,29 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
(1) Menu | Select menu to expand the navigation pane and see the names of the Threat & Vulnerability Management capabilities.
-(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, and **Software inventory**.
+(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, **Software inventory**, and **Weaknesses**.
**Dashboards** | Get a high-level view of the organization exposure score, MDATP configuration score, top remediation activities, top security recommendations, top vulnerable software, and top exposed machines data.
-**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, and have the option to open the software page, and see the remediation options.
-**Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV.
-**Software inventory** | See the list of applications, versions, weaknesses, whether there’s an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the vulnerabilities and misconfigurations associated and its machine and version distribution details.
-(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, **Top exposed machines**, and **Threat campaigns**.
+**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, open the software page, and see the remediation options. You can also open a ticket in Intune if your machines are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP. See [Security recommendations](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) for more information.
+**Remediation** | See the remediation activity, related component, remediation type, status, due date, and option to export the remediation and process data to CSV. See [Remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation) for more information.
+**Software inventory** | See the list of applications, versions, weaknesses, whether there’s an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected machine, version distribution details, and missing KBs or security updates. See [Software inventory](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) for more information.
+**Weaknesses** | See the list of common vulnerabilities and exposures, the severity, its common vulnerability scoring system (CVSS) V3 score, related software, age, when it was published, related threat alerts, and how many exposed machines are there. You can select each item in the list and it opens a fly-in page with the vulnerability description and other details. See [Weaknesses](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) for more information.
+(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, and **Top exposed machines**.
+**Selected machine groups (#/#)** | Filter the Threat & Vulnerability Management data that you want to see in the dashboard and widgets by machine groups. What you select in the filter will be applied throughout the Threat & Vulnerability management pages only.
**Organization Exposure score** | See the current state of your organization’s device exposure to threats and vulnerabilities. Several factors affect your organization’s exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower down your organization’s exposure score to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
-**MDATP Configuration score** | See the security posture of your organization’s operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security recommendation** page for details.
+**MDATP Configuration score** | See the security posture of your organization’s operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security recommendation** page for details. See [Configuration score](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configuration-score) for more information.
**Machine exposure distribution** | See how many machines are exposed based on their exposure level. You can click the sections in the doughnut chart and it will take you to the **Machines list** page where you'll see the affected machine names, exposure level side by side with risk level, among other details such as domain, OS platform, its health state, when it was last seen, and its tags.
**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization’s risk exposure and the urgency that it requires. Useful icons also quickly calls your attention on possible active alerts , associated public exploits , and recommendation insights . You can drill down on the security recommendation to see the potential risks, list of exposed machines, and read the insights. Thus, providing you with an informed decision to either proceed with a remediation request. Click **Show more** to see the rest of the security recommendations in the list.
**Top vulnerable software** | Get real-time visibility into the organizational software inventory, with stack-ranked list of vulnerable software installed on your network’s devices and how they impact on your organizational exposure score. Click each item for details or **Show more** to see the rest of the vulnerable application list in the **Software inventory** page.
**Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list to see the details in the **Remediation** page or click **Show more** to see the rest of the remediation activities.
**Top exposed machines** | See the exposed machine names and their exposure level. You can click each machine name from the list and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. You can also click **Show more** to see the rest of the exposed machines list.
-See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal.
+See [Microsoft Defender ATP icons](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal.
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Configuration score](configuration-score.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
new file mode 100644
index 0000000000..3617f68bd7
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -0,0 +1,64 @@
+---
+title: Remediation
+description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM).
+keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.date: 04/11/2019
+---
+# Remediation
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+>[!NOTE]
+>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
+
+After your organization's cybersecurity weaknesses are identified and mapped to actionable security recommendations, you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
+
+You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
+
+## Navigate through your remediation options
+You'll see your remediation options when you select one of the security recommendation blocks from your **Top security recommendations** widget in the dashboard.
+1. From the fly-in page, you'll see the security recommendation details including your next steps. Click **Remediation options**.
+2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**.
+
+>[!NOTE]
+>If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.
+
+3. Select a remediation due date.
+4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance.
+
+If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/atp-manage-vulnerabilities) for details.
+
+## How it works
+
+When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity.
+
+It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation page**, and it also creates a remediation ticket in Microsoft Intune.
+
+You also have the option to export all remediation activity data to CSV for records, reporting purposes, or if you want to notify your IT administration counterpart that a remediation ticket has been submitted.
+
+The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [Security recommendation](tvm-security-recommendation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
+
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
new file mode 100644
index 0000000000..865fe8405f
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -0,0 +1,68 @@
+---
+title: Security recommendation
+description: The weaknesses identified in the environment are mapped to actionable security recommendations and prioritized by their impact on the organizational exposure score.
+keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.date: 04/11/2019
+---
+# Security recommendation
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+The cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact on the security recommendation list. Prioritized recommendation helps shorten the mean time to mitigate or remediate vulnerabilities and drive compliance.
+
+Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and SCCM. It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collect information from your environment.
+
+## The basis of the security recommendation
+Each machine in the organization is scored based on three important factors: threat, likelihood to be breached, and value, to help customers to focus on the right things at the right time.
