Merge pull request #5 from MicrosoftDocs/master

Update from main

windows/application-management/app-v/appv-connect-to-the-management-console.md

@@ -9,7 +9,7 @@ ms.prod: w10
 ms.date: 06/25/2018
 ms.reviewer: 
 manager: dansimp
-ms.author: lomayor
+ms.author: dansimp
 ms.topic: article
 ---
 # How to connect to the Management Console

windows/application-management/app-v/appv-prerequisites.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Prerequisites (Windows 10)
 description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-publish-a-connection-group.md

@@ -1,7 +1,7 @@
 ---
 title: How to Publish a Connection Group (Windows 10)
 description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to publish a package by using the Management console (Windows 10)
 description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10)
 description: How to Register and Unregister a Publishing Server by Using the Management Console
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md

@@ -1,7 +1,7 @@
 ---
 title: Release Notes for App-V for Windows 10, version 1703 (Windows 10)
 description: A list of known issues and workarounds for App-V running on Windows 10, version 1703.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md

@@ -1,7 +1,7 @@
 ---
 title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
 description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-reporting.md

@@ -1,7 +1,7 @@
 ---
 title: About App-V Reporting (Windows 10)
 description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md

@@ -1,7 +1,7 @@
 ---
 title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10)
 description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-security-considerations.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Security Considerations (Windows 10)
 description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-sequence-a-new-application.md

@@ -1,7 +1,7 @@
 ---
 title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
 description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-sequence-a-package-with-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: How to sequence a package by using Windows PowerShell (Windows 10)
 description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-supported-configurations.md

@@ -1,7 +1,7 @@
 ---
 title: App-V Supported Configurations (Windows 10)
 description: Learn the requirements to install and run App-V supported configurations in your Windows 10 environment.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-technical-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Technical Reference for App-V (Windows 10)
-description: Learn strategy and context for a number of performance optimization practices in this techincal reference for Application Virtualization (App-V).
+description: Learn strategy and context for many performance optimization practices in this technical reference for Application Virtualization (App-V).
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -25,11 +25,21 @@ This section provides reference information related to managing App-V.
 
 -   [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
 
-    Provides strategy and context for a number of performance optimization practices. Not all practices will be applicable although they are supported and have been tested. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience.
+    Provides strategy and context for many performance optimizations. Not all practices will be applicable. However, these are tested and supported. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience.
 
 -   [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
 
-    Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging.
+Describes how the following App-V client operations affect the local operating system:
+
+- App-V files and data storage locations
+- package registry
+- package store behavior
+- roaming registry and data
+- client application lifecycle management
+- integration of App-V packages
+- dynamic configuration
+- side-by-side assemblies
+- client logging
 
 -   [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
 
@@ -44,7 +54,7 @@ This section provides reference information related to managing App-V.
 
 <br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 
-## Related topics
+## Related articles
 
 [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md)
 

windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10)
 description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-troubleshooting.md

@@ -1,7 +1,7 @@
 ---
 title: Troubleshooting App-V (Windows 10)
 description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V topics.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md

@@ -1,7 +1,7 @@
 ---
 title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10)
 description: Learn about upgrading to Application Virtualization (App-V) for Windows 10 from an existing installation.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-using-the-client-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: Using the App-V Client Management Console (Windows 10)
 description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md

@@ -1,7 +1,7 @@
 ---
 title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10)
 description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md

@@ -1,7 +1,7 @@
 ---
 title: Viewing App-V Server Publishing Metadata (Windows 10)
 description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
-author: lomayor
+author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/client-management/introduction-page-file.md

@@ -66,5 +66,5 @@ The system commit charge is the total committed or "promised" memory of all comm
 
 The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
 
->[!Note]
+> [!NOTE]
->System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.
+> System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger, but no more than one-eighth of the volume size) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.

windows/client-management/mdm/accountmanagement-csp.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 03/23/2018
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/accountmanagement-ddf.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 03/23/2018
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/accounts-csp.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 03/27/2020
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/accounts-ddf-file.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 04/17/2018
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/activesync-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/activesync-ddf-file.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 12/05/2017
 ---
 

windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -19,37 +19,37 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
 > **Note**  If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. For step-by-step guide to register this free subscription, see [Register your free Azure Active Directory subscription.](#register-your-free-azure-active-directory-subscription)
 
 
-1. Sign-up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization.
+1. Sign up for Azure AD tenant from [this website](https://account.windowsazure.com/organization) by creating an administrator account for your organization.
 
    ![sign up for azure ad tenant](images/azure-ad-add-tenant1.png)
 
-2. Enter the information for your organization. Click **check availability** to verify that domain name that you selected is available.
+2. Enter the information for your organization. Select **check availability** to verify that domain name that you selected is available.
 
    ![sign up for azure ad](images/azure-ad-add-tenant2.png)
 
-3. Complete the login and country information. You must provide a valid phone number, then click **Send text message** or **Call me**.
+3. Complete the login and country information. Enter a valid phone number, then select **Send text message** or **Call me**.
 
    ![create azure account](images/azure-ad-add-tenant3.png)
 
-4. Enter the code that you receive and then click **Verify code**. After the code is verified and the continue button turns green, click **continue**.
+4. Enter the code that you receive and then select **Verify code**. After the code is verified and the continue button turns green, select **continue**.
 
    ![add aad tenant](images/azure-ad-add-tenant3-b.png)
 
-5. After you finish creating your Azure account, you are ready to add an Azure AD subscription.
+5. After you finish creating your Azure account, you can add an Azure AD subscription.
 
-   If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to Office 356 portal, <https://portal.office.com/> and then sign in using the admin account that you just created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
+   If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
 
    ![login to office 365](images/azure-ad-add-tenant4.png)
 
-6. Click **Install software**.
+6. Select **Install software**.
 
    ![login to office 365](images/azure-ad-add-tenant5.png)
 
-7. In the Microsoft 365 admin center, select **Purchase Services** from the left nagivation.
+7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
 
    ![purchase service option in admin center menu](images/azure-ad-add-tenant6.png)
 
-8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then click to purchase.
+8. On the **Purchase services** page, scroll down until you see **Azure Active Directory Premium**, then select to purchase.
 
    ![azure active directory option in purchase services page](images/azure-ad-add-tenant7.png)
 
@@ -57,7 +57,7 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
 
    ![azure active directory premium payment page](images/azure-ad-add-tenant8.png)
 
-10. After the purchase is completed, you can login to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc...).
+10. After the purchase is completed, you can log in to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc....).
 
     ![admin center left navigation menu](images/azure-ad-add-tenant9.png)
 
@@ -71,7 +71,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
 
     ![register azuread](images/azure-ad-add-tenant10.png)
 
-2.  On the **Home** page, click on the Admin tools icon.
+2.  On the **Home** page, select on the Admin tools icon.
 
     ![register azuread](images/azure-ad-add-tenant11.png)
 

windows/client-management/mdm/alljoynmanagement-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/alljoynmanagement-ddf.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 12/05/2017
 ---
 

windows/client-management/mdm/application-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/applocker-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 11/19/2019
 ---
 

windows/client-management/mdm/applocker-ddf-file.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 12/05/2017
 ---
 

windows/client-management/mdm/applocker-xsd.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/appv-deploy-and-config.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/assign-seats.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 09/18/2017
 ---
 

windows/client-management/mdm/assignedaccess-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 09/18/2018
 ---
 

windows/client-management/mdm/assignedaccess-ddf.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 02/22/2018
 ---
 

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ---
 
 # Azure Active Directory integration with MDM

windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 12/18/2020
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/bitlocker-csp.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 04/16/2020
 ms.reviewer: 

windows/client-management/mdm/bitlocker-ddf-file.md

@@ -5,7 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 09/30/2019
 ms.reviewer: 

windows/client-management/mdm/bootstrap-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/browserfavorite-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 09/18/2017
 ---
 

windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md

@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/cellularsettings-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 
@@ -21,7 +21,7 @@ The CellularSettings configuration service provider is used to configure cellula
 
 The following image shows the CellularSettings CSP in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP). The OMA DM protocol is not supported with this configuration service provider.
 
-![provisioning\-csp\-cellularsettings](images/provisioning-csp-cellularsettings.png)
+![provisioning for cellular settings](images/provisioning-csp-cellularsettings.png)
 
 <a href="" id="dataroam"></a>**DataRoam**  
 <p style="margin-left: 20px"> Optional. Integer. Specifies the default roaming value. Valid values are:</p>
@@ -53,19 +53,6 @@ The following image shows the CellularSettings CSP in tree format as used by Ope
 </tbody>
 </table>
 
- 
+ ## Related topics
-
-## Related topics
-
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-
- 
-
- 
-
-
-
-
-
-

windows/client-management/mdm/certificate-authentication-device-enrollment.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/certificate-renewal-windows-mdm.md

@@ -11,7 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 06/26/2017
 ---
 

windows/client-management/mdm/certificatestore-csp.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 02/28/2020
 ---
 

windows/client-management/mdm/certificatestore-ddf-file.md

@@ -8,7 +8,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: lomayor
+author: dansimp
 ms.date: 12/05/2017
 ---
 

windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md

@@ -14,7 +14,7 @@ ms.date: 06/25/2018
 
 # Diagnose MDM failures in Windows 10
 
-To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs.
+To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
 
 ## Download the MDM Diagnostic Information log from Windows 10 PCs
 
@@ -30,6 +30,27 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
 
 1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
 
+## Use command to collect logs directly from Windows 10 PCs
+
+You can also collect the MDM Diagnostic Information logs using the following command:
+
+```xml
+mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab
+```
+-   In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
+
+### Understanding cab structure
+The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment,DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub
+
+-   DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
+-   DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
+-   MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device id, certificates, policies.
+-   MdmDiagLogMetadata,json: mdmdiagnosticstool metadata file, contains command line arguments used to run the tool
+-   MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
+-   MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
+-   MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
+-   *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
+
 ## Collect logs directly from Windows 10 PCs
 
 Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:

windows/client-management/mdm/enrollmentstatustracking-csp.md

@@ -36,31 +36,6 @@ EnrollmentStatusTracking
 --------HasProvisioningCompleted
 
 
-./Device/Vendor/MSFT
-EnrollmentStatusTracking
-----DevicePreparation
---------PolicyProviders
-------------ProviderName
-----------------InstallationState
-----------------LastError
-----------------Timeout
-----------------TrackedResourceTypes
---------------------Apps
-----Setup
---------Apps
-------------PolicyProviders
-----------------ProviderName
---------------------TrackingPoliciesCreated
-------------Tracking
-----------------ProviderName
---------------------AppName
-------------------------TrackingUri
-------------------------InstallationState
-------------------------RebootRequired
---------HasProvisioningCompleted
-
-
-./User/Vendor/MSFT
 ./Device/Vendor/MSFT
 EnrollmentStatusTracking
 ----DevicePreparation

windows/client-management/mdm/mdm-enrollment-of-windows-devices.md

@@ -11,8 +11,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
-ms.date: 11/19/2020
 ---
 
 # MDM enrollment of Windows 10-based devices
@@ -169,10 +168,10 @@ There are a few instances where your device cannot be connected to an Azure AD d
 
  
 
-## Connect personally-owned devices 
+## Connect personally owned devices 
 
 
-Personally-owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 does not require a personal Microsoft account on devices to connect to work or school.
+Personally owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 does not require a personal Microsoft account on devices to connect to work or school.
 
 ### Connect to a work or school account
 
@@ -248,7 +247,7 @@ To create a local account and connect the device:
 
    After you complete the flow, your device will be connected to your organization’s MDM.
    
-### Help with connecting personally-owned devices
+### Help with connecting personally owned devices
 
 There are a few instances where your device may not be able to connect to work.
 
@@ -280,7 +279,7 @@ The deep link used for connecting your device to work will always use the follow
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
 | deviceidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to pass in a unique device identifier. Added in Windows 10, version 1703. | GUID |
 | tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703. | GUID or string |
-| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3 |
+| ownership | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3. Where "1" means ownership is unknown, "2" means the device is personally owned, and "3" means the device is corporate-owned |
 
 > [!NOTE]
 > AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later. 

windows/client-management/mdm/policy-csp-power.md

@@ -1739,6 +1739,7 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
 
 <!--/Policies-->
 

windows/client-management/mdm/surfacehub-csp.md

@@ -43,6 +43,10 @@ SurfaceHub
 ------------AutoWakeScreen
 ------------CurrentBackgroundPath
 ------------MeetingInfoOption
+--------Whiteboard
+------------SharingDisabled
+------------SigninDisabled
+------------TelemeteryDisabled
 --------WirelessProjection
 ------------PINRequired
 ------------Enabled
@@ -305,6 +309,24 @@ SurfaceHub
 
 <p style="margin-left: 20px">The data type is integer. Supported operation is Get and Replace.
 
