Merge remote-tracking branch 'refs/remotes/origin/master' into janb-surface-deploy-mdt

2025-05-14 14:27:22 +00:00 · 2016-07-14 11:37:08 -07:00 · 2016-07-14 11:37:08 -07:00 · 3a10d473ab
commit 3a10d473ab
parent 3a3d03460d 91830abba6
14 changed files with 214 additions and 48 deletions
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@ -679,6 +679,7 @@
 ### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
 #### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 #### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
 #### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md)
 ##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
 ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@ -0,0 +1,38 @@
 ---
 title: Assign user access to the Windows Defender Advanced Threat Protection portal
 description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal. 
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 ---
 **Applies to:**
 - Windows 10 Insider Preview Build 14332 or later
 - Azure Active Directory
 - Office 365
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
 # Assign user access to the Windows Defender ATP portal
 Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). User can be assigned one of the following levels of permissions:
 - Full access (Read and Write)
 - Read only access
 **Full access** <br>
 Users with full access can log in, view all system information as well as resolve alerts, submit files for deep analysis, and download the onboarding package.
 Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
 **Read only access** <br>
 Users with read only access can log in, view all alerts, and related information. 
 They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
 Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role.
 Your administrator can assign roles using the Office 365 portal, or in the Azure classic portal, or by using the AAD module for Windows PowerShell. 
 For more information, see [Assigning admin roles in Office 365](https://support.office.com/en-us/article/Assigning-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US) and [Assigning administrator roles in Azure Active Directory](https://azure.microsoft.com/en-us/documentation/articles/active-directory-assign-admin-roles/).
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |New or changed topic | Description |
 |----------------------|-------------|
 |[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New |
 |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated |
 ## June 2016
@ -25,7 +26,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |----------------------|-------------|
 |[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
 | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
-| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
+| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (multiple topics) | New security monitoring reference topics |
 | [Windows security baselines](windows-security-baselines.md) | New |
 ## May 2016
@ -37,7 +38,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 | [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
 |[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.|
 | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
-|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New |
+|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | New |
 ## April 2016
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@ -1,13 +1,13 @@
 ---
 title: Configure Windows Defender ATP endpoints
 description: Use Group Policy or SCCM to deploy the configuration package or do manual registry changes on endpoints so that they are onboarded to the service.
-keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager
+keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: iaanw
+author: mjcaparas
 ---
 # Configure Windows Defender ATP endpoints
@ -19,16 +19,24 @@ author: iaanw
 <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-You can use a Group Policy (GP) configuration package, a System Center Configuration Manager (SCCM) package, or an automated script to configure endpoints.
+Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization. 
-## Configure with Group Policy
+Windows Defender ATP supports the following deployment tools and methods:
 Using the GP configuration package ensures your endpoints will be correctly configured to report to the Windows Defender ATP service.
-> **Note**&nbsp;&nbsp;To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. The endpoints must be running Windows 10 Insider Preview Build 14332 or later.
+- Group Policy
 - System Center Configuration Manager (current branch) version 1606 
 - System Center 2012 Configuration manager or later versions
 - Mobile Device Management
 - Microsoft Intune
 - Local script
 ## Configure endpoints with Group Policy
 > **Note**&nbsp;&nbsp;To use GP updates to deploy the package, you must be on Windows Server 2008 R2 or later. 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
-    a.  Click **Client onboarding** on the **Navigation pane**.
+    a.  Click **Endpoint Management** on the **Navigation pane**.
    b.  Select **Group Policy**, click **Download package** and save the .zip file.
@ -50,12 +58,17 @@ Using the GP configuration package ensures your endpoints will be correctly conf
 For additional settings, see the [Additional configuration settings section](additional-configuration-windows-defender-advanced-threat-protection.md).
 ## Configure endpoints with System Center Configuration Manager (current branch) version 1606
 System Center Configuration Manager (current branch) version 1606, currently in technical preview, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see the [Support for Windows Defender Advanced Threat Protection service](https://technet.microsoft.com/en-us/library/mt706220.aspx#BKMK_ATP) section.
-## Configure with System Center Configuration Manager
+> **Note**&nbsp;&nbsp; If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
 ## Configure endpoints with System Center 2012 Configuration Manager or later versions
 You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in System Center 2012 Configuration Manager or later versions, including: System Center 2012 R2 Configuration Manager, System Center Configuration Manager and System Center Configuration Manager (current branch), version 1602 or earlier. 
 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
-    a. Click **Client onboarding** on the **Navigation pane**.
+    a. Click **Endpoint Management** on the **Navigation pane**.
    b. Select **System Center Configuration Manager**, click **Download package**, and save the .zip file.
@ -67,15 +80,53 @@ For additional settings, see the [Additional configuration settings section](add
    a. Choose a predefined device collection to deploy the package to.
 ## Configure endpoints with Mobile Device Management tools
 You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. 