+
+- Threat - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the correponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
+
+- Breach likelihood - Your organization's security posture and resilience against threats
+
+- Business value - Your organization's assets, critical processes, and intellectual properties
+
+
+## Navigate through your security recommendations
+You can access the security recommendation from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page, to give you the context that you need as you require it.
+
+There are security recommendations for application, operating system, network, accounts, and security controls.
+
+In a given day as a Security Administrator, you can take a look at the dashboard to see your exposure score side-by-side with your configuration score. The goal is to lower down your organization's exposure from vulnerabilities, and increase your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
+
+The top security recommendations lists down the improvement opportunities prioritized based on the three important factors mentioned in the previous section - threat, likelihood to be breached, and value.
+
+You can click on each one of them and see the details, the description, the potential risk if you don't act on or remediate it, insights, how many exposed devices are associated with the security recommendation, vulnerabilities, and other threats.
+
+From that page, you can do any of the following depending on what you need to do:
+
+- Open software page - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, and charts so you can see the exposure trend over time.
+
+- Choose from remediation options - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
+
+- Choose from exception options - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive.
+
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Configuration score](configuration-score.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
+- [Weaknesses](tvm-weaknesses.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
new file mode 100644
index 0000000000..fed509c866
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -0,0 +1,44 @@
+---
+title: Software inventory
+description: Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the software inventory page. You can see the name of the product, vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected.
+keywords: microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.date: 04/11/2019
+---
+# Software inventory
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it.
+
+## Navigate through your software inventory
+1. Select **Software inventory** from the Threat & Vulnerability management navigation menu.
+2. In the **Software inventory** page, select the application that you want to investigate and a fly-in screen opens up with the software details, vendor information, prevalence in the organization, exposed machines, threat context, and its impact to your organization's exposure score.
+3. In the fly-in screen, select **Open software page** to dive deeper into your software inventory. You will see how many weaknesses are discovered with the application, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified.
+
+## How it works
+In the field of discovery, we are leveraging the same set of signals in Microsoft Defender ATP's endpoint detection and response that's responsible for detection, for vulnerability assessment.
+
+Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular application is connected to a live campaign. It also provides a link to a Threat Analytics report soon as it's available.
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [Security recommendation](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Weaknesses](tvm-weaknesses.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
new file mode 100644
index 0000000000..dec5d3e76e
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -0,0 +1,60 @@
+---
+title: Weaknesses
+description: The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, breach, and threat insights.
+keywords: mdatp threat & vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+ms.date: 04/11/2019
+---
+# Weaknesses
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](prerelease.md)]
+
+Threat & Vulnerability Management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
+
+The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights.
+
+## Navigate through your organization's weaknesses page
+You can see the list of vulnerabilities in two ways:
+
+*Global search*
+1. Click the global search drop-down menu.
+2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for. The **Weaknesses** page opens with the list of the vulnerabilities and details.
+
+*Weaknesses page in the menu*
+1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization.
+2. Select the vulnerability that you want to investigate to open up a fly-in page with the vulnerability details, such as: CVE description, CVE ID, exploits available, severity, publish, and update dates.
+
+## How it works
+When new vulnerabilities are released, you would want know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the **Weaknesses** page.
+
+If the **Exposed Machines** column shows 0, that means you are not infected.
+
+If there's a number in the **Exposed Machines**, that means you need to remediate the vulnerabilities in those machines because they put the rest of your assets and your organization at risk.
+
+You can also see the related alert and threat insights in the **Threat** column.
+
+ >[!NOTE]
+ > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon and possible active alert  icon.
+
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [Security recommendation](tvm-security-recommendation.md)
+- [Remediation](tvm-remediation.md)
+- [Software inventory](tvm-software-inventory.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index b25652932d..2d79566f34 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -28,6 +28,9 @@ The following features are generally available (GA) in the latest release of Mic
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
+## June 2019
+- [Machine health and compliance report](machine-reports.md) The machine health and compliance report provides high-level information about the devices in your organization.
+
## May 2019
- [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)
The threat protection report provides high-level information about alerts generated in your organization.
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
index bc76ebc546..1ce56378e4 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
@@ -38,8 +38,20 @@ Verify that the **Domain member: Disable machine account password changes** opti
### Best practices
-1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions.
-2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain.
+1. Do not enable this policy setting. Machine account passwords are used to establish secure channel communications between members and domain controllers and between the domain controllers within the domain. After it is established, the secure channel transmits sensitive information that is necessary for making authentication and authorization decisions.
+2. Do not use this policy setting in an attempt to support dual-boot scenarios that use the same machine account. If you want to dual-boot installations that are joined to the same domain, give the two installations different computer names. This policy setting was added to the Windows operating system to make it easier for organizations that stockpile pre-built computers that are put into production months later; those devices do not have to be rejoined to the domain.
+3. You may consider using this policy setting in particular environments, such as the following:
+
+ - Non-persistent Virtual Desktop Infrastructure implementations. In such implementations, each session starts from a read-only base image.
+ - Embedded devices that do not have write access to the OS volume.
+
+ In either of these cases, a password change that was made during normal operations would be lost as soon as the session ends. We strongly recommend that you plan password changes for maintenance windows. Add the password changes to the updates and modifications that Windows performs during maintenance windows. To trigger a password update on a particular OS volume, use the following command:
+
+ ```
+ Nltest /sc_change_pwd:
+ ```
+
+ In this command, **\** represents the domain of the local computer. For more information about maintenance windows and non-persistent VDI implementations, see [Optimizing Windows 10, version 1803, for a Virtual Desktop Infrastructure (VDI) role: VDI optimization principles: Non-Persistent VDI](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-1803#vdi-optimization-principles).