+<a href="" id="inboxapps-whiteboard"></a>**InBoxApps/Whiteboard**
+<p style="margin-left: 20px">Node for the Whiteboard app settings.
+
+<a href="" id="inboxapps-whiteboard-sharingdisabled"></a>**InBoxApps/Whiteboard/SharingDisabled**
+<p style="margin-left: 20px">Invitations to collaborate from the Whiteboard app are not allowed.
+
+<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
+    
+<a href="" id="inboxapps-whiteboard-signindisabled"></a>**InBoxApps/Whiteboard/SigninDisabled**
+<p style="margin-left: 20px">Sign-ins from the Whiteboard app are not allowed.
+
+<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
+    
+<a href="" id="inboxapps-whiteboard-telemetrydisabled"></a>**InBoxApps/Whiteboard/TelemeteryDisabled**
+<p style="margin-left: 20px">Telemetry collection from the Whiteboard app is not allowed.
+
+<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
+
 <a href="" id="inboxapps-wirelessprojection"></a>**InBoxApps/WirelessProjection**
 <p style="margin-left: 20px">Node for the wireless projector app settings.
 

windows/client-management/troubleshoot-stop-errors.md

@@ -35,29 +35,34 @@ Our analysis of the root causes of crashes indicates the following:
 - 5 percent are caused by Microsoft code
 - 15 percent have unknown causes (because the memory is too corrupted to analyze)
 
+> [!NOTE]
+> The root cause of Stop errors is never a user-mode process. While a user-mode process (such as Notepad or Slack) may trigger a Stop error, it is merely exposing the underlying bug which is always in a driver, hardware, or the OS.
+
 ## General troubleshooting steps
 
 To troubleshoot Stop error messages, follow these general steps:
 
 1. Review the Stop error code that you find in the event logs. Search online for the specific Stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.
+
 2. As a best practice, we recommend that you do the following:
 
-    a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
+    1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
-   - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
-   - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
-   - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
-   - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
-   - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
-   - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)
-   - [Windows 10, version 1703](https://support.microsoft.com/help/4018124)
-   - [Windows Server 2016 and Windows 10, version 1607](https://support.microsoft.com/help/4000825)
-   - [Windows 10, version 1511](https://support.microsoft.com/help/4000824)
-   - [Windows Server 2012 R2 and Windows 8.1](https://support.microsoft.com/help/4009470)
-   - [Windows Server 2008 R2 and Windows 7 SP1](https://support.microsoft.com/help/4009469)
 
-     b. Make sure that the BIOS and firmware are up-to-date.
+        - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
+        - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
+        - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
+        - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
+        - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
+        - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)
+        - [Windows 10, version 1703](https://support.microsoft.com/help/4018124)
+        - [Windows Server 2016 and Windows 10, version 1607](https://support.microsoft.com/help/4000825)
+        - [Windows 10, version 1511](https://support.microsoft.com/help/4000824)
+        - [Windows Server 2012 R2 and Windows 8.1](https://support.microsoft.com/help/4009470)
+        - [Windows Server 2008 R2 and Windows 7 SP1](https://support.microsoft.com/help/4009469)
 
-     c. Run any relevant hardware and memory tests.
+     1. Make sure that the BIOS and firmware are up-to-date.
+
+     1. Run any relevant hardware and memory tests.
 
 3. Run the [Machine Memory Dump Collector](https://home.diagnostics.support.microsoft.com/selfhelp?knowledgebasearticlefilter=2027760&wa=wsignin1.0) Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions.
 
@@ -74,7 +79,7 @@ To troubleshoot Stop error messages, follow these general steps:
      >[!NOTE]
      >If there are no updates available from a specific manufacturer, it is recommended that you disable the related service.
      >
-     >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135)
+     >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135).
      >
      >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071).
      >
@@ -85,12 +90,18 @@ To troubleshoot Stop error messages, follow these general steps:
 To configure the system for memory dump files, follow these steps:
 
 1. [Download DumpConfigurator tool](https://codeplexarchive.blob.core.windows.net/archive/projects/WinPlatTools/WinPlatTools.zip).
+
 2. Extract the .zip file and navigate to **Source Code** folder.
+
 3. Run the tool DumpConfigurator.hta, and then select **Elevate this HTA**.
-3. Select **Auto Config Kernel**.
+
-4. Restart the computer for the setting to take effect. 
+4. Select **Auto Config Kernel**.
-5. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written. 
+
-6. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.
+5. Restart the computer for the setting to take effect. 
+
+6. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written. 
+
+7. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.
 
 The memory dump file is saved at the following locations:
 
@@ -103,7 +114,7 @@ The memory dump file is saved at the following locations:
 | Automatic memory dump file | %SystemRoot%\MEMORY.DMP |
 | Active memory dump file | %SystemRoot%\MEMORY.DMP |
 
-You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video: 
+You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video:<br/><br/>
 
 >[!video https://www.youtube.com/embed/xN7tOfgNKag]
 
@@ -133,31 +144,44 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols
 
 ### Advanced debugging references
 
-[Advanced Windows Debugging](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)<br>
+- [Advanced Windows Debugging](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)
-[Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](/windows-hardware/drivers/debugger/index)
+- [Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](/windows-hardware/drivers/debugger/index)
 
 ### Debugging steps
 
 1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information. 
+
 2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
+
 3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk).
+
 4. Start the install and choose **Debugging Tools for Windows**. This installs the WinDbg tool.
-5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.<br>
+
-    a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.<br>
+5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.
-    b. If the computer is not connected to the Internet, you must specify a local [symbol path](/windows-hardware/drivers/debugger/symbol-path).
+
+    1. If the computer is connected to the Internet, enter the [Microsoft public symbol server](/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.
+
+    1. If the computer is not connected to the Internet, you must specify a local [symbol path](/windows-hardware/drivers/debugger/symbol-path).
+
 6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below.
+
     ![WinDbg img](images/windbg.png)
+
 7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page.
+
 8. A detailed bugcheck analysis will appear. See the example below.
+
     ![Bugcheck analysis](images/bugcheck-analysis.png)
+
 9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
+
 10. See [Using the !analyze Extension](/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
 
 There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
 
 (HEX data is removed here and lines are numbered for clarity)
 
-```
+```console
 1  : nt!KeBugCheckEx
 2  : nt!PspCatchCriticalBreak+0xff
 3  : nt!PspTerminateAllThreads+0x1134cf
@@ -214,8 +238,11 @@ We estimate that about 75 percent of all Stop errors are caused by faulty driver
 Use the following guidelines when you use Driver Verifier:  
 
 - Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
+
 - If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
+
 - Enable concurrent verification on groups of 10–20 drivers.
+
 - Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode.
 
 For more information, see [Driver Verifier](/windows-hardware/drivers/devtest/driver-verifier).
@@ -243,7 +270,7 @@ USER_MODE_HEALTH_MONITOR <br>Stop error code 0x0000009E		| This Stop error indic
 
 This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver).  The **IMAGE_NAME** tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
 
