From 7aeb98af938358ffe9f43c55197eb556594c7812 Mon Sep 17 00:00:00 2001
From: Jose Ortega <jortega928@yahoo.com>
Date: Wed, 3 Apr 2019 03:12:19 -0600
Subject: [PATCH 01/18] Adding the way to add the SCP

---
 .../hello-cert-trust-adfs.md                  | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 2f9757d9d9..6ced876167 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -257,6 +257,7 @@ Before you continue with the deployment, validate your deployment progress by re
 
 A registration authority is a trusted authority that validates certificate request.  Once it validates the request, it presents the request to the certificate authority for issuance.  The certificate authority issues the certificate, returns it to the registration authority, which returns the certificate to the requesting user.  The Windows Hello for Business on-premises certificate-based deployment uses the Active Directory Federation Server (AD FS) as the certificate registration authority.
 
+
 ### Configure Registration Authority template
 
 The certificate registration authority enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. The certificate authority only issues a certificate for that template if the registration authority signs the certificate request.
@@ -354,12 +355,37 @@ Sign-in the AD FS server with domain administrator equivalent credentials.
 >[!NOTE]
 > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
+
 ### Enrollment Agent Certificate Enrollment
 
 Active Directory Federation Server used for Windows Hello for Business certificate enrollment perform their own certificate lifecycle management.  Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
 
 Approximately 60 days prior to enrollment agent certificate’s expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
 
+
+### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
+Now you will add the Service connection Point to ADFS device registration Service for your Active directory by running the following script:
+
+>[!TIP] Make sure to change the $enrollmentService and $configNC variables before running the script.
+
+```Powershell
+# Replace this with your Device Registration Service endpoint
+$enrollmentService = "enterpriseregistration.contoso.com"
+# Replace this with your Active Directory configuration naming context 
+$configNC = "CN=Configuration,DC=corp,DC=contoso,DC=org" 
+ 
+$de = New-Object System.DirectoryServices.DirectoryEntry
+$de.Path = "LDAP://CN=Device Registration Configuration,CN=Services," + $configNC
+
+$deSCP = $de.Children.Add("CN=62a0ff2e-97b9-4513-943f-0d221bd30080", "serviceConnectionPoint")
+$deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
+$deSCP.CommitChanges()
+```
+
+>[!NOTE] You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
+>
+
+
 ## Additional Federation Servers
 
 Organizations should deploy more than one federation server in their federation farm for high-availability.  You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more.  This largely depends on the number of devices and users using the services provided by the AD FS farm. 

From 5c0e506bba3ae532532bcb34e2436b8c6ef00f69 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 5 Apr 2019 09:34:08 +0500
Subject: [PATCH 02/18] Registry Path was Incorrect

Registry path for file TabPreloader was missing and location was not correct. I have updated the values.

Problem:https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2342
---
 browsers/edge/includes/allow-tab-preloading-include.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index c62d262521..194b9ae015 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -35,8 +35,9 @@ ms:topic: include
 - **Data type:** Integer
 
 #### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
-- **Value name:** AllowTabPreloading
+- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Create Value name:** AllowPrelaunch
 - **Value type:** REG_DWORD
+- **DWORD Value:** 1
 
 <hr>

From b0b22317298bbb4499fa2b87f879e36f6d43a183 Mon Sep 17 00:00:00 2001
From: Jose Gabriel Ortega Castro <jortega@faboit.com>
Date: Thu, 11 Apr 2019 23:41:13 -0500
Subject: [PATCH 03/18] Illfated corretions

@illfated corrections. Thank you
---
 .../hello-for-business/hello-cert-trust-adfs.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 6ced876167..520293ddc8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -116,7 +116,7 @@ Before you continue with the deployment, validate your deployment progress by re
 The service account used for the device registration server depends on the domain controllers in the environment.  
 
 >[!NOTE]
->Follow the procedures below based on the domain controllers deployed in your environment.  If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+> Follow the procedures below based on the domain controllers deployed in your environment.  If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
 
 ### Windows Server 2012 or later Domain Controllers
 
@@ -146,7 +146,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 ## Configure the Active Directory Federation Service Role
 
 >[!IMPORTANT]
->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+> Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
 
 ### Windows Server 2012 or later Domain Controllers
 
@@ -257,7 +257,6 @@ Before you continue with the deployment, validate your deployment progress by re
 
 A registration authority is a trusted authority that validates certificate request.  Once it validates the request, it presents the request to the certificate authority for issuance.  The certificate authority issues the certificate, returns it to the registration authority, which returns the certificate to the requesting user.  The Windows Hello for Business on-premises certificate-based deployment uses the Active Directory Federation Server (AD FS) as the certificate registration authority.
 