### Location
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
index a9d641a335..d34b8a9ce6 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
@@ -28,19 +28,21 @@ Describes the best practices, location, values, and security considerations for
The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change.
-In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. Increasing this interval significantly, or setting it to **0** so that a device no longer submits a password change, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
+In Active Directory–based domains, each device has an account and password. By default, the domain members submit a password change every 30 days. You can extend or reduce this interval. Additionally, you can use the policy **Domain member: Disable machine account password changes** to disable the password change requirement altogether. However, before you consider this option, review the implications as described in [Domain member: Disable machine account password changes](domain-member-disable-machine-account-password-changes.md).
+
+> [!IMPORTANT]
+> Significantly increasing the password change interval (or disabling password changes) gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
For more information, see [Machine Account Password Process](https://blogs.technet.microsoft.com/askds/2009/02/15/machine-account-password-process-2/).
### Possible values
-- User-defined number of days between 0 and 999
+- User-defined number of days between 1 and 999
- Not defined.
### Best practices
-1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days.
-Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites.
+1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites.
2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer starts after being offline more than 30 days, the Netlogon service will notice the password age and initiate a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer will not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days.
### Location
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index f03034aac2..ba47760e7f 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -41,7 +41,7 @@ MpCmdRun.exe [command] [-options]
| Command | Description |
|:--------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------|
| \-? **or** -h | Displays all available options for this tool |
-| \-Scan [-ScanType #] [-File [-DisableRemediation] [-BootSectorScan]] [-Timeout ] [-Cancel] | Scans for malicious software |
+| \-Scan [-ScanType #] [-File \ [-DisableRemediation] [-BootSectorScan]] [-Timeout \] [-Cancel] | Scans for malicious software |
| \-Trace [-Grouping #] [-Level #] | Starts diagnostic tracing |
| \-GetFiles | Collects support information |
| \-GetFilesDiagTrack | Same as Getfiles but outputs to temporary DiagTrack folder |
@@ -49,11 +49,11 @@ MpCmdRun.exe [command] [-options]
| \-RemoveDefinitions [-DynamicSignatures] | Removes only the dynamically downloaded Security intelligence |
| \-RemoveDefinitions [-Engine] | Restores the previous installed engine |
| \-SignatureUpdate [-UNC \| -MMPC] | Checks for new Security intelligence updates |
-| \-Restore [-ListAll \| [[-Name ] [-All] \| [-FilePath ]] [-Path ]] | Restores or lists quarantined item(s) |
+| \-Restore [-ListAll \| [[-Name \] [-All] \| [-FilePath \]] [-Path \]] | Restores or lists quarantined item(s) |
| \-AddDynamicSignature [-Path] | Loads dynamic Security intelligence |
| \-ListAllDynamicSignatures | Lists the loaded dynamic Security intelligence |
| \-RemoveDynamicSignature [-SignatureSetID] | Removes dynamic Security intelligence |
-| \-CheckExclusion -path | Checks whether a path is excluded |
+| \-CheckExclusion -path \ | Checks whether a path is excluded |
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
index 5d16f8d6e6..6506a13f61 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
@@ -83,7 +83,7 @@ Open the Intune management portal either by searching for Intune on https://port
1. Description: *Optional*
1. OMA-URI: **./Vendor/MSFT/Defender/SharedSignatureRoot**
1. Data type: **String**
- 1. Value: **\\\wdav-update\** (see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be)
+ 1. Value: **\\\wdav-update\** (see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be)
1. Click **Ok** to close the details blade, then **OK** again to close the **Custom OMA-URI Settings** blade. Click **Create** to save the new profile. The profile details page now appears.
1. Click **Assignments**. The **Include** tab is automatically selected. In the drop-down menu, select **Selected Groups**, then click **Select groups to include**. Click the **VDI test VMs** group and then **Select**.
1. Click **Evaluate** to see how many users/devices will be impacted. If the number makes sense, click **Save**. If the number doesn’t make sense, go back to the groups blade and confirm the group contains the right users or devices.
@@ -94,7 +94,7 @@ Open the Intune management portal either by searching for Intune on https://port
1. In the **Group Policy Management Editor** go to **Computer configuration**.
1. Click **Administrative templates**.
1. Expand the tree to **Windows components > Windows Defender Antivirus > Security Intelligence Updates**
-1. Double-click Define security intelligence location for VDI clients and set the option to Enabled. A field automatically appears, enter *\\\wdav-update *(see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be). Click **OK**.
+1. Double-click Define security intelligence location for VDI clients and set the option to Enabled. A field automatically appears, enter *\\\wdav-update *(see the [Download and unpackage](#download-and-unpackage-the-latest-updates) section for what this will be). Click **OK**.
1. Deploy the GPO to the VMs you want to test.
#### Use PowerShell to enable the shared security intelligence feature:
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
index da0118cedb..3963464f4e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
@@ -22,21 +22,18 @@ ms.topic: conceptual
**Applies to:**
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
## Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
@@ -76,18 +73,18 @@ To complete this process, you must have admin privileges on the machine.