-```
+```console
 2: kd> !analyze -v
 *******************************************************************************
 *                                                                             *
@@ -397,12 +424,12 @@ FAILURE_ID_REPORT_LINK: https://go.microsoft.com/fwlink/?LinkID=397724&FailureHa
 Followup:     ndiscore
 ---------
 ```
+
 ### Example 2
 
 In this example, a non-Microsoft driver caused page fault, so we don’t have symbols for this driver.  However, looking at **IMAGE_NAME** and or **MODULE_NAME** indicates it’s **WwanUsbMP.sys** that caused the issue.  Disconnecting the device and retrying the upgrade is a possible solution.
 
-```
+```console
-
 1: kd> !analyze -v
 *******************************************************************************
 *                                                                             *

windows/configuration/TOC.yml

@@ -113,10 +113,10 @@
   items:
     - name: Configure Cortana in Windows 10
       href: cortana-at-work/cortana-at-work-overview.md
-    - name: Set up and test Cortana in Windows 10, version 2004 and later
+    - name: Testing scenarios using Cortana n Windows 10, version 2004 and later
-      href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
-    - name: Testing scenarios using Cortana in your business or organization
       items:
+        - name: Set up and test Cortana in Windows 10, version 2004 and later
+          href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
         - name: Testing scenarios using Cortana in your business or organization
           href: cortana-at-work/cortana-at-work-testing-scenarios.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query
@@ -133,11 +133,10 @@
           href: cortana-at-work/cortana-at-work-scenario-6.md
     - name: Send feedback about Cortana back to Microsoftr
       href: cortana-at-work/cortana-at-work-feedback.md
-    - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
+    - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-      href: cortana-at-work/cortana-at-work-o365.md
-
-    - name: Testing scenarios using Cortana in your business or organization
       items:
+        - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
+          href: cortana-at-work/cortana-at-work-o365.md
         - name: Testing scenarios using Cortana in your business or organization
           href: cortana-at-work/cortana-at-work-testing-scenarios.md
         - name: Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query

windows/deployment/update/waas-configure-wufb.md

@@ -50,7 +50,7 @@ With Windows Update for Business, you can set a device to be on either Windows I
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
 | MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@@ -75,7 +75,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
 | MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@@ -99,9 +99,9 @@ In cases where the pause policy is first applied after the configured start date
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
-| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
+| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
 
 You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
@@ -125,7 +125,7 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
 
 ## Configure when devices receive Quality Updates
 
-Quality updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
+Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
 
 You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
 
@@ -136,9 +136,9 @@ You can set your system to receive updates for other Microsoft products—known
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
-| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
+| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpdate  |
 
 >[!NOTE]
@@ -159,9 +159,9 @@ In cases where the pause policy is first applied after the configured start date
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime  |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update >  Windows Update for Business > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime  |
 | GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
-| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
+| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
 
 You can check the date that quality Updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
@@ -209,7 +209,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
 | MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
 
 ## Summary: MDM and Group Policy settings for Windows 10, version 1703 and later
@@ -273,4 +273,4 @@ When a device running a newer version sees an update available on Windows Update
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
+- [Manage device restarts after updates](waas-restart.md)

windows/deployment/update/waas-delivery-optimization-setup.md

@@ -23,6 +23,7 @@ ms.custom: seo-marvel-apr2020
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
+
 ## Recommended Delivery Optimization settings
 
 Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
@@ -33,8 +34,8 @@ Delivery Optimization offers a great many settings to fine-tune its behavior (se
 - Do your devices have a lot of free space on their drives?
 - Do you have a lab scenario with many devices on AC power?
 
->[!NOTE]
+> [!NOTE]
->These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.
+> These scenarios (and the recommended settings for each) are not mutually exclusive. It's possible that your deployment might involve more than one of these scenarios, in which case you can employ the related settings in any combination as needed. In all cases, however, "download mode" is the most important one to set.
 
 > [!NOTE]
 > Microsoft Intune includes a profile to make it easier to set Delivery Optimization policies. For details, see [Delivery Optimization settings for Intune](/mem/intune/configuration/delivery-optimization-settings).
@@ -48,14 +49,10 @@ Quick-reference table:
 | Large number of mobile devices | Allow uploads on battery power | 60% | Increase # of devices that can upload while limiting battery drain |
 | Labs with AC-powered devices | Content Expiration | 7 (up to 30) days | Leverage devices that can upload more for a longer period |
 
-
 ### Hybrid WAN scenario
 
 For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group is the authenticated domain or Active Directory site. If your domain-based group is too wide, or your Active Directory sites aren't aligned with your site network topology, then you should consider additional options for dynamically creating groups, for example by using the GroupIDSrc parameter.
 
-
-
-
 To do this in Group Policy go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
 To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set DODownloadMode to 1 or 2.
@@ -64,8 +61,6 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
 
 The default download mode setting is **1**; this means all devices breaking out to the internet using the same public IP will be considered as a single peer group. To prevent peer-to-peer activity across groups, you should set the download mode to **2**. If you have already defined Active Directory sites per hub or branch office, then you don't need to do anything else. If you're not using Active Directory sites, you should set *RestrictPeerSelectionBy* policies to restrict the activity to the subnet or set a different source for Groups by using the GroupIDSrc parameter. See [Select a method to restrict peer selection](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection).
 
-
-
 To do this in Group Policy go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
 To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DODownloadMode** to **2**.
@@ -73,14 +68,13 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
 > [!NOTE]
 > For more about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optmization](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
 
-
 ### Large number of mobile devices
 
 If you have a mobile workforce with a great many mobile devices, set Delivery Optimization to allow uploads on battery power, while limiting the use to prevent battery drain. A setting for **DOMinBatteryPercentageAllowedToUpload** of 60% is a good starting point, though you might want to adjust it later.
 
-To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60. 
+To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
 
-To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinBatteryPercentageAllowedToUpload** to 60. 
+To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinBatteryPercentageAllowedToUpload** to 60.
 
 ### Plentiful free space and large numbers of devices
 
@@ -88,7 +82,7 @@ Many devices now come with large internal drives. You can set Delivery Optimizat
 
 [//]: # (default of 50 aimed at consumer)
 
-To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
+To do this in Group Policy, go to **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 10 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
 To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set **DOMinFileSizeToCache** to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
@@ -104,6 +98,7 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
 
 
 ## Monitor Delivery Optimization
+
 [//]: # (How to tell if it's working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%)
 
 ### Windows PowerShell cmdlets
@@ -130,7 +125,7 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
 | ExpireOn | The target expiration date and time for the file. |
 | Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). |
 
- 
+
 `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data:
 
 - Number of files downloaded 
@@ -171,7 +166,6 @@ You can now "pin" files to keep them persistent in the cache. You can only do th
 - `-IncludePinnedFiles` deletes all files that are pinned.
 - `-Force` deletes the cache with no prompts.
 
-
 #### Work with Delivery Optimization logs
 
 **Starting in Windows 10, version 2004:**
@@ -205,14 +199,12 @@ Using the `-ListConnections` option returns these details about peers:
 
 `Get-DeliveryOptimizationLog [-Path <etl file path, supports wildcards>] [-Flush]`
 
-If `Path` is not specified, this cmdlet reads all logs from the dosvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops dosvc before reading logs.
+If `Path` is not specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
- 
+
 Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content <output file>` or something similar.
 
 [//]: # (section on what to look for in logs, list of peers, connection failures)
 
-
-
 [//]: # (possibly move to Troubleshooting)
 
 ### Monitor with Update Compliance
@@ -221,4 +213,4 @@ Update Compliance provides you with information about your Delivery Optimization
 
 [ ![DO status](images/UC_workspace_DO_status.png) ](images/UC_workspace_DO_status.png#lightbox)
 
-For details, see [Delivery Optimization in Update Compliance](update-compliance-delivery-optimization.md).
+For details, see [Delivery Optimization in Update Compliance](update-compliance-delivery-optimization.md).

windows/deployment/update/windows-update-error-reference.md

@@ -320,6 +320,7 @@ The PnP enumerated device is removed from the System Spec because one of the har
 | 0x80240042 | `WU_E_UNKNOWN_SERVICE`            | The update service is no longer registered with `AU`.
 | 0x80240043 | `WU_E_NO_UI_SUPPORT`              | There is no support for `WUA UI`.
 | 0x80240FFF | `WU_E_UNEXPECTED`                 | An operation failed due to reasons not covered by another error code.
+| 0x80070422 |                                   | Windows Update service stopped working or is not running.
 
 ## Windows Update success codes
 

windows/deployment/update/windows-update-errors.md

@@ -37,4 +37,4 @@ The following table provides information about common errors you might run into
 |                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
 |                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
 |                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
-
+|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -1,8 +1,8 @@
---- 
+---
 title: Manage connections from Windows 10 operating system components to Microsoft services
 description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
-ms.reviewer: 
+ms.reviewer:
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -19,30 +19,30 @@ ms.date: 12/1/2020
 
 # Manage connections from Windows 10 operating system components to Microsoft services
 
-**Applies to** 
+**Applies to**
 
 - Windows 10 Enterprise, version 1607 and newer
 - Windows Server 2016
 - Windows Server 2019
 
-This article describes the network connections that Windows 10 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article.  While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
+This article describes the network connections that Windows 10 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
 
 Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Windows Defender are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
 
->[!IMPORTANT]
+> [!IMPORTANT]
 > - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices.
 > - The Allowed Traffic endpoints are listed here: [Allowed Traffic](#bkmk-allowedtraffic)
 >     -   CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 > - For security reasons, it is important to take care in deciding which settings to configure as some of them may result in a less secure device. Examples of settings that can lead to a less secure device configuration include: Windows Update, Automatic Root Certificates Update, and Windows Defender. Accordingly, we do not recommend disabling any of these features.
-> - It is recommended that you restart a device after making configuration changes to it. 
+> - It is recommended that you restart a device after making configuration changes to it.
 > - The **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
 
-> [!Warning] 
+> [!Warning]
 > - If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings.
-> - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode. 
+> - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
 > - During update or upgrade of Windows, egress traffic may occur.
 
-To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md)
+To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
 
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
 
@@ -55,8 +55,8 @@ The following sections list the components that make network connections to Micr
 The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607.
 
 
-| Setting | UI | Group Policy | Registry | 
+| Setting | UI | Group Policy | Registry |
-| - | :-: | :-: | :-: | 
+| - | :-: | :-: | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [2. Cortana and Search](#bkmk-cortana) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
@@ -73,41 +73,41 @@ The following table lists management options for each setting, beginning with Wi
 | [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | 
+| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | 
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
 |     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| 
+|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)|
-|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | 
+|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) |
 |     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
 |     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [27. Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [28. Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [28. Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [29. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 
 
@@ -115,8 +115,8 @@ The following table lists management options for each setting, beginning with Wi
 
 See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience.
 
-| Setting | UI | Group Policy | Registry | 
+| Setting | UI | Group Policy | Registry |
-| - | :-: | :-: | :-: | 
+| - | :-: | :-: | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [2. Cortana and Search](#bkmk-cortana) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
@@ -140,8 +140,8 @@ See the following table for a summary of the management settings for Windows Ser
 
 See the following table for a summary of the management settings for Windows Server 2016 Server Core.
 
-| Setting | Group Policy | Registry | 
+| Setting | Group Policy | Registry |
-| - | :-: | :-: | 
+| - | :-: | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
@@ -156,7 +156,7 @@ See the following table for a summary of the management settings for Windows Ser
 See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
 
 | Setting | Registry |
-| - | :-: |  
+| - | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) |
 | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) |
 | [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) |
@@ -166,7 +166,7 @@ See the following table for a summary of the management settings for Windows Ser
 
 See the following table for a summary of the management settings for Windows Server 2019.
 
-| Setting | UI | Group Policy | Registry | 
+| Setting | UI | Group Policy | Registry |
 | - | :-: | :-: | :-: |
 | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [2. Cortana and Search](#bkmk-cortana) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
@@ -188,33 +188,33 @@ See the following table for a summary of the management settings for Windows Ser
 |     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| 
+|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)|
-|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 |     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) | 
+|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) | 
+|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | |  ![Check mark](images/checkmark.png) |
 |     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
 |     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |  ![Check mark](images/checkmark.png) |
-| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)  |
 | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
-| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | 
+| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
 | [27. Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) |
 | [28. Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) |
@@ -260,8 +260,8 @@ On Windows Server 2016 Nano Server:
 
 - Create the registry path **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot** and then add a REG_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
 
->[!NOTE]
+> [!NOTE]
->CRL and OCSP network traffic is currently Allowed Traffic and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
+> CRL and OCSP network traffic is currently Allowed Traffic and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 
 ### <a href="" id="bkmk-cortana"></a>2. Cortana and Search
 
@@ -288,36 +288,36 @@ You can also apply the Group Policies using the following registry keys:
 | Don't search the web or display web results in Search| HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchUseWeb <br/>Value: 0 |
 
 
->[!IMPORTANT]
+> [!IMPORTANT]
 > Using the Group Policy editor these steps are required for all supported versions of Windows 10, however they are not required for devices running Windows 10, version 1607 or Windows Server 2016.
 
-1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Defender Firewall with Advanced Security** &gt; **Windows Defender Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
+1. Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Defender Firewall with Advanced Security** &gt; **Windows Defender Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
 
-2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
+2. Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
 
-3.  On the **Rule Type** page, click **Program**, and then click **Next**.
+3. On the **Rule Type** page, click **Program**, and then click **Next**.
 
-4.  On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
+4. On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
 
-5.  On the **Action** page, click **Block the connection**, and then click **Next**.
+5. On the **Action** page, click **Block the connection**, and then click **Next**.
 
-6.  On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
+6. On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
 
-7.  On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
+7. On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
 
-8.  Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
+8. Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
 
-9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
+9. Configure the **Protocols and Ports** page with the following info, and then click **OK**.
 
-    - For **Protocol type**, choose **TCP**.
+   - For **Protocol type**, choose **TCP**.
 
-    - For **Local port**, choose **All Ports**.
+   - For **Local port**, choose **All Ports**.
 
-    - For **Remote port**, choose **All ports**.
+   - For **Remote port**, choose **All ports**.
 
 -or-
 
--  Create a new REG_SZ registry setting named **{0DE40C8E-C126-4A27-9371-A27DAB1039F7}** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\FirewallRules** and set it to a value of **v2.25|Action=Block|Active=TRUE|Dir=Out|Protocol=6|App=%windir%\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\searchUI.exe|Name=Block outbound Cortana|**
+- Create a new REG_SZ registry setting named **{0DE40C8E-C126-4A27-9371-A27DAB1039F7}** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\FirewallRules** and set it to a value of **v2.25|Action=Block|Active=TRUE|Dir=Out|Protocol=6|App=%windir%\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\searchUI.exe|Name=Block outbound Cortana|**
 
 If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost.
 
@@ -338,7 +338,7 @@ After that, configure the following:
 
   -or-
 
--  Create a new REG_DWORD registry setting named **Enabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient** and set it to **0 (zero)**.
+- Create a new REG_DWORD registry setting named **Enabled** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient** and set it to **0 (zero)**.
 
 
 ### <a href="" id="bkmk-devinst"></a>4. Device metadata retrieval
@@ -412,10 +412,10 @@ To turn off Insider Preview builds for Windows 10:
 - Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)**
 
 
-
 ### <a href="" id="bkmk-ie"></a>8. Internet Explorer
+
 > [!NOTE]
->When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:  
+> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -458,11 +458,11 @@ To turn off the home page:
 
   -or-
 
-- Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
+- Create a new REG_SZ registry setting named **Start Page** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
 
   -and -
 
-- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
+- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
 
 
 To configure the First Run Wizard:
@@ -471,7 +471,7 @@ To configure the First Run Wizard:
 
   -or-
 
-- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
+- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
 
 
 To configure the behavior for a new tab:
@@ -480,7 +480,7 @@ To configure the behavior for a new tab:
 
   -or-
 
-- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
+- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
 
 
 ### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
@@ -489,11 +489,11 @@ ActiveX control blocking periodically downloads a new list of out-of-date Active
 
 You can turn this off by:
 
--  **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
 
   -or-
 
--  Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**.
+- Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**.
 
 For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).
 
@@ -501,19 +501,19 @@ For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie1
 
 You can turn off License Manager related traffic by setting the following registry entry:
 
--   Add a REG_DWORD value named **Start** to **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the **value to 4**
+- Add a REG_DWORD value named **Start** to **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the **value to 4**
 
--   The value 4 is to disable the service. Here are the available options to set the registry:
+- The value 4 is to disable the service. Here are the available options to set the registry:
 
-    -   **0x00000000** = Boot
+    - **0x00000000** = Boot
 
-    -   **0x00000001** = System
+    - **0x00000001** = System
 
-    -   **0x00000002** = Automatic
+    - **0x00000002** = Automatic
 
-    -   **0x00000003** = Manual
+    - **0x00000003** = Manual
 
-    -   **0x00000004** = Disabled
+    - **0x00000004** = Disabled
 
 ### <a href="" id="live-tiles"></a>10. Live Tiles
 
@@ -523,7 +523,7 @@ To turn off Live Tiles:
 
   -or-
 
-- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a **value of 1 (one)** 
+- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a **value of 1 (one)**
 
 In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
 
@@ -567,8 +567,8 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
