Merge pull request #2534 from MicrosoftDocs/FromPrivateRepo

From private repo

windows/deployment/windows-10-enterprise-subscription-activation.md

@@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: mdt
-ms.date: 05/23/2018
 author: greg-lindsay
 ---
 
@@ -64,6 +63,9 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
 - Azure Active Directory (Azure AD) available for identity management.
 - Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported.
 
+    >[!NOTE]
+    >In issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
+
 For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3 or E5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
 
 If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)

windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md

@@ -44,6 +44,7 @@ Command | Description
 \-GetFilesDiagTrack | Same as Getfiles but outputs to​ temporary DiagTrack folder​
 \-RemoveDefinitions [-All] | Restores the installed​ signature definitions​ to a previous backup copy or to​ the original default set of​ signatures​
 \-RemoveDefinitions [-DynamicSignatures] | Removes only the dynamically​ downloaded signatures​
+\-RemoveDefinitions [-Engine] | Restores the previous installed engine
 \-SignatureUpdate [-UNC \| -MMPC] | Checks for new definition updates​
 \-Restore  [-ListAll \| [[-Name <name>] [-All] \| [-FilePath <filePath>]] [-Path <path>]] | Restores or list​s quarantined item(s)​
 \-AddDynamicSignature [-Path] | Loads a dynamic signature​

windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -69,7 +69,7 @@ The following steps are required to enable this integration:
 
 1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-2. Select Windows server 2012, 2012R2 and 2016 as the operating system.
+2. Select Windows Server 2012R2 and 2016 as the operating system.
  
 3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
 
@@ -197,7 +197,7 @@ To offboard the server, you can use either of the following methods:
 1. Get your Workspace ID:
    a. In the navigation pane, select **Settings** > **Onboarding**.
 
-   b. Select **Windows server 2012, 2012R2 and 2016** as the operating system and get your Workspace ID:
+   b. Select **Windows Server 2012R2 and 2016** as the operating system and get your Workspace ID:
     
         ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)