-The installation will proceed.
+The installation proceeds.
> [!NOTE]
> If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but real-time protection will be disabled.
-### Fixing disabled Real Time Protection
+### Fixing disabled Real-Time Protection
-If you did not enable Microsoft's driver during installation, then Defender's application will display a banner prompting you to enable it:
+If you did not enable Microsoft's driver during installation, then the application displays a banner prompting you to enable it:
-You can also run ```mdatp --health```. It will report if Real Time Protection is enabled but not available:
+You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available:
```bash
mavel-mojave:~ testuser$ mdatp --health
@@ -98,15 +95,15 @@ realTimeProtectionEnabled : true
```
> [!NOTE]
-> You have a 30 minute window to enable Real Time Protection from the warning banner, immediately following installation.
+> You have a 30 minute window to enable Real-Time Protection from the warning banner, immediately following installation.
-The warning banner containing a **Fix** button, which allows you to quickly enable Real Time Protection, without having to open a command prompt. Select the **Fix** button. It will prompt the **Security & Privacy** system window, where you will have to **Allow** system software from developers "Microsoft Corporation".
+The warning banner contains a **Fix** button, which allows you to quickly enable Real-Time Protection, without having to open a command prompt. Select the **Fix** button. It prompts the **Security & Privacy** system window, where you have to **Allow** system software from developers "Microsoft Corporation".
-If you don't see a prompt, it means that 30 or more minutes have already passed, and Real Time Protection has still not been enabled:
+If you don't see a prompt, it means that 30 or more minutes have already passed, and Real-Time Protection has still not been enabled:
-In this case, you will need to perform the following steps to enable Real Time Protection instead.
+In this case, you need to perform the following steps to enable Real-Time Protection instead.
1. In Terminal, attempt to install the driver. (The operation will fail)
```bash
@@ -126,7 +123,7 @@ In this case, you will need to perform the following steps to enable Real Time P
mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext
```
-The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real Time Protection is both enabled and available:
+The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available:
```bash
mavel-mojave:~ testuser$ mdatp --health
@@ -140,7 +137,7 @@ realTimeProtectionEnabled : true
1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
- The client machine is not associated with orgId. Note that the orgid is blank.
+ The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
```bash
mavel-mojave:wdavconfig testuser$ mdatp --health orgId
@@ -153,7 +150,7 @@ realTimeProtectionEnabled : true
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
```
-3. Verify that the machine is now associated with orgId:
+3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
```bash
mavel-mojave:wdavconfig testuser$ mdatp --health orgId
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
index 4a6531ad42..9565fa13e5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
@@ -22,21 +22,18 @@ ms.topic: conceptual
**Applies to:**
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
## Download installation and onboarding packages
Download the installation and onboarding packages from Microsoft Defender Security Center:
1. In Microsoft Defender Security Center, go to **Settings** > **Device Management** > **Onboarding**.
-2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**.
+2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS, or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos).
@@ -85,19 +82,19 @@ Download the installation and onboarding packages from Microsoft Defender Securi
You need no special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp).
-1. You'll be asked to confirm device management.
+1. You are asked to confirm device management.
-Select **Open System Preferences**, locate **Management Profile** on the list and select **Approve...**. Your Management Profile would be displayed as **Verified**:
+Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**:
2. Select **Continue** and complete the enrollment.
-You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
+You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
-3. In Intune, open **Manage** > **Devices** > **All devices**. You'll see your device among those listed:
+3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed:
@@ -105,17 +102,17 @@ You may now enroll additional devices. You can also enroll them later, after you
1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
-3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
+3. Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections.
4. Select **OK**.
5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
-6. Repeat steps 1 through 5 for additional profiles.
+6. Repeat steps 1 through 5 for more profiles.
7. Create a new profile one more time, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.
8. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
-Once the Intune changes are propagated to the enrolled devices, you'll see them listed under **Monitor** > **Device status**:
+Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**:
@@ -138,11 +135,11 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
8. Change **Assignment type** to **Required**.
-9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
-10. After some time the application will be published to all enrolled devices. You'll see it listed on **Monitor** > **Device**, under **Device install status**:
+10. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**:
@@ -153,7 +150,7 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
-2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that we added in Intune.:
+2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune:
3. You should also see the Microsoft Defender icon in the top-right corner:
@@ -162,7 +159,7 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
## Logging installation issues
-See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) .
## Uninstallation
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
index a0c446dd3f..7105a86af8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
@@ -22,10 +22,7 @@ ms.topic: conceptual
**Applies to:**
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
## Prerequisites and system requirements
@@ -76,7 +73,7 @@ To set the onboarding information, add a property list file with the name, _jamf
>[!IMPORTANT]
> You must set the Preference Domain as "com.microsoft.wdav.atp"
- 
+
### Approved Kernel Extension
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
index f994a4d7d4..91a5f56395 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
@@ -1,6 +1,6 @@
---
title: Installing Microsoft Defender ATP for Mac with different MDM product
-description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution.
+description: Describes how to install Microsoft Defender ATP for Mac on other management solutions.
keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -17,65 +17,63 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Deployment with a different MDM system
+# Deployment with a different Mobile Device Management (MDM) system
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
## Approach
-Your organization may use a Mobile Device Management (MDM) solution we do not officially support.