 | Configure Do Not Track         | Choose whether employees can send Do Not Track headers.<br /> **Set to Enabled**                     |
 | Configure Password Manager                            | Choose whether employees can save passwords locally on their devices. <br /> **Set to Disabled**       |
 | Configure search suggestions in Address Bar              | Choose whether the Address Bar shows search suggestions. <br /> **Set to Disabled**                    |
-| Configure Windows Defender SmartScreen (Windows 10, version 1703)               | Choose whether Windows Defender SmartScreen is turned on or off.  <br /> **Set to Disabled**                            |
+| Configure Windows Defender SmartScreen (Windows 10, version 1703)               | Choose whether Windows Defender SmartScreen is turned on or off. <br /> **Set to Disabled**                            |
-| Allow web content on New Tab page                     | Choose whether a new tab page appears.  <br /> **Set to Disabled**                                     |
+| Allow web content on New Tab page                     | Choose whether a new tab page appears. <br /> **Set to Disabled**                                     |
 | Configure Start pages                       | Choose the Start page for domain-joined devices. <br /> **Enabled** and **Set this to <<about:blank>>**         |
 | Prevent the First Run webpage from opening on Microsoft Edge                       | Choose whether employees see the First Run webpage. <br /> **Set to: Enable**        |
 | Allow Microsoft Compatibility List                       | Choose whether to use the Microsoft Compatibility List in Microsoft Edge. <br /> **Set to: Disabled**        |
@@ -644,11 +644,11 @@ To turn off OneDrive in your organization:
 
   -and-
 
--   **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent OneDrive from generating network traffic until the user signs in to OneDrive (Enable)**
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent OneDrive from generating network traffic until the user signs in to OneDrive (Enable)**
 
     -or-
 
-- Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)** 
+- Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)**
 
 
 ### <a href="" id="bkmk-preinstalledapps"></a>17. Preinstalled apps
@@ -660,9 +660,9 @@ To remove the News app:
 - Right-click the app in Start, and then click **Uninstall**.
 
   -or-
->[!IMPORTANT]
+> [!IMPORTANT]
 > If you have any issues with these commands, restart the system and try the scripts again.
->
+
 - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
 
   -and-
@@ -933,7 +933,7 @@ To turn off **Location for this device**:
 - Click the **Change** button in the UI.
 
   -or-
-  
+
 - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
 
   -or-
@@ -943,7 +943,7 @@ To turn off **Location for this device**:
 To turn off **Allow apps to access your location**:
 
 - Turn off the feature in the UI.
-  
+
    -or-
 
 - **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location** and set the **Select a setting** box to **Force Deny**.
@@ -952,7 +952,7 @@ To turn off **Allow apps to access your location**:
 
 - Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 
- 
+
 To turn off **Location history**:
 
 - Erase the history using the **Clear** button in the UI.
@@ -1035,15 +1035,15 @@ To turn off **Let apps access my notifications**:
 
 ### <a href="" id="bkmk-priv-speech"></a>18.6 Speech
 
-In the **Speech** area, you can configure the functionality as such: 
+In the **Speech** area, you can configure the functionality as such:
 
 To turn off dictation of your voice, speaking to Cortana and other apps, and to prevent sending your voice input to Microsoft Speech services:
 
-- Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** 
+- Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off**
 
   -or-
 
-- **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Control Panel > Regional and Language Options > Allow users to enable online speech recognition services** 
+- **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Control Panel > Regional and Language Options > Allow users to enable online speech recognition services**
 
   -or-
 
@@ -1052,12 +1052,11 @@ To turn off dictation of your voice, speaking to Cortana and other apps, and to
 
 If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** 
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
 
   -or-
 
-- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** 
+- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
-
 
 
 ### <a href="" id="bkmk-priv-accounts"></a>18.7 Account info
@@ -1076,8 +1075,7 @@ To turn off **Let apps access my name, picture, and other account info**:
 
   -or-
 
-- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
-
 
 
 To turn off **Choose the apps that can access your account info**:
@@ -1112,7 +1110,7 @@ To turn off **Let apps access my calendar**:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**.  Set the **Select a setting** box to **Force Deny**.
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**. Set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1180,15 +1178,15 @@ To turn off **Choose apps that can read or send messages**:
 
 - Turn off the feature in the UI for each app.
 
-**To turn off Message Sync** 
+**To turn off Message Sync**
+
+- Create a REG_DWORD registry setting named **AllowMessageSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Messaging** and set the **value to 0 (zero)**.
 
--   Create a REG_DWORD registry setting named **AllowMessageSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Messaging** and set the **value to 0 (zero)**.
-   
     -or-
 
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Messaging**
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Messaging**
 
-    -   Set the **Allow Message Service Cloud Sync** to **Disable**.
+    - Set the **Allow Message Service Cloud Sync** to **Disable**.
 
 ### <a href="" id="bkmk-priv-phone-calls"></a>18.13 Phone calls
 
@@ -1238,7 +1236,7 @@ In the **Other Devices** area, you can choose whether devices that aren't paired
 
 To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
 
-- Turn off the feature in the UI by going to Settings > Privacy > Other devices >  "Communicate with unpaired devices.    Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" and **Turn it OFF**. 
+- Turn off the feature in the UI by going to Settings > Privacy > Other devices > "Communicate with unpaired devices. Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone" and **Turn it OFF**.
 
   -or-
 
@@ -1263,7 +1261,7 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
 ### <a href="" id="bkmk-priv-feedback"></a>18.16 Feedback & diagnostics
 
-In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.  If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
+In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
 
 To change how frequently **Windows should ask for my feedback**:
 
@@ -1314,7 +1312,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
 > [!NOTE]
 > If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
-  
+
 
 To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data:
 
@@ -1334,7 +1332,7 @@ To turn off tailored experiences with relevant tips and recommendations by using
 
   -or-
 
-- Create a REG_DWORD registry setting named **DisableTailoredExperiencesWithDiagnosticData** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of **1**
+- Create a REG_DWORD registry setting named **DisableTailoredExperiencesWithDiagnosticData** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
 
 
 ### <a href="" id="bkmk-priv-background"></a>18.17 Background apps
@@ -1388,7 +1386,7 @@ To turn this off:
 
   -or-
 
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access Tasks**.  Set the **Select a setting** box to **Force Deny**.
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access Tasks**. Set the **Select a setting** box to **Force Deny**.
 
   -or-
 
@@ -1414,50 +1412,50 @@ To turn this off:
 
 ### <a href="" id="bkmk-priv-ink"></a>18.21 Inking & Typing
 
-In the **Inking & Typing** area you can configure the functionality as such: 
+In the **Inking & Typing** area you can configure the functionality as such:
 
 To turn off Inking & Typing data collection:
 
-- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Improve inking and typing** and turn it to **Off** 
+- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Improve inking and typing** and turn it to **Off**
 
   -OR-
-  
+
   **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Windows Components > Text Input > Improve inking and typing recognition**
-  
+
   -and-
-  
+
   **Disable** the Group Policy: **User Configuration > Administrative Templates  > Control Panel > Regional and Language Options > Handwriting personalization > Turn off automatic learning**
-  
+
   -OR-
 
 - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
 
   -and-
- 
+
 - Set **RestrictImplicitInkCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
 
 
 ### <a href="" id="bkmk-act-history"></a>18.22 Activity History
-In the **Activity History** area, you can choose turn Off tracking of your Activity History.  
+In the **Activity History** area, you can choose turn Off tracking of your Activity History.
 
 To turn this Off in the UI:
 
-- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes 
+- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes
 
 -OR-
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed** 
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed**
 
      -and-
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities** 
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities**
 
      -and-
 
-- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** > named **Allow upload of User Activities** 
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** > named **Allow upload of User Activities**
 
 -OR-
- 
+
 - Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
 
      -and-
@@ -1467,14 +1465,14 @@ To turn this Off in the UI:
      -and-
 
 - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
-    
+
 ### <a href="" id="bkmk-voice-act"></a>18.23 Voice Activation
 
-In the **Voice activation** area, you can choose turn Off apps ability to listen for a Voice keyword.  
+In the **Voice activation** area, you can choose turn Off apps ability to listen for a Voice keyword.
 
 To turn this Off in the UI:
 
-- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked** 
+- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked**
 
 -OR-
 
@@ -1486,7 +1484,7 @@ To turn this Off in the UI:
 
 
 -OR-
- 
+
 - Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**
 
      -and-
@@ -1494,7 +1492,6 @@ To turn this Off in the UI:
 - Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy** with a **value of 2 (two)**
 
 
-
 ### <a href="" id="bkmk-spp"></a>19. Software Protection Platform
 
 Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
@@ -1517,11 +1514,11 @@ Enterprise customers can manage their Windows activation status with volume lice
 
 **For Windows Server 2016:**
 
-- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
 
->[!NOTE]
+> [!NOTE]
->Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
+> Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016; the **NoAcquireGT** value needs to be set instead.
->The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
+> The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
 
 ### <a href="" id="bkmk-storage-health"></a>20. Storage health
 
@@ -1542,7 +1539,7 @@ You can control if your settings are synchronized:
 
   -or-
 
-- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**. Leave the "Allow users to turn syncing on" checkbox **unchecked**. 
+- **Enable** the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**. Leave the "Allow users to turn syncing on" checkbox **unchecked**.
 
   -or-
 
@@ -1553,14 +1550,14 @@ To turn off Messaging cloud sync:
 > [!NOTE]
 > There is no Group Policy corresponding to this registry key.
 
--  Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**.
+- Create a REG_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Messaging** and set to a **value of 0 (zero)**.
 
 ### <a href="" id="bkmk-teredo"></a>22. Teredo
 
 You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](/previous-versions/windows/it-pro/windows-vista/cc722030(v=ws.10)).
 
->[!NOTE]
+> [!NOTE]
->If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work.
+> If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work.
 
 - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** &gt; **TCPIP Settings** &gt; **IPv6 Transition Technologies** &gt; **Set Teredo State** and set it to **Disabled State**.
 
@@ -1571,14 +1568,14 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
 
 ### <a href="" id="bkmk-wifisense"></a>23. Wi-Fi Sense
 
->[!IMPORTANT]
+> [!IMPORTANT]
->Beginning with Windows 10, version 1803, Wi-Fi Sense is no longer available. The following section only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/en-us/windows-10-open-wi-fi-hotspots) for more details.
+> Beginning with Windows 10, version 1803, Wi-Fi Sense is no longer available. The following section only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
 
 Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
 
 To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
 
-- Turn off the feature in the UI in Settings  > Network & Internet  > Wi-Fi 
+- Turn off the feature in the UI in Settings  > Network & Internet  > Wi-Fi
 
   -or-
 
@@ -1593,12 +1590,12 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 
 ### <a href="" id="bkmk-defender"></a>24. Windows Defender
 
-You can disconnect from the Microsoft Antimalware Protection Service. 
+You can disconnect from the Microsoft Antimalware Protection Service.
 
->[!IMPORTANT]
+> [!IMPORTANT]
->**Required Steps BEFORE setting the Windows Defender Group Policy or RegKey on Windows 10 version 1903**
+> **Required Steps BEFORE setting the Windows Defender Group Policy or RegKey on Windows 10 version 1903**
->1. Ensure Windows and Windows Defender are fully up to date.
+> 1. Ensure Windows and Windows Defender are fully up to date.
->2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button.  Then scroll down to the Tamper Protection toggle and turn it **Off**.  This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**. 
+> 2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button. Then scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**.
 
 - **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **MAPS** &gt; **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS**
 
@@ -1638,7 +1635,7 @@ You can stop downloading **Definition Updates**:
 
   -and-
 
-- **Remove** the **DefinitionUpdateFileSharesSources** reg value if it exists under **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Signature Updates** 
+- **Remove** the **DefinitionUpdateFileSharesSources** reg value if it exists under **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Signature Updates**
 
 
 You can turn off **Malicious Software Reporting Tool (MSRT) diagnostic data**:
@@ -1646,7 +1643,7 @@ You can turn off **Malicious Software Reporting Tool (MSRT) diagnostic data**:
 - Set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to **1**.
 
 > [!NOTE]
-> There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data. 
+> There is no Group Policy to turn off the Malicious Software Reporting Tool diagnostic data.
 
 
 You can turn off **Enhanced Notifications** as follows:
@@ -1655,7 +1652,7 @@ You can turn off **Enhanced Notifications** as follows:
 
   -or-
 
-- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **Reporting**.  
+- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **Reporting**.
 
   -or-
 
@@ -1666,7 +1663,7 @@ You can turn off **Enhanced Notifications** as follows:
 
 To disable Windows Defender SmartScreen:
 
-In Group Policy, configure: 
+In Group Policy, configure:
 
 - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
 
@@ -1695,7 +1692,7 @@ In Group Policy, configure:
 
 Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy.
 
-If you're running Windows 10, version 1607 or later, you need to: 
+If you're running Windows 10, version 1607 or later, you need to:
 
 - **Enable** the following Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
 
@@ -1714,7 +1711,7 @@ If you're running Windows 10, version 1607 or later, you need to:
 
    -or-
 
-- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_Local_Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)**
+- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)**
 
 
 -AND-
@@ -1732,27 +1729,27 @@ If you're running Windows 10, version 1607 or later, you need to:
 
 - Apply the Group Policies:
 
-  - **Enable** the **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image and logon image** Group Policy. 
+  - **Enable** the **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image and logon image** Group Policy.
      - Add **C:\\windows\\web\\screen\\lockscreen.jpg** as the location in the **Path to local lock screen image** box.
 
      - Check the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
 
        > [!NOTE]
-       > This will only take effect if the policy is applied before the first logon. 
+       > This will only take effect if the policy is applied before the first logon.
-       > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, 
+       > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device,
-       > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** 
+       > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization**
        >
-       > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** 
+       > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization**
-       > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in 
+       > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in
        > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**.
        >
-       > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. 
+       > The Group Policy for the **LockScreenOverlaysDisabled** registry key is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**.
 
 
   \-AND-
 
 
-  - Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows tips** to **Enabled** 
+  - Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows tips** to **Enabled**
 
     -or-
 
@@ -1766,10 +1763,9 @@ If you're running Windows 10, version 1607 or later, you need to:
 
     -or-
 
-  - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
+  - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
-   
+
- 
+This policy setting controls whether the lock screen appears for users. The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen.   
-This policy setting controls whether the lock screen appears for users.  The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen.
 
 If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.
 
@@ -1846,7 +1842,7 @@ For a comprehensive list of Delivery Optimization Policies, see [Delivery Optimi
 
 -or-
 
-- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **99 (Ninety-nine)**. 
+- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **99 (Ninety-nine)**.
 
 
 For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
@@ -1866,23 +1862,23 @@ You can turn off Windows Update by setting the following registry entries:
 
   -and-
 
-- Add a REG_SZ value named **WUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
+- Add a REG_SZ value named **WUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**.
 
   -and-
 
-- Add a REG_SZ value named **WUStatusServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
+- Add a REG_SZ value named **WUStatusServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**.
 
   -and-
 
-- Add a REG_SZ value named **UpdateServiceUrlAlternate** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**. 
+- Add a REG_SZ value named **UpdateServiceUrlAlternate** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and ensure it is blank with a space character **" "**.
 
   -and-
 
-- Add a REG_DWORD value named **UseWUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate\\AU** and set the value to 1.
+- Add a REG_DWORD value named **UseWUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate\\AU** and set the **value to 1 (one)**.
 
 -OR-
 
-- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Do not connect to any Windows Update Internet locations** to **Enabled** 
+- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Do not connect to any Windows Update Internet locations** to **Enabled**
 
   -and-
 
@@ -1890,11 +1886,11 @@ You can turn off Windows Update by setting the following registry entries:
 
   -and-
 
-- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** to **Enabled** and ensure all Option settings (Intranet Update Service, Intranet Statistics Server, Alternate Download Server) are set to **" "** 
+- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** to **Enabled** and ensure all Option settings (Intranet Update Service, Intranet Statistics Server, Alternate Download Server) are set to **" "**
 
   -and-
 
-- Set the Group Policy **User Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**.  
+- Set the Group Policy **User Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**.
 
 
 You can turn off automatic updates by doing the following. This is not recommended.
@@ -1904,18 +1900,17 @@ You can turn off automatic updates by doing the following. This is not recommend
 
 For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic:
 
-- Add a REG_DWORD value named **HapDownloadEnabled** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LexiconUpdate\\loc_0804** and set the value to 0.
+- Add a REG_DWORD value named **HapDownloadEnabled** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LexiconUpdate\\loc_0804** and set the **value to 0 (zero)**.
 
-  
 
 ### <a href="" id="bkmk-allowedtraffic"></a> Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline
 
-|Allowed traffic endpoints| 
+|Allowed traffic endpoints|
-| --- | 
+| --- |
 |activation-v2.sls.microsoft.com/*|
 |crl.microsoft.com/pki/crl/*|
 |ocsp.digicert.com/*|
 |www.microsoft.com/pkiops/*|
 
 
-To learn more, see [Device update management](/windows/client-management/mdm/device-update-management) and [Configure Automatic Updates by using Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc720539(v=ws.10)).
+To learn more, see [Device update management](/windows/client-management/mdm/device-update-management) and [Configure Automatic Updates by using Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc720539(v=ws.10)).

windows/security/identity-protection/credential-guard/credential-guard-manage.md

@@ -59,8 +59,11 @@ To enforce processing of the group policy, you can run ```gpupdate /force```.
 
 3.  Click **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
 
-> [!NOTE]
+    > [!NOTE]
-> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
+    > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
+
+> [!TIP]
+> You can also configure Credential Guard by using an account protection profile in endpoint security. See [Account protection policy settings for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-account-protection-profile-settings).
 
 ### Enable Windows Defender Credential Guard by using the registry
 
@@ -117,17 +120,17 @@ You can do this by using either the Control Panel or the Deployment Image Servic
 
 2.  Enable virtualization-based security:
 
-    -   Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard.
+    1. Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard.
     
-    -   Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
+    1. Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
     
-    -   Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
+    1. Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
 
 3.  Enable Windows Defender Credential Guard:
 
-    -   Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA.
+    1. Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA.
     
-    -   Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
+    1. Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
 
 4.  Close Registry Editor.
 
@@ -164,7 +167,8 @@ You can view System Information to check that Windows Defender Credential Guard
 
     Here's an example:
 
-    ![System Information](images/credguard-msinfo32.png)
+    > [!div class="mx-imgBorder"]
+    > ![System Information](images/credguard-msinfo32.png)
 
 You can also check that Windows Defender Credential Guard is running by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
 
@@ -258,7 +262,7 @@ To disable Windows Defender Credential Guard, you can use the following set of p
     > [!NOTE]
     > The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings:
     >
-    >```
+    >```console
     >bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
     >bcdedit /set vsmlaunchtype off
     >```
@@ -274,7 +278,7 @@ For more info on virtualization-based security and HVCI, see [Enable virtualizat
 
 You can also disable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
 
-```console
+```powershell
 DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot
 ```
 