-
 ### Configure Registration Authority template
 
 The certificate registration authority enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. The certificate authority only issues a certificate for that template if the registration authority signs the certificate request.
@@ -276,7 +275,8 @@ Sign-in a certificate authority or management workstations with _domain administ
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
 6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
-> [!NOTE]
+
+>[!NOTE]
 > The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
 
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
@@ -355,18 +355,17 @@ Sign-in the AD FS server with domain administrator equivalent credentials.
 >[!NOTE]
 > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates.  It’s important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
-
 ### Enrollment Agent Certificate Enrollment
 
 Active Directory Federation Server used for Windows Hello for Business certificate enrollment perform their own certificate lifecycle management.  Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
 
 Approximately 60 days prior to enrollment agent certificate’s expiration, the AD FS service attempts to renew the certificate until it is successful.  If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate.  You can view the AD FS event logs to determine the status of the enrollment agent certificate.
 
-
 ### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
 Now you will add the Service connection Point to ADFS device registration Service for your Active directory by running the following script:
 
->[!TIP] Make sure to change the $enrollmentService and $configNC variables before running the script.
+>[!TIP] 
+> Make sure to change the $enrollmentService and $configNC variables before running the script.
 
 ```Powershell
 # Replace this with your Device Registration Service endpoint
@@ -382,10 +381,10 @@ $deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
 $deSCP.CommitChanges()
 ```
 
->[!NOTE] You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
+>[!NOTE] 
+> You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
 >
 
-
 ## Additional Federation Servers
 
 Organizations should deploy more than one federation server in their federation farm for high-availability.  You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more.  This largely depends on the number of devices and users using the services provided by the AD FS farm. 

From c443c9ff8877378f87e0c8932ed45db02246172b Mon Sep 17 00:00:00 2001
From: Malin De Silva <malindesilva@live.com>
Date: Sun, 14 Apr 2019 00:23:51 +0530
Subject: [PATCH 04/18] Added EventViewer logs path

---
 mdop/mbam-v25/client-event-logs.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mdop/mbam-v25/client-event-logs.md b/mdop/mbam-v25/client-event-logs.md
index f8d2dc07c4..8f25a56a05 100644
--- a/mdop/mbam-v25/client-event-logs.md
+++ b/mdop/mbam-v25/client-event-logs.md
@@ -13,7 +13,7 @@ ms.date: 06/16/2016
 
 # Client Event Logs
 
-
+MBAM Client event logs are located in Event Viewer – Applications and Services Logs – Microsoft – Windows – MBAM - Operational path.
 The following table contains event IDs that can occur on the MBAM Client.
 
 <table>

From 20740ba776984930eea5bbeb4a7640e0caa6825b Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 23 Apr 2019 10:12:13 +0200
Subject: [PATCH 05/18] Update
 manage-alerts-windows-defender-advanced-threat-protection.md

Added info to alert classification.
---
 ...anage-alerts-windows-defender-advanced-threat-protection.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 9e41349720..f897d39fd6 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -104,8 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
 
 
 ## Alert classification
-You can choose not to set a classification, or  specify if an alert is a true alert or a false alert.
-
+You can choose not to set a classification, or  specify if an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
 
 ## Add comments and view the history of an alert
 You can add comments and view historical events about an alert to see previous changes made to the alert.

From bdbce20cc854e7436b84f6f3e665686cc4969801 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 23 Apr 2019 11:05:34 +0200
Subject: [PATCH 06/18] Update
 manage-event-based-updates-windows-defender-antivirus.md

Added note to Microsoft Maps
---
 .../manage-event-based-updates-windows-defender-antivirus.md   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index 4e04685c61..9d1a5b780a 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -143,6 +143,9 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi
 4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following:
     1. Double-click **Allow real-time definition updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
     2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
+    
+> [!NOTE]  
+> By allowing Microsoft to disable local Defender virus definitions, it has identified as causing false-positive detections, through the client's cloud connection to MAPS. You must configure your computer to join Microsoft MAPS for this functionality to work.
 
 ## Related topics
 

From 0ab026534a52de1c3056eea4927bf2d1309c5046 Mon Sep 17 00:00:00 2001
From: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
Date: Wed, 24 Apr 2019 09:58:47 +0200
Subject: [PATCH 07/18] Update
 windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md

Changed 'if' to 'whether'

Co-Authored-By: lindspea <45809756+lindspea@users.noreply.github.com>
---
 ...manage-alerts-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index f897d39fd6..589b272bf1 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -104,7 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
 
 
 ## Alert classification
-You can choose not to set a classification, or  specify if an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
+You can choose not to set a classification, or specify whether an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate by using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
 
 ## Add comments and view the history of an alert
 You can add comments and view historical events about an alert to see previous changes made to the alert.

