Merge branch 'master' into ConfigRebrand-Three

2025-05-18 08:17:23 +00:00 · 2020-01-15 10:21:47 -08:00 · 2020-01-15 10:21:47 -08:00 · 3efaaa63c2
commit 3efaaa63c2
parent 67d3013864 b50b3800a8
140 changed files with 2938 additions and 2844 deletions
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@ -2,19 +2,19 @@
 documentType: LandingData
-title: Microsoft Edge group policies 
+title: Microsoft Edge Legacy group policies 
 metadata:
  document_id: 
-  title: Microsoft Edge group policies  
+  title: Microsoft Edge Legacy group policies  
-  description: Learn how to configure group policies in Microsoft Edge on Windows 10.
+  description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.
-  text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. 
+  text: Some of the features in Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. (To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).)
-  keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
+  keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile
  ms.localizationpriority: medium
@ -36,7 +36,7 @@ sections:
  - type: markdown
-    text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
+    text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
 - items:
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@ -2,19 +2,19 @@
 documentType: LandingData
-title: Microsoft Edge Group Policy configuration options 
+title: Microsoft Edge Legacy Group Policy configuration options 
 metadata:
  document_id: 
-  title: Microsoft Edge Group Policy configuration options  
+  title: Microsoft Edge Group Legacy Policy configuration options  
  description: 
-  text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. 
+  text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn how to deploy and configure group policies in Microsoft Edge Legacy on Windows 10. Some of the features coming to Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
-
+  
-  keywords: Microsoft Edge, Windows 10
+  keywords: Microsoft Edge Legacy, Windows 10
  ms.localizationpriority: medium
@ -36,7 +36,7 @@ sections:
  - type: markdown
-    text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
+    text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
 - items:
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@ -32,6 +32,7 @@
 ## [Create, share, and view photos and video](holographic-photos-and-videos.md)
 # User management and access management
 ## [Accounts on HoloLens](hololens-identity.md)
 ## [Share your HoloLens with multiple people](hololens-multiple-users.md)
 ## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
 ## [Set up limited application access](hololens-kiosk.md)
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@ -0,0 +1,111 @@
 ---
 title: Managing user identity and login on HoloLens
 description: Manage user identity, security, and login on HoloLens.
 keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
 ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
 author: scooley
 ms.author: scooley
 ms.date: 1/6/2019
 ms.prod: hololens
 ms.topic: article
 ms.sitesec: library
 ms.topic: article
 ms.localizationpriority: medium
 audience: ITPro
 manager: jarrettr
 appliesto:
 - HoloLens (1st gen)
 - HoloLens 2
 ---
 # User identity and signin
 > [!NOTE]
 > This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
 Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
 HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens:
 | Identity type | Accounts per device | Authentication options |
 | --- | --- | --- |
 | [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
 | [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | <ul><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
 | [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
 Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services.  
 ## Setting up users
 The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md).
 Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs.  
 If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens.
 By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy.
 ### Linked accounts
 As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually.
 Linking accounts does not separate the user data created on the device, such as images or downloads.  
 ### Setting up multi-user support (AAD only)
 > [!NOTE]
 > **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
 HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user.  
 All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users.  
 ## Removing users
 You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device.  
 ## Using single sign-on within an app
 As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
 Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token.
 If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand).
 ## Enterprise and other authentication
 If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
 ## Deprecated APIs
 One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account.
 ## Frequently asked questions
 ### Is Windows Hello for Business supported on HoloLens?
 Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
 1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
 1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
 1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN.
 > [!NOTE]
 > Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
 #### Does the type of account change the sign-in behavior?
 Yes, the behavior for the type of account affects the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type:
 - **Microsoft account**: signs in automatically
 - **Local account**: always asks for password, not configurable in **Settings**
 - **Azure AD**: asks for password by default, and configurable by **Settings** to no longer ask for password.
 > [!NOTE]
 > Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.
 ## Additional resources
 Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/).
 Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/).
--- a/devices/hololens/hololens2-setup.md
+++ b/devices/hololens/hololens2-setup.md
@ -62,7 +62,7 @@ To turn on your HoloLens 2, press the Power button.  The LED lights below the Po
 | To turn on | Single button press. | All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. |
 | To sleep | Single button press. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
 | To wake from sleep | Single button press. | All five lights turn on, then change to indicate the battery level. A sound immediately plays. |
-| To turn off | Press and for hold 5s. |  All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
+| To turn off | Press and hold for 5s. |  All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
 | To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. |
 ## HoloLens behavior reference
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@ -49,7 +49,8 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
   ```PowerShell
   New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
   ```
-[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
+> [!IMPORTANT] 
 > ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
 3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@ -46,9 +46,14 @@ documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
 1.  Run regedit from a command prompt to open the Windows Registry
    Editor.
-      - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
+      - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Surface\Surface
        Brightness Control\	
-		
+    
    If you're running an older version of Surface Brightness control, run the following command instead:
      - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
        Brightness Control\
 | Registry Setting | Data| Description  
 |-----------|------------|---------------
--- a/devices/surface/surface-dock-firmware-update.md
+++ b/devices/surface/surface-dock-firmware-update.md
@ -50,9 +50,6 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm
 > [!NOTE]
 > A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
 > [!NOTE]
 > A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
 For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
 > [!IMPORTANT]
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@ -206,7 +206,7 @@ This node is deprecated. Use **Biometrics/UseBiometrics** node instead.
 <a href="" id="biometrics--only-for---device-vendor-msft-"></a>**Biometrics** (only for ./Device/Vendor/MSFT)  
 Node for defining biometric settings. This node was added in Windows 10, version 1511.
-*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
+*Not supported on Windows Holographic and Windows Holographic for Business.*
 <a href="" id="biometrics-usebiometrics--only-for---device-vendor-msft-"></a>**Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT)  
 Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511.
@ -217,7 +217,7 @@ Default value is true, enabling the biometric gestures for use with Windows Hell
 Supported operations are Add, Get, Delete, and Replace.
-*Not supported on Windows Holographic and Windows Holographic for Business.*
+*Not supported on Windows Holographic and Windows Holographic for Business prior to Windows 10 version 1903 (May 2019 Update).*
 <a href="" id="biometrics-facialfeaturesuseenhancedantispoofing--only-for---device-vendor-msft-"></a>**Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT)  
 Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511.
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -14,10 +14,14 @@ ms.localizationpriority: medium
 # Policy CSP - Browser
-
+> [!NOTE]
 > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
 <hr/>
 > [!NOTE]
 > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
 <!--Policies-->
 ## Browser policies  
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@ -29,21 +29,11 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
    ![register azuread](images/azure-ad-add-tenant11.png)
-3.  On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
+3.  On the **Admin center** page, under Admin Centers on the left, click **Azure Active Directory**. This will take you to the Azure Active Directory portal.
-    ![register azuread](images/azure-ad-add-tenant12.png)
+    ![Azure-AD-updated](https://user-images.githubusercontent.com/41186174/71594506-e4845300-2b40-11ea-9a08-c21c824e12a4.png)
 4.  On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
    ![register azuread](images/azure-ad-add-tenant13.png)
 5.  It may take a few minutes to process the request.
    ![register azuread](images/azure-ad-add-tenant14.png)
 6.  You will see a welcome page when the process completes.
    ![register azuread](images/azure-ad-add-tenant15.png)
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@ -125,9 +125,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
 ## Configure when devices receive Quality Updates
-Quality Updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality Updates following their availability. You can defer receiving these Quality Updates for a period of up to 35 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
+Quality updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
-You can set your system to receive updates for other Microsoft products—known as Microsoft Updates (such as Microsoft Office, Visual Studio)—along with Windows Updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft Updates will follow the same deferral and pause rules as all other Quality Updates.
+You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
 >[!IMPORTANT]
 >This policy defers both Feature and Quality Updates on Windows 10 Mobile Enterprise.
@ -146,7 +146,7 @@ You can set your system to receive updates for other Microsoft products—known
 ## Pause quality updates
-You can also pause a system from receiving Quality Updates for a period of up to 35 days from when the value is set.   After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality Updates. Following this scan, you can then pause quality Updates for the device again.
+You can also pause a system from receiving quality updates for a period of up to 35 days from when the value is set. After 35 days have passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality updates. Following this scan, you can then pause quality updates for the device again.
 Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. 
@ -201,9 +201,9 @@ The policy settings to **Select when Feature Updates are received** allows you t
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
 * MDM: **Update/BranchReadinessLevel**
-## Exclude drivers from Quality Updates
+## Exclude drivers from quality updates
-Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to Feature Updates, where drivers might be dynamically installed to ensure the Feature Update process can complete.
+Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to feature updates, where drivers might be dynamically installed to ensure the feature update process can complete.
 **Policy settings to exclude drivers**
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@ -174,7 +174,7 @@ With all these options, which an organization chooses depends on the resources,
 | Windows Update | Yes (manual) | No | Delivery Optimization | None|
 | Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
 | WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
-| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache | Distribution points, multiple deployment options |
+| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](https://docs.microsoft.com/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows 10 Update Delivery](https://docs.microsoft.com/windows/deployment/update/waas-optimize-windows-10-updates) | Distribution points, multiple deployment options |
 >[!NOTE]
 >Due to [naming changes](#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@ -35,7 +35,7 @@ The following table describes some log files and how to use them for troubleshoo
 <br>
 <table>
-<tr><td BGCOLOR="#a0e4fa"><B>Log file</td><td BGCOLOR="#a0e4fa"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><B>Description</td><td BGCOLOR="#a0e4fa"><B>When to use</td>
+<tr><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Log file</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Phase: Location</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>Description</td><td BGCOLOR="#a0e4fa"><font color="#000000"><B>When to use</td>
 <tr><td rowspan="5">setupact.log</td><td>Down-Level:<br>$Windows.~BT\Sources\Panther</td><td>Contains information about setup actions during the downlevel phase. </td>
 <td>All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.</td>
 <tr><td>OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC</td>
@ -52,7 +52,7 @@ setupapi.dev.log<br>
 Event logs (*.evtx)</td>
 <td>$Windows.~BT\Sources\Rollback<td>Additional logs collected during rollback.</td>
 <td>
-Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump.<br>
+Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.<br>
 Setupapi: Device install issues - 0x30018<br>
 Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.</td>
 </table>
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@ -513,9 +513,9 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
 <br /><table>
 <tr>
-<td BGCOLOR="#a0e4fa"><b>Error code</b></th>
+<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Error code</b></font></td>
-<td BGCOLOR="#a0e4fa"><b>Cause</b></th>
+<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Cause</b></font></td>
-<td BGCOLOR="#a0e4fa"><b>Mitigation</b></th>
+<td BGCOLOR="#a0e4fa"><font color="#000000"><b>Mitigation</b></font></td>
 </tr>
 <tr>
@ -647,7 +647,7 @@ For detailed information on how to run these steps check out <a href="https://bl
 <br><table>
-<tr><td BGCOLOR="#a0e4fa">Error Codes<td BGCOLOR="#a0e4fa">Cause<td BGCOLOR="#a0e4fa">Mitigation</td></tr>
+<tr><td BGCOLOR="#a0e4fa"><font color="#000000">Error Codes<td BGCOLOR="#a0e4fa"><font color="#000000">Cause<td BGCOLOR="#a0e4fa"><font color="#000000">Mitigation</td></tr>
 <tr><td>0x80070003- 0x20007
 <td>This is a failure during SafeOS phase driver installation.
