Merge pull request #2693 from MicrosoftDocs/master

Publish 5/6/2020 10:30 AM PST

devices/hololens/TOC.md

@@ -5,7 +5,7 @@
 ## [Get your HoloLens 2 ready to use](hololens2-setup.md)
 ## [Set up your HoloLens 2](hololens2-start.md)
 ## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
-## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md)
+## [HoloLens 2 cleaning FAQ](hololens2-maintenance.md)
 ## [Supported languages for HoloLens 2](hololens2-language-support.md)
 ## [Getting around HoloLens 2](hololens2-basic-usage.md)
 

devices/hololens/hololens2-hardware.md

@@ -135,26 +135,6 @@ In order to maintain/advance Internal Battery Charge Percentage while the device
 
 HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
 
-## Care and cleaning
-
-Handle your HoloLens carefully. Use the headband to lift and carry the HoloLens 2.
-
-As you would for eyeglasses or protective eye-wear, try to keep the HoloLens visor free of dust and fingerprints. When possible, avoid touching the visor. Repeated cleaning could damage the visor, so keep your device clean!
-
-Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it.
-
-To clean the visor, remove any dust by using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion.
-
-Clean the rest of the device, including the headband and device arms, with a lint-free microfiber cloth moistened with mild soap and water. Let your HoloLens dry completely before reuse.
-
-![Image that shows how to clean the visor](images/hololens-cleaning-visor.png)
-
-### Replace the brow pad
-
-The brow pad is magnetically attached to the device. To detach it, pull gently away. To replace it, snap it back into place.
-
-![Remove or replace the brow pad](images/hololens2-remove-browpad.png)
-
 ## Next step
 
 > [!div class="nextstepaction"]

devices/hololens/hololens2-maintenance.md

@@ -1,5 +1,5 @@
 ---
-title: HoloLens 2 device care and cleaning FAQ
+title: HoloLens 2 cleaning FAQ
 description: 
 author: Teresa-Motiv
 ms.author: v-tea
@@ -17,7 +17,7 @@ appliesto:
 - HoloLens 2
 ---
 
-# Frequently asked questions about cleaning HoloLens 2 devices
+# HoloLens 2 cleaning FAQ
 
 > [!IMPORTANT]  
 > Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection.  

devices/surface/enroll-and-configure-surface-devices-with-semm.md

@@ -57,8 +57,10 @@ To create a Surface UEFI configuration package, follow these steps:
 6. Click **Password Protection** to add a password to Surface UEFI. This password will be required whenever you boot to UEFI. If this password is not entered, only the **PC information**, **About**, **Enterprise management**, and **Exit** pages will be displayed. This step is optional.
 7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
 8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
+   > [!NOTE] 
+   > You must select a device as none are selected by default.
 
-   ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility")
+   ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.jpg "Choose devices for package compatibility")
 
    *Figure 3. Choose the devices for package compatibility*
 

devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md

@@ -382,56 +382,11 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
 
 The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
 
-The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go. 
+The best way to view the most current Setting names and IDs for devices is to use the ConfigureSEMM.ps1 script or the ConfigureSEMM - <device name>.ps1 from the SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703).
 
-*Table 1. Surface UEFI settings for Surface Pro 4*
+Setting names and IDs for all devices can be seen in the ConfigureSEMM.ps1 script.
 