-This does not mean you will be unable to deploy or run Microsoft Defender ATP for Mac.
-However, we will not be able to provide support for deploying or managing Defender via these solutions.
+> [!CAUTION]
+> Currently, Microsoft oficially supports only Intune and JAMF for the deployment and management of Microsoft Defender ATP for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
+
+If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender ATP for Mac.
Microsoft Defender ATP for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
-- Deploying a macOS .pkg to managed machines.
-- Deploying macOS system configuration profiles to managed machines.
-- Running an arbitrary admin-configured tool/script on managed machines.
+- Deploy a macOS .pkg to managed machines.
+- Deploy macOS system configuration profiles to managed machines.
+- Run an arbitrary admin-configured tool/script on managed machines.
-The majority of modern MDM solutions include these features, however, they may call them differently.
+Most modern MDM solutions include these features, however, they may call them differently.
-You can deploy Defender without the last requirement from the list above, however:
+You can deploy Defender without the last requirement from the preceding list, however:
-- You won't be able to collect status in a centralized way
-- If you decide to uninstall Defender, you'll need to logon to the client machine locally as an administrator
+- You will not be able to collect status in a centralized way
+- If you decide to uninstall Defender, you will need to logon to the client machine locally as an administrator
## Deployment
-Most MDM solution use the same model for managing macOS machines, with similar terminology.
-Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template.
+Most MDM solutions use the same model for managing macOS machines, with similar terminology. Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template.
### Package
Configure deployment of a [required application package](microsoft-defender-atp-mac-install-with-jamf.md#package),
-with the installation package (wdav.pkg) downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
-Your MDM solution can allow you uploading of an arbitrary application package, or require you to wrap it into a custom package first.
+In order to deploy the package to your enterprise, use the instructions associated with your MDM solution.
### License settings
-Setup [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile).
+Set up [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile).
Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS.
-Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can extracted from an onboarding package downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
-Your system may support an arbitrary property list in XML format. You can just upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
+Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
Alternatively, it may require you to convert the property list to a different format first.
-Note that your custom profile would have an id, name or domain attribute. You must use exactly "com.microsoft.wdav.atp".
-MDM will use it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender will use this file for loading onboarding info.
+Typically, your custom profile has an id, name, or domain attribute. You must use exactly "com.microsoft.wdav.atp" for this value.
+MDM uses it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender uses this file for loading the onboarding information.
-### KEXT
+### Kernel extension policy
-Setup a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to whitelist kernel extensions provided by Microsoft.
+Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to whitelist kernel extensions provided by Microsoft.
-## Was it successful?
+## Check installation status
-Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine.
+Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine to check the onboarding status.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
index fd571e3bb9..7087ac45f5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md
@@ -20,6 +20,10 @@ ms.topic: conceptual
# Set preferences for Microsoft Defender ATP for Mac
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
>[!IMPORTANT]
>This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md
new file mode 100644
index 0000000000..eb3359531d
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md
@@ -0,0 +1,264 @@
+---
+title: Privacy for Microsoft Defender ATP for Mac
+ms.reviewer:
+description: Describes privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender ATP for Mac.
+keywords: microsoft, defender, atp, mac, privacy, diagnostic
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Privacy for Microsoft Defender ATP for Mac
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender ATP for Mac.
+
+This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
+
+## Overview of privacy controls in Microsoft Defender ATP for Mac
+
+This section describes the privacy controls for the different types of data collected by Microsoft Defender ATP for Mac.
+
+### Diagnostic data
+
+Diagnostic data is used to keep Microsoft Defender ATP secure and up-to-date, detect, diagnose and fix problems, and also make product improvements.
+
+Some diagnostic data is required, while some diagnostic data is optional. We give you the ability to choose whether to send us required or optional diagnostic data through the use of privacy controls, such as policy settings for organizations.
+
+There are two levels of diagnostic data for Microsoft Defender ATP client software that you can choose from:
+
+* **Required**: The minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and performing as expected on the device it’s installed on.
+
+* **Optional**: Additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and remediate issues.
+
+By default, both optional and required diagnostic data are sent to Microsoft.
+
+### Cloud delivered protection data
+
+Cloud delivered protection is used to provide increased and faster protection with access to the latest protection data in the cloud.
+
+Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network.
+
+### Sample data
+
+Sample data is used to improve the protection capabilities of the product, by sending Microsoft suspicious samples so they can be analyzed. Enabling automatic sample submission is optional.
+
+When this feature is enabled and the sample that is collected is likely to contain personal information, the user is prompted for consent.
+
+## Manage privacy controls with policy settings
+
+If you're an IT administrator, you might want to configure these controls at the enterprise level.
+
+The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+
+As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization.
+
+## Diagnostic data events
+
+This section describes what is considered required diagnostic data and what is considered optional diagnostic data, along with a description of the events and fields that are collected.
+
+### Data fields that are common for all events
+There is some information about events that is common to all events, regardless of category or data subtype.