--- a/windows/deployment/upgrade/upgrade-error-codes.md
+++ b/windows/deployment/upgrade/upgrade-error-codes.md
@ -91,7 +91,7 @@ The following tables provide the corresponding phase and operation for values of
 <br>
 <table cellspacing="0" cellpadding="0">
-<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><b>Extend code: phase</b></td>
+<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><font color="#000000"><b>Extend code: phase</b></td>
 <tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 5.4pt 0in 5.4pt'><b>Phase</b>
 <tr><td style='padding:0in 4pt 0in 4pt'>0<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_UNKNOWN
 <tr><td style='padding:0in 4pt 0in 4pt'>1<td style='padding:0in 4pt 0in 4pt'>SP_EXECUTION_DOWNLEVEL
@ -103,7 +103,7 @@ The following tables provide the corresponding phase and operation for values of
 <table border="0" style='border-collapse:collapse;border:none'>
-<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><B>Extend code: operation</B></td>
+<tr><td colspan="2" align="center" valign="top" BGCOLOR="#a0e4fa"><font color="#000000"><B>Extend code: operation</B></td>
 <tr><td align="left" valign="top" style='border:dotted #A6A6A6 1.0pt;'>
 <table>
 <tr><td style='padding:0in 4pt 0in 4pt'><b>Hex</b><td style='padding:0in 4pt 0in 4pt'><span style='padding:0in 5.4pt 0in 5.4pt;'><b>Operation</b>
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@ -104,13 +104,13 @@ Once the hardware IDs have been captured from existing devices, they can be uplo
 -   [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles).  You might already be using MSfB to manage your apps and settings.
 A summary of each platform's capabilities is provided below.
-
+<br>
 <table>
 <tr>
-<td BGCOLOR="#a0e4fa"><B>Platform/Portal</th>
+<td BGCOLOR="#a0e4fa"><B><font color="#000000">Platform/Portal</font></td>
-<td BGCOLOR="#a0e4fa"><B>Register devices?</th>
+<td BGCOLOR="#a0e4fa"><B><font color="#000000">Register devices?</font></td>
-<td BGCOLOR="#a0e4fa"><B>Create/Assign profile</th>
+<td BGCOLOR="#a0e4fa"><B><font color="#000000">Create/Assign profile</font></td>
-<td BGCOLOR="#a0e4fa"><B>Acceptable DeviceID</th>
+<td BGCOLOR="#a0e4fa"><B><font color="#000000">Acceptable DeviceID</font></td>
 </tr>
 <tr>
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@ -68,15 +68,16 @@ See the following examples.
    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
    Install-Module AzureAD -Force
    Install-Module WindowsAutopilotIntune -Force
    Install-Module Microsoft.Graph.Intune -Force
    ```
-
+    
 3. Enter the following lines and provide Intune administrative credentials
-   - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
+   - Be sure that the user account you specify has sufficient administrative rights.
     ```powershell
-     Connect-MSGraph -user admin@M365x373186.onmicrosoft.com
+     Connect-MSGraph
     ```
-     The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**. 
+     The user and password for your account will be requested using a standard Azure AD form. Type your username and password and then click **Sign in**. 
     <br>See the following example:
     ![Azure AD authentication](images/pwd.png)
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@ -35,7 +35,6 @@ sections:
      <tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 10240.18334<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522009' target='_blank'>KB4522009</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -64,12 +63,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='306msgdesc'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><div>You may receive an error on your Apple MacOS device when trying to access network shares via CIFS&nbsp;or SMBv1 on a Windows devices that has installed updates on June 11, 2019 (<a href='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a>) or later. When you encounter this issue, in MacOS you may receive the error, “There was a problem connecting to the server “{Server Host Name}”. Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> For guidance on this issue, see the Apple support article <a href=\"https://support.apple.com/HT210423\" target=\"_blank\">If your Mac can't use NTLM to connect to a Windows server</a>. There is no update for Windows needed for this issue.</div><br><a href ='#306msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>Last updated:<br>August 09, 2019 <br>07:03 PM PT<br><br>Opened:<br>August 09, 2019 <br>04:25 PM PT</td></tr>
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@ -42,11 +42,6 @@ sections:
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='53msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>System Center Virtual Machine Manager cannot enumerate and manage logical switches deployed on managed hosts.<br><br><a href = '#53msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='240msg'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><br>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='221msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#221msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>June 27, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='48msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#48msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -96,27 +91,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Some applications may fail to run as expected on clients of AD FS 2016</b><div>Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of <a href='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a> on the server. Applications that may exhibit&nbsp;this behavior use an <strong>IFRAME </strong>during non-interactive authentication requests and receive <strong>X-Frame Options </strong>set to<strong> </strong>DENY.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>.</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 14393.2941<br><br>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493473' target='_blank'>KB4493473</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved:<br>July 16, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 04, 2019 <br>05:55 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509475' target='_blank'>KB4509475</a></td><td>Resolved:<br>June 27, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='221msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>.</div><br><a href ='#221msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
      </table>
      "
 - title: March 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='48msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489882\" target=\"_blank\">KB4489882</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a>.</div><br><a href ='#48msg'>Back to top</a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@ -38,9 +38,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -81,14 +78,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@ -41,9 +41,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -93,8 +90,5 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519978' target='_blank'>KB4519978</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@ -42,12 +42,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
      <tr><td><div id='245msg'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><br>Devices with some Realtek Bluetooth radios drivers may have issues pairing or connecting to devices.<br><br><a href = '#245msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='210msg'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.<br><br><a href = '#210msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='88msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may terminate the connection.<br><br><a href = '#88msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -106,27 +100,5 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='244msgdesc'></div><b>Startup to a black screen after installing updates</b><div>We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>.</div><br><a href ='#244msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved:<br>October 15, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 14, 2019 <br>04:41 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='247msgdesc'></div><b>Difficulty connecting to some iSCSI-based SANs</b><div>Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing <a href='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a>. You may also receive an error in the <strong>System </strong>log section of <strong>Event Viewer </strong>with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a>.</div><br><a href ='#247msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>Resolved:<br>June 26, 2019 <br>04:00 PM PT<br><br>Opened:<br>June 20, 2019 <br>04:46 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='245msgdesc'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><div>In some circumstances, devices with Realtek Bluetooth radios may have issues pairing or connecting to Bluetooth devices due to a driver issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#245msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 14, 2019 <br>05:45 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='210msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.&nbsp;</div><br><a href ='#210msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
      </table>
      "
 - title: March 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='88msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#88msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@ -38,7 +38,6 @@ sections:
      <tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
      <tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
      <tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='229msg'></div><b>Cannot launch Camera app </b><br>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.<br><br><a href = '#229msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
@ -57,10 +56,6 @@ sections:
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='227msg'></div><b>Display brightness may not respond to adjustments</b><br>Devices configured with certain Intel display drivers may experience a driver compatibility issue.<br><br><a href = '#227msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='249msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#249msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='235msg'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><br>Users who update to Windows 10, version 1903 may experience a loss of functionality with Dynabook Smartphone Link.<br><br><a href = '#235msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:54 PM PT</td></tr>
      <tr><td><div id='222msg'></div><b>Error attempting to update with external USB device or memory card attached </b><br>PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
      <tr><td><div id='230msg'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><br>Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.<br><br><a href = '#230msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -127,7 +122,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='249msgdesc'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><div>The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0.&nbsp;You may also receive an error in the<strong> Application section </strong>of <strong>Windows Logs</strong> <strong>in</strong>&nbsp;<strong>Event Viewer&nbsp;</strong>with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.</div><div><br></div><div>This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.</div><div><br></div><div><strong>Affected platforms</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a>.</div><br><a href ='#249msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 28, 2019 <br>05:01 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
@ -140,11 +134,7 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='229msgdesc'></div><b>Cannot launch Camera app </b><div>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:</div><div class=\"ql-indent-1\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"Close other apps, error code: 0XA00F4243.”</div><div><br></div><div>To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a> and the safeguard hold has been removed.</div><br><a href ='#229msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:20 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='227msgdesc'></div><b>Display brightness may not respond to adjustments</b><div>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.</div><br><a href ='#227msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:56 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='235msgdesc'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><div>Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#235msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:54 PM PT<br><br>Opened:<br>May 24, 2019 <br>03:10 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='222msgdesc'></div><b>Error attempting to update with external USB device or memory card attached </b><div>If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.</div><div><br></div><div>Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is&nbsp;reassigned a different drive letter (e.g., drive H).</div><div><br></div><div><strong>Note</strong> The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.</div><div><br></div><div>To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#222msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:38 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='230msgdesc'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><div>After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.</div><div>&nbsp;</div><div>This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until&nbsp;this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#230msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:16 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@ -39,8 +39,6 @@ sections:
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517297' target='_blank'>KB4517297</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='197msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#197msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -81,16 +79,6 @@ sections:
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a>.  If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
 - title: April 2019
 - items:
  - type: markdown
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@ -39,9 +39,6 @@ sections:
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512488' target='_blank'>KB4512488</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517298' target='_blank'>KB4517298</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='209msg'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><br>Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.<br><br><a href = '#209msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>August 13, 2019 <br>06:59 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='155msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#155msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -90,16 +87,6 @@ sections:
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a>.  If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
 - title: April 2019
 - items:
  - type: markdown