-| Setting ID | Setting Name |	Description |	Default Setting |
-| --- | --- | --- | --- |
-|501|	Password | UEFI System Password	|   |
-|200|	Secure Boot Keys | Secure Boot signing keys to enable for EFI applications |	MsPlus3rdParty |
-|300|	Trusted Platform Module (TPM)	| TPM device enabled or disabled |	Enabled |
-|301|	Docking USB Port | Docking USB Port enabled or disabled |	Enabled |
-|302|	Front Camera | Front Camera enabled or disabled |	Enabled |
-|303|	Bluetooth | Bluetooth radio enabled or disabled	 | Enabled | 
-|304|	Rear Camera | Rear Camera enabled or disabled	| Enabled |
-|305|	IR Camera | InfraRed Camera enabled or disabled	 | Enabled |
-|308|	Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled	 | Enabled |
-|310|	Type Cover | Surface Type Cover connector | Enabled |
-|320|	On-board Audio | On-board audio enabled or disabled	| Enabled |
-|330|	Micro SD Card | Micro SD Card enabled or disabled	| Enabled |
-|370|	USB Port 1 | Side USB Port (1) | UsbPortEnabled |
-|400|	IPv6 for PXE Boot | Enable IPv6 PXE boot before IPv4 PXE boot	|Disabled |
-|401|	Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device	| Enabled |
-|402|	Boot Order Lock | Boot Order variable lock enabled or disabled	| Disabled |
-|403|	USB Boot | Enable booting from USB devices	| Enabled |
-|500|	TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear	| Disabled |
-|600|	Security | UEFI Security Page Display enabled or disabled	| Enabled |
-|601|	Devices | UEFI Devices Page Display enabled or disabled	| Enabled |
-|602|	Boot | UEFI Boot Manager Page Display enabled or disabled	| Enabled |
-
-*Table 2. Surface UEFI settings for Surface Book*
-
-| Setting ID | Setting Name	| Description	| Default Setting |
-| --- | --- | --- | --- |
-| 501	| Password	| UEFI System Password |   |	
-| 200	| Secure Boot Keys | Secure Boot signing keys to enable for EFI applications	| MsPlus3rdParty |
-| 300	| Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled |
-| 301	| Docking USB Port | Docking USB Port enabled or disabled | Enabled |
-| 302	| Front Camera | Front Camera enabled or disabled | Enabled |
-| 303	| Bluetooth | Bluetooth radio enabled or disabled | Enabled |
-| 304	| Rear Camera | Rear Camera enabled or disabled | Enabled |
-| 305	| IR Camera | InfraRed Camera enabled or disabled | Enabled |
-| 308	| Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled |
-| 320	| On-board Audio | On-board audio enabled or disabled | Enabled |
-| 400	| IPv6 for PXE Boot	Enable | IPv6 PXE boot before IPv4 PXE boot | Disabled |
-| 401	| Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled |
-| 402	| Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled |
-| 403	| USB Boot | Enable booting from USB devices | Enabled |
-| 500	| TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled |
-| 600	| Security | UEFI Security Page Display enabled or disabled | Enabled |
-| 601	| Devices | UEFI Devices Page Display enabled or disabled | Enabled |
-| 602	| Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled |
+Setting names and IDs for specific devices can be seen in the ConfigureSEMM - <device name>.ps1 scripts. For example, setting names and IDs for Surface Pro X can be found in the ConfigureSEMM – ProX.ps1 script.
 
 ## Deploy SEMM Configuration Manager scripts
 

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -1417,11 +1417,15 @@ To turn off Inking & Typing data collection:
 
 - In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Improve inking and typing** and turn it to **Off** 
 
-  -or-
+  -OR-
   
   **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Windows Components > Text Input > Improve inking and typing recognition**
   
-  -or-
+  -and-
+  
+  **Disable** the Group Policy: **User Configuration > Administrative Templates  > Control Panel > Regional and Language Options > Handwriting personalization > Turn off automatic learning**
+  
+  -OR-
 
 - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
 

windows/security/threat-protection/TOC.md

@@ -38,6 +38,7 @@
 #### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
 #### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
 #### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
+#### [Attack surface reduction rules in Windows 10 Enterprise E3](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3)
 
 #### [Attack surface reduction controls]()
 ##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
@@ -413,7 +414,7 @@
 ##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
 ###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
 ###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
-####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
+###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
 
 #### [APIs]()
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)

windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md

@@ -92,7 +92,7 @@ This section describes how an attacker might exploit a feature or its configurat
 
 ### Vulnerability
 
-Accounts that have the **Deny log on as a batch job** user right could be used to schedule jobs that could consume excessive computer resources and cause a denial-of-service condition.
+Accounts that have the **Log on as a batch job** user right could be used to schedule jobs that could consume excessive computer resources and cause a denial-of-service condition.
 
 ### Countermeasure
 

windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md

@@ -38,7 +38,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender
 |4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
 |5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|
 |6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).|
-|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), offering attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).|
+|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving  attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).|
 |8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) |
 |9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). |
 |10|File recovery via OneDrive |If you are using Windows Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).|