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
 > **Note**&nbsp;&nbsp; If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
 ## Configure endpoints with Microsoft Intune
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
 > **Note**&nbsp;&nbsp; If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
    a.  Click **Endpoint Management** on the **Navigation pane**.
    b.  Select **Microsoft Intune**, click **Download package** and save the .zip file.
 2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATP.onboarding*.
 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
 These policies are categorized into two groups:
 - Onboarding - Use the onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
    - Onboarding
    - Health Status for onboarded machines
    - Configuration for onboarded machines
 - Offboarding - Use the offboarding policies to remove configuration settings on endpoints. These policies can be sub-categorized to:
    - Offboarding
    - Health Status for offboarded machines
    - Configuration for offboarded machines
 > **Warning**&nbsp;&nbsp;These two groups must not be deployed on the same machine at same time, otherwise this will cause unpredictable collisions.
 ![Table of policies used in Microsoft Intune ](images/oma-uri.png)
 > **Note**&nbsp;&nbsp;Policies **Health Status for onboarded machines** and **Health Status for offboarded machines** use read-only properties and can't be remediated.
 ## Configure endpoints individually with a local script
 ## Configure endpoints individually with an automated script
 <a name="manual"></a>
 You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
-    a.  Click **Client onboarding** on the **Navigation pane**.
+    a.  Click **Endpoint Management** on the **Navigation pane**.
    b.  Select **Local Script**, click **Download package** and save the .zip file.
@ -97,7 +148,6 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for details on how you can manually validate that the endpoint is compliant and correctly reports telemetry.
 ## Related topics
 <!--- [Windows Defender ATP service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)-->
 - [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 - [Additional Windows Defender ATP configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
 - [Monitor the Windows Defender ATP onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@ -116,15 +116,16 @@ For more information on how to use Netsh see, [Netsh Commands for Windows Hypert
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
- us.vortex-win.data.microsoft.com  
+- *.blob.core.windows.net
 - crl.microsoft.com
 - eu.vortex-win.data.microsoft.com
 - sevillegwcus.microsoft.com
 - sevillegweus.microsoft.com
 - sevillegwweu.microsoft.com
 - sevillegwneu.microsoft.com
 - sevillegwweu.microsoft.com
 - us.vortex-win.data.microsoft.com 
 - www.microsoft.com
- crl.microsoft.com
+
 - \*.blob.core.windows.net
 If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted to the above listed URLs.
--- a/windows/keep-secure/images/oma-uri.png
+++ b/windows/keep-secure/images/oma-uri.png
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@ -84,7 +84,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
 A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
-> **Note**&nbsp;&nbsp;Depending on machine availability, sample collection time can vary. There is a 1-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
+> **Note**&nbsp;&nbsp;Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
 ## View deep analysis report
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@ -43,15 +43,4 @@ Internet connectivity on endpoints is also required. See [Configure Windows Defe
 Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10, but if it has been disabled you can turn it on by following the instructions in the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) section.
 ### Deployment channel operating system requirements
 You can choose to onboard endpoints with a scheduled Group Policy (GP) or System Center Configuration Manager (SCCM) update (using a configuration package that you download from the portal or during the service onboarding wizard), or by manually running a script to modify the registry.
 The following describes the minimum operating system or software version
 required for each deployment channel.
 Deployment channel | Minimum server requirements
 :---|:---
 Group Policy settings | Windows Server 2008 R2
 System Center Configuration Manager | SCCM 2012
 Manual (script) | No minimum requirements
--- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
@ -14,7 +14,7 @@ author: iaanw
 **Applies to:**
- Windows 10 TAP program
+- Windows 10 Insider Preview Build 14332 or later
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -34,7 +34,7 @@ You need to onboard to Windows Defender ATP before you can use the service.
 ## In this section
 Topic | Description
 :---|:---
-[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn how you can use the configuration package to configure endpoints in your enterprise.
+[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
 [Additional configuration settings] (additional-configuration-windows-defender-advanced-threat-protection.md) | Learn how to configure settings for sample sharing used in the deep analysis feature.
 [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md) | Learn how you can monitor the onboarding to ensure your endpoints are correctly configured and are sending telemetry reports.
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@ -1,7 +1,7 @@
 ---
 title: Windows Defender Advanced Threat Protection portal overview
 description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, client onboarding, advanced attacks
+keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, endpoint management, advanced attacks
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -44,12 +44,12 @@ You can navigate through the portal using the menu options available in all sect
 Area | Description
 :---|:---
 (1) Settings | Provides access to configuration settings such as time zone, alert suppression rules, and license information.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Client onboarding**.
+(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Endpoint Management**.
 **Dashboard**	| Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
 **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
 **Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
 **Preferences setup**|	Shows the settings you selected <!--during [service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md),-->and lets you update your industry preferences and retention policy period.
-**Client onboarding**|	Allows you to download the onboarding configuration package.
+**Endpoint Management**|	Allows you to download the onboarding configuration package.
 (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view.
 (4) Search | Search for machines, files, external IP Addresses, or domains across endpoints. The drop-down combo box allows you to select the entity type.