@ -108,12 +95,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='209msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client:&nbsp;Windows 8.1; Windows 7 SP1</li><li>Server:&nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue has been resolved. McAfee has released an automatic update to address this issue.&nbsp;Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a>&nbsp;</li></ul><br><a href ='#209msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Resolved External<br></td><td>Last updated:<br>August 13, 2019 <br>06:59 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
 - title: March 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='155msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489881\" target=\"_blank\">KB4489881</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a>.</div><br><a href ='#155msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@ -37,7 +37,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512476' target='_blank'>KB4512476</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517301' target='_blank'>KB4517301</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -76,12 +75,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512499' target='_blank'>KB4512499</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a>.  If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503273' target='_blank'>KB4503273</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503271' target='_blank'>KB4503271</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@ -37,10 +37,6 @@ sections:
      <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512518' target='_blank'>KB4512518</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517302' target='_blank'>KB4517302</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='246msg'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><br>Some devices and generation 2 Hyper-V VMs may have issues installing some updates when Secure Boot is enabled.<br><br><a href = '#246msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='184msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#184msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -87,23 +83,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512512' target='_blank'>KB4512512</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
      </table>
      "
 - title: June 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='246msgdesc'></div><b>Some devices and generation 2 Hyper-V VMs may have issues installing updates</b><div>Some devices and generation 2 Hyper-V virtual machines (VMs) may have issues installing <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a> or later updates when Secure Boot is enabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If your device is using Security Only updates, this issue was resolved in&nbsp;<a href=\"https://support.microsoft.com/help/4508776\" target=\"_blank\" style=\"\">KB4508776</a>.</div><br><a href ='#246msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 19, 2019 <br>04:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='242msgdesc'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><div>Internet Explorer 11 may stop working when loading or interacting with Power BI reports that have line charts with markers. This issue may also occur when viewing other content that contains Scalable Vector Graphics (SVG) markers.</div><div><br></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1; Windows 8.1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2</li></ul><div></div><div><br></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;Preview Rollup <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>. If you are using the Internet Explorer cumulative updates, this issue was resolved in <a href=\"https://support.microsoft.com/help/4508646\" target=\"_blank\">KB4508646</a>.</div><br><a href ='#242msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 21, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 07, 2019 <br>02:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a>.  If you are using Security Only updates, see <a href=\"https://support.microsoft.com/help/4508640\" target=\"_blank\" style=\"\">KB4508640</a> for resolving KB for your platform.</div><br><a href ='#243msg'>Back to top</a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>Resolved:<br>June 20, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
 - title: March 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='184msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489891\" target=\"_blank\">KB4489891</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012&nbsp;</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a>.</div><br><a href ='#184msg'>Back to top</a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@ -64,7 +64,6 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
@ -93,7 +92,6 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>After installing the optional non-security&nbsp;update (<a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a&nbsp;0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Note</strong> Microsoft Windows Defender Antivirus is not affected by this issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a>.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@ -64,14 +64,8 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
      <tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -91,33 +85,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
      </table>
      "
 - title: October 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
      </table>
      "
 - title: August 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='317msgdesc'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><div>Installation of updates may fail and you may receive the error message, \"Updates Failed, There were problems installing some updates, but we'll try again later\" or \"Error 0x80073701\" on the <strong>Windows Update</strong> dialog or within U<strong>pdate history</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong> This issue has been resolved for most users. If you are still having issues, please see <a href=\"https://support.microsoft.com/help/4528159\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528159</a>.</div><br><a href ='#317msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>November 12, 2019 <br>08:11 AM PT<br><br>Opened:<br>August 16, 2019 <br>01:41 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-10-1909.yml
+++ b/windows/release-information/status-windows-10-1909.yml
@ -64,10 +64,7 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      </table>
      "
@ -86,22 +83,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some older versions of Avast Antivirus and AVG Antivirus that might still be installed by a small number of users. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 25, 2019 <br>05:25 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
      </table>
      "
 - title: October 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@ -60,7 +60,6 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
      <tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +78,6 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/en-us/help/4507457\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507457</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@ -60,7 +60,6 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
      <tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -79,7 +78,6 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='375msgdesc'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><div>When attempting to print from a 32-bit app on a 64-bit operating system (OS), you may receive an error, or the application may stop responding or close. <strong>Note</strong> This issue only affects the 64-bit Security Only updates listed and does not affect any Monthly Rollup.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a>. However, the issue occurs when you install&nbsp;only <a href='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a> (released on August 13, 2019) without installing <a href=\"https://support.microsoft.com/help/4507447\" rel=\"noopener noreferrer\" target=\"_blank\">KB4507447</a>, the previous Security Only update (released July 9, 2019). <strong>Reminder</strong> When using the Security Only updates, you must install the latest and all previous Security Only updates to ensure that the device contains all resolved security vulnerabilities.</div><br><a href ='#375msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>Resolved:<br>November 12, 2019 <br>10:00 AM PT<br><br>Opened:<br>November 27, 2019 <br>04:02 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@ -50,6 +50,8 @@ sections:
    text: "
      <table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
      <tr><td id='379'><a href = 'https://support.microsoft.com/help/4528760' target='_blank'><b>Take action: January 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='379' href='#379'></a><br><div>The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
      <tr><td id='380'><a href = 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601' target='_blank'><b>Advisory: Windows CryptoAPI certificate validation vulnerability</b></a><a class='docon docon-link heading-anchor' aria-labelledby='380' href='#380'></a><br><div>On January 14, 2020, Microsoft released security updates to address&nbsp;an<a href=\"&nbsp;elliptic-curve cryptography&nbsp;(\" target=\"_blank\" rel=\"noopener noreferrer\">&nbsp;elliptic-curve cryptography<u>&nbsp;(</u></a>ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10&nbsp;operating system, client and server.&nbsp;While we have not observed an attack exploiting this vulnerability,&nbsp;we recommend that you apply this update to all of your Windows 10 devices&nbsp;with priority. Here is what you need to know:</div><ul><li>If you are running a supported version of Windows&nbsp;10&nbsp;and have automatic updates enabled, you are automatically protected and do not need to take any&nbsp;further&nbsp;action.</li><li>If you are managing updates on behalf of your organization, you should download the latest updates from the&nbsp;<a href=\"https://portal.msrc.microsoft.com/en-us/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Update Guide&nbsp;</a>and apply those updates to your&nbsp;Windows 10 devices and servers&nbsp;as soon as possible.</li></ul><div></div><div>If you are&nbsp;running an <a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" target=\"_blank\" rel=\"noopener noreferrer\">unsupported version of Windows 10</a>, we&nbsp;recommend that you upgrade to the current version of Windows 10 to benefit from the latest security protections.&nbsp;For more information&nbsp;about this vulnerability,&nbsp;see&nbsp;the <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Security Guidance for&nbsp;CVE-2020-0601</a> and the Microsoft Security Response Center blog, <a href=\"https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\" target=\"_blank\" rel=\"noopener noreferrer\">January 2020 Security Updates: CVE-2020-0601</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>
      <tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
      <tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week.&nbsp;For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
      <tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
--- a/windows/security/identity-protection/access-control/security-identifiers.md
+++ b/windows/security/identity-protection/access-control/security-identifiers.md
@ -289,6 +289,16 @@ Capability Security Identifiers (SIDs) are used to uniquely and immutably identi
 All Capability SIDs that the operating system is aware of are stored in the Windows Registry in the path `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities'. Any Capability SID added to Windows by first or third-party applications will be added to this location.
 ## Examples of registry keys taken from Windows 10, version 1909, 64-bit Enterprise edition
 You may see the following registry keys under AllCachedCapabilities:
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_DevUnlock
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_DevUnlock_Internal
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Enterprise
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_General
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Restricted
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities\capabilityClass_Windows
 All Capability SIDs are prefixed by S-1-15-3
 ## See also
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@ -86,6 +86,8 @@ You can do this by using either the Control Panel or the Deployment Image Servic
    ```
    dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
    ```
 > [!NOTE]
 > In Windows 10, version 1607 and later, the Isolated User Mode feature has been integrated into the core operating system. Running the command in step 3 above is therefore no longer required.
 > [!NOTE]
 > You can also add these features to an online image by using either DISM or Configuration Manager.
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@ -68,3 +68,5 @@ Following are the various deployment guides and models included in this topic:
 Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
 > [!NOTE]
 > You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@ -58,6 +58,9 @@ To resolve this issue, the CRL distribution point must be a location that is acc
 If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
 > [!NOTE]
 > If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
 ### Windows Server 2016 Domain Controllers
 If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We are glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
@ -335,6 +338,3 @@ Sign-in a workstation with access equivalent to a _domain user_.
 If you plan on using certificates for on-premises single-sign on, perform the additional steps in [Using Certificates for On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). 
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@ -118,6 +118,11 @@ Hybrid certificate trust deployments need the device write back feature.  Authen
 > [!NOTE]
 > Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory, and therefore the device writeback is used to update the msDS-KeyCredentialLink on the computer object.
 ## Provisioning
 You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
 ### Section Checklist ###
 > [!div class="checklist"]
 > * Azure Active Directory Device writeback
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@ -31,7 +31,7 @@ In hybrid deployments, users register the public portion of their Windows Hello
 The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
 > [!IMPORTANT]
-> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**.
+> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. In this case, you should use the pre-created group KeyAdmins in step 3 of the "Group Memberships for the Azure AD Connect Service Account" section of this article.
 ### Configure Permissions for Key Synchronization
@ -56,9 +56,6 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 1. Open **Active Directory Users and Computers**.
 2. Click the **Users** container in the navigation pane.
   >[!IMPORTANT]
   > If you already have a Windows Server 2016 domain controller in your domain, use the Keyadmins group in the next step, otherwise use the KeyCredential admins group you previously created.
 3. Right-click either the **KeyAdmins** or **KeyCredential Admins** in the details pane and click **Properties**.
 4. Click the **Members** tab and click **Add**
 5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account.  Click **OK**.
