Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

devices/surface/get-started.yml

@@ -72,10 +72,10 @@ landingContent:
     linkLists:
       - linkListType: how-to-guide
         links:
+          - text: Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM)
+            url: secure-surface-dock-ports-semm.md
           - text: Intune management of Surface UEFI settings
             url: surface-manage-dfci-guide.md
-          - text: Surface Enterprise Management Mode (SEMM)
-            url: surface-enterprise-management-mode.md
           - text: Surface Data Eraser tool
             url: microsoft-surface-data-eraser.md
  

devices/surface/secure-surface-dock-ports-semm.md

@@ -30,13 +30,15 @@ Managing Surface Dock 2 with SEMM is available for docks connected to Surface Bo
 >[!NOTE]
 >You can manage Surface Dock 2 ports only when the dock is connected to one of the following compatible devices:  Surface Book 3, Surface Laptop 3, and Surface Pro 7. Any device that doesn't receive the UEFI Authenticated policy settings is inherently an unauthenticated device.
 
-Restricting Surface Dock 2 to authorized persons signed into a corporate host device provides another layer of data protection. This ability to lock down Surface Dock 2 is critical for specific customers in highly secure environments who want the functionality and productivity benefits of the dock while maintaining compliance with strict security protocols. We anticipate SEMM used with Surface Dock 2 will be particularly useful in open offices and shared spaces especially for customers who want to lock USB ports for security reasons.
+### Scenarios
+
+Restricting Surface Dock 2 to authorized persons signed into a corporate host device provides another layer of data protection. This ability to lock down Surface Dock 2 is critical for specific customers in highly secure environments who want the functionality and productivity benefits of the dock while maintaining compliance with strict security protocols. We anticipate SEMM used with Surface Dock 2 will be particularly useful in open offices and shared spaces especially for customers who want to lock USB ports for security reasons. For a video demo, check out [SEMM for Surface Dock 2](https://youtu.be/VLV19ISvq_s).
 
 ## Configuring and deploying UEFI settings for Surface Dock 2
 
 This section provides step-by-step guidance for the following tasks:
 
-1. Install **Surface UEFI Configurator**.
+1. Install [**Surface UEFI Configurator**](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
 1. Create or obtain public key certificates.
 1. Create an .MSI configuration package.
    1. Add your certificates.

windows/deployment/index.yml

@@ -102,7 +102,7 @@ landingContent:
   # Card (optional)
   - title: Windows 10 resources
     linkLists:
-      - linkListType: learn
+      - linkListType: reference
         links:
           - text: Windows 10 release information
             url: https://docs.microsoft.com/windows/release-information/

windows/privacy/index.yml

@@ -45,7 +45,7 @@ productDirectory:
       # imageSrc should be square in ratio with no whitespace
       imageSrc: https://docs.microsoft.com/media/common/i_extend.svg
       summary: Learn more about basic Windows diagnostic data events and fields collected.
-      url: basic-level-windows-diagnostic-events-and-fields.md
+      url: required-windows-diagnostic-data-events-and-fields-2004.md
     # Card
     - title: Enhanced level events and fields
       imageSrc: https://docs.microsoft.com/media/common/i_delivery.svg

windows/privacy/manage-windows-2004-endpoints.md

@@ -12,7 +12,7 @@ ms.author: obezeajo
 manager: robsize
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 5/11/2020
+ms.date: 6/9/2020
 ---
 # Manage connection endpoints for Windows 10 Enterprise, version 2004
 
@@ -80,7 +80,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store. |HTTP|*.dl.delivery.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
 |Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
 |||HTTPS|*ow1.res.office365.com|
 |||HTTPS|office.com|

windows/privacy/windows-endpoints-2004-non-enterprise-editions.md

@@ -84,7 +84,7 @@ The following methodology was used to derive the network endpoints:
 |watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
 |wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
 |www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
+|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
 |www.office.com|HTTPS|Microsoft Office
 
 
@@ -144,7 +144,7 @@ The following methodology was used to derive the network endpoints:
 |watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
 |wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
 |www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
+|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
 |www.msn.com|HTTPS|Network Connection (NCSI)
 |www.office.com|HTTPS|Microsoft Office
 
@@ -198,6 +198,6 @@ The following methodology was used to derive the network endpoints:
 |wdcp.microsoft.com|TLSv1.2|Used for Windows Defender when Cloud-based Protection is enabled
 |www.bing.com|TLSv1.2|Used for updates for Cortana, apps, and Live Tiles
 |www.microsoft.com|HTTP|Connected User Experiences and Telemetry, Microsoft Data Management service
-|www.msftconnecttest.com|HTTPS|Network Connection (NCSI)
+|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
 |www.office.com|HTTPS|Microsoft Office
 

windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md

@@ -1,7 +1,7 @@
 ---
 title: Collect diagnostic data of Microsoft Defender Antivirus
 description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus
-keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender AV
+keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, Microsoft Defender av
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 06/01/2020
+ms.date: 06/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -35,10 +35,10 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 
     c. Enter administrator credentials or approve the prompt.
 
-2. Navigate to the Windows Defender directory. By default, this is `C:\Program Files\Windows Defender`.
+2. Navigate to the Microsoft Defender directory. By default, this is `C:\Program Files\Windows Defender`.
 
 > [!NOTE]
-> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
+> If you're running an updated Microsoft Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
 
 3. Type the following command, and then press **Enter**  
 
@@ -46,7 +46,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
     mpcmdrun.exe -GetFiles
     ```
   
-4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`.
+4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt. By default, the location is `C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab`.
 
 > [!NOTE]
 > To redirect the cab file to a a different path or UNC share, use the following command: `mpcmdrun.exe -GetFiles -SupportLogLocation <path>`  <br/>For more information see [Redirect diagnostic data to a UNC share](#redirect-diagnostic-data-to-a-unc-share).

windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md

@@ -27,7 +27,7 @@ You can perform various Microsoft Defender Antivirus functions with the dedicate
 > [!NOTE]
 > You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
 >
-> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
+> If you're running an updated Microsoft Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
 
 The utility has the following commands:
 

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

@@ -30,7 +30,14 @@ ms.date: 04/16/2020
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) machines
 
-Microsoft Defender ATP supports non-persistent VDI session onboarding. There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
+Microsoft Defender ATP supports non-persistent VDI session onboarding. 
+
+>[!Note]
+>To onboard non-persistent VDI sessions, VDI machines must be on Windows 10.
+>
+>While other Windows versions might work, only Windows 10 is supported.
+
+There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
 
 - Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft Defender ATP prior to the actual provisioning.
 - The machine name is typically reused for new sessions.