+
+The following fields are considered common for all events:
+
+| Field | Description |
+| ----------------------- | ----------- |
+| platform | The broad classification of the platform on which the app is running. Allows Microsoft to identify on which platforms an issue may be occurring so that it can correctly be prioritized. |
+| machine_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
+| sense_guid | Unique identifier associated with the device. Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
+| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. |
+| hostname | Local machine name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. |
+| product_guid | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. |
+| app_version | Version of the Microsoft Defender ATP for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
+| sig_version | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. |
+| supported_compressions | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. |
+| release_ring | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. |
+
+
+### Required diagnostic data
+
+**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender ATP secure, up-to-date, and perform as expected on the device it’s installed on.
+
+Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Microsoft Defender ATP feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Microsoft Defender ATP features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
+
+#### Software setup and inventory data events
+
+**Microsoft Defender ATP installation / uninstallation**
+
+The following fields are collected:
+
+| Field | Description |
+| ---------------- | ----------- |
+| correlation_id | Unique identifier associated with the installation. |
+| version | Version of the package. |
+| severity | Severity of the message (for example Informational). |
+| code | Code that describes the operation. |
+| text | Additional information associated with the product installation. |
+
+**Microsoft Defender ATP configuration**
+
+The following fields are collected:
+
+| Field | Description |
+| --------------------------------------------------- | ----------- |
+| antivirus_engine.enable_real_time_protection | Whether real-time protection is enabled on the device or not. |
+| cloud_service.enabled | Whether cloud delivered protection is enabled on the device or not. |
+| cloud_service.timeout | Time out when the application communicates with the Microsoft Defender ATP cloud. |
+| cloud_service.heartbeat_interval | Interval between consecutive heartbeats sent by the product to the cloud. |
+| cloud_service.service_uri | URI used to communicate with the cloud. |
+| cloud_service.diagnostic_level | Diagnostic level of the device (required, optional). |
+| cloud_service.automatic_sample_submission | Whether automatic sample submission is turned on or not. |
+| features.\[optional feature name\] | List of preview features, along with whether they are enabled or not. |
+
+#### Product and service performance data events
+
+**Kernel extension statistics**
+
+The following fields are collected:
+
+| Field | Description |
+| ---------------- | ----------- |
+| version | Version of Microsoft Defender ATP for Mac. |
+| instance_id | Unique identifier generated on kernel extension startup. |
+| trace_level | Trace level of the kernel extension. |
+| ipc.connects | Number of connection requests received by the kernel extension. |
+| ipc.rejects | Number of connection requests rejected by the kernel extension. |
+| ipc.connected | Whether there is any active connection to the kernel extension. |
+
+#### Support data
+
+**Diagnostic logs**
+
+Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs:
+
+- All files under */Library/Logs/Microsoft/mdatp/*
+- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac
+- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender ATP for Mac
+
+### Optional diagnostic data
+
+**Optional diagnostic data** is additional data that helps Microsoft make product improvements and provides enhanced information to help detect, diagnose, and fix issues.
+
+If you choose to send us optional diagnostic data, required diagnostic data is also included.
+
+Examples of optional diagnostic data include data Microsoft collects about product configuration (for example number of exclusions set on the device) and product performance (aggregate measures about the performance of components of the product).
+
+#### Software setup and inventory data events
+
+**Microsoft Defender ATP configuration**
+
+The following fields are collected:
+
+| Field | Description |
+| -------------------------------------------------- | ----------- |
+| connection_retry_timeout | Connection retry time out when communication with the cloud. |
+| file_hash_cache_maximum | Size of the product cache. |
+| crash_upload_daily_limit | Limit of crash logs uploaded daily. |
+| antivirus_engine.exclusions[].is_directory | Whether the exclusion from scanning is a directory or not. |
+| antivirus_engine.exclusions[].path | Path that was excluded from scanning. |
+| antivirus_engine.exclusions[].extension | Extension excluded from scanning. |
+| antivirus_engine.exclusions[].name | Name of the file excluded from scanning. |
+| antivirus_engine.scan_cache_maximum | Size of the product cache. |
+| antivirus_engine.maximum_scan_threads | Maximum number of threads used for scanning. |
+| antivirus_engine.threat_restoration_exclusion_time | Time out before a file restored from the quarantine can be detected again. |
+| filesystem_scanner.full_scan_directory | Full scan directory. |
+| filesystem_scanner.quick_scan_directories | List of directories used in quick scan. |
+| edr.latency_mode | Latency mode used by the detection and response component. |
+| edr.proxy_address | Proxy address used by the detection and response component. |
+
+**Microsoft Auto-Update configuration**
+
+The following fields are collected:
+
+| Field | Description |
+| --------------------------- | ----------- |
+| how_to_check | Determines how product updates are checked (for example automatic or manual). |
+| channel_name | Update channel associated with the device. |
+| manifest_server | Server used for downloading updates. |
+| update_cache | Location of the cache used to store updates. |
+
+### Product and service usage
+
+#### Diagnostic log upload started report
+
+The following fields are collected:
+
+| Field | Description |
+| ---------------- | ----------- |
+| sha256 | SHA256 identifier of the support log. |
+| size | Size of the support log. |
+| original_path | Path to the support log (always under */Library/Application Support/Microsoft/Defender/wdavdiag/*). |
+| format | Format of the support log. |
+
+#### Diagnostic log upload completed report
+
+The following fields are collected:
+
+| Field | Description |
+| ---------------- | ----------- |
+| request_id | Correlation ID for the support log upload request. |
+| sha256 | SHA256 identifier of the support log. |
+| blob_sas_uri | URI used by the application to upload the support log. |
+
+#### Product and service performance data events
+
+**Unexpected application exit (crash)**
+
+Unexpected application exits and the state of the application when that happens.