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -40,7 +40,7 @@ Hybrid Windows Hello for Business needs two directories: on-premises Active Dire
 A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription.  The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
-You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.  However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 domain controllers at each site where users authenticate using Windows Hello for Business.  Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
+You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.  However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 or later domain controllers at each site where users authenticate using Windows Hello for Business.  Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 Review these requirements and those from the Windows Hello for Business planning guide and worksheet.  Based on your deployment decisions you may need to upgrade your on-premises Active Directory or your Azure Active Directory subscription to meet your needs.
@ -125,7 +125,11 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth
 ## Device Registration
 Organizations wanting to deploy hybrid key trust need their domain joined devices to register to Azure Active Directory.  Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud.  This ensures that only approved computers are used with that Azure Active Directory.  Each computer registers its identity in Azure Active Directory. 
- 
+
 ## Provisioning
 You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
 ### Section Checklist
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@ -196,7 +196,7 @@ Alternatively, you can forcefully trigger automatic certificate enrollment using
 Use the event logs to monitor certificate enrollment and archive.  Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions.
-## Follow the Windows Hello for Business on premises certificate trust deployment guide
+## Follow the Windows Hello for Business on premises key trust deployment guide
 1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
 2. Validate and Configure Public Key Infrastructure (*You are here*)
 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md
@ -1,9 +1,9 @@
 ---
-title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
+title: Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager (Windows 10)
 description: Use Configuration Manager to make & deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
 ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
 ms.reviewer: 
-keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager, MEMCM, Microsoft Endpoint Configuration Manager
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@ -15,26 +15,29 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 05/13/2019
+ms.date: 01/09/2020
 ---
-# Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
+# Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager
 **Applies to:**
 - Windows 10, version 1607 and later
 - Windows 10 Mobile, version 1607 and later
- System Center Configuration Manager
+- Microsoft Endpoint Configuration Manager
-System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
+Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
 ## Add a WIP policy
-After you’ve installed and set up System Center Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
+After you’ve installed and set up Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
 >[!TIP]
 > Review the [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) article before creating a new configuration item to avoid common issues.
 **To create a configuration item for WIP**
-1.  Open the System Center Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
+1.  Open the Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
-    ![System Center Configuration Manager, Configuration Items screen](images/wip-sccm-addpolicy.png)
+    ![Configuration Manager, Configuration Items screen](images/wip-sccm-addpolicy.png)
 2.  Click the **Create Configuration Item** button.<p>
 The **Create Configuration Item Wizard** starts.
@ -43,7 +46,7 @@ The **Create Configuration Item Wizard** starts.
 3.  On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-4.  In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use System Center Configuration Manager for device management, and then click **Next**.
+4.  In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use Configuration Manager for device management, and then click **Next**.
    -   **Settings for devices managed with the Configuration Manager client:** Windows 10
@ -62,7 +65,7 @@ The **Create Configuration Item Wizard** starts.
 The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization.
 ## Add app rules to your policy
-During the policy-creation process in System Center Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
+During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
 The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file.
@ -295,9 +298,9 @@ For this example, we’re going to add an AppLocker XML file to the **App Rules*
        </RuleCollection>
    </AppLockerPolicy>
    ```
-12. After you’ve created your XML file, you need to import it by using System Center Configuration Manager.
+12. After you’ve created your XML file, you need to import it by using Configuration Manager.
-**To import your Applocker policy file app rule using System Center Configuration Manager**
+**To import your Applocker policy file app rule using Configuration Manager**
 1.  From the **App rules** area, click **Add**.
    The **Add app rule** box appears.
@ -506,3 +509,5 @@ After you’ve created your WIP policy, you'll need to deploy it to your organiz
 - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
 - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
 - [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -121,6 +121,7 @@
 ##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
 ##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
 ##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
 ##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
 ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
 ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
 ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
@ -129,7 +130,7 @@
 ##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
 ##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
 #### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
-#### [Stream advanced hunting events to Azure Event Hubs](microsoft-defender-atp/raw-data-export-event-hub.md)
+
 #### [Custom detections]()
 ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
@ -137,8 +138,6 @@
 ### [Management and APIs]()
 #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
 #### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 #### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
 ### [Integrations]()
 #### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
@ -362,15 +361,15 @@
 ###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
 #### [Microsoft Defender ATP API]()
 ##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
 ##### [Get started with Microsoft Defender ATP APIs]()
-###### [Introduction](microsoft-defender-atp/apis-intro.md)
+###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
 ###### [Access the Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
 ###### [Hello World](microsoft-defender-atp/api-hello-world.md)
 ###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
 ###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
 ###### [Get partner application access](microsoft-defender-atp/exposed-apis-create-app-partners.md)
-##### [APIs]()
+##### [Microsoft Defender ATP APIs Schema]()
 ###### [Supported Microsoft Defender ATP APIs](microsoft-defender-atp/exposed-apis-list.md)
 ###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
@ -408,7 +407,12 @@
 ####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
 ####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
 ####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
-####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
+
 ###### [Automated Investigation]()
 ####### [Investigation methods and properties](microsoft-defender-atp/investigation.md)
 ####### [List Investigation](microsoft-defender-atp/get-investigation-collection.md)
 ####### [Get Investigation](microsoft-defender-atp/get-investigation-object.md)
 ####### [Start Investigation](microsoft-defender-atp/initiate-autoir-investigation.md)
 ###### [Indicators]()
 ####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
@ -444,14 +448,14 @@
 ###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
 ###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
-#### [Windows updates (KB) info]()
+#### [Raw data streaming API]()
-##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
+##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
 ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
 ##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md)
-#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
+#### [SIEM integration]()
-##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
+##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 #### [Pull detections to your SIEM tools]()
 ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
 ##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
@ -460,6 +464,7 @@
 ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
 ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
 #### [Reporting]()
 ##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
 ##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
@ -486,45 +491,55 @@
 ###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
 ###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
-#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
+#### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 ## [Partner integration scenarios]()
 ### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
 ### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)
 ### [Become a Microsoft Defender ATP partner](microsoft-defender-atp/get-started-partner-integration.md)
 ## [Configure Microsoft threat protection integration]()
 ### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
 ### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
 ### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
 ## [Configure portal settings]()
 ### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
 ### [General]()
 #### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 #### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
 #### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
 #### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
 #### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
 ### [Permissions]()
 #### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
 #### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
 ##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
 ##### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
 ###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
 ### [APIs]()
 #### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
 #### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
 ### [Rules]()
 #### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
 #### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
 #### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
 #### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
 ### [Machine management]()
 #### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
 #### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
 ### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
 ### [Configure Microsoft threat protection integration]()
 #### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
 #### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
 #### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
 ### [Configure portal settings]()
 #### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
 #### [General]()
 ##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
 ##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
 ##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
 ##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
 #### [Permissions]()
 ##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
 ##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
 ###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
 ###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
 ####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
 #### [APIs]()
 ##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
 #### [Rules]()
 ##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
 ##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
 ##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
 ##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
 #### [Machine management]()
 ##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
 ##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
 #### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
 ## [Troubleshoot Microsoft Defender ATP]()
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@ -184,6 +184,7 @@ The most common values:
 | 2    | PA-ENC-TIMESTAMP       | This is a normal type for standard password authentication.                                                                                                                                                                                                                                                                                                                                                      |
 | 11   | PA-ETYPE-INFO          | The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment.  |
 | 15   | PA-PK-AS-REP\_OLD      | Used for Smart Card logon authentication.                                                                                                                                                                                                                                                                                                                                                                        |
 | 16   | PA-PK-AS-REQ           | Request sent to KDC in Smart Card authentication scenarios.|
 | 17   | PA-PK-AS-REP           | This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen.                                                                                                                                                                                                                                                                                     |
 | 19   | PA-ETYPE-INFO2         | The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value.<br>Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
 | 20   | PA-SVR-REFERRAL-INFO   | Used in KDC Referrals tickets.                                                                                                                                                                                                                                                                                                                                                                                   |
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@ -126,8 +126,9 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
 -   **Subcategory** \[Type = UnicodeString\]**:** the name of auditing subcategory which state was changed. Possible values:
-| Audit Credential Validation              | Audit Process Termination                    | Audit Other Logon/Logoff Events      |
+| Value              | Value                    | Value      |
 |------------------------------------------|----------------------------------------------|--------------------------------------|
 | Audit Credential Validation              | Audit Process Termination                    | Audit Other Logon/Logoff Events      |
 | Audit Kerberos Authentication Service    | Audit RPC Events                             | Audit Special Logon                  |
 | Audit Kerberos Service Ticket Operations | Audit Detailed Directory Service Replication | Audit Application Generated          |
 | Audit Other Logon/Logoff Events          | Audit Directory Service Access               | Audit Certification Services         |
@ -145,7 +146,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
 | Audit Policy Change                      | Audit Non-Sensitive Privilege Use            | Audit System Integrity               |
 | Audit Authentication Policy Change       | Audit Sensitive Privilege Use                | Audit PNP Activity                   |
 | Audit Authorization Policy Change        | Audit Other Privilege Use Events             |                                      |
-| Group Membership                         | Audit Network Policy Server                  |                                      |
+| Audit Group Membership                         | Audit Network Policy Server                  |                                      |
 -   **Subcategory GUID** \[Type = GUID\]**:** the unique GUID of changed subcategory.
--- a/windows/security/threat-protection/images/securityrecs-tamperprotect.jpg
+++ b/windows/security/threat-protection/images/securityrecs-tamperprotect.jpg
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@ -18,10 +18,19 @@ ms.topic: article
 # Add or Remove Machine Tags API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Adds or remove tag to a specific [Machine](machine.md).
