From 70a63c636cff8ba404ec94ca0abfd5144ec12c4c Mon Sep 17 00:00:00 2001
From: adamoboe <45466550+adamoboe@users.noreply.github.com>
Date: Thu, 28 Feb 2019 13:50:55 -0800
Subject: [PATCH 01/14] Update virus-initiative-criteria.md

Updated to match current license requirements
---
 .../intelligence/virus-initiative-criteria.md | 20 ++++++++-----------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index f87f26230b..3856c87941 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -18,29 +18,25 @@ ms.topic: article
 
 The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
 
-Like the [Virus Information Alliance (VIA)](virus-information-alliance-criteria.md) and the [Coordinated Malware Eradication (CME) program](coordinated-malware-eradication.md), MVI aims to share information about the threat landscape that can help your organization protect its customers.
+MVI members will receive access to Windows APIs (such as those used by Windows Defender Antivirus), and other technologies including IOAV, AMSI and Cloud Files, malware telemetry and samples, and invitations to security related events and conferences.
 
-MVI members will receive access to Windows APIs (such as those used by Windows Defender Security Center, IOAV, AMSI and Cloud Files), malware telemetry and samples, and invitations to security related events and conferences.
-
-MVI adds to VIA by requiring members to develop and own antimalware technology, and to be present in the antimalware industry community.
+MVI requires members to develop and own antimalware technology and to be present in the antimalware industry community.
 
 ## Join MVI
 
 A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology.
 
-The base criteria for MVI membership are the same as for VIA, but your organization must also offer an antimalware or antivirus product.
 
 ### Initial selection criteria
 
-Your organization must meet the following eligibility requirements to participate in the MVI program:
+Your organization must meet the following eligibility requirements to qualify for the MVI program:
 
 1. Offer an antimalware or antivirus product that is one of the following:
 
    * Your organization's own creation.
-   * Licensed from another organization, but your organization adds value such as additional Security intelligence.
-   * Developed by using an SDK (engine and other components) from another MVI Partner AM company and your organization adds a custom UI and/or other functionality (white box versions).
+   * Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
 
-2. Have your own malware research team unless you distribute a Whitebox product.
+2. Have your own malware research team unless you build a product based on an SDK.
 
 3. Be active and have a positive reputation in the antimalware industry. Your organization is:
 
@@ -51,10 +47,10 @@ Your organization must meet the following eligibility requirements to participat
 
 5. Be willing to sign a program license agreement.
 
-6. Be willing to adhere to program requirements for AM apps. These requirements define the behavior of AM apps necessary to ensure proper interaction with Windows.
+6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
 
-7. Submit your AM app to Microsoft for periodic performance testing.
+7. Submit your app to Microsoft for periodic performance testing.
 
 ### Apply now
 
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
\ No newline at end of file
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).

From 8efd8826f60f3ed438a4a89c84f8e5428e6e862f Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 5 Mar 2019 18:00:37 +0500
Subject: [PATCH 02/14] issue #2744
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

added info about "Safe Samples", sources:
1. [February 2015 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3036437/february-2015-anti-malware-platform-update-for-endpoint-protection-cli)
2. [Send file samples when further analysis is required.](https://getadmx.com/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::maps_submitsamplesconsent)
also, about "what data is sent, where it’s stored etc", it is more likely to be out of scope of this article, the link to the article that contains this info is already persist in the source
"See [Use Microsoft cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) for an overview of Windows Defender Antivirus cloud-delivered protection."
---
 .../enable-cloud-protection-windows-defender-antivirus.md  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 5d2d921020..8a0dd39c4d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -45,9 +45,13 @@ There are specific network-connectivity requirements to ensure your endpoints ca
     - **Send safe samples automatically**
     - **Send all samples automatically**
 
+        >[!NOTE]
+        >**Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
+
         > [!WARNING]
         > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
 