@@ -289,4 +293,4 @@ From the host, you can disable Windows Defender Credential Guard for a virtual m
 
 ```powershell
 Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
-```
+```

windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md

@@ -22,8 +22,9 @@ ms.reviewer:
 **Requirements**
 
 * Hybrid and On-premises Windows Hello for Business deployments
-* Enterprise Joined or Hybrid Azure joined devices
+* Enterprise joined or Hybrid Azure joined devices
 * Windows 10, version 1709
+* Certificate trust
 
 > [!NOTE]
 > This feature was previously known as **Privileged Credential** but was renamed to **Dual Enrollment** to prevent any confusion with the **Privileged Access Workstation** feature.
@@ -35,14 +36,14 @@ Dual enrollment enables administrators to perform elevated, administrative funct
 
 By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session.  Using the computer Group Policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices.
 
-With this setting, administrative users can sign-in to Windows 10, version 1709 using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN.  Administrators can also take advantage of this feature with command line applications by using **runas.exe** combined with the **/smartcard** argument.  This enables administrators to perform their day-to-day operations without needing to sign-in and out, or use fast user switching when alternating between privileged and non-privileged workloads.
+With this setting, administrative users can sign in to Windows 10, version 1709 using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN.  Administrators can also take advantage of this feature with command-line applications by using **runas.exe** combined with the **/smartcard** argument.  This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads.
 
 > [!IMPORTANT]
 > You must configure a Windows 10 computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business.  Dual enrollment is a special setting that is configured on the Windows Hello container during creation.
 
 ## Configure Windows Hello for Business Dual Enrollment
 
-In this task you will
+In this task, you will
 
 * Configure Active Directory to support Domain Administrator enrollment
 * Configure Dual Enrollment using Group Policy
@@ -53,7 +54,7 @@ The designed Windows Hello for Business configuration gives the **Key Admins** (
 
 Active Directory Domain Services uses AdminSDHolder to secure privileged users and groups from unintentional modification by comparing and replacing the security on privileged users and groups to match those defined on the AdminSDHolder object on an hourly cycle. For Windows Hello for Business, your domain administrator account may receive the permissions but they will disappear from the user object unless you give the AdminSDHolder read and write permissions to the msDS-KeyCredential attribute.
 
-Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
+Sign in to a domain controller or management workstation with access equivalent to _domain administrator_.
 
 1. Type the following command to add the **allow** read and write property permissions for msDS-KeyCredentialLink attribute for the **Key Admins** (or **KeyCredential Admins**) group on the AdminSDHolder object.</br>
 ```dsacls "CN=AdminSDHolder,CN=System,DC=domain,DC=com" /g "[domainName\keyAdminGroup]":RPWP;msDS-KeyCredentialLink```</br>
@@ -76,7 +77,7 @@ You configure Windows 10 to support dual enrollment using the computer configura
 4. Close the Group Policy Management Editor to save the Group Policy object.  Close the GPMC.
 5. Restart computers targeted by this Group Policy object.
 