 ## Limitations
 1. You can post on machines last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 This API adds or remove tag to a specific machine.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -77,34 +86,4 @@ Content-type: application/json
  "Action": "Add"
 }
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
    "computerDnsName": "mymachine1.contoso.com",
    "firstSeen": "2018-08-02T14:55:03.7791856Z",
 	"lastSeen": "2018-08-02T14:55:03.7791856Z",
    "osPlatform": "Windows10",
    "osVersion": "10.0.0.0",
    "lastIpAddress": "172.17.230.209",
    "lastExternalIpAddress": "167.220.196.71",
    "agentVersion": "10.5830.18209.1001",
    "osBuild": 18209,
    "healthStatus": "Active",
    "rbacGroupId": 140,
 	"rbacGroupName": "The-A-Team",
    "riskScore": "Low",
    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 	"machineTags": [ "test tag 1", "test tag 2" ]
 }
 ```
 - To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
@ -26,7 +26,7 @@ ms.date: 10/08/2019
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
+The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
@ -0,0 +1,59 @@
 ---
 title: DeviceFileCertificateInfoBeta table in the advanced hunting schema
 description: Learn about file signing information in the DeviceFileCertificateInfoBeta table of the advanced hunting schema
 keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, digital signature, certificate, file signing, DeviceFileCertificateInfoBeta
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: lomayor
 author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ms.date: 01/14/2020
 ---
 # DeviceFileCertificateInfoBeta
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 [!include[Prerelease information](../../includes/prerelease.md)]
 The `DeviceFileCertificateInfoBeta` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
 | `Timestamp` | datetime | Date and time when the event was recorded
 | `DeviceId` | string | Unique identifier for the machine in the service
 | `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
 | `SHA1` | string | SHA-1 of the file that the recorded action was applied to
 | `IsSigned` | boolean | Indicates whether the file is signed
 | `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
 | `Signer` | string | Information about the signer of the file
 | `SignerHash` | string | Unique hash value identifying the signer
 | `Issuer` | string | Information about the issuing certificate authority (CA)
 | `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
 | `CrlDistributionPointUrls` | string |  URL of the network share that contains certificates and the certificate revocation list (CRL)
 | `CertificateCreationTime` | datetime | Date and time the certificate was created
 | `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
 | `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
 | `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
 | `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
 | `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
 ## Related topics
 - [Advanced hunting overview](advanced-hunting-overview.md)
 - [Learn the query language](advanced-hunting-query-language.md)
 - [Understand the schema](advanced-hunting-schema-reference.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@ -23,8 +23,7 @@ ms.date: 10/08/2019
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-> [!TIP]
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query.
@ -141,5 +140,4 @@ For detailed information about the query language, see [Kusto query language doc
 - [Understand the schema](advanced-hunting-schema-reference.md)
 - [Apply query best practices](advanced-hunting-best-practices.md)
-> [!TIP]
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
 > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/08/2019
+ms.date: 01/14/2020
 ---
 # Understand the advanced hunting schema
@ -47,6 +47,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce
 | **[DeviceLogonEvents](advanced-hunting-devicelogonevents-table.md)** | Sign-ins and other authentication events |
 | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
 | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
 | **[DeviceFileCertificateInfoBeta](advanced-hunting-devicefilecertificateinfobeta-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
 | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
 | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
 | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@ -27,6 +27,7 @@ Method |Return Type |Description
 :---|:---|:---
 [Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
 [List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
 [Update alert](get-alerts.md) | [Alert](update-alert.md) | Update specific [alert](alerts.md).
 [Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
 [List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
 [List related files](get-alert-related-files-info.md) | [File](files.md) collection |  List the [file](files.md) entities that are associated with the [alert](alerts.md).
@ -59,19 +60,8 @@ detectionSource | String | Detection source.
 threatFamilyName | String | Threat family.
 machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
 comments | List of Alert comments | Alert Comment is an object that contains: comment string, createdBy string and createTime date time.
 alertFiles | List of Alert Files | **This list will be populated on $expand option, see example below** Alert File is an object that contains: sha1, sha256, filePath and fileName. 
 alertIPs | List of Alert IPs | **This list will be populated on $expand option, see example below** Alert IP is an object that contains: ipAddress string field. 
 alertDomains | List of Alert Domains | **This list will be populated on $expand option, see example below** Alert Domain is an object that contains: host string field. 
 ## JSON representation:
 - When querying for alert list the regular way (without expand option, e.g. /api/alerts) the expandable properties will not get populated (empty lists)
 - To expand expandable properties use $expand option (e.g. to expand all send /api/alerts?$expand=files,ips,domains).
 - When querying single alert all expandable properties will be expanded. 
 - Check out [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) for more OData examples. 
 ### Response example for getting single alert:
 ```
@ -83,12 +73,12 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
    "id": "da637084217856368682_-292920499",
    "incidentId": 66860,
    "investigationId": 4416234,
 	"investigationState": "Running",
    "assignedTo": "secop@contoso.com",
    "severity": "Low",
    "status": "New",
    "classification": "TruePositive",
    "determination": null,
    "investigationState": "Running",
    "detectionSource": "WindowsDefenderAtp",
    "category": "CommandAndControl",
    "threatFamilyName": null,
@ -106,24 +96,6 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
            "createdBy": "secop@contoso.com",
            "createdTime": "2019-11-05T14:08:37.8404534Z"
        }
    ],
    "alertFiles": [
        {
            "sha1": "77e862797dd525fd3e9c3058153247945d0d4cfd",
            "sha256": "c05823562aee5e6d000b0e041197d5b8303f5aa4eecb49820879b705c926e16e",
            "filePath": "C:\\Users\\test1212\\AppData\\Local\\Temp\\nsf61D3.tmp.exe",
            "fileName": "nsf61D3.tmp.exe"
        }
    ],
    "alertDomains": [
        {
            "host": "login.bullguard.com"
        }
    ],
    "alertIps": [
        {
            "ipAddress": "91.231.212.53"
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@ -1,5 +1,5 @@
 ---
-title: Microsoft Defender Advanced Threat Protection API overview  
+title: Access the Microsoft Defender Advanced Threat Protection APIs  
 ms.reviewer: 
 description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
 keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
-# Microsoft Defender ATP API overview
+# Access the Microsoft Defender Advanced Threat Protection APIs 
 **Applies to:** 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@ -18,11 +18,19 @@ ms.topic: article
 ---
 # Collect investigation package API
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Collect investigation package from a machine.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -74,25 +82,3 @@ Content-type: application/json
  "Comment": "Collect forensics due to alert 1234"
 }
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 201 Created
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
    "id": "c9042f9b-8483-4526-87b5-35e4c2532223",
    "type": "CollectInvestigationPackage",
    "requestor": "Analyst@contoso.com",
    "requestorComment": " Collect forensics due to alert 1234",
    "status": "InProgress",
    "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
    "creationDateTimeUtc": "2018-12-04T12:09:24.1785079Z",
    "lastUpdateTimeUtc": "2018-12-04T12:09:24.1785079Z",
 	"relatedFileInfo": null
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ms.date: 10/16/2017
 ---
 # Pull detections to your SIEM tools
@ -56,13 +55,3 @@ Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections using
 For more information, see [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md).
 ## In this section
 Topic | Description
 :---|:---
 [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
 [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)| Learn about installing the REST API Modular Input App and other configuration settings to enable Splunk to pull Microsoft Defender ATP detections.
 [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Microsoft Defender ATP detections.
 [Microsoft Defender ATP Detection fields](api-portal-mapping.md) | Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center.
 [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md) | Use the Client credentials OAuth 2.0 flow to pull detections from Microsoft Defender ATP using REST API.
 [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) | Address issues you might encounter when using the SIEM integration feature.
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@ -16,13 +16,24 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
-# Create alert from event API
+# Create alert API
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
-Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
+
 ## API description
 Creates new [Alert](alerts.md).
 <br>Microsoft Defender ATP Event is a required parameter for the alert creation.
 <br>You can use an event found in Advanced Hunting API or Portal.
 <br>If there existing an open alert on the same Machine with the same Title, the new created alert will be merged with it.
 <br>An automatic investigation starts automatically on alerts created via the API.
 ## Limitations
 1. Rate limitations for this API are 15 calls per minute.
 ## Permissions
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@ -18,15 +18,18 @@ ms.topic: article
 # Delete Indicator API
-**Applies to:**  
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
->[!Note]
+## API description
-> Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
+Deletes an [Indicator](ti-indicator.md) entity by ID.
- Deletes an Indicator entity by ID.
+## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -66,15 +69,5 @@ If Indicator with the specified id was not found - 404 Not Found.
 Here is an example of the request.
