|
| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. |
-| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the WU Service is shutting down. | This may happen due to a very long period of time of inactivity, a system hang leading to the service being idle and leading to the shutdown of the service. Ensure that the system remains active and the connections remain established to complete the upgrade. |
-| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Please login to the system to initiate the installation and allow the system to be rebooted. |
-| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-reboot operation for the update is still in progress. | Some Windows Updates require the system to be restarted. Reboot the system to complete the installation of the Updates. |
+| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
+| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
+| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update installation. |
| 0x80246017 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator). |
-| 0x8024000B | WU_E_CALL_CANCELLED | Operation was cancelled. | This indicates that the operation was cancelled by the user/service. You may also encounter this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
+| 0x8024000B | WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.
Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.
Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 1e40aac62e..ed776f86d0 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,13 +1,12 @@
---
title: Windows Update log files
-description: Learn about the Windows Update log files and how to merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file.
+description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
ms.prod: w10
ms.mktglfcycl:
audience: itpro
itproauthor: jaimeo
ms.audience: itpro
author: jaimeo
-ms.date: 09/18/2018
ms.reviewer:
manager: laurawi
ms.topic: article
@@ -21,21 +20,21 @@ ms.custom: seo-marvel-apr2020
The following table describes the log files created by Windows Update.
-|Log file|Location|Description|When to Use |
+|Log file|Location|Description|When to use |
|-|-|-|-|
-|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update (WU), you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
-|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these etl files.|When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered. |
-|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by this NotificationUxBroker.exe . And the logs to check its working is this etl. |When you want to check whether the Notification was triggered or not for reboot or update availability etc. |
-|CBS.log|%systemroot%\Logs\CBS|This logs provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to WU installation.|
+|windowsupdate.log|C:\Windows\Logs\WindowsUpdate|Starting in Windows 8.1 and continuing in Windows 10, Windows Update client uses Event Tracing for Windows (ETW) to generate diagnostic logs.|If you receive an error message when you run Windows Update, you can use the information that is included in the Windowsupdate.log log file to troubleshoot the issue.|
+|UpdateSessionOrchestration.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the Update Orchestrator is responsible for sequence of downloading and installing various update types from Windows Update. And the events are logged to these .etl files.|When you see that the updates are available but download is not getting triggered.
When Updates are downloaded but installation is not triggered.
When Updates are installed but reboot is not triggered. |
+|NotificationUxBroker.etl|C:\ProgramData\USOShared\Logs|Starting Windows 10, the notification toast or the banner is triggered by NotificationUxBroker.exe. |When you want to check whether the notification was triggered or not. |
+|CBS.log|%systemroot%\Logs\CBS|This log provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to Windows Update installation.|
## Generating WindowsUpdate.log
-To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru).
+To merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru).
>[!NOTE]
>When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again.
### Windows Update log components
-The WU engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
+The Windows Update engine has different component names. The following are some of the most common components that appear in the WindowsUpdate.log file:
- AGENT- Windows Update agent
- AU - Automatic Updates is performing this task
@@ -93,12 +92,12 @@ The time stamp indicates the time at which the logging occurs.
The Process IDs and Thread IDs are random, and they can vary from log to log and even from service session to service session within the same log.
- The first four hex digits are the process ID.
- The next four hex digits are the thread ID.
-- Each component, such as the USO, WU engine, COM API callers, and WU installer handlers, has its own process ID.
+- Each component, such as the USO, Windows Update engine, COM API callers, and Windows Update installer handlers, has its own process ID.
#### Component name
-Search for and identify the components that are associated with the IDs. Different parts of the WU engine have different component names. Some of them are as follows:
+Search for and identify the components that are associated with the IDs. Different parts of the Windows Update engine have different component names. Some of them are as follows:
- ProtocolTalker - Client-server sync
- DownloadManager - Creates and monitors payload downloads
@@ -114,7 +113,7 @@ Search for and identify the components that are associated with the IDs. Differe
##### Update ID and revision number
There are different identifiers for the same update in different contexts. It's important to know the identifier schemes.
-- Update ID: A GUID (indicated in the previous screen shot) that's assigned to a given update at publication time
+- Update ID: A GUID (indicated in the previous screenshot) that's assigned to a given update at publication time
- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
- Revision numbers are reused from one update to another (not a unique identifier).
- The update ID and revision number are often shown together as "{GUID}.revision."
@@ -122,15 +121,15 @@ There are different identifiers for the same update in different contexts. It's
##### Revision ID
-- A Revision ID (do no confuse this with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
-- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a completely new revision ID that is not related to the previous ID.
+- A Revision ID (don't confuse this value with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
+- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a new revision ID that is not related to the previous ID.
- Revision IDs are unique on a given update source, but not across multiple sources.
-- The same update revision may have completely different revision IDs on WU and WSUS.
-- The same revision ID may represent different updates on WU and WSUS.
+- The same update revision might have different revision IDs on Windows Update and WSUS.