-The computer is ready for dual enrollment.  Sign-in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign-out and sign-in as the non-privileged user and enroll for Windows Hello for Business.  You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
+The computer is ready for dual enrollment.  Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the non-privileged user and enroll for Windows Hello for Business.  You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
 
 ## Related topics
 

windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security, mobile
 author: dansimp
 audience: ITPro
-ms.author: dolmont
+ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article

windows/security/includes/microsoft-defender.md

@@ -11,4 +11,4 @@ ms.topic: include
 ---
 
 > [!IMPORTANT]
-> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center). This topic might apply to both Microsoft Defender for Endpoint and Microsoft 365 Defender. Refer to the **Applies To** section and look for specific call outs in this article where there might be differences.
+> The improved [Microsoft 365 security center](https://security.microsoft.com) is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. [Learn what's new](/microsoft-365/security/mtp/overview-security-center).

windows/security/information-protection/TOC.md

@@ -7,8 +7,8 @@
 #### [Upgrading](bitlocker\bitlocker-upgrading-faq.md)
 #### [Deployment and administration](bitlocker\bitlocker-deployment-and-administration-faq.yml)
 #### [Key management](bitlocker\bitlocker-key-management-faq.md)
-#### [BitLocker To Go](bitlocker\bitlocker-to-go-faq.md)
+#### [BitLocker To Go](bitlocker\bitlocker-to-go-faq.yml)
-#### [Active Directory Domain Services](bitlocker\bitlocker-and-adds-faq.md)
+#### [Active Directory Domain Services](bitlocker\bitlocker-and-adds-faq.yml)
 #### [Security](bitlocker\bitlocker-security-faq.md)
 #### [BitLocker Network Unlock](bitlocker\bitlocker-network-unlock-faq.md)
 #### [General](bitlocker\bitlocker-using-with-other-programs-faq.md)

windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md

@@ -1,73 +0,0 @@
----
-title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
-description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. 
-ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-ms.reviewer: 
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.date: 02/28/2019
-ms.custom: bitlocker
----
-
-# BitLocker and Active Directory Domain Services (AD DS) FAQ
-
-**Applies to**
--   Windows 10
-
-
-## What type of information is stored in AD DS?
-
-Stored information | Description
--------------------|------------
-Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
-BitLocker recovery password | The recovery password allows you to unlock and access the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
-BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, `Repair-bde`. 
-
-## What if BitLocker is enabled on a computer before the computer has joined the domain?
-
-If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
-
-For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-
-The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The `manage-bde` command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, you would use the following command script from an elevated command prompt:
-
-```PowerShell
-$BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive
-$RecoveryProtector = $BitLocker.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
-
-Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
-BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
-```
-
-> [!IMPORTANT]
-> Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
- 
-## Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
-
-Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says "Success," the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it is also possible that the log entry could be spoofed.
-
-Ultimately, determining whether a legitimate backup exists in AD DS requires querying AD DS with domain administrator credentials by using the BitLocker password viewer tool.
-
-## If I change the BitLocker recovery password on my computer and store the new password in AD DS, will AD DS overwrite the old password?
-
-No. By design, BitLocker recovery password entries do not get deleted from AD DS; therefore, you might see multiple passwords for each drive. To identify the latest password, check the date on the object.
-
-## What happens if the backup initially fails? Will BitLocker retry it?
-
-If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS.
-
-When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
-
-For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-
-When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker will not automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain) to capture the information after connectivity is restored.
-

windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml

@@ -0,0 +1,83 @@
+### YamlMime:FAQ
+metadata:
+  title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
+  description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. 
+  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+  ms.reviewer: 
+  ms.prod: w10
+  ms.mktglfcycl: explore
+  ms.sitesec: library
+  ms.pagetype: security
+  ms.localizationpriority: medium
+  author: dansimp
+  ms.author: dansimp
+  manager: dansimp
+  audience: ITPro
+  ms.collection: M365-security-compliance
+  ms.topic: conceptual
+  ms.date: 02/28/2019
+  ms.custom: bitlocker
+    
+title: BitLocker and Active Directory Domain Services (AD DS) FAQ
+summary: |
+  **Applies to**
+  -   Windows 10
+  
+  
+
+sections:
+  - name: Ignored
+    questions:
+      - question: |
+          What type of information is stored in AD DS?
+        answer: |
+          Stored information | Description
+          -------------------|------------
+          Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
+          BitLocker recovery password | The recovery password allows you to unlock and access the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
+          BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, `Repair-bde`. 
+          
+      - question: |
+          What if BitLocker is enabled on a computer before the computer has joined the domain?
+        answer: |
+          If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
+          
+          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+          
+          The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The `manage-bde` command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, you would use the following command script from an elevated command prompt:
+          
+          ```PowerShell
+          $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive
+          $RecoveryProtector = $BitLocker.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
+          
+          Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
+          BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
+          ```
+          
+          > [!IMPORTANT]
+          > Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
+           
+      - question: |
+          Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
+        answer: |
+          Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says "Success," the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it is also possible that the log entry could be spoofed.
+          
+          Ultimately, determining whether a legitimate backup exists in AD DS requires querying AD DS with domain administrator credentials by using the BitLocker password viewer tool.
+          
+      - question: |
+          If I change the BitLocker recovery password on my computer and store the new password in AD DS, will AD DS overwrite the old password?
+        answer: |
+          No. By design, BitLocker recovery password entries do not get deleted from AD DS; therefore, you might see multiple passwords for each drive. To identify the latest password, check the date on the object.
+
+      - question: |
+          What happens if the backup initially fails? Will BitLocker retry it?
+        answer: |
+          If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS.
+          
+          When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
+          
+          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+          
+          When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker will not automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain-) to capture the information after connectivity is restored.
+          
+          

windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md

@@ -29,8 +29,8 @@ This topic links to frequently asked questions about BitLocker. BitLocker is a d
 -   [Upgrading](bitlocker-upgrading-faq.md)
 -   [Deployment and administration](bitlocker-deployment-and-administration-faq.yml)
 -   [Key management](bitlocker-key-management-faq.md)
--   [BitLocker To Go](bitlocker-to-go-faq.md)
+-   [BitLocker To Go](bitlocker-to-go-faq.yml)
--   [Active Directory Domain Services (AD DS)](bitlocker-and-adds-faq.md)
+-   [Active Directory Domain Services (AD DS)](bitlocker-and-adds-faq.yml)
 -   [Security](bitlocker-security-faq.md)
 -   [BitLocker Network Unlock](bitlocker-network-unlock-faq.md)
 -   [Using BitLocker with other programs and general questions](bitlocker-using-with-other-programs-faq.md)
@@ -45,4 +45,4 @@ This topic links to frequently asked questions about BitLocker. BitLocker is a d
 -   [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
 -   [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
 -   [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md)
--   [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps)
+-   [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps&preserve-view=true)

windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md

@@ -1,37 +0,0 @@
----
-title: BitLocker To Go FAQ (Windows 10)
-description: "Learn more about BitLocker To Go: BitLocker drive encryption for removable drives."
-ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-ms.reviewer: 
-ms.author: dansimp
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.date: 07/10/2018
-ms.custom: bitlocker
----
-
-# BitLocker To Go FAQ
-
-**Applies to**
--   Windows 10
-
-## What is BitLocker To Go?
-
-BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: 
-
-- USB flash drives
-- SD cards
-- External hard disk drives
-- Other drives that are formatted by using the NTFS, FAT16, FAT32, or exFAT file system. 
- 
-Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
-
-As with BitLocker, you can open drives that are encrypted by BitLocker To Go by using a password or smart card on another computer. In Control Panel, use **BitLocker Drive Encryption**.

windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml

@@ -0,0 +1,41 @@
+### YamlMime:FAQ
+metadata:
+  title: BitLocker To Go FAQ (Windows 10)
+  description: "Learn more about BitLocker To Go"
+  ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
+  ms.reviewer: 
+  ms.author: dansimp
+  ms.prod: w10
+  ms.mktglfcycl: deploy
+  ms.sitesec: library
+  ms.pagetype: security
+  ms.localizationpriority: medium
+  author: dansimp
+  manager: dansimp
+  audience: ITPro
+  ms.collection: M365-security-compliance
+  ms.topic: conceptual
+  ms.date: 07/10/2018
+  ms.custom: bitlocker
+    
+title: BitLocker To Go FAQ
+summary: |
+  **Applies to**
+  -   Windows 10
+  
+
+sections:
+  - name: Ignored
+    questions:
+      - question: What is BitLocker To Go?
+        answer: |
+          BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: 
+          
+          - USB flash drives
+          - SD cards
+          - External hard disk drives
+          - Other drives that are formatted by using the NTFS, FAT16, FAT32, or exFAT file system. 
+           
+          Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
+          
+          As with BitLocker, you can open drives that are encrypted by BitLocker To Go by using a password or smart card on another computer. In Control Panel, use **BitLocker Drive Encryption**.

windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md

@@ -31,8 +31,9 @@ Windows 10 prompts you for a BitLocker recovery password. However, you did not c
 
 The BitLocker and Active Directory Domain Services (AD DS) FAQ addresses situations that may produce this symptom, and provides information about how to resolve the issue:
 
-- [What if BitLocker is enabled on a computer before the computer has joined the domain?](./bitlocker-and-adds-faq.md#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain)
+- [What if BitLocker is enabled on a computer before the computer has joined the domain?](./bitlocker-and-adds-faq.yml#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain-)
-- [What happens if the backup initially fails? Will BitLocker retry the backup?](./bitlocker-and-adds-faq.md)
+
+- [What happens if the backup initially fails? Will BitLocker retry the backup?](./bitlocker-and-adds-faq.yml)
 
 ## The recovery password for a laptop was not backed up, and the laptop is locked
 
@@ -201,9 +202,9 @@ To reset the PCR settings on the TPM, follow these steps:
 You can avoid this scenario when you install updates to system firmware or TPM firmware by temporarily suspending BitLocker before you apply such updates.
 
 > [!IMPORTANT]
-> TPM and UEFI firmware updates may require multiple restarts while they install. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps) and set the **Reboot Count** parameter to either of the following values:
+> TPM and UEFI firmware updates may require multiple restarts while they install. To keep BitLocker suspended during this process, you must use [Suspend-BitLocker](/powershell/module/bitlocker/suspend-bitlocker?view=winserver2012r2-ps&preserve-view=true) and set the **Reboot Count** parameter to either of the following values:
 > - **2** or greater: This value sets the number of times the device can restart before BitLocker Device Encryption resumes.
-> - **0**: This value suspends BitLocker Drive Encryption indefinitely, until you use [Resume-BitLocker](https://docs.microsoft.com/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps) or another mechanism to resume protection.
+> - **0**: This value suspends BitLocker Drive Encryption indefinitely, until you use [Resume-BitLocker](/powershell/module/bitlocker/resume-bitlocker?view=winserver2012r2-ps&preserve-view=true) or another mechanism to resume protection.
 