From 08c71bcf0e350e05616892c76feb90b5554fa6ec Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Wed, 24 Apr 2019 13:20:00 +0200
Subject: [PATCH 08/18] Update
 windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md

Simplified sentences.

Co-Authored-By: lindspea <45809756+lindspea@users.noreply.github.com>
---
 ...manage-alerts-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 589b272bf1..170f773f33 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -104,7 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
 
 
 ## Alert classification
-You can choose not to set a classification, or specify whether an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality to help tune alerts to be more accurate by using this feedback. The "determination" field defines additional fidelity for a "true positive" classification. The determination contains values for "security testing" to address alerts triggered by intended suspect activity such as pen-testing, which are true positives from a detection perspective, but it's intended.
+You can choose not to set a classification, or specify whether an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality, and make alerts more accurate. The "determination" field defines additional fidelity for a "true positive" classification. 
 
 ## Add comments and view the history of an alert
 You can add comments and view historical events about an alert to see previous changes made to the alert.

From 57ccd0544d0291422105dac0083a6114e6dea14c Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 26 Apr 2019 08:57:21 +0200
Subject: [PATCH 09/18] Update
 windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md

Changed wording for better reading.

Co-Authored-By: lindspea <45809756+lindspea@users.noreply.github.com>
---
 .../manage-event-based-updates-windows-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index 9d1a5b780a..3fc93a0dba 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -145,7 +145,7 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi
     2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
     
 > [!NOTE]  
-> By allowing Microsoft to disable local Defender virus definitions, it has identified as causing false-positive detections, through the client's cloud connection to MAPS. You must configure your computer to join Microsoft MAPS for this functionality to work.
+> By allowing Microsoft to disable local Defender virus definitions, it has been identified as causing false-positive detections through the client's cloud connection to MAPS. You must configure your computer to join Microsoft MAPS for this functionality to work.
 
 ## Related topics
 

From b3d8703f031b45a27e67197a81980f2631787da9 Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Sat, 27 Apr 2019 15:49:19 +0200
Subject: [PATCH 10/18] Update
 windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md

Co-Authored-By: lindspea <45809756+lindspea@users.noreply.github.com>
---
 .../manage-event-based-updates-windows-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
index 3fc93a0dba..ce5dd02552 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@@ -145,7 +145,7 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi
     2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
     
 > [!NOTE]  
-> By allowing Microsoft to disable local Defender virus definitions, it has been identified as causing false-positive detections through the client's cloud connection to MAPS. You must configure your computer to join Microsoft MAPS for this functionality to work.
+> "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
 
 ## Related topics
 

From 9d4a2ce19094f3429c5b5caa392e96d2c4b060e5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 29 Apr 2019 16:44:29 +0500
Subject: [PATCH 11/18] update windows-10-enterprise-subscription-activation.md

---
 .../deployment/windows-10-enterprise-subscription-activation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md
index a8baa55101..e57c8a14cc 100644
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-enterprise-subscription-activation.md
@@ -65,7 +65,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
 
 - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
 - Azure Active Directory (Azure AD) available for identity management.
-- Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported.
+- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
 
     >[!NOTE]
     >An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.

From ba8b2987e1a239cec0dd0d766dc8f295493a5c35 Mon Sep 17 00:00:00 2001
From: Andres Mariano Gorzelany <36666927+get-itips@users.noreply.github.com>
Date: Mon, 29 Apr 2019 12:12:37 -0300
Subject: [PATCH 12/18] Corrected sharedPC example

$namespaceName variable was undefined, was replaced with the actual Namespace string