+
 8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
 
 For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
@@ -73,6 +77,9 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
     1. **Send safe samples** (1)
     2. **Send all samples** (3)
 
+        >[!NOTE]
+        >**Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
+
         > [!WARNING]
         > Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
 

From 3f2e1f93111655d547fcf0183825b5b8e5971fda Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 5 Mar 2019 19:40:29 +0500
Subject: [PATCH 03/14] issue #2744
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

added info about "Safe Samples", sources:
1. [February 2015 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3036437/february-2015-anti-malware-platform-update-for-endpoint-protection-cli)
2. [Send file samples when further analysis is required.](https://getadmx.com/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::maps_submitsamplesconsent)
also, about "what data is sent, where it’s stored etc", it is more likely to be out of scope of this article, the link to the article that contains this info is already persist in the source
"See [Use Microsoft cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) for an overview of Windows Defender Antivirus cloud-delivered protection."
---
 .../enable-cloud-protection-windows-defender-antivirus.md        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 8a0dd39c4d..437c39ea45 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -51,7 +51,6 @@ There are specific network-connectivity requirements to ensure your endpoints ca
         > [!WARNING]
         > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
 
-
 8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
 
 For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)

From 8f71038f5cfcfc6960774ec2b68663dcf628a7c0 Mon Sep 17 00:00:00 2001
From: Antony Bragg <antonybragg@gmail.com>
Date: Thu, 7 Mar 2019 10:29:17 +0000
Subject: [PATCH 04/14] Update
 prepare-your-organization-for-bitlocker-planning-and-policies.md

Fixed an issue with the title and summary text at the top.
---
 ...are-your-organization-for-bitlocker-planning-and-policies.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index e04869b151..aff1f937a1 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -13,6 +13,8 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/04/2018
 ms.topic: article Prepare your organization for BitLocker: Planning and policies
+---
+# Prepare your organization for BitLocker Planning and policies
 
 **Applies to**
 -   Windows 10

From f56d934f2321fa857168b6d69f093f517baf3ee0 Mon Sep 17 00:00:00 2001
From: przlplx <36421998+przlplx@users.noreply.github.com>
Date: Thu, 7 Mar 2019 14:00:42 -0800
Subject: [PATCH 05/14] Update create-wip-policy-using-intune-azure.md

---
 .../create-wip-policy-using-intune-azure.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index fbb5f05eab..c0cc3c891b 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -418,7 +418,7 @@ There are no default locations included with WIP, you must add each of your netw
             <td><strong>With proxy:</strong> contoso.sharepoint.com,contoso.internalproxy1.com|<br>contoso.visualstudio.com,contoso.internalproxy2.com<br><br><strong>Without proxy:</strong> contoso.sharepoint.com|contoso.visualstudio.com</td>
             <td>Specify the cloud resources to be treated as corporate and protected by WIP.<br><br>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<br><br>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p>Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL. <br><br><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code>.<br><br><strong>Note</strong><br>To add subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example: To add all subdomains within Office.com, use ".office.com" (without the quotation marks).<br><br>When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the <strong>Domain joined or marked as compliant</strong> option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.</td>
 
-            <td>Specify the cloud resources to be treated as corporate and protected by WIP.<br><br>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<br><br>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code>.<p>Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL. <br><br><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code><br><br><strong>Note</strong><br>To add subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example: To add all subdomains within Office.com, use ".office.com" (without the quotation marks).<br><br>When you use this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access) by using the <strong>Domain joined or marked as compliant</strong> option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.</td>
+            <td>Specify the cloud resources to be treated as corporate and protected by WIP.<br><br>For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.<br><br>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;</code><p>Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL. <br><br><strong>Important</strong><br>In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the <code>/&#42;AppCompat&#42;/</code> string to the setting. For example: <code>URL &lt;,proxy&gt;|URL &lt;,proxy&gt;|/&#42;AppCompat&#42;/</code><br><br><strong>Note</strong><br>To add a subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example: To add all subdomains within Office.com, use ".office.com" (without the quotation marks).<br><br>When you use this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access) by using the <strong>Domain joined or marked as compliant</strong> option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.</td>
         </tr>
         <tr>
             <td>Protected domains</td>