 To suspend BitLocker while you install TPM or UEFI firmware updates:
 
@@ -288,4 +289,4 @@ For more information about this technology, see [Windows Defender System Guard:
 To resolve this issue, do one of the following:
 
 - Remove any device that uses TPM 1.2 from any group that is subject to Group Policy Objects (GPOs) that enforce Secure Launch.
-- Edit the **Turn On Virtualization Based Security** GPO to set **Secure Launch Configuration** to **Disabled**.
+- Edit the **Turn On Virtualization Based Security** GPO to set **Secure Launch Configuration** to **Disabled**.

windows/security/information-protection/tpm/change-the-tpm-owner-password.md

@@ -21,6 +21,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10, version 1511
 -   Windows 10, version 1507
+-   TPM 1.2
 
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -427,7 +427,6 @@ For each cloud resource, you may also optionally specify a proxy server from you
 Be aware that all traffic routed through your Internal proxy servers is considered enterprise.
 
 Separate multiple resources with the "|" delimiter. 
-If you don’t use proxy servers, you must also include the "," delimiter just before the "|". 
 For example: 
 
 ```console
@@ -628,5 +627,5 @@ You can restrict which files are protected by WIP when they are downloaded from
 
 - [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
 
->[!NOTE]
+> [!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+> Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

windows/security/threat-protection/TOC.md

@@ -1,95 +1,92 @@
 # [Threat protection](index.md)
 
 ## [Next-generation protection with Microsoft Defender Antivirus]()
-### [Microsoft Defender Antivirus overview](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)
+### [Microsoft Defender Antivirus overview](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)
-### [Evaluate Microsoft Defender Antivirus](microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md)
+### [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus)
 
 ### [Configure Microsoft Defender Antivirus]()
-#### [Configure Microsoft Defender Antivirus features](microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md)
+#### [Configure Microsoft Defender Antivirus features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features)
    
-#### [Use Microsoft cloud-delivered protection](microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
+#### [Use Microsoft cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
-##### [Enable cloud-delivered protection](microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md)
+##### [Prevent security settings changes with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)
-##### [Specify the cloud-delivered protection level](microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md)
+##### [Enable Block at first sight](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
-##### [Configure and validate network connections](microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md)
+##### [Configure the cloud block timeout period](/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus)
-##### [Prevent security settings changes with tamper protection](microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
-##### [Enable Block at first sight](microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md)
-##### [Configure the cloud block timeout period](microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
    
 #### [Configure behavioral, heuristic, and real-time protection]()
-##### [Configuration overview](microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md)
+##### [Configuration overview](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
-##### [Detect and block Potentially Unwanted Applications](microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)
+##### [Detect and block Potentially Unwanted Applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus)
-##### [Enable and configure always-on protection and monitoring](microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md)
+##### [Enable and configure always-on protection and monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
    
-#### [Antivirus on Windows Server](microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md)
+#### [Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server)
    
 #### [Antivirus compatibility]()
-##### [Compatibility charts](microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md)
+##### [Compatibility charts](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility)
-##### [Use limited periodic antivirus scanning](microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md)
+##### [Use limited periodic antivirus scanning](/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus)
 
 #### [Manage Microsoft Defender Antivirus in your business]()
-##### [Management overview](microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md)
+##### [Management overview](/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus)
-##### [Use Microsoft Intune and Microsoft Endpoint Manager to manage Microsoft Defender Antivirus](microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md)
+##### [Use Microsoft Intune and Microsoft Endpoint Manager to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus)
-##### [Use Group Policy settings to manage Microsoft Defender Antivirus](microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md)
+##### [Use Group Policy settings to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus)
-##### [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md)
+##### [Use PowerShell cmdlets to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus)
-##### [Use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus](microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md)
+##### [Use Windows Management Instrumentation (WMI) to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus)
-##### [Use the mpcmdrun.exe command line tool to manage Microsoft Defender Antivirus](microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md)
+##### [Use the mpcmdrun.exe command line tool to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus)
    
 #### [Deploy, manage updates, and report on Microsoft Defender Antivirus]()
-##### [Preparing to deploy](microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md)
+##### [Preparing to deploy](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus)
-##### [Deploy and enable Microsoft Defender Antivirus](microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md)
+##### [Deploy and enable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus)
-##### [Deployment guide for VDI environments](microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md)
+##### [Deployment guide for VDI environments](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus)
    
 ##### [Report on antivirus protection]()
-##### [Review protection status and alerts](microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md)
+##### [Review protection status and alerts](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus)
-##### [Troubleshoot antivirus reporting in Update Compliance](microsoft-defender-antivirus/troubleshoot-reporting.md)
+##### [Troubleshoot antivirus reporting in Update Compliance](/microsoft-365/security/defender-endpoint/troubleshoot-reporting)
-##### [Learn about the recent updates](microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md)
+##### [Learn about the recent updates](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus)
-##### [Manage protection and security intelligence updates](microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md)
+##### [Manage protection and security intelligence updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus)
-##### [Manage when protection updates should be downloaded and applied](microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md)
+##### [Manage when protection updates should be downloaded and applied](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus)
-##### [Manage updates for endpoints that are out of date](microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md)
+##### [Manage updates for endpoints that are out of date](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus)
-##### [Manage event-based forced updates](microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md)
+##### [Manage event-based forced updates](/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus)
-##### [Manage updates for mobile devices and VMs](microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)
+##### [Manage updates for mobile devices and VMs](/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus)
    
 #### [Customize, initiate, and review the results of scans and remediation]()
-##### [Configuration overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
+##### [Configuration overview](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus)
    
-##### [Configure and validate exclusions in antivirus scans](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
+##### [Configure and validate exclusions in antivirus scans](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus)
-##### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
+##### [Configure and validate exclusions based on file name, extension, and folder location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus)
-##### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
+##### [Configure and validate exclusions for files opened by processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus)
-##### [Configure antivirus exclusions Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
+##### [Configure antivirus exclusions Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus)
-##### [Common mistakes when defining exclusions](microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md)
+##### [Common mistakes when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus)
-##### [Configure scanning antivirus options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
+##### [Configure scanning antivirus options](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus)
-##### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
+##### [Configure remediation for scans](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus)
-##### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
+##### [Configure scheduled scans](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus)
-##### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
+##### [Configure and run scans](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus)
-##### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
+##### [Review scan results](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus)
-##### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md)
+##### [Run and review the results of an offline scan](/microsoft-365/security/defender-endpoint//microsoft-defender-offline)
    
-#### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
+#### [Restore quarantined files](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus)
    
 #### [Manage scans and remediation]()
-##### [Management overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
+##### [Management overview](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus)
    
 ##### [Configure and validate exclusions in antivirus scans]()
-##### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
+##### [Exclusions overview](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus)
-##### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
+##### [Configure and validate exclusions based on file name, extension, and folder location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus)
-##### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
+##### [Configure and validate exclusions for files opened by processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus)
-##### [Configure antivirus exclusions on Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)
+##### [Configure antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus)
    
-##### [Configure scanning options](microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md)
+##### [Configure scanning options](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus)
 
-#### [Configure remediation for scans](microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md)
+#### [Configure remediation for scans](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus)
-##### [Configure scheduled scans](microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md)
+##### [Configure scheduled scans](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus)
-##### [Configure and run scans](microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md)
+##### [Configure and run scans](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus)
-##### [Review scan results](microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md)
+##### [Review scan results](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus)
-##### [Run and review the results of an offline scan](microsoft-defender-antivirus/microsoft-defender-offline.md)
+##### [Run and review the results of an offline scan](/microsoft-365/security/defender-endpoint/microsoft-defender-offline)
-##### [Restore quarantined files](microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md)
+##### [Restore quarantined files](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus)
 
 ### [Troubleshoot Microsoft Defender Antivirus]()
-#### [Troubleshoot Microsoft Defender Antivirus issues](microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md)
+#### [Troubleshoot Microsoft Defender Antivirus issues](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus)
-#### [Troubleshoot Microsoft Defender Antivirus migration issues](microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md)
+#### [Troubleshoot Microsoft Defender Antivirus migration issues](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating)
    
-## [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md)
+## [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus)
-## [Better together: Microsoft Defender Antivirus and Office 365](microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md)
+## [Better together: Microsoft Defender Antivirus and Office 365](/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus)
 
 ## [Hardware-based isolation]()
 

windows/security/threat-protection/auditing/event-4624.md

@@ -17,11 +17,11 @@ ms.technology: mde
 # 4624(S): An account was successfully logged on.
 
 **Applies to**
--   Windows 10
+- Windows 10
--   Windows Server 2016
+- Windows Server 2016
 
 
-<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" align="left" />
+<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />
 
 ***Subcategory:***&nbsp;[Audit Logon](audit-logon.md)
 
@@ -29,59 +29,61 @@ ms.technology: mde
 
 This event generates when a logon session is created (on destination machine). It generates on the computer that was accessed, where the session was created.
 
-> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [!NOTE]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
 
 <br clear="all">
 
 ***Event XML:***
 ```xml
 <?xml version="1.0"?>
-<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+<Event
-  <System>
+    xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/>
+    <System>
-    <EventID>4624</EventID>
+        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}"/>
-    <Version>2</Version>
+        <EventID>4624</EventID>
-    <Level>0</Level>
+        <Version>2</Version>
-    <Task>12544</Task>
+        <Level>0</Level>
-    <Opcode>0</Opcode>
+        <Task>12544</Task>
-    <Keywords>0x8020000000000000</Keywords>
+        <Opcode>0</Opcode>
-    <TimeCreated SystemTime="2015-11-12T00:24:35.079785200Z"/>
+        <Keywords>0x8020000000000000</Keywords>
-    <EventRecordID>211</EventRecordID>
+        <TimeCreated SystemTime="2015-11-12T00:24:35.079785200Z"/>
-    <Correlation ActivityID="{00D66690-1CDF-0000-AC66-D600DF1CD101}"/>
+        <EventRecordID>211</EventRecordID>
-    <Execution ProcessID="716" ThreadID="760"/>
+        <Correlation ActivityID="{00D66690-1CDF-0000-AC66-D600DF1CD101}"/>
-    <Channel>Security</Channel>
+        <Execution ProcessID="716" ThreadID="760"/>
-    <Computer>WIN-GG82ULGC9GO</Computer>
+        <Channel>Security</Channel>
-    <Security/>
+        <Computer>WIN-GG82ULGC9GO</Computer>
-  </System>
+        <Security/>
-  <EventData>
+    </System>
-    <Data Name="SubjectUserSid">S-1-5-18</Data>
+    <EventData>
-    <Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data>
+        <Data Name="SubjectUserSid">S-1-5-18</Data>
-    <Data Name="SubjectDomainName">WORKGROUP</Data>
+        <Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data>
-    <Data Name="SubjectLogonId">0x3e7</Data>
+        <Data Name="SubjectDomainName">WORKGROUP</Data>
-    <Data Name="TargetUserSid">S-1-5-21-1377283216-344919071-3415362939-500</Data>
+        <Data Name="SubjectLogonId">0x3e7</Data>
-    <Data Name="TargetUserName">Administrator</Data>
+        <Data Name="TargetUserSid">S-1-5-21-1377283216-344919071-3415362939-500</Data>
-    <Data Name="TargetDomainName">WIN-GG82ULGC9GO</Data>
+        <Data Name="TargetUserName">Administrator</Data>
-    <Data Name="TargetLogonId">0x8dcdc</Data>
+        <Data Name="TargetDomainName">WIN-GG82ULGC9GO</Data>
-    <Data Name="LogonType">2</Data>
+        <Data Name="TargetLogonId">0x8dcdc</Data>
-    <Data Name="LogonProcessName">User32</Data>
+        <Data Name="LogonType">2</Data>
-    <Data Name="AuthenticationPackageName">Negotiate</Data>
+        <Data Name="LogonProcessName">User32</Data>
-    <Data Name="WorkstationName">WIN-GG82ULGC9GO</Data>
+        <Data Name="AuthenticationPackageName">Negotiate</Data>
-    <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
+        <Data Name="WorkstationName">WIN-GG82ULGC9GO</Data>
-    <Data Name="TransmittedServices">-</Data>
+        <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
-    <Data Name="LmPackageName">-</Data>
+        <Data Name="TransmittedServices">-</Data>
-    <Data Name="KeyLength">0</Data>
+        <Data Name="LmPackageName">-</Data>
-    <Data Name="ProcessId">0x44c</Data>
+        <Data Name="KeyLength">0</Data>
-    <Data Name="ProcessName">C:\\Windows\\System32\\svchost.exe</Data>
+        <Data Name="ProcessId">0x44c</Data>
-    <Data Name="IpAddress">127.0.0.1</Data>
+        <Data Name="ProcessName">C:\\Windows\\System32\\svchost.exe</Data>
-    <Data Name="IpPort">0</Data>
+        <Data Name="IpAddress">127.0.0.1</Data>
-    <Data Name="ImpersonationLevel">%%1833</Data>
+        <Data Name="IpPort">0</Data>
-    <Data Name="RestrictedAdminMode">-</Data>
+        <Data Name="ImpersonationLevel">%%1833</Data>
-    <Data Name="TargetOutboundUserName">-</Data>
+        <Data Name="RestrictedAdminMode">-</Data>
-    <Data Name="TargetOutboundDomainName">-</Data>
+        <Data Name="TargetOutboundUserName">-</Data>
-    <Data Name="VirtualAccount">%%1843</Data>
+        <Data Name="TargetOutboundDomainName">-</Data>
-    <Data Name="TargetLinkedLogonId">0x0</Data>
+        <Data Name="VirtualAccount">%%1843</Data>
-    <Data Name="ElevatedToken">%%1842</Data>
+        <Data Name="TargetLinkedLogonId">0x0</Data>
-  </EventData>
+        <Data Name="ElevatedToken">%%1842</Data>
+    </EventData>
 </Event>
 ```
 
@@ -91,57 +93,58 @@ This event generates when a logon session is created (on destination machine). I
 
 ***Event Versions:***
 
--   0 - Windows Server 2008, Windows Vista.
+- 0 - Windows Server 2008, Windows Vista.
 
--   1 - Windows Server 2012, Windows 8.
+- 1 - Windows Server 2012, Windows 8.
 
-    -   Added “Impersonation Level” field.
+  - Added "Impersonation Level" field.
 
--   2 – Windows 10.
+- 2 – Windows 10.
 
-    -   Added “Logon Information:” section.
+    - Added "Logon Information:" section.
 
-    -   **Logon Type** moved to “Logon Information:” section.
+    - **Logon Type** moved to "Logon Information:" section.
 
-    -   Added “Restricted Admin Mode” field.
+    - Added "Restricted Admin Mode" field.
 
-    -   Added “Virtual Account” field.
+    - Added "Virtual Account" field.
 
-    -   Added “Elevated Token” field.
+    - Added "Elevated Token" field.
 
-    -   Added “Linked Logon ID” field.
+    - Added "Linked Logon ID" field.
 
-    -   Added “Network Account Name” field.
+    - Added "Network Account Name" field.
 
-    -   Added “Network Account Domain” field.
+    - Added "Network Account Domain" field.
 
 ***Field Descriptions:***
 
 **Subject:**
 
--   **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Security ID** [Type = SID]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+  > [!NOTE]
+  > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
 
--   **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon.
+- **Account Name** [Type = UnicodeString]**:** the name of the account that reported information about successful logon.
 
--   **Account Domain** \[Type = UnicodeString\]**:** subject’s domain or computer name. Formats vary, and include the following:
+- **Account Domain** [Type = UnicodeString]**:** subject’s domain or computer name. Formats vary, and include the following:
 
-    -   Domain NETBIOS name example: CONTOSO
+    - Domain NETBIOS name example: CONTOSO
 
-    -   Lowercase full domain name: contoso.local
+    - Lowercase full domain name: contoso.local
 
-    -   Uppercase full domain name: CONTOSO.LOCAL
+    - Uppercase full domain name: CONTOSO.LOCAL
 
-    -   For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
+    - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY".
 
-    -   For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
+    - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81".
 
--   **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.”
+- **Logon ID** [Type = HexInt64]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, "[4672](event-4672.md)(S): Special privileges assigned to new logon."
 
-**Logon Information** \[Version 2\]**:**
+**Logon Information** [Version 2]**:**
 
--   **Logon Type** \[Version 0, 1, 2\] \[Type = UInt32\]**:** the type of logon which was performed. The table below contains the list of possible values for this field.
+- **Logon Type** [Version 0, 1, 2] [Type = UInt32]**:** the type of logon which was performed. The table below contains the list of possible values for this field.
 
 ## Logon types and descriptions
 
@@ -160,157 +163,159 @@ This event generates when a logon session is created (on destination machine). I
 | `12`       | `CachedRemoteInteractive` | Same as RemoteInteractive. This is used for internal auditing.                                                                                                                                                                                                                                                        |
 | `13`       | `CachedUnlock` | Workstation logon.                                                                                                                                                                                                                                                                                                             |
 
--   **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
+- **Restricted Admin Mode** [Version 2] [Type = UnicodeString]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
 
     Reference: <https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx>.
 
     If not a **RemoteInteractive** logon, then this will be "-" string.
 
--   **Virtual Account** \[Version 2\] \[Type = UnicodeString\]**:** a “Yes” or “No” flag, which indicates if the account is a virtual account (e.g., "[Managed Service Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560633(v=ws.10))"), which was introduced in Windows 7 and Windows Server 2008 R2 to provide the ability to identify the account that a given Service uses, instead of just using "NetworkService".
+- **Virtual Account** [Version 2] [Type = UnicodeString]**:** a "Yes" or "No" flag, which indicates if the account is a virtual account (e.g., "[Managed Service Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560633(v=ws.10))"), which was introduced in Windows 7 and Windows Server 2008 R2 to provide the ability to identify the account that a given Service uses, instead of just using "NetworkService".
 
--   **Elevated Token** \[Version 2\] \[Type = UnicodeString\]**:** a “Yes” or “No” flag. If “Yes” then the session this event represents is elevated and has administrator privileges.
+- **Elevated Token** [Version 2] [Type = UnicodeString]**:** a "Yes" or "No" flag. If "Yes", then the session this event represents is elevated and has administrator privileges.
 
-**Impersonation Level** \[Version 1, 2\] \[Type = UnicodeString\]: can have one of these four values:
+**Impersonation Level** [Version 1, 2] [Type = UnicodeString]: can have one of these four values:
 
--   SecurityAnonymous (displayed as **empty string**): The server process cannot obtain identification information about the client, and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
+- SecurityAnonymous (displayed as **empty string**): The server process cannot obtain identification information about the client, and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.
 
--   SecurityIdentification (displayed as "**Identification**"): The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects, for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to use other services that are using the client's security context.
+- SecurityIdentification (displayed as "**Identification**"): The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects, for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to use other services that are using the client's security context.
 
--   SecurityImpersonation (displayed as "**Impersonation**"): The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems. This is the most common type.
+- SecurityImpersonation (displayed as "**Impersonation**"): The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems. This is the most common type.
 
--   SecurityDelegation (displayed as "**Delegation**"): The server process can impersonate the client's security context on remote systems.
+- SecurityDelegation (displayed as "**Delegation**"): The server process can impersonate the client's security context on remote systems.
 
 **New Logon:**
 
--   **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Security ID** [Type = SID]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
 
-> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+  > [!NOTE]
+  > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
 
--   **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
+- **Account Name** [Type = UnicodeString]**:** the name of the account for which logon was performed.
 
--   **Account Domain** \[Type = UnicodeString\]**:** subject’s domain or computer name. Formats vary, and include the following:
+- **Account Domain** [Type = UnicodeString]**:** subject’s domain or computer name. Formats vary, and include the following:
 
-    -   Domain NETBIOS name example: CONTOSO
+    - Domain NETBIOS name example: CONTOSO
 
-    -   Lowercase full domain name: contoso.local
+    - Lowercase full domain name: contoso.local
 
-    -   Uppercase full domain name: CONTOSO.LOCAL
+    - Uppercase full domain name: CONTOSO.LOCAL
 
-    -   For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”.
+    - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY".
 
-    -   For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.
+    - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81".
 
--   **Logon ID** \[Type = HexInt64\]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, “[4672](event-4672.md)(S): Special privileges assigned to new logon.”
+- **Logon ID** [Type = HexInt64]**:** hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID, for example, "[4672](event-4672.md)(S): Special privileges assigned to new logon."
 
--   **Linked Logon ID** \[Version 2\] \[Type = HexInt64\]**:** A hexadecimal value of the paired logon session. If there is no other logon session associated with this logon session, then the value is “**0x0**”.
+- **Linked Logon ID** [Version 2] [Type = HexInt64]**:** A hexadecimal value of the paired logon session. If there is no other logon session associated with this logon session, then the value is "**0x0**".
 
--   **Network Account Name** \[Version 2\] \[Type = UnicodeString\]**:** User name that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
+- **Network Account Name** [Version 2] [Type = UnicodeString]**:** User name that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
 
     If not **NewCredentials** logon, then this will be a "-" string.
 
--   **Network Account Domain** \[Version 2\] \[Type = UnicodeString\]**:** Domain for the user that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
+- **Network Account Domain** [Version 2] [Type = UnicodeString]**:** Domain for the user that will be used for outbound (network) connections. Valid only for [NewCredentials](#logon-types-and-descriptions) logon type.
 
