Merge branch 'master' into repo_sync_working_branch

windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

@@ -54,7 +54,8 @@ Windows Hello for Business emulates a smart card for application compatibility.
 
 Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates.  You can relax knowing a Group Policy setting and a [MDM URI](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) exist to help you revert to the previous behavior for those users who need it.
 
-![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png)
+> [!div class="mx-imgBorder"]
+> ![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png)
 
 > [!IMPORTANT]
 > The remote desktop with biometric feature does not work with [Dual Enrollment](hello-feature-dual-enrollment.md) feature or scenarios where the user provides alternative credentials.  Microsoft continues to investigate supporting the feature.

windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md

@@ -21,6 +21,7 @@ ms.technology: mde
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
@@ -96,10 +97,10 @@ The following is a sample for reference, using [GUID values for ASR rules](attac
 
 The values to enable (Block), disable, warn, or enable in audit mode are:
 
-  •	 0 : Disable (Disable the ASR rule)
-  •	 1 : Block (Enable the ASR rule)
-  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
-  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
+- 0 : Disable (Disable the ASR rule)
+- 1 : Block (Enable the ASR rule)
+- 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+- 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
@@ -142,17 +143,17 @@ Example:
 
    Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:
 
-  •	 0 : Disable (Disable the ASR rule)
-  •	 1 : Block (Enable the ASR rule)
-  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
-  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
+   - 0 : Disable (Disable the ASR rule)
+   - 1 : Block (Enable the ASR rule)
+   - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+   - 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
    ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png)
 
 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
 
-> [!WARNING]
-> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column.
+   > [!WARNING]
+   > Do not use quotation marks, because they are not supported for either the **Value name** column or the **Value** column.
 
 ## PowerShell
 

windows/whats-new/ltsc/whats-new-windows-10-2019.md

@@ -482,26 +482,6 @@ Previously, the customized taskbar could only be deployed using Group Policy or
 
 ## Windows Update
 
-### Windows Update for Business
-
-Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune.  For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
-
-The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates).
-
-
-Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details.
-
-WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds).
-
-Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune.  For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
-
-The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates).
-
-
-Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details.
-
-WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds).
-
 ### Windows Insider for Business
 
 We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business).