From 09ee6aeb8fa5690837aafc307c0e7f65778d45b0 Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Mon, 11 Mar 2019 19:43:41 +0200
Subject: [PATCH 06/14] Update
 configure-proxy-internet-windows-defender-advanced-threat-protection.md

Note added. Resolves https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2784
---
 ...oxy-internet-windows-defender-advanced-threat-protection.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 786987cff0..a64d25e9d0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -165,6 +165,9 @@ If at least one of the connectivity options returns a (200) status, then the Win
 
 However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
+> [!NOTE]
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, WDATP will fall back to direct if it can't access the defined proxy.
+
 ## Related topics
 - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

From f239068bc52a67804a0bfb1b71b11d7487ea3d07 Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Tue, 12 Mar 2019 07:24:59 +0200
Subject: [PATCH 07/14] Update
 configure-proxy-internet-windows-defender-advanced-threat-protection.md

"WDATP" corrected to "Windows Defender ATP"
---
 ...roxy-internet-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index a64d25e9d0..e8525e9467 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -166,7 +166,7 @@ If at least one of the connectivity options returns a (200) status, then the Win
 However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 > [!NOTE]
-> When the TelemetryProxyServer is set, in Registry or via Group Policy, WDATP will fall back to direct if it can't access the defined proxy.
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, Windows Defender ATP will fall back to direct if it can't access the defined proxy.
 
 ## Related topics
 - [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)

From 780bb58a09d97039417e7c6864095291dc9cc5d9 Mon Sep 17 00:00:00 2001
From: Joyce Y <47188252+mypil@users.noreply.github.com>
Date: Thu, 14 Mar 2019 02:17:40 +0800
Subject: [PATCH 08/14] corrected spelling error in line 138 for hybrid

added "b" in the word hyrid in line 138 based on the comment from ChicagoJay.
Closes #817
---
 windows/whats-new/whats-new-windows-10-version-1803.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 3baeb61f1b..a4846edc0d 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -135,7 +135,7 @@ Portions of the work done during the offline phases of a Windows update have bee
 
 ### Co-management
 
-Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+Intune and System Center Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
 
 For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803)
 

From d4e1f26486912a8107f40af3393e224039c49125 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 14 Mar 2019 12:48:57 +0500
Subject: [PATCH 09/14] Update cortana-at-work-policy-settings.md

For issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2239 the option has been updated to Allow users to enable online speech recognition services.
---
 .../cortana-at-work/cortana-at-work-policy-settings.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 950452b167..f73aa6b369 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -22,7 +22,7 @@ ms.date: 10/05/2017
 |Group policy |MDM policy |Description |
 |-------------|-----------|------------|
 |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock|AboveLock/AllowCortanaAboveLock|Specifies whether an employee can interact with Cortana using voice commands when the system is locked.<p>**Note**<br>This setting only applies to Windows 10 for desktop devices. |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization|Privacy/AllowInputPersonalization|Specifies whether an employee can use voice commands with Cortana in your organization.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
+|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services|Privacy/Allow users to enable online speech recognition services|Specifies whether an employee can use voice commands with Cortana in your organization.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
 |None|System/AllowLocation|Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
 |None|Accounts/AllowMicrosoftAccountConnection|Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization.|
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location|Search/AllowSearchToUseLocation|Specifies whether Cortana can use your current location during searches and for location reminders.|

From 7d0dab54e19ee46777c97638be412dddbc58704f Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Thu, 14 Mar 2019 15:52:39 +0200
Subject: [PATCH 10/14] changed a view typos

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2434
---
 windows/deployment/update/waas-overview.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 218be1564a..b680e21b81 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -117,8 +117,7 @@ The concept of servicing channels is new, but organizations can use the same man
 
 ### Semi-Annual Channel
 
-In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing modal is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately.
-Once the latest release went through pilot deployment and testing, you choose the timing at which it goes into broad deployment.
+In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately.Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
 
 When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
 
@@ -146,7 +145,7 @@ Microsoft never publishes feature updates through Windows Update on devices that
 >[!NOTE]
 >Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
 
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even of you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading.
 