+
+**Kernel extension statistics**
+
+The following fields are collected:
+
+| Field | Description |
+| ------------------------------ | ----------- |
+| pkt_ack_timeout | The following properties are aggregated numerical values, representing count of events that happened since kernel extension startup. |
+| pkt_ack_conn_timeout | |
+| ipc.ack_pkts | |
+| ipc.nack_pkts | |
+| ipc.send.ack_no_conn | |
+| ipc.send.nack_no_conn | |
+| ipc.send.ack_no_qsq | |
+| ipc.send.nack_no_qsq | |
+| ipc.ack.no_space | |
+| ipc.ack.timeout | |
+| ipc.ack.ackd_fast | |
+| ipc.ack.ackd | |
+| ipc.recv.bad_pkt_len | |
+| ipc.recv.bad_reply_len | |
+| ipc.recv.no_waiter | |
+| ipc.recv.copy_failed | |
+| ipc.kauth.vnode.mask | |
+| ipc.kauth.vnode.read | |
+| ipc.kauth.vnode.write | |
+| ipc.kauth.vnode.exec | |
+| ipc.kauth.vnode.del | |
+| ipc.kauth.vnode.read_attr | |
+| ipc.kauth.vnode.write_attr | |
+| ipc.kauth.vnode.read_ex_attr | |
+| ipc.kauth.vnode.write_ex_attr | |
+| ipc.kauth.vnode.read_sec | |
+| ipc.kauth.vnode.write_sec | |
+| ipc.kauth.vnode.take_own | |
+| ipc.kauth.vnode.denied | |
+| ipc.kauth.file_op.mask | |
+| ipc.kauth_file_op.open | |
+| ipc.kauth.file_op.close | |
+
+## Resources
+
+- [Privacy at Microsoft](https://privacy.microsoft.com/)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
index 8341a2e601..59485467ff 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@@ -22,10 +22,7 @@ ms.topic: conceptual
**Applies to:**
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
## Collecting diagnostic information
@@ -64,23 +61,13 @@ If you can reproduce a problem, please increase the logging level, run the syste
If an error occurs during installation, the installer will only report a general failure.
-The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
-
-## Upgrade
-
-We distribute our updates via Microsoft Auto Update (MAU). You can check for MAU settings in main application's menu (Help => Check For Product Updates...):
-
- 
-
-**Q**: Can MDATP for Mac be updated without MAU?
-
-**A**: In the current release, MDATP for Mac product updates are done via MAU. While advanced manageability experts may be able to set up the product updates without MAU, this scenario is not explicitly supported. We will monitor customer interest in this scenario to evaluate its importance relative to other product advancements.
+The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
## Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
-### Within the GUI
+### Interactive uninstallation
- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
@@ -114,7 +101,7 @@ Important tasks, such as controlling product settings and triggering on-demand s
In the Microsoft Defender ATP portal, you'll see two categories of information:
-- AV alerts, including:
+- Antivirus alerts, including:
- Severity
- Scan type
- Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
@@ -133,7 +120,5 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
## Known issues
-- Not fully optimized for performance or disk space yet.
- Full Microsoft Defender ATP integration is not available yet.
-- Mac devices that switch networks may appear multiple times in the Microsoft Defender ATP portal.
- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
new file mode 100644
index 0000000000..5903433187
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
@@ -0,0 +1,144 @@
+---
+title: Deploy updates for Microsoft Defender ATP for Mac
+ms.reviewer:
+description: Describes how to control updates for Microsoft Defender ATP for Mac in enterprise environments.
+keywords: microsoft, defender, atp, mac, updates, deploy
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Deploy updates for Microsoft Defender ATP for Mac
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
+
+To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
+
+
+
+If you decide to deploy updates by using your software distribution tools, you should configure MAU to manually check for software updates. You can deploy preferences to configure how and when MAU checks for updates for the Macs in your organization.
+
+## Use msupdate
+
+MAU includes a command line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate).
+
+In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
+
+```
+./msupdate --install --apps wdav00
+```
+
+## Set preferences for Microsoft AutoUpdate
+
+This section describes the most common preferences that can be used to configure MAU. These settings can be deployed as a configuration profile through the management console that your enterprise is using. An example of a configuration profile is shown in the following sections.
+
+### Set the channel name
+
+The channel determines the type and frequency of updates that are offered through MAU. Devices in `InsiderFast` (corresponding to the Insider Fast channel) can try out new features before devices in `External` (corresponding to the Insider Slow channel) and `Production`.
+
+The `Production` channel contains the most stable version of the product.