     If not **NewCredentials** logon, then this will be a "-" string.
 
--   **Logon GUID** \[Type = GUID\]: a GUID that can help you correlate this event with another event that can contain the same **Logon GUID**, “[4769](event-4769.md)(S, F): A Kerberos service ticket was requested event on a domain controller.
+- **Logon GUID** [Type = GUID]: a GUID that can help you correlate this event with another event that can contain the same **Logon GUID**, "[4769](event-4769.md)(S, F): A Kerberos service ticket was requested event on a domain controller.
 
-    It also can be used for correlation between a 4624 event and several other events (on the same computer) that can contain the same **Logon GUID**, “[4648](event-4648.md)(S): A logon was attempted using explicit credentials” and “[4964](event-4964.md)(S): Special groups have been assigned to a new logon.”
+    It also can be used for correlation between a 4624 event and several other events (on the same computer) that can contain the same **Logon GUID**, "[4648](event-4648.md)(S): A logon was attempted using explicit credentials" and "[4964](event-4964.md)(S): Special groups have been assigned to a new logon."
 
-    This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”.
+    This parameter might not be captured in the event, and in that case appears as "{00000000-0000-0000-0000-000000000000}".
 
-> **Note**&nbsp;&nbsp;**GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
+    > [!NOTE]
+    > **GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities, or instances.
 
 **Process Information:**
 
--   **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
+- **Process ID** [Type = Pointer]: hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
 
     <img src="images/task-manager.png" alt="Task manager illustration" width="585" height="375" />
 
     If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager.
 
-    You can also correlate this process ID with a process ID in other events, for example, “[4688](event-4688.md): A new process has been created” **Process Information\\New Process ID**.
+    You can also correlate this process ID with a process ID in other events, for example, "[4688](event-4688.md): A new process has been created" **Process Information\\New Process ID**.
 
--   **Process Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the process.
+- **Process Name** [Type = UnicodeString]**:** full path and the name of the executable for the process.
 
 **Network Information:**
 
--   **Workstation Name** \[Type = UnicodeString\]**:** machine name to which logon attempt was performed.
+- **Workstation Name** [Type = UnicodeString]**:** machine name from which a logon attempt was performed.
 
--   **Source Network Address** \[Type = UnicodeString\]**:** IP address of machine from which logon attempt was performed.
+- **Source Network Address** [Type = UnicodeString]**:** IP address of machine from which logon attempt was performed.
 
-    -   IPv6 address or ::ffff:IPv4 address of a client.
+    - IPv6 address or ::ffff:IPv4 address of a client.
 
-    -   ::1 or 127.0.0.1 means localhost.
+    - ::1 or 127.0.0.1 means localhost.
 
--   **Source Port** \[Type = UnicodeString\]: source port which was used for logon attempt from remote machine.
+- **Source Port** [Type = UnicodeString]: source port which was used for logon attempt from remote machine.
 
-    -   0 for interactive logons.
+    - 0 for interactive logons.
 
 **Detailed Authentication Information:**
 
--   **Logon Process** \[Type = UnicodeString\]**:** the name of the trusted logon process that was used for the logon. See event “[4611](event-4611.md): A trusted logon process has been registered with the Local Security Authority” description for more information.
+- **Logon Process** [Type = UnicodeString]**:** the name of the trusted logon process that was used for the logon. See event "[4611](event-4611.md): A trusted logon process has been registered with the Local Security Authority" description for more information.
 
--   **Authentication Package** \[Type = UnicodeString\]**:** The name of the authentication package which was used for the logon authentication process. Default packages loaded on LSA startup are located in “HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\OSConfig” registry key. Other packages can be loaded at runtime. When a new package is loaded a “[4610](event-4610.md): An authentication package has been loaded by the Local Security Authority” (typically for NTLM) or “[4622](event-4622.md): A security package has been loaded by the Local Security Authority” (typically for Kerberos) event is logged to indicate that a new package has been loaded along with the package name. The most common authentication packages are:
+- **Authentication Package** [Type = UnicodeString]**:** The name of the authentication package which was used for the logon authentication process. Default packages loaded on LSA startup are located in "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\OSConfig" registry key. Other packages can be loaded at runtime. When a new package is loaded a "[4610](event-4610.md): An authentication package has been loaded by the Local Security Authority" (typically for NTLM) or "[4622](event-4622.md): A security package has been loaded by the Local Security Authority" (typically for Kerberos) event is logged to indicate that a new package has been loaded along with the package name. The most common authentication packages are:
 
-    -   **NTLM** – NTLM-family Authentication
+    - **NTLM** – NTLM-family Authentication
 
-    -   **Kerberos** – Kerberos authentication.
+    - **Kerberos** – Kerberos authentication.
 
-    -   **Negotiate** – the Negotiate security package selects between Kerberos and NTLM protocols. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos.
+    - **Negotiate** – the Negotiate security package selects between Kerberos and NTLM protocols. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos.
 
--   **Transited Services** \[Type = UnicodeString\] \[Kerberos-only\]**:** the list of transmitted services. Transmitted services are populated if the logon was a result of a S4U (Service For User) logon process. S4U is a Microsoft extension to the Kerberos Protocol to allow an application service to obtain a Kerberos service ticket on behalf of a user – most commonly done by a front-end website to access an internal resource on behalf of a user. For more information about S4U, see <https://msdn.microsoft.com/library/cc246072.aspx>
+- **Transited Services** [Type = UnicodeString] [Kerberos-only]**:** the list of transmitted services. Transmitted services are populated if the logon was a result of a S4U (Service For User) logon process. S4U is a Microsoft extension to the Kerberos Protocol to allow an application service to obtain a Kerberos service ticket on behalf of a user – most commonly done by a front-end website to access an internal resource on behalf of a user. For more information about S4U, see <https://msdn.microsoft.com/library/cc246072.aspx>
 
--   **Package Name (NTLM only)** \[Type = UnicodeString\]**:** The name of the LAN Manager sub-package ([NTLM-family](/openspecs/windows_protocols/ms-nlmp/c50a85f0-5940-42d8-9e82-ed206902e919) protocol name) that was used during logon. Possible values are:
+- **Package Name (NTLM only)** [Type = UnicodeString]**:** The name of the LAN Manager sub-package ([NTLM-family](/openspecs/windows_protocols/ms-nlmp/c50a85f0-5940-42d8-9e82-ed206902e919) protocol name) that was used during logon. Possible values are:
 
-    -   “NTLM V1”
+    - "NTLM V1"
 
-    -   “NTLM V2”
+    - "NTLM V2"
 
-    -   “LM”
+    - "LM"
 
-        Only populated if “**Authentication Package” = “NTLM”**.
+        Only populated if "**Authentication Package" = "NTLM"**.
 
--   **Key Length** \[Type = UInt32\]**:** the length of [NTLM Session Security](/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832) key. Typically it has 128 bit or 56 bit length. This parameter is always 0 if “**Authentication Package” = “Kerberos”**, because it is not applicable for Kerberos protocol. This field will also have “0” value if Kerberos was negotiated using **Negotiate** authentication package.
+- **Key Length** [Type = UInt32]**:** the length of [NTLM Session Security](/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832) key. Typically it has 128 bit or 56 bit length. This parameter is always 0 if "**Authentication Package" = "Kerberos"**, because it is not applicable for Kerberos protocol. This field will also have "0" value if Kerberos was negotiated using **Negotiate** authentication package.
 
 ## Security Monitoring Recommendations
 
 For 4624(S): An account was successfully logged on.
 
-| **Type of monitoring required**                                                                                                                                                                                                                                                                                   | **Recommendation**                                                                                                                                                            |
+| Type of monitoring required | Recommendation |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|-----------------------------|-------------------------|
-| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.<br>Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“New Logon\\Security ID”** that corresponds to the high-value account or accounts.                                                              |
+| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.<br>Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on.       | Monitor this event with the **"New Logon\\Security ID"** that corresponds to the high-value account or accounts.                                                              |
-| **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours.                                                                                | When you monitor for anomalies or malicious actions, use the **“New Logon\\Security ID”** (with other information) to monitor how or when a particular account is being used. |
+| **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours.                                                                                | When you monitor for anomalies or malicious actions, use the **"New Logon\\Security ID"** (with other information) to monitor how or when a particular account is being used. |
-| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used.                                                                                                                                                                                     | Monitor this event with the **“New Logon\\Security ID”** that corresponds to the accounts that should never be used.                                                          |
+| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used.                                                                                                                                                                                     | Monitor this event with the **"New Logon\\Security ID"** that corresponds to the accounts that should never be used.                                                          |
-| **Account whitelist**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.                                                                                                                                                      | If this event corresponds to a “allow list-only” action, review the **“New Logon\\Security ID”** for accounts that are outside the allow list.                                  |
+| **Account whitelist**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events.                                                                                                                                                     | If this event corresponds to a "allow list-only" action, review the **"New Logon\\Security ID"** for accounts that are outside the allow list.                                  |
-| **Accounts of different types**: You might want to ensure that certain actions are performed only by certain account types, for example, local or domain account, machine or user account, vendor or employee account, and so on.                                                                                 | If this event corresponds to an action you want to monitor for certain account types, review the **“New Logon\\Security ID”** to see whether the account type is as expected. |
+| **Accounts of different types**: You might want to ensure that certain actions are performed only by certain account types, for example, local or domain account, machine or user account, vendor or employee account, and so on.                                                                                 | If this event corresponds to an action you want to monitor for certain account types, review the **"New Logon\\Security ID"** to see whether the account type is as expected. |
-| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events).                                                                                                                     | Monitor this event for the **“Subject\\Account Domain”** corresponding to accounts from another domain or “external” accounts.                                                |
+| **External accounts**: You might be monitoring accounts from another domain, or "external" accounts that are not allowed to perform certain actions (represented by certain specific events).                                                                                                                     | Monitor this event for the **"Subject\\Account Domain"** corresponding to accounts from another domain or "external" accounts.                                                |
-| **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions.                                                                                                                                      | Monitor the target **Computer:** (or other target device) for actions performed by the **“New Logon\\Security ID”** that you are concerned about.                             |
+| **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions.                                                                                                                                      | Monitor the target **Computer:** (or other target device) for actions performed by the **"New Logon\\Security ID"** that you are concerned about.                             |
-| **Account naming conventions**: Your organization might have specific naming conventions for account names.                                                                                                                                                                                                       | Monitor “**Subject\\Account Name”** for names that don’t comply with naming conventions.                                                                                      |
+| **Account naming conventions**: Your organization might have specific naming conventions for account names.                                                                                                                                                                                                       | Monitor "**Subject\\Account Name"** for names that don’t comply with naming conventions.                                                                                      |
 
--   Because this event is typically triggered by the SYSTEM account, we recommend that you report it whenever **“Subject\\Security ID”** is not SYSTEM.
+- Because this event is typically triggered by the SYSTEM account, we recommend that you report it whenever **"Subject\\Security ID"** is not SYSTEM.
 
--   If “**Restricted Admin**” mode must be used for logons by certain accounts, use this event to monitor logons by “**New Logon\\Security ID**” in relation to “**Logon Type**”=10 and “**Restricted Admin Mode**”=”Yes”. If “**Restricted Admin Mode**”=”No” for these accounts, trigger an alert.
+- If "**Restricted Admin**" mode must be used for logons by certain accounts, use this event to monitor logons by "**New Logon\\Security ID**" in relation to "**Logon Type**"=10 and "**Restricted Admin Mode**"="Yes". If "**Restricted Admin Mode**"="No" for these accounts, trigger an alert.
 
--   If you need to monitor all logon events for accounts with administrator privileges, monitor this event with “**Elevated Token**”=”Yes”.
+- If you need to monitor all logon events for accounts with administrator privileges, monitor this event with "**Elevated Token**"="Yes".
 
--   If you need to monitor all logon events for managed service accounts and group managed service accounts, monitor for events with “**Virtual Account**”=”Yes”.
+- If you need to monitor all logon events for managed service accounts and group managed service accounts, monitor for events with "**Virtual Account**"="Yes".
 
--   To monitor for a mismatch between the logon type and the account that uses it (for example, if **Logon Type** 4-Batch or 5-Service is used by a member of a domain administrative group), monitor **Logon Type** in this event.
+- To monitor for a mismatch between the logon type and the account that uses it (for example, if **Logon Type** 4-Batch or 5-Service is used by a member of a domain administrative group), monitor **Logon Type** in this event.
 
--   If your organization restricts logons in the following ways, you can use this event to monitor accordingly:
+- If your organization restricts logons in the following ways, you can use this event to monitor accordingly:
 
-    -   If the user account **“New Logon\\Security ID”** should never be used to log on from the specific **Computer:**.
+    - If the user account **"New Logon\\Security ID"** should never be used to log on from the specific **Computer:**.
 
-    -   If **New Logon\\Security ID** credentials should not be used from **Workstation Name** or **Source Network Address**.
+    - If **New Logon\\Security ID** credentials should not be used from **Workstation Name** or **Source Network Address**.
 
-    -   If a specific account, such as a service account, should only be used from your internal IP address list (or some other list of IP addresses). In this case, you can monitor for **Network Information\\Source Network Address** and compare the network address with your list of IP addresses.
+    - If a specific account, such as a service account, should only be used from your internal IP address list (or some other list of IP addresses). In this case, you can monitor for **Network Information\\Source Network Address** and compare the network address with your list of IP addresses.
 
-    -   If a particular version of NTLM is always used in your organization. In this case, you can use this event to monitor **Package Name (NTLM only)**, for example, to find events where **Package Name (NTLM only)** does not equal **NTLM V2**.
+    - If a particular version of NTLM is always used in your organization. In this case, you can use this event to monitor **Package Name (NTLM only)**, for example, to find events where **Package Name (NTLM only)** does not equal **NTLM V2**.
 
-    -   If NTLM is not used in your organization, or should not be used by a specific account (**New Logon\\Security ID**). In this case, monitor for all events where **Authentication Package** is NTLM.
+    - If NTLM is not used in your organization, or should not be used by a specific account (**New Logon\\Security ID**). In this case, monitor for all events where **Authentication Package** is NTLM.
 
-    -   If the **Authentication Package** is NTLM. In this case, monitor for **Key Length** not equal to 128, because all Windows operating systems starting with Windows 2000 support 128-bit Key Length.
+    - If the **Authentication Package** is NTLM. In this case, monitor for **Key Length** not equal to 128, because all Windows operating systems starting with Windows 2000 support 128-bit Key Length.
 
--   If you monitor for potentially malicious software, or software that is not authorized to request logon actions, monitor this event for **Process Name**.
+- If you monitor for potentially malicious software, or software that is not authorized to request logon actions, monitor this event for **Process Name**.
 
--   If you have a trusted logon processes list, monitor for a **Logon Process** that is not from the list.
+- If you have a trusted logon processes list, monitor for a **Logon Process** that is not from the list.

windows/security/threat-protection/device-control/control-usb-devices-using-intune.md

@@ -68,7 +68,7 @@ To prevent malware infections or data loss, an organization may restrict USB dri
 
 All of the above controls can be set through the Intune [Administrative Templates](/intune/administrative-templates-windows). The relevant policies are located here in the Intune Administrator Templates:
 
-![AdminTemplates](images/admintemplates.png)
+![screenshot of list of Admin Templates](images/admintemplates.png)
 
 >[!Note]
 >Using Intune, you can apply device configuration policies to Azure AD user and/or device groups.
@@ -211,13 +211,13 @@ You can prevent installation of the prohibited peripherals with matching device
 
 Using Intune, you can limit the services that can use Bluetooth through the ["Bluetooth allowed services"](/windows/client-management/mdm/policy-csp-bluetooth#servicesallowedlist-usage-guide). The default state of "Bluetooth allowed services" settings means everything is allowed.  As soon as a service is added, that becomes the allowed list. If the customer adds the Keyboards and Mice values, and doesn’t add the file transfer GUIDs, file transfer should be blocked.
 
-![Bluetooth](images/bluetooth.png)
+![screenshot of Bluetooth settings page](images/bluetooth.png)
 
 ### Use Microsoft Defender for Endpoint baseline settings
 
-The Microsoft Defender for Endpoint baseline settings represent the recommended configuration for ATP. Configuration settings for baseline are located in the edit profile page of the configuration settings.
+The Microsoft Defender for Endpoint baseline settings represent the recommended configuration for threat protection. Configuration settings for baseline are located in the edit profile page of the configuration settings.
 
-![Baselines](images/baselines.png)
+![Baselines in MEM](images/baselines.png)
 
 ## Prevent threats from removable storage
   
@@ -245,7 +245,7 @@ For more information about controlling USB devices, see the [Microsoft Defender
 
 ### Enable Microsoft Defender Antivirus Scanning
 
-Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md) or scheduling scans and configuring removable drives for scans.
+Protecting authorized removable storage with Microsoft Defender Antivirus requires [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) or scheduling scans and configuring removable drives for scans.
 
 - If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](/samples/browse/?redirectedfrom=TechNet-Gallery) of a USB drive after it is mounted, so that Microsoft Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices.
 - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting.
@@ -265,7 +265,7 @@ This can be done by setting **Untrusted and unsigned processes that run from USB
 With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards.
 Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files.
 
-These settings require [enabling real-time protection](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md).
+These settings require [enabling real-time protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus).
 
 1. Sign in to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
 2. Click **Devices** > **Windows** > **Configuration Policies** > **Create profile**. 
@@ -322,7 +322,7 @@ For example, using either approach, you can automatically have the Microsoft Def
 
 ## Related topics
 
-- [Configure real-time protection for Microsoft Defender Antivirus](../microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md)
+- [Configure real-time protection for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
 - [Defender/AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning)
 - [Policy/DeviceInstallation CSP](/windows/client-management/mdm/policy-csp-deviceinstallation)
 - [Perform a custom scan of a removable device](/samples/browse/?redirectedfrom=TechNet-Gallery)

windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

@@ -4,8 +4,8 @@ description: This article explains the steps to opt in to using HVCI on Windows
 ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/index.md

@@ -81,14 +81,14 @@ The attack surface reduction set of capabilities provide the first line of defen
 
 <a name="ngp"></a>
 
-**[Next-generation protection](microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md)**<br>
+**[Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)**<br>
 To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
 
-- [Behavior monitoring](./microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md)
+- [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
-- [Cloud-based protection](./microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md)
+- [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
-- [Machine learning](./microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
+- [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
-- [URL Protection](./microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md)
+- [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
-- [Automated sandbox service](./microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md)
+- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
 
 <a name="edr"></a>
 

windows/security/threat-protection/intelligence/coinminer-malware.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/coordinated-malware-eradication.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/criteria.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -164,7 +164,7 @@ Microsoft maintains a worldwide network of analysts and intelligence systems whe
 
 ## Potentially unwanted application (PUA)
 
-Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](../microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md).
+Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Microsoft Defender Antivirus, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
 *PUAs are not considered malware.*
 

windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/developer-faq.md

@@ -8,8 +8,8 @@ ms.prod: m365-security
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

windows/security/threat-protection/intelligence/developer-resources.md

@@ -9,8 +9,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
 ms.pagetype: security
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -41,4 +41,4 @@ Find more guidance about the file submission and detection dispute process in ou
 
 ### Scan your software
 
-Use [Microsoft Defender Antivirus](../microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md) to check your software against the latest Security intelligence and cloud protection from Microsoft.
+Use [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) to check your software against the latest Security intelligence and cloud protection from Microsoft.

windows/security/threat-protection/intelligence/exploits-malware.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/fileless-threats.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
@@ -101,4 +101,8 @@ Besides being vulnerable at the firmware level, CPUs could be manufactured with
 
 At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender for Endpoint](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
 
-To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
+To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
+
+## Additional resources and information
+
+Learn how to [deploy threat protection capabilities across Microsoft 365 E5](/microsoft-365/solutions/deploy-threat-protection).

windows/security/threat-protection/intelligence/index.md

@@ -6,8 +6,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/macro-malware.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/malware-naming.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/phishing-trends.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/phishing.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/prevent-malware-infection.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/ransomware-malware.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/rootkits-malware.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance

windows/security/threat-protection/intelligence/safety-scanner-download.md

@@ -7,8 +7,8 @@ ms.prod: m365-security
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: ellevin
+ms.author: dansimp
-author: levinec
+author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance