Merged PR 12806: 11/13 PM Publish

devices/hololens/hololens-whats-new.md

@@ -1,6 +1,6 @@
 ---
 title: What's new in Microsoft HoloLens (HoloLens)
-description: Windows Holographic for Business gets new features in Windows 10, version 1803.
+description: Windows Holographic for Business gets new features in Windows 10, version 1809.
 ms.prod: hololens
 ms.sitesec: library
 author: jdeckerms

windows/deployment/windows-autopilot/TOC.md

@@ -3,6 +3,7 @@
 ### [Configuration requirements](windows-autopilot-requirements-configuration.md)
 ### [Network requirements](windows-autopilot-requirements-network.md)
 ### [Licensing requirements](windows-autopilot-requirements-licensing.md)
+### [Intune Connector (preview)](intune-connector.md)
 ## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
 ### [Support for existing devices](existing-devices.md)
 ### [User-driven mode](user-driven.md)

windows/deployment/windows-autopilot/intune-connector.md

@@ -0,0 +1,66 @@
+---
+title: Intune Connector (preview) requirements
+description: Intune Connector (preview) issue workaround
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greg-lindsay
+ms.date: 11/13/2018
+---
+
+
+# Intune Connector (preview) language requirements
+
+**Applies to: Windows 10**
+
+Microsoft has released a [preview for Intune connector for Active Directory](https://docs.microsoft.com/intune/windows-autopilot-hybrid) that enables user-driven [Hybrid Azure Active Directory join](user-driven-hybrid.md) for Windows Autopilot.
+
+In this preview version of the Intune Connector, you might receive an error message indicating a setup failure with the following error code and message:
+
+**0x80070658 - Error applying transforms. Verify that the specified transform paths are valid.**
+
+See the following example:
+
+![Connector error](images/connector-fail.png)
+
+This error can be resolved by ensuring that the member server where Intune Connector is running has one of the following language packs installed and configured to be the default keyboard layout:
+
+en-US<br>
+cs-CZ<br>
+da-DK<br>
+de-DE<br>
+el-GR<br>
+es-ES<br>
+fi-FI<br>
+fr-FR<br>
+hu-HU<br>
+it-IT<br>
+ja-JP<br>
+ko-KR<br>
+nb-NO<br>
+nl-NL<br>
+pl-PL<br>
+pt-BR<br>
+ro-RO<br>
+ru-RU<br>
+sv-SE<br>
+tr-TR<br>
+zh-CN<br>
+zh-TW
+
+This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
+
+To change the default keyboard layout:
+
+1. Click **Settings > Time & language > Region and language** 
+2. Select one of the languages listed above and choose **Set as default**.
+
+Note: If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
+
+
+
+

windows/security/threat-protection/security-policy-settings/minimum-password-age.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: brianlic-msft
+author: justinha
-ms.date: 04/19/2017
+ms.date: 11/13/2018
 ---
 
 # Minimum password age
@@ -20,7 +20,7 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-The **Minimum password age** policy setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
+The **Minimum password age** policy setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow password changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
 
 ### Possible values
 
@@ -29,9 +29,16 @@ The **Minimum password age** policy setting determines the period of time (in da
 
 ### Best practices
 
-Set **Minimum password age** to a value of 2 days. Setting the number of days to 0 allows immediate password changes, which is not recommended.
+[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend setting **Minimum password age** to 1 day. 
 
-If you set a password for a user and you want that user to change the administrator-defined password, you must select the **User must change password at next logon** check box. Otherwise, the user will not be able to change the password until the number of days specified by **Minimum password age**.
+Setting the number of days to 0 allows immediate password changes, which is not recommended. 
+Combining immediate password changes with password history allows someone to change a password repeatedly until the password history requirement is met and re-establish the original password again. 
+For example, suppose a password is "Ra1ny day!" and the history requirement is 24. 
+If the minimum password age is 0, the password can be changed 24 times in a row until finally changed back to "Ra1ny day!". 
+The minimum password age of 1 day prevents that.
+
+If you set a password for a user and you want that user to change the administrator-defined password, you must select the **User must change password at next logon** check box. 
+Otherwise, the user will not be able to change the password until the number of days specified by **Minimum password age**.
 
 ### Location
 
@@ -70,11 +77,11 @@ To address password reuse, you must use a combination of security settings. Usin
 
 ### Countermeasure
 
-Configure the **Minimum password age** policy setting to a value of at least 2 days. Users should know about this limitation and contact the Help Desk if they need to change their password during that two-day period. If you configure the number of days to 0, immediate password changes would be allowed, which we do not recommend.
+Configure the **Minimum password age** policy setting to a value of 1 day. Users should know about this limitation and contact the Help Desk to change a password sooner. If you configure the number of days to 0, immediate password changes would be allowed, which we do not recommend.
 
 ### Potential impact
 
-If you set a password for a user but wants that user to change the password when the user first logs on, the administrator must select the **User must change password at next logon** check box, or the user cannot change the password until the next day.
+If you set a password for a user but want that user to change the password when the user first logs on, the administrator must select the **User must change password at next logon** check box, or the user cannot change the password until the next day.
 
 ## Related topics
 

windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 09/03/2018
+ms.date: 11/13/2018
 ---
 
 # Enable and configure antivirus always-on protection and monitoring
@@ -42,7 +42,7 @@ Location | Setting | Description | Default setting (if not configured)
 ---|---|---|---
 Real-time protection | Monitor file and program activity on your computer | The Windows Defender Antivirus engine makes note of any file changes (file writes, such as moves, copies, or modifications) and general program activity (programs that are opened or running and that cause other programs to run) | Enabled
 Real-time protection | Scan all downloaded files and attachments | Downloaded files and attachments are automatically scanned. This operates in addition to the SmartScreen filter, which scans files before and during downloading | Enabled
-Real-time protection | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Windows Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have disabled real-time protection | Enabled
+Real-time protection | Turn on process scanning whenever real-time protection is enabled | You can independently enable the Windows Defender Antivirus engine to scan running processes for suspicious modifications or behaviors. This is useful if you have temporarily disabled real-time protection and want to automatically scan processes that started while it was disabled | Enabled
 Real-time protection | Turn on behavior monitoring | The AV engine will monitor file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity | Enabled
 Real-time protection | Turn on raw volume write notifications | Information about raw volume writes will be analyzed by behavior monitoring | Enabled
 Real-time protection | Define the maximum size of downloaded files and attachments to be scanned | You can define the size in kilobytes | Enabled