+
+>[!TIP]
+>Microsoft recommends keeping some devices in your enterprise either in `InsiderFast` or `External` in order to preview new features and provide early feedback.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | ChannelName |
+| **Data type** | String |
+| **Possible values** | InsiderFast
External
Production |
+
+### Set update check frequency
+
+Change how often MAU searches for updates.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | UpdateCheckFrequency |
+| **Data type** | Integer |
+| **Default value** | 720 (minutes) |
+| **Comment** | This value is set in minutes. |
+
+### Change how MAU interacts with updates
+
+Change how MAU searches for updates.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | HowToCheck |
+| **Data type** | String |
+| **Possible values** | Manual
AutomaticCheck
AutomaticDownload |
+| **Comment** | Note that AutomaticDownload will do a download and install silently if possible. |
+
+### Disable Insider checkbox
+
+Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | DisableInsiderCheckbox |
+| **Data type** | Boolean |
+| **Possible values** | False (default)
True |
+
+### Limit the telemetry that is sent from MAU
+
+Set to false to send minimal heartbeat data, no application usage, and no environment details.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | SendAllTelemetryEnabled |
+| **Data type** | Boolean |
+| **Possible values** | True (default)
False |
+
+## Example configuration profile
+
+The following configuration profile is used to:
+- Place the device in the Insider Fast channel
+- Automatically download and install updates
+- Enable the "Check for updates" button in the user interface
+- Allow users on the device to enroll into the Insider channels
+
+```XML
+
+
+
+
+ ChannelName
+ InsiderFast
+ HowToCheck
+ AutomaticDownload
+ EnableCheckForUpdatesButton
+
+ DisableInsiderCheckbox
+
+ SendAllTelemetryEnabled
+
+
+
+```
+
+To configure MAU, you can deploy this configuration profile from the management tool that your enterprise is using:
+- From JAMF, upload this configuration profile and set the Preference Domain to *com.microsoft.autoupdate2*.
+- From Intune, upload this configuration profile and set the custom configuration profile name to *com.microsoft.autoupdate2*.
+
+## Resources
+
+- [msupdate reference](https://docs.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index 79866deb5d..facd39ba50 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -20,62 +20,37 @@ ms.topic: conceptual
# Microsoft Defender Advanced Threat Protection for Mac
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
-This topic describes how to install and use Microsoft Defender ATP for Mac.
+> [!CAUTION]
+> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects.
-## What’s new in the public preview
+## What’s new in the latest release
-Since opening the limited preview, we've been working non-stop to enhance the product, by listening to customer feedback. We've reduced the time it takes for devices to appear in Microsoft Defender Security Center, immediately following deployment. We've improved threat handling, enhanced the user experience, and fixed bugs. Other updates to Microsoft Defender ATP for Mac include:
+Since the announcement of the public preview, Microsoft has been working non-stop to enhance the product, by listening to customer feedback. We've added management features and more granular controls for diagnostic data collection, refined the user experience, and fixed bugs.
-- Enhanced accessibility
-- Improved performance
-- improved client product health monitoring
-- Localization into 37 languages
-- Improved anti-tampering protections
-- Feedback and samples can now be submitted via the interface.
-- Product health can be queried with JAMF or the command line.
-- Admins can set their cloud preference for any location, not just for those in the US.
+If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
-## Installing and configuring
-
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
-
-In general you'll need to take the following steps:
-
-- Ensure you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
-- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
- - Via the command line tool:
- - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
- - Via third party tools:
- - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
- - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
- - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
-
-Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal.
-
-Once installed, you can configure the product in your enterprise using the steps in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
+## How to install Microsoft Defender ATP for Mac
### Prerequisites
-You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.
+- Microsoft Defender ATP subscription
+- Access to the Microsoft Defender Security Center portal
+- Beginner-level experience in macOS and BASH scripting
+- Administrative privileges on the device (in case of manual deployment)
-You should also have access to Microsoft Defender Security Center.
-
-### System Requirements
-
-- macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
-- Disk space during preview: 1GB
-
-Beta versions of macOS are not supported.
+### System requirements
> [!CAUTION]
-> Running other third-party endpoint protection alongside Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects.
+> The three most recent released versions of macOS are supported. Beta versions of macOS are not supported.
+
+- Supported macOS versions: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
+- Disk space: 650 MB
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
-The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them:
+The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them:
| Service | Description | URL |
| -------------- | ------------------------------------ | -------------------------------------------------------------------- |
@@ -86,18 +61,45 @@ To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/ap
If you prefer the command line, you can also check the connection by running the following command in Terminal:
```bash
-testuser$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
```
-The output from this command should look like this:
+The output from this command should be similar to the following:
> `OK https://x.cp.wd.microsoft.com/api/report`
>
> `OK https://cdn.x.cp.wd.microsoft.com/ping`
+> [!CAUTION]
+> We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
-We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
+### Installation instructions
+
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+
+In general you need to take the following steps:
+
+- Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
+- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
+ - Via third-party management tools:
+ - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
+ - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
+ - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
+ - Via the command-line tool:
+ - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
+
+## How to update Microsoft Defender ATP for Mac
+
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used.
+
+To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-updates.md)
+
+## How to configure Microsoft Defender ATP for Mac
+
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
## Resources
-For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page.
+- For more information about logging, uninstalling, or known issues, see the [Resources](microsoft-defender-atp-mac-resources.md) page.
+
+- [Privacy for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-privacy.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
index a4c209b5bd..e1e648f1c9 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@@ -57,8 +57,7 @@ The table in this section lists the main Windows Defender Antivirus event IDs an
-
-
+
| Event ID: 1000 |
@@ -2716,7 +2715,7 @@ This section provides the following information about Windows Defender Antivirus
Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes.
-
+ 
+ 
+ 
+ 
+ 
+ 