--- a/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
@ -112,7 +112,7 @@ page.
 Follow the steps in the onboarding wizard to complete the onboarding process.
-At the end of the wizard, you can download the Group Policy configuration package which you will use to configure endpoints on your network. You can also download the package from the **Client onboarding** menu on the portal after you have completed the onboarding wizard.
+At the end of the wizard, you can download the Group Policy configuration package which you will use to configure endpoints on your network. You can also download the package from the **Endpoint Management** menu on the portal after you have completed the onboarding wizard.
 ## Related topics
 - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@ -55,6 +55,29 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection
 If the **OnboardingState** value is not set to **1**, you can use Event Viewer to review errors on the endpoint.
 If you configured your endpoints with a deployment tool that required a script, you can check  the event viewer for the onboarding script results.
 <br>
 **Check the result of the script**:
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
 2. Go to **Windows Logs** > **Application**.
 3. Look for an event from **WDATPOnboarding** event source.
 If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
 > **Note**&nbsp;&nbsp;The following event IDs are specific to the onboarding script only. 
 Event ID | Error Type | Resolution steps
 :---|:---|:---
 5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```
 10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```. Verify that the script was ran as an administrator.
 15 |  Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). 
 30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
 35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer].(event-error-codes-windows-defender-advanced-threat-protection.md). 
 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). 
 <br>
 **Use Event Viewer to identify and adress onboarding errors**:   
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
@ -76,9 +99,10 @@ If the **OnboardingState** value is not set to **1**, you can use Event Viewer t
 Event ID | Message | Resolution steps
 :---|:---|:---
 5 | Windows Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-6 | Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
+6 | Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
-7 |  Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then [run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
+7 |  Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
 15 | Windows Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
 ### Ensure the Windows Defender ATP service is enabled
@ -104,7 +128,7 @@ If the the service is running, then the result should look like the following sc
  ![Result of the sq query sense command](images/sc-query-sense-autostart.png)
-If the service **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
+If the service ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start.
 **Change the Windows Defender ATP service startup type from the command line:**
@ -192,7 +216,7 @@ If the service is enabled, then the result should look like the following screen
 ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
-If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
+If the ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start.
@ -330,6 +354,55 @@ To ensure that sensor has service connectivity, follow the steps described in th
 If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.    
 ## Troubleshoot onboarding issues using Microsoft Intune
 You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
 Use the following tables to understand the possible causes of issues while onboarding:
 - Microsoft Intune error codes and OMA-URIs table
 - Known issues with non-compliance table
 - Mobile Device Management (MDM) event logs table
 If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt.  
 **Microsoft Intune error codes and OMA-URIs**:
 Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
 :---|:---|:---|:---|:---
 0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding |  **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [Ensure the endpoint is onboarded successfully](#ensure-the-endpoint-is-onboarded-successfully) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
 | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. <br> <br> If it doesn't exist, open an elevated command and add the key. 
  | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
   | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported. 
   0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. 
 <br>
 **Known issues with non-compliance**
 The following table provides information on issues with non-compliance and how you can address the issues.
 Case | Symptoms | Possible cause and troubleshooting steps
 :---|:---|:---
 1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. <br><br> **Troubleshooting steps:** Wait for OOBE to complete.
 2 |  Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. |  **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
 3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
 <br>
 **Mobile Device Management (MDM) event logs**
 View the MDM event logs to troubleshoot issues that might arise during onboarding:
 Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider 
 Channel name: Admin
 ID | Severity | Event description | Description
 :---|:---|:---|:---
 1801 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has failed to get specific node's value. <br> TokenName: Contains node name that caused the error. <br> Result: Error details.  
 1802 | Information | Windows Defender Advanced Threat Protection CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3) |  Windows Defender ATP has completed to get specific node's value. <br> TokenName: Contains node name <br><br> Result: Error details or succeeded.
 1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value. <br><br> TokenName: Contains node name that caused the error <br><br> Result: Error details.
 1820 | Information | Windows Defender Advanced Threat Protection CSP: Set Nod's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value. <br><br> TokenName: Contains node name <br><br> Result: Error details or succeeded.
 <!--
 ## There are no users in the Azure Active Directory
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@ -12,6 +12,12 @@ author: jdeckerMS
 This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 ## July 2016
 | New or changed topic | Description |
 | ---|---|
 | [Windows 10 servicing options](introduction-to-windows-10-servicing.md)  | Added detailed content on servicing branches, moved from [Windows 10 servicing overview](../plan/windows-10-servicing-options.md). |
 ## June 2016
 | New or changed topic | Description |
--- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md
+++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
@ -13,6 +13,13 @@ author: TrudyHa
 This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 ## July 2016
 | New or changed topic                                                                                                                             | Description |
 |--------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
 | [Windows 10 servicing overview](windows-10-servicing-options.md) | Content on this page was summarized. Detailed content about servicing branches was moved to the [Windows 10 servicing options](../manage/introduction-to-windows-10-servicing.md) page. |
 ## May 2016