 >[!NOTE]
 >If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.

From 596220093194591385b26b97786fbc29b833a0ee Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Thu, 14 Mar 2019 08:46:00 -0700
Subject: [PATCH 11/14] Update windows-autopilot-and-surface-devices.md

---
 devices/surface/windows-autopilot-and-surface-devices.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index 08390d3c46..baef69db7c 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -52,6 +52,9 @@ Enrolling Surface devices in Windows Autopilot at the time of purchase is a capa
 
 When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include: 
 
-- [SHI](https://www.shi.com/Surface)
-- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
 - [Atea](https://www.atea.com/)
+- [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) 
+- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
+- [SHI](https://www.shi.com/Surface)
+
+

From 0f7b564dc5c86d1e3fcb875360ce06f9a26d6256 Mon Sep 17 00:00:00 2001
From: Joyce Y <47188252+mypil@users.noreply.github.com>
Date: Thu, 14 Mar 2019 18:47:06 +0200
Subject: [PATCH 12/14] Update windows/deployment/update/waas-overview.md

fixing the missing space

Co-Authored-By: VLG17 <41186174+VLG17@users.noreply.github.com>
---
 windows/deployment/update/waas-overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index b680e21b81..3d46e34a86 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -117,7 +117,7 @@ The concept of servicing channels is new, but organizations can use the same man
 
 ### Semi-Annual Channel
 
-In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately.Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
+In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
 
 When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
 

From 4ef03dc2d5d8c56ce2e47b84ef5da9eec883dc69 Mon Sep 17 00:00:00 2001
From: JasonJiachengZhao <48364192+JasonJiachengZhao@users.noreply.github.com>
Date: Thu, 14 Mar 2019 11:35:35 -0700
Subject: [PATCH 13/14] update xml syntax

update xml syntax
---
 windows/client-management/mdm/policy-csp-restrictedgroups.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index d744ed476c..d31379fc55 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -113,8 +113,8 @@ Here is an example:
 
 ```
 <groupmembership>
- <accessgroup desc="Group SID for Administrators"/>
-    <member name = "S-188-5-5666-5-688">
+ <accessgroup desc="Group SID for Administrators">
+    <member name = "S-188-5-5666-5-688"/>
   </accessgroup>
 </groupmembership>
 ```

From 5944ca97e1e369da15f6b56e0627391f0fdf0352 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Fri, 15 Mar 2019 05:39:24 -0700
Subject: [PATCH 14/14] revert MDM setting name

---
 .../cortana-at-work/cortana-at-work-policy-settings.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index f73aa6b369..04e32767b2 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -22,7 +22,7 @@ ms.date: 10/05/2017
 |Group policy |MDM policy |Description |
 |-------------|-----------|------------|
 |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock|AboveLock/AllowCortanaAboveLock|Specifies whether an employee can interact with Cortana using voice commands when the system is locked.<p>**Note**<br>This setting only applies to Windows 10 for desktop devices. |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services|Privacy/Allow users to enable online speech recognition services|Specifies whether an employee can use voice commands with Cortana in your organization.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
+|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services|Privacy/AllowInputPersonalization|Specifies whether an employee can use voice commands with Cortana in your organization.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
 |None|System/AllowLocation|Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
 |None|Accounts/AllowMicrosoftAccountConnection|Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization.|
 |Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location|Search/AllowSearchToUseLocation|Specifies whether Cortana can use your current location during searches and for location reminders.|