 ```
-DELETE https://api.securitycenter.windows.com/api/indicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
+DELETE https://api.securitycenter.windows.com/api/indicators/995
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 204 NO CONTENT
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@ -130,7 +130,7 @@ h. Select  **Manage > Assignments**. In the  **Include**  tab, select  *
 In terminal, run:
 ```bash
-    mdatp --edr --earlypreview true
+    mdatp --edr --early-preview true
 ```
 For versions earlier than 100.78.0, run:
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@ -51,25 +51,25 @@ Content-type: application/json
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
+			"version": "1709",
-            "lastIpAddress": "172.17.230.209",
+			"osProcessor": "x64",
-            "lastExternalIpAddress": "167.220.196.71",
+			"lastIpAddress": "172.17.230.209",
-            "agentVersion": "10.5830.18209.1001",
+			"lastExternalIpAddress": "167.220.196.71",
-            "osBuild": 18209,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "Active",
-            "rbacGroupId": 140,
+			"rbacGroupId": 140,
-            "rbacGroupName": "The-A-Team",
+			"rbacGroupName": "The-A-Team",
-            "riskScore": "High",
+			"riskScore": "Low",
-            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"exposureLevel": "Medium",
-            "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
+			"isAadJoined": true,
 			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "ExampleTag" ]
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
@ -79,7 +79,7 @@ Content-type: application/json
 - Get all the alerts that created after 2018-10-20 00:00:00
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime gt 2018-11-22T00:00:00Z
+HTTP GET  https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime+gt+2018-11-22T00:00:00Z
 ```
 **Response:**
@ -91,28 +91,35 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "value": [
        {
-            "id": "121688558380765161_2136280442",
+            "id": "da637084217856368682_-292920499",
-            "incidentId": 7696,
+			"incidentId": 66860,
-            "assignedTo": "secop@contoso.com",
+			"investigationId": 4416234,
-            "severity": "High",
+			"investigationState": "Running",
-            "status": "New",
+			"assignedTo": "secop@contoso.com",
-            "classification": "TruePositive",
+			"severity": "Low",
-            "determination": "Malware",
+			"status": "New",
-            "investigationState": "Running",
+			"classification": "TruePositive",
-            "category": "MalwareDownload",
+			"determination": null,
-            "detectionSource": "WindowsDefenderAv",
+			"detectionSource": "WindowsDefenderAtp",
-            "threatFamilyName": "Mikatz",
+			"category": "CommandAndControl",
-            "title": "Windows Defender AV detected 'Mikatz', high-severity malware",
+			"threatFamilyName": null,
-            "description": "Some description",
+			"title": "Network connection to a risky host",
-            "alertCreationTime": "2018-11-26T16:19:21.8409809Z",
+			"description": "A network connection was made to a risky host which has exhibited malicious activity.",
-            "firstEventTime": "2018-11-26T16:17:50.0948658Z",
+			"alertCreationTime": "2019-11-03T23:49:45.3823185Z",
-            "lastEventTime": "2018-11-26T16:18:01.809871Z",
+			"firstEventTime": "2019-11-03T23:47:16.2288822Z",
-            "resolvedTime": null,
+			"lastEventTime": "2019-11-03T23:47:51.2966758Z",
-            "machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
+			"lastUpdateTime": "2019-11-03T23:55:52.6Z",
 			"resolvedTime": null,
 			"machineId": "986e5df8b73dacd43c8917d17e523e76b13c75cd",
 			"comments": [
 				{
 					"comment": "test comment for docs",
 					"createdBy": "secop@contoso.com",
 					"createdTime": "2019-11-05T14:08:37.8404534Z"
 				}
 		  ]
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
@ -122,7 +129,7 @@ Content-type: application/json
 - Get all the machines with 'High' 'RiskScore'
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=riskScore eq 'High'
+HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High'
 ```
 **Response:**
@ -135,25 +142,25 @@ Content-type: application/json
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
+			"version": "1709",
-            "lastIpAddress": "172.17.230.209",
+			"osProcessor": "x64",
-            "lastExternalIpAddress": "167.220.196.71",
+			"lastIpAddress": "172.17.230.209",
-            "agentVersion": "10.5830.18209.1001",
+			"lastExternalIpAddress": "167.220.196.71",
-            "osBuild": 18209,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "Active",
-            "rbacGroupId": 140,
+			"rbacGroupId": 140,
-            "rbacGroupName": "The-A-Team",
+			"rbacGroupName": "The-A-Team",
-            "riskScore": "High",
+			"riskScore": "High",
-            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"exposureLevel": "Medium",
-            "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
+			"isAadJoined": true,
 			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "ExampleTag" ]
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
@ -163,7 +170,7 @@ Content-type: application/json
 - Get top 100 machines with 'HealthStatus' not equals to 'Active'
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=healthStatus ne 'Active'&$top=100
+HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 
 ```
 **Response:**
@ -176,25 +183,25 @@ Content-type: application/json
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
+			"version": "1709",
-            "lastIpAddress": "172.17.230.209",
+			"osProcessor": "x64",
-            "lastExternalIpAddress": "167.220.196.71",
+			"lastIpAddress": "172.17.230.209",
-            "agentVersion": "10.5830.18209.1001",
+			"lastExternalIpAddress": "167.220.196.71",
-            "osBuild": 18209,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "ImpairedCommunication",
-            "rbacGroupId": 140,
+			"rbacGroupId": 140,
-            "rbacGroupName": "The-A-Team",
+			"rbacGroupName": "The-A-Team",
-            "riskScore": "High",
+			"riskScore": "Low",
-            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"exposureLevel": "Medium",
-            "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
+			"isAadJoined": true,
 			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "ExampleTag" ]
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
@ -217,25 +224,25 @@ Content-type: application/json
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
+			"version": "1709",
-            "lastIpAddress": "172.17.230.209",
+			"osProcessor": "x64",
-            "lastExternalIpAddress": "167.220.196.71",
+			"lastIpAddress": "172.17.230.209",
-            "agentVersion": "10.5830.18209.1001",
+			"lastExternalIpAddress": "167.220.196.71",
-            "osBuild": 18209,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "ImpairedCommunication",
-            "rbacGroupId": 140,
+			"rbacGroupId": 140,
-            "rbacGroupName": "The-A-Team",
+			"rbacGroupName": "The-A-Team",
-            "riskScore": "High",
+			"riskScore": "Low",
-            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"exposureLevel": "Medium",
-            "machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
+			"isAadJoined": true,
 			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "ExampleTag" ]
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
@ -245,7 +252,7 @@ Content-type: application/json
 - Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender ATP
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@WcdTestPrd.onmicrosoft.com' and type eq 'RunAntiVirusScan'
+HTTP GET  https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
 ```
 **Response:**
@ -257,19 +264,19 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
    "value": [
        {
-            "id": "5c3e3322-d993-1234-1111-dfb136ebc8c5",
+            "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
            "type": "RunAntiVirusScan",
-            "requestor": "Analyst@examples.onmicrosoft.com",
+			"scope": "Full",
-            "requestorComment": "1533",
+            "requestor": "Analyst@contoso.com",
            "requestorComment": "Check machine for viruses due to alert 3212",
            "status": "Succeeded",
-            "machineId": "123321c10e44a82877af76b1d0161a17843f688a",
+            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
-            "creationDateTimeUtc": "2018-11-12T13:33:24.5755657Z",
+            "computerDnsName": "desktop-39g9tgl",
-            "lastUpdateDateTimeUtc": "2018-11-12T13:34:32.0319826Z",
+            "creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
-            "relatedFileInfo": null
+            "lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
 			"relatedFileInfo": null
        },
-        .
+        ...
        .
        .
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@ -17,9 +17,10 @@ ms.topic: article
 ---
 # File resource type
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 Represent a file entity in Microsoft Defender ATP.
@ -37,11 +38,10 @@ Property |	Type	|	Description
 :---|:---|:---
 sha1 | String | Sha1 hash of the file content
 sha256 | String | Sha256 hash of the file content
-md5 | String | md5 hash of the file content
+globalPrevalence | Nullable long | File prevalence across organization
 globalPrevalence | Integer | File prevalence across organization
 globalFirstObserved | DateTimeOffset | First time the file was observed.
 globalLastObserved | DateTimeOffset | Last time the file was observed.
-size | Integer | Size of the file.
+size | Nullable long | Size of the file.
 fileType | String | Type of the file. 
 isPeFile | Boolean | true if the file is portable executable (e.g. "DLL", "EXE", etc.)
 filePublisher | String | File publisher.
@ -50,3 +50,29 @@ signer | String | File signer.
 issuer | String | File issuer.
 signerHash | String | Hash of the signing certificate.
 isValidCertificate | Boolean | Was signing certificate successfully verified by  Microsoft Defender ATP agent.
 determinationType | String | The determination type of the file.
 determinationValue | String | Determination value.
 ## Json representation
 ```json
 {
 	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
 	"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
 	"globalPrevalence": 180022,
 	"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
 	"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
 	"size": 22139496,
 	"fileType": "APP",
 	"isPeFile": true,
 	"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
 	"fileProductName": "EaseUS MobiSaver for Android",
 	"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
 	"issuer": "VeriSign Class 3 Code Signing 2010 CA",
 	"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
 	"isValidCertificate": false,
 	"determinationType": "Pua",
 	"determinationValue": "PUA:Win32/FusionCore"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@ -18,13 +18,19 @@ ms.topic: article
 # Find machines by internal IP API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
-The given timestamp must be in the past 30 days.
+## API description
 Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
 ## Limitations
 1. The given timestamp must be in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -70,37 +76,5 @@ Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
-GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)
+GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-09-22T08:55:03.7791856Z",
 			"osPlatform": "Windows10",
 			"osVersion": "10.0.0.0",
 			"lastIpAddress": "10.248.240.38",
 			"lastExternalIpAddress": "167.220.196.71",
 			"agentVersion": "10.5830.18209.1001",
 			"osBuild": 18209,
 			"healthStatus": "Active",
 			"rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "Low",
 			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert information by ID API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves specific [Alert](alerts.md) by its ID.
 ## Limitations
 1. You can get alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves an alert by its ID.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -56,46 +64,3 @@ Empty
 ## Response
 If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
 ## Example
 **Request**
 Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
 GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
 ```
 **Response**
 Here is an example of the response.
 ```
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "id": "441688558380765161_2136280442",
 	"incidentId": 8633,
 	"assignedTo": "secop@contoso.com",
 	"severity": "Low",
 	"status": "InProgress",
 	"classification": "TruePositive",
 	"determination": "Malware",
 	"investigationState": "Running",
 	"category": "MalwareDownload",
 	"detectionSource": "WindowsDefenderAv",
 	"threatFamilyName": "Mikatz",
 	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 	"description": "Some description",
 	"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 	"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 	"lastEventTime": "2018-11-25T16:18:01.809871Z",
 	"resolvedTime": null,
 	"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@ -18,12 +18,20 @@ ms.topic: article
 # Get alert related domain information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all domains related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,7 +87,11 @@ Content-type: application/json
    "value": [
        {
            "host": "www.example.com"
        },
 		{
            "host": "www.example2.com"
        }
 		...
    ]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@ -18,12 +18,20 @@ ms.topic: article
 # Get alert related files information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all files related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -79,23 +87,25 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
    "value": [
        {
-            "sha1": "654f19c41d9662cf86be21bf0af5a88c38c56a9d",
+            "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",
-            "sha256": "2f905feec2798cee6f63da2c26758d86bfeaab954c01e20ac7085bf55fedde87",
+            "sha256": "dcd71ef5fff4362a9f64cf3f96f14f2b11d6f428f3badbedcb9ff3361e7079aa",
-            "md5": "82849dc81d94056224445ea73dc6153a",
+            "md5": "8d5b7cc9a832e21d22503057e1fec8e9",
-            "globalPrevalence": 33,
+            "globalPrevalence": 29,
-            "globalFirstObserved": "2018-07-17T18:17:27.5909748Z",
+            "globalFirstObserved": "2019-03-23T23:54:06.0135204Z",
-            "globalLastObserved": "2018-08-06T16:07:12.9414137Z",
+            "globalLastObserved": "2019-04-23T00:43:20.0489831Z",
-            "windowsDefenderAVThreatName": null,
+            "size": 113984,
-            "size": 801112,
+            "fileType": null,
            "fileType": "PortableExecutable",
            "isPeFile": true,
-            "filePublisher": null,
+            "filePublisher": "Microsoft Corporation",
-            "fileProductName": null,
+            "fileProductName": "Microsoft® Windows® Operating System",
-            "signer": "Microsoft Windows",
+            "signer": "Microsoft Corporation",
-            "issuer": "Microsoft Development PCA 2014",
+            "issuer": "Microsoft Code Signing PCA",
-            "signerHash": "9e284231a4d1c53fc8d4492b09f65116bf97447f",
+            "signerHash": "9dc17888b5cfad98b3cb35c1994e96227f061675",
-            "isValidCertificate": true
+            "isValidCertificate": true,
            "determinationType": "Unknown",
            "determinationValue": null
        }
 		...