+- The same revision ID might represent different updates on Windows Update and WSUS.
##### Local ID
-- Local ID is a serial number issued when an update is received from a service by a given WU client
-- Usually seen in debug logs, especially involving the local cache for update info (Datastore)
+- Local ID is a serial number issued when an update is received from a service by a given Windows Update client
+- Typically seen in debug logs, especially involving the local cache for update info (Datastore)
- Different client PCs will assign different Local IDs to the same update
- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index 32a55ed102..92db02e305 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -53,7 +53,7 @@ The update that is offered to a device depends on several factors. The following
If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a deployment group, that your admin is intentionally slowing the rollout of updates. Since the deployment is slow and measured to begin with, all devices will not receive the update on the same day.
## My device is frozen at scan. Why?
-The Settings UI communicates with the Update Orchestrator service which in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:
+The Settings UI communicates with the Update Orchestrator service that in turn communicates with to Windows Update service. If these services stop unexpectedly, then you might see this behavior. In such cases, follow these steps:
1. Close the Settings app and reopen it.
@@ -151,7 +151,7 @@ Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping
## Issues arising from configuration of conflicting policies
Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors.
-See [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
+For more information, see [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information.
## Device cannot access update files
@@ -183,7 +183,7 @@ Windows 10 devices can receive updates from a variety of sources, including Wind
Check the output for the Name and OffersWindowsUPdates parameters, which you can interpret according to this table.
-|Output|Interpretation|
+|Output|Meaning|
|-|-|
|- Name: Microsoft Update
-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.
- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) |
|- Name: DCat Flighting Prod
- OffersWindowsUpdates: True |- Starting with Windows 10 1709, feature updates are always delivered through the DCAT service.
- Indicates that the client is configured to receive feature updates from Windows Update. |
@@ -213,9 +213,9 @@ From Windows Update logs:
2018-08-06 09:33:32:554 480 1118 Agent ** END ** Agent: Finding updates [CallerId = OperationalInsight Id = 49]
```
-In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
+In the above log snippet, we see that the `Criteria = "IsHidden = 0 AND DeploymentAction=*"`. "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
-Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.
+As shown in the following logs, automatic update runs the scan and finds no update approved for it. So it reports there are no updates to install or download. This is due to an incorrect configuration. The WSUS side should approve the updates for Windows Update so that it fetches the updates and installs them at the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. You're expecting the operational insight agent to do the scan and automatically trigger the download and installation but that won’t happen with this configuration.
```console
2018-08-06 10:58:45:992 480 5d8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]
@@ -231,15 +231,15 @@ Now if you look at the below logs, the Automatic update runs the scan and finds
```
## High bandwidth usage on Windows 10 by Windows Update
-Users may see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that may consume bandwidth expand beyond Windows Update components.
+Users might see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components.
-The following group policies can help mitigate this:
+The following group policies can help mitigate this situation:
- Blocking access to Windows Update servers: [Policy Turn off access to all Windows Update features](https://gpsearch.azurewebsites.net/#4728) (Set to enabled)
- Driver search: [Policy Specify search order for device driver source locations](https://gpsearch.azurewebsites.net/#183) (Set to "Do not search Windows Update")
- Windows Store automatic update: [Policy Turn off Automatic Download and Install of updates](https://gpsearch.azurewebsites.net/#10876) (Set to enabled)
-Other components that reach out to the internet:
+Other components that connect to the internet:
- Windows Spotlight: [Policy Configure Windows spotlight on lock screen](https://gpsearch.azurewebsites.net/#13362) (Set to disabled)
- Consumer experiences: [Policy Turn off Microsoft consumer experiences](https://gpsearch.azurewebsites.net/#13329) (Set to enabled)
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index c72bdf03e9..4c6e0b8880 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -10,11 +10,11 @@ ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: linque1
-ms.author: obezeajo
+ms.author: robsize
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 7/7/2020
+ms.date: 12/1/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index a26f59d1ed..9c201ba4ac 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -1,6 +1,6 @@
---
title: Block untrusted fonts in an enterprise (Windows 10)
-description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature.
+description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature.
ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
ms.reviewer:
manager: dansimp
@@ -23,7 +23,7 @@ ms.localizationpriority: medium
> Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
+To help protect your company from attacks which may originate from untrusted or attacker-controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
## What does this mean for me?
Blocking untrusted fonts helps improve your network and employee protection against font-processing-related attacks. By default, this feature is not turned on.
@@ -33,7 +33,10 @@ There are 3 ways to use this feature:
- **On.** Helps stop any font processed using GDI from loading outside of the `%windir%/Fonts` directory. It also turns on event logging.
-- **Audit.** Turns on event logging, but doesn’t block fonts from loading, regardless of location. The name of the apps that use untrusted fonts appear in your event log.**Note**
If you aren’t quite ready to deploy this feature into your organization, you can run it in Audit mode to see if not loading untrusted fonts causes any usability or compatibility issues.