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3268
---
 windows/configuration/set-up-shared-or-guest-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index 2124075aad..35a669417d 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -109,7 +109,7 @@ $sharedPC.KioskModeAUMID = ""
 $sharedPC.KioskModeUserTileDisplayText = ""
 $sharedPC.InactiveThreshold = 0
 Set-CimInstance -CimInstance $sharedPC
-Get-CimInstance -Namespace $namespaceName -ClassName MDM_SharedPC
+Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC
 ```
 
 ### Create a provisioning package for shared use

From 1cb43ed6a9202ae7ca8cd255338efac2cf6d4821 Mon Sep 17 00:00:00 2001
From: Ronald Aigner <RonaldAi@users.noreply.github.com>
Date: Mon, 29 Apr 2019 11:45:10 -0700
Subject: [PATCH 13/18] Add links to TCG algorithm registry

Add links to TCG algorithm registry to define values used in registry and mention tables for these values.
---
 .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 5493d4428d..f715eb932d 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -56,7 +56,7 @@ A TPM can be configured to have multiple PCR banks active. When BIOS is performi
 
 - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
 - DWORD: TPMActivePCRBanks<br>
-- Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
+- Defines which PCR banks are currently active. (This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27.)<br>
 
 Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
 
@@ -64,7 +64,7 @@ You can identify which PCR bank is currently used by Windows by looking at the r
 
 - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
 - DWORD: TPMDigestAlgID<br>
-- Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
+- Algorithm ID of the PCR bank that Windows is currently using. (This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27.)<br>
 
 Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.
 

From 1466a747b32ef122b644eab3e8268aa95e15d75e Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 30 Apr 2019 13:42:18 +0200
Subject: [PATCH 14/18] Update reqs-wd-app-guard.md

Added software descriptions.
---
 .../windows-defender-application-guard/reqs-wd-app-guard.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index fc2f274410..1cb8fce44c 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -36,6 +36,6 @@ Your environment needs the following software to run Windows Defender Applicatio
 
 |Software|Description|
 |--------|-----------|
-|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Education edition, version 1709 or higher<br>Windows 10 Pro Education edition, version 1803 or higher|
+|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher|
 |Browser|Microsoft Edge and Internet Explorer|
 |Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[System Center Configuration Manager](https://docs.microsoft.com/sccm/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|

From d62e4f665069e290f67d0832b5c655ec41b6c0a9 Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <martyavedon@gmail.com>
Date: Tue, 30 Apr 2019 12:33:18 -0400
Subject: [PATCH 15/18] Removed references to support and feedback aliases

Contact for feedback is now via the buttons at bottom of page (added by CSS)
---
 .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index fbe8f28763..f643a3b454 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -503,7 +503,4 @@ If you can reproduce a problem, please increase the logging level, run the syste
 
    
 ### Installation issues
-If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact _**xplatpreviewsupport@microsoft.com**_ for support on onboarding issues. 
-
- 
-For feedback on the preview, contact: _**mdatpfeedback@microsoft.com**_.
+If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.

From af74659716d54650fa61b028b09f6a840ffbe162 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Tue, 30 Apr 2019 13:07:27 -0700
Subject: [PATCH 16/18] fixing redirect

---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index f6b41f4ac4..7fe80d11dc 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -13949,5 +13949,10 @@
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
 "redirect_document_id": true
 },
+{
+    "source_path": "windows/windows-10/release-information/release-information.md",
+    "redirect_url": "/windows/release-information",
+    "redirect_document_id": true
+}
 ]
 }

From 4477f12f6d2c8479622234d9426d7136ce47b747 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 30 Apr 2019 14:00:31 -0700
Subject: [PATCH 17/18] Update windows-autopilot-and-surface-devices.md

---
 devices/surface/windows-autopilot-and-surface-devices.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index 2126074cb7..f1fcb46348 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 09/12/2018
 ms.author: jdecker
 ms.topic: article
 ---

From fc7067a5296d791495d11701fca8681d5a8d4af9 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Tue, 30 Apr 2019 14:45:56 -0700
Subject: [PATCH 18/18] removing previous version of release info

---
 windows/hub/release-information.md | 30 ------------------------------
 1 file changed, 30 deletions(-)
 delete mode 100644 windows/hub/release-information.md

diff --git a/windows/hub/release-information.md b/windows/hub/release-information.md
deleted file mode 100644
index 2aa38be1de..0000000000
--- a/windows/hub/release-information.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Windows 10 - release information
-description: Learn release information for Windows 10 releases
-keywords: ["Windows 10", "Windows 10 October 2018 Update"]
-ms.prod: w10
-layout: LandingPage  
-ms.topic: landing-page
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: lizap
-ms.author: elizapo
-ms.localizationpriority: high
----
-# Windows 10 release information
-
-Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
-
-Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
-
->[!NOTE]
->If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
-
-
-<div class="m-rich-content-block" data-grid="col-12">
-    <div id="winrelinfo" xmlns="http://www.w3.org/1999/xhtml"><iframe width="100%" height="866px" id="winrelinfo_iframe" src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto"></iframe></div>
-    <script src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/iframe.js" xmlns="http://www.w3.org/1999/xhtml"></script>
-    <script xmlns="http://www.w3.org/1999/xhtml">/*<![CDATA[*/winrelinfo_setup("https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html")/*]]>*/</script>
-</div>
-
-