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@ -16,14 +16,22 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
-# Get alert related IP information API
+# Get alert related IPs information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all IPs related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,6 +93,7 @@ Content-type: application/json
 				{
 					"id": "23.203.232.228	
 				}
 				...
 	]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert related machine information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves [Machine](machine.md) related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves machine that is related to a specific alert.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -85,15 +93,16 @@ Content-type: application/json
    "firstSeen": "2018-08-02T14:55:03.7791856Z",
 	"lastSeen": "2018-08-02T14:55:03.7791856Z",
    "osPlatform": "Windows10",
-    "osVersion": "10.0.0.0",
+    "version": "1709",
 	"osProcessor": "x64",
    "lastIpAddress": "172.17.230.209",
    "lastExternalIpAddress": "167.220.196.71",
    "agentVersion": "10.5830.18209.1001",
    "osBuild": 18209,
    "healthStatus": "Active",
    "rbacGroupId": 140,
 	"rbacGroupName": "The-A-Team",
    "riskScore": "Low",
 	"exposureLevel": "Medium",
 	"isAadJoined": true,
    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 	"machineTags": [ "test tag 1", "test tag 2" ]
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get alert related user information API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves the User related to a specific alert.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves the user associated to a specific alert.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -80,13 +88,16 @@ Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
    "id": "contoso\\user1",
-    "firstSeen": "2018-08-02T00:00:00Z",
+    "accountName": "user1",
-    "lastSeen": "2018-08-04T00:00:00Z",
+    "accountDomain": "contoso",
-    "mostPrevalentMachineId": null,
+    "accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
-    "leastPrevalentMachineId": null,
+    "firstSeen": "2019-12-08T06:33:39Z",
    "lastSeen": "2020-01-05T06:58:34Z",
    "mostPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
    "leastPrevalentMachineId": "0111b647235c26159bec3e5eb6c8c3a0cc3ab766",
    "logonTypes": "Network",
-    "logOnMachinesCount": 3,
+    "logOnMachinesCount": 1,
    "isDomainAdmin": false,
-    "isOnlyNetworkUser": null
+    "isOnlyNetworkUser": false
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@ -22,13 +22,19 @@ ms.topic: article
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of Alerts.
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```incidentId```, ```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 Supports [OData V4 queries](https://www.odata.org/documentation/).
-The OData's Filter query is supported on: "alertCreationTime", "incidentId", "InvestigationId", "status", "severity" and "category".
+## Limitations
 1. You can get alerts last updated in the past 30 days.
 2. Maximum page size is 10,000.
 3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -50,10 +56,6 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 GET /api/alerts
 ```
 ## Optional query parameters
 Method supports $top, $select, $filter, $expand and $skip query parameters.
 <br>$expand is available on Files, IPs and Domains. e.g. $expand=files,domains
 ## Request headers
 Name | Type | Description
@ -120,11 +122,9 @@ Here is an example of the response.
 					"createdBy": "secop@contoso.com",
 					"createdTime": "2019-11-05T14:08:37.8404534Z"
 				}
-			],
+			]
 			"alertFiles": [],
 			"alertDomains": [],
 			"alertIps": []
 		}
 		...
 	]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ROBOTS: NOINDEX
 ---
 # Get CVE-KB map API
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get domain related alerts API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of [Alerts](alerts.md) related to a given domain address.
 ## Limitations
 1. You can query on alerts last updated in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves a collection of alerts related to a given domain address.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -68,58 +76,3 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "441688558380765161_2136280442",
            "incidentId": 8633,
            "assignedTo": "secop@contoso.com",
            "severity": "Low",
            "status": "InProgress",
            "classification": "TruePositive",
            "determination": "Malware",
            "investigationState": "Running",
            "category": "MalwareDownload",
            "detectionSource": "WindowsDefenderAv",
            "threatFamilyName": "Mikatz",
            "title": "Windows Defender AV detected 'Mikatz', high-severity malware",
            "description": "Some description",
            "alertCreationTime": "2018-11-25T16:19:21.8409809Z",
            "firstEventTime": "2018-11-25T16:17:50.0948658Z",
            "lastEventTime": "2018-11-25T16:18:01.809871Z",
            "resolvedTime": null,
            "machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        },
        {
            "id": "121688558380765161_2136280442",
            "incidentId": 4123,
            "assignedTo": "secop@contoso.com",
            "severity": "Low",
            "status": "InProgress",
            "classification": "TruePositive",
            "determination": "Malware",
            "investigationState": "Running",
            "category": "MalwareDownload",
            "detectionSource": "WindowsDefenderAv",
            "threatFamilyName": "Mikatz",
            "title": "Windows Defender AV detected 'Mikatz', high-severity malware",
            "description": "Some description",
            "alertCreationTime": "2018-11-24T16:19:21.8409809Z",
            "firstEventTime": "2018-11-24T16:17:50.0948658Z",
            "lastEventTime": "2018-11-24T16:18:01.809871Z",
            "resolvedTime": null,
            "machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@ -17,10 +17,20 @@ ms.topic: article
 ---
 # Get domain related machines API
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Retrieves a collection of machines that have communicated to or from a given domain address.
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
 ## Limitations
 1. You can query on machines last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -68,54 +78,3 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
            "computerDnsName": "mymachine1.contoso.com",
            "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "172.17.230.209",
            "lastExternalIpAddress": "167.220.196.71",
            "agentVersion": "10.5830.18209.1001",
            "osBuild": 18209,
            "healthStatus": "Active",
            "rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
            "riskScore": "Low",
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        },
        {
            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
            "computerDnsName": "mymachine2.contoso.com",
            "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "192.168.12.225",
            "lastExternalIpAddress": "79.183.65.82",
            "agentVersion": "10.5820.17724.1000",
            "osBuild": 17724,
            "healthStatus": "Inactive",
 			"rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
            "riskScore": "Low",
            "aadDeviceId": null,
 			"machineTags": [ "test tag 1" ]
        }
 	]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@ -18,10 +18,18 @@ ms.topic: article
 # Get domain statistics API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves the statistics on the given domain.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves the prevalence for the given domain.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@ -17,10 +17,19 @@ ms.topic: article
 ---
 # Get file information API
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Retrieves a file by identifier Sha1, Sha256, or MD5.
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a [File](files.md) by identifier Sha1, or Sha256
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -62,7 +71,7 @@ Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
-GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1
+GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
 ```
 **Response**
@ -74,22 +83,22 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
+	"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
-    "sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
+	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
-    "sha256": "d4447dffdbb2889b4b4e746b0bc882df1b854101614b0aa83953ef3cb66904cf",
+	"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
-    "md5": "7f05a371d2beffb3784fd2199f81d730",
+	"globalPrevalence": 180022,
-    "globalPrevalence": 7329,
+	"globalFirstObserved": "2017-09-19T03:51:27.6785431Z",
-    "globalFirstObserved": "2018-04-08T05:50:29.4459725Z",
+	"globalLastObserved": "2020-01-06T03:59:21.3229314Z",
-    "globalLastObserved": "2018-08-07T23:35:11.1361328Z",
+	"size": 22139496,
-    "windowsDefenderAVThreatName": null,
+	"fileType": "APP",
-    "size": 391680,
+	"isPeFile": true,
-    "fileType": "PortableExecutable",
+	"filePublisher": "CHENGDU YIWO Tech Development Co., Ltd.",
-    "isPeFile": true,
+	"fileProductName": "EaseUS MobiSaver for Android",
-    "filePublisher": null,
+	"signer": "CHENGDU YIWO Tech Development Co., Ltd.",
-    "fileProductName": null,
+	"issuer": "VeriSign Class 3 Code Signing 2010 CA",
-    "signer": null,
+	"signerHash": "6c3245d4a9bc0244d99dff27af259cbbae2e2d16",
-    "issuer": null,
+	"isValidCertificate": false,
-    "signerHash": null,
+	"determinationType": "Pua",
-    "isValidCertificate": null
+	"determinationValue": "PUA:Win32/FusionCore"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@ -18,12 +18,19 @@ ms.topic: article
 # Get file related alerts API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of alerts related to a given file hash.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,38 +76,3 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {    
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "value": [
        {
            "id": "121688558380765161_2136280442",
 			"incidentId": 7696,
 			"assignedTo": "secop@contoso.com",
 			"severity": "High",
 			"status": "New",
 			"classification": "TruePositive",
 			"determination": "Malware",
 			"investigationState": "Running",
 			"category": "MalwareDownload",
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 			"description": "Some description",
 			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-26T16:18:01.809871Z",
 			"resolvedTime": null,
 			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@ -18,11 +18,18 @@ ms.topic: article
 # Get file related machines API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of [Machines](machine.md) related to a given file hash.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 - Retrieves a collection of machines related to a given file hash.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,52 +76,3 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
            "computerDnsName": "mymachine1.contoso.com",
            "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "172.17.230.209",
            "lastExternalIpAddress": "167.220.196.71",
            "agentVersion": "10.5830.18209.1001",
            "osBuild": 18209,
            "healthStatus": "Active",
            "rbacGroupId": 140,
            "riskScore": "Low",
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        },
        {
            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
            "computerDnsName": "mymachine2.contoso.com",
            "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "192.168.12.225",
            "lastExternalIpAddress": "79.183.65.82",
            "agentVersion": "10.5820.17724.1000",
            "osBuild": 17724,
            "healthStatus": "Inactive",
 			"rbacGroupId": 140,
            "riskScore": "Low",
            "aadDeviceId": null,
 			"machineTags": [ "test tag 1" ]
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@ -18,11 +18,18 @@ ms.topic: article
 # Get file statistics API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves the statistics for the given file.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves the prevalence for the given file.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -64,7 +71,7 @@ Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
-GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/stats
+GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
 ```
 **Response**
@ -77,13 +84,15 @@ HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
-    "sha1": "6532ec91d513acc05f43ee0aa3002599729fd3e1",
+    "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
-    "orgPrevalence": "3",
+    "orgPrevalence": "14850",
-    "orgFirstSeen": "2018-07-15T06:13:59Z",
+    "orgFirstSeen": "2019-12-07T13:44:16Z",
-    "orgLastSeen": "2018-08-03T16:45:21Z",
+    "orgLastSeen": "2020-01-06T13:39:36Z",
    "globalPrevalence": "705012",
    "globalFirstObserved": "2015-03-19T12:20:07.3432441Z",
    "globalLastObserved": "2020-01-06T13:39:36Z",
    "topFileNames": [
-        "chrome_1.exe",
+        "MREC.exe"
 		"chrome_2.exe"
    ]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@ -0,0 +1,110 @@
 ---
 title: List Investigations API
 description: Use this API to create calls related to get Investigations collection
 keywords: apis, graph api, supported apis, Investigations collection
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # List Investigations API
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of [Investigations](investigation.md).