+- **Audit.** Turns on event logging, but doesn’t block fonts from loading, regardless of location. The name of the apps that use untrusted fonts appear in your event log.
+
+ > [!NOTE]
+ > If you aren't quite ready to deploy this feature into your organization, you can run it in Audit mode to see if not loading untrusted fonts causes any usability or compatibility issues.
- **Exclude apps to load untrusted fonts.** You can exclude specific apps, allowing them to load untrusted fonts, even while this feature is turned on. For instructions, see [Fix apps having problems because of blocked fonts](#fix-apps-having-problems-because-of-blocked-fonts).
@@ -56,7 +59,7 @@ Use Group Policy or the registry to turn this feature on, off, or to use audit m
**To turn on and use the Blocking Untrusted Fonts feature through Group Policy**
1. Open the Group Policy editor (gpedit.msc) and go to `Computer Configuration\Administrative Templates\System\Mitigation Options\Untrusted Font Blocking`.
-2. Click **Enabled** to turn the feature on, and then click one of the following **Migitation Options**:
+2. Click **Enabled** to turn the feature on, and then click one of the following **Mitigation Options**:
- **Block untrusted fonts and log events.** Turns the feature on, blocking untrusted fonts and logging installation attempts to the event log.
@@ -137,9 +140,9 @@ After you figure out the problematic fonts, you can try to fix your apps in 2 wa
**To fix your apps by excluding processes**
-1. On each computer with the app installed, open regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\`.
For example, if you want to exclude Microsoft Word processes, you’d use `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe`.
+1. On each computer with the app installed, open regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\`.
For example, if you want to exclude Microsoft Word processes, you’d use `HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe`.
-2. Add any additional processes that need to be excluded here, and then turn the Blocking untrusted fonts feature on, using the steps in the [Turn on and use the Blocking Untrusted Fonts feature](#turn-on-and-use-the-blocking-untrusted-fonts-feature) section of this topic.
+2. Add any additional processes that need to be excluded here, and then turn the Blocking untrusted fonts feature on, using the steps in [Turn on and use the Blocking Untrusted Fonts feature](#turn-on-and-use-the-blocking-untrusted-fonts-feature), earlier in this article.
## Related content
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
index 3ab82897fa..fd7da12f88 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@@ -50,14 +50,14 @@ To have your company listed as a partner in the in-product partner page, you wil
4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
5. If you use a multi-tenant Azure AD approach, we will need the Azure AD application name to track usage of the application.
6. Include the User-Agent field in each API call made to Microsoft Defender for Endpoint public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
- Follow these steps:
- 1. Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender ATP-integrated product with the version of the product that includes this integration.
- - ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
- - Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}`
- 2. Set the User-Agent field in each HTTP request header to the name based on the above nomenclature.
- For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43). For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
+ - Set the User-Agent field in each HTTP request header to the name based on the Following nomenclature.
+ - `MsdePartner-{CompanyName}-{ProductName}/{Version}`
+
+ - For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
+
+ - For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43).
Partnerships with Microsoft Defender for Endpoint help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender for Endpoint partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
index 6948f7a392..f0439ebf7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
@@ -42,7 +42,7 @@ It's important to understand the following requirements prior to creating indica
- This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- The Antimalware client version must be 4.18.1901.x or later.
- Supported on machines on Windows 10, version 1703 or later, Windows server 2016 and 2019.
-- The virus and threat protection definitions must be up-to-date.
+- The virus and threat protection definitions must be up to date.
- This feature currently supports entering .CER or .PEM (Base64 ASCII) encoding based certificates.
>[!IMPORTANT]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
index 68c6dfd43f..733c2fdbd1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@@ -37,7 +37,7 @@ ms.topic: conceptual
## Configure compliance policy against jailbroken devices
-To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you setup the following compliance policy on Intune.
+To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
> [!NOTE]
> Currently Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. Some data like your corporate email id and corporate profile picture (if available) will be exposed to the attacker on the jailbroken device.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index cb1c7d7be7..319d2756e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -56,7 +56,7 @@ The following table summarizes the steps you would need to take to deploy and ma
| [Grant full disk access to Microsoft Defender for Endpoint](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
| [Network Extension policy](#create-system-configuration-profiles-step-9) | MDATP_NetExt.xml | N/A |
| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
-| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)
**Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
+| [Microsoft Defender for Endpoint configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)
**Note:** If you are planning to run a third-party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
| [Configure Microsoft Defender for Endpoint and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-10) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
## Download installation and onboarding packages
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index d9e0d8d50b..c1ccd042f6 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -27,7 +27,7 @@ Describes the best practices, location, values, and security considerations for
The **Passwords must meet complexity requirements** policy setting determines whether passwords must meet a series of strong-password guidelines. When enabled, this setting requires passwords to meet the following requirements:
-1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.
+1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case-sensitive.
The samAccountName is checked in its entirety only to determine whether it is part of the password. If the samAccountName is fewer than three characters long, this check is skipped.
The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Havens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "havens" as a substring anywhere in the password.