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: ```startTime```, ```state```, ```machineId``` and ```triggeringAlertId``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 ## Limitations
 1. Maximum page size is 10,000.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
 Application |	Alert.Read.All |	'Read all alerts'
 Application |	Alert.ReadWrite.All |	'Read and write all alerts'
 Delegated (work or school account) | Alert.Read | 'Read alerts'
 Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 ## HTTP request
 ```
 GET https://api.securitycenter.windows.com/api/investigations
 ```
 ## Request headers
 Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 ## Request body
 Empty
 ## Response
 If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ## Example
 **Request**
 Here is an example of a request to get all investigations: 
 ```
 GET https://api.securitycenter.windows.com/api/investigations
 ```
 **Response**
 Here is an example of the response:
 ```
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations",
    "value": [
        {
            "id": "63017",
            "startTime": "2020-01-06T14:11:34Z",
            "endTime": null,
            "state": "Running",
            "cancelledBy": null,
            "statusDetails": null,
            "machineId": "a69a22debe5f274d8765ea3c368d00762e057b30",
            "computerDnsName": "desktop-gtrcon0",
            "triggeringAlertId": "da637139166940871892_-598649278"
        }
 		...
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
@ -0,0 +1,66 @@
 ---
 title: Get Investigation object API
 description: Use this API to create calls related to get Investigation object
 keywords: apis, graph api, supported apis, Investigation object
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 # Get Investigation API
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves specific [Investigation](investigation.md) by its ID.
 <br> ID can be the investigation ID or the investigation triggering alert ID.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
 Application |	Alert.Read.All |	'Read all alerts'
 Application |	Alert.ReadWrite.All |	'Read and write all alerts'
 Delegated (work or school account) | Alert.Read | 'Read alerts'
 Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 ## HTTP request
 ```
 GET https://api.securitycenter.windows.com/api/investigations/{id}
 ```
 ## Request headers
 Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 ## Request body
 Empty
 ## Response
 If successful, this method returns 200, Ok response code with a [Investigations](investigation.md) entity.
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@ -18,12 +18,19 @@ ms.topic: article
 # Get IP related alerts API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of alerts related to a given IP address.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -69,39 +76,4 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts
-```
+```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {    
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "value": [
        {
            "id": "441688558380765161_2136280442",
 			"incidentId": 8633,
 			"assignedTo": "secop@contoso.com",
 			"severity": "Low",
 			"status": "InProgress",
 			"classification": "TruePositive",
 			"determination": "Malware",
 			"investigationState": "Running",
 			"category": "MalwareDownload",
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
 			"resolvedTime": null,
 			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@ -18,11 +18,18 @@ ms.topic: article
 # Get IP statistics API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves the statistics for the given IP.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves the prevalence for the given IP.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/07/2018
+ROBOTS: NOINDEX
 ---
 # Get KB collection API
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get machine by ID API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves specific [Machine](machine.md) by its machine ID or computer name.
 ## Limitations
 1. You can get machines last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves a machine entity by ID.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -83,20 +91,22 @@ Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "mymachine1.contoso.com",
+	"computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2018-08-02T14:55:03.7791856Z",
+	"firstSeen": "2018-08-02T14:55:03.7791856Z",
 	"lastSeen": "2018-08-02T14:55:03.7791856Z",
-    "osPlatform": "Windows10",
+	"osPlatform": "Windows10",
-    "osVersion": "10.0.0.0",
+	"version": "1709",
-    "lastIpAddress": "172.17.230.209",
+	"osProcessor": "x64",
-    "lastExternalIpAddress": "167.220.196.71",
+	"lastIpAddress": "172.17.230.209",
-    "agentVersion": "10.5830.18209.1001",
+	"lastExternalIpAddress": "167.220.196.71",
-    "osBuild": 18209,
+	"osBuild": 18209,
-    "healthStatus": "Active",
+	"healthStatus": "Active",
-    "rbacGroupId": 140,
+	"rbacGroupId": 140,
 	"rbacGroupName": "The-A-Team",
-    "riskScore": "Low",
+	"riskScore": "Low",
-    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+	"exposureLevel": "Medium",
 	"isAadJoined": true,
 	"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 	"machineTags": [ "test tag 1", "test tag 2" ]
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@ -18,11 +18,19 @@ ms.topic: article
 # Get machine log on users API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of logged on users on a specific machine.
 ## Limitations
 1. You can query on machines last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Retrieves a collection of logged on users.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -81,26 +89,19 @@ Content-type: application/json
    "value": [
        {
            "id": "contoso\\user1",
-            "firstSeen": "2018-08-02T00:00:00Z",
+            "accountName": "user1",
-            "lastSeen": "2018-08-04T00:00:00Z",
+            "accountDomain": "contoso",
-            "mostPrevalentMachineId": null,
+            "accountSid": "S-1-5-21-72051607-1745760036-109187956-93922",
-            "leastPrevalentMachineId": null,
+            "firstSeen": "2019-12-18T08:02:54Z",
-            "logonTypes": "Network",
+            "lastSeen": "2020-01-06T08:01:48Z",
-            "logOnMachinesCount": 3,
+            "mostPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
-            "isDomainAdmin": false,
+            "leastPrevalentMachineId": "111153d0c675eaa415b8e5f383c6388bff446c62",
-            "isOnlyNetworkUser": null
+            "logonTypes": "Interactive",
            "logOnMachinesCount": 8,
            "isDomainAdmin": true,
            "isOnlyNetworkUser": false
        },
-        {
+		...
            "id": "contoso\\user2",
            "firstSeen": "2018-08-02T00:00:00Z",
            "lastSeen": "2018-08-05T00:00:00Z",
            "mostPrevalentMachineId": null,
            "leastPrevalentMachineId": null,
            "logonTypes": "Network",
            "logOnMachinesCount": 3,
            "isDomainAdmin": false,
            "isOnlyNetworkUser": null
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@ -17,13 +17,20 @@ ms.topic: article
 ---
 # Get machine related alerts  API
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Retrieves a collection of alerts related to a given machine ID.
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves all [Alerts](alerts.md) related to a specific machine.
 ## Limitations
 1. You can query on machines last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@ -54,52 +61,3 @@ Empty
 ## Response
 If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
 ## Example
 **Request**
 Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
 GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/alerts
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {    
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "value": [
        {
            "id": "441688558380765161_2136280442",
 			"incidentId": 8633,
 			"assignedTo": "secop@contoso.com",
 			"severity": "Low",
 			"status": "InProgress",
 			"classification": "TruePositive",
 			"determination": "Malware",
 			"investigationState": "Running",
 			"category": "MalwareDownload",
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
 			"resolvedTime": null,
 			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@ -18,10 +18,18 @@ ms.topic: article
 # Get machineAction API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves specific [Machine Action](machineaction.md) by its ID.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 Get action performed on a machine.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -77,15 +85,17 @@ HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
-    "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
+    "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
-    "type": "RunAntiVirusScan",
+    "type": "Isolate",
-    "requestor": "Analyst@contoso.com",
+	"scope": "Selective",
-    "requestorComment": "Check machine for viruses due to alert 3212",
+    "requestor": "Analyst@TestPrd.onmicrosoft.com",
    "requestorComment": "test for docs",
    "status": "Succeeded",
-    "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
+    "machineId": "7b1f4967d9728e5aa3c06a9e617a22a4a5a17378",
-    "creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
+    "computerDnsName": "desktop-test",
-    "lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
+    "creationDateTimeUtc": "2019-01-02T14:39:38.2262283Z",
-	"relatedFileInfo": null
+    "lastUpdateDateTimeUtc": "2019-01-02T14:40:44.6596267Z",
    "relatedFileInfo": null
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@ -18,17 +18,22 @@ ms.topic: article
 # List MachineActions API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 Gets collection of actions done on machines.
-Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+## API description
 Retrieves a collection of [Machine Actions](machineaction.md).
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: ```status```, ```machineId```, ```type```, ```requestor``` and ```creationDateTimeUtc``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
-See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
+## Limitations
 1. Maximum page size is 10,000.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -89,10 +94,12 @@ Content-type: application/json
        {
            "id": "69dc3630-1ccc-4342-acf3-35286eec741d",
            "type": "CollectInvestigationPackage",
 			"scope": null,
            "requestor": "Analyst@contoso.com",
            "requestorComment": "test",
            "status": "Succeeded",
            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
            "computerDnsName": "desktop-39g9tgl",
            "creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
            "lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
 			"relatedFileInfo": null
@ -100,10 +107,12 @@ Content-type: application/json
        {
            "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
            "type": "RunAntiVirusScan",
 			"scope": "Full",
            "requestor": "Analyst@contoso.com",
            "requestorComment": "Check machine for viruses due to alert 3212",
            "status": "Succeeded",
            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
            "computerDnsName": "desktop-39g9tgl",
            "creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
            "lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
 			"relatedFileInfo": null
@ -111,10 +120,12 @@ Content-type: application/json
        {
            "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e",
            "type": "StopAndQuarantineFile",
 			"scope": null,
            "requestor": "Analyst@contoso.com",
            "requestorComment": "test",
            "status": "Succeeded",
            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
 			"computerDnsName": "desktop-39g9tgl",
            "creationDateTimeUtc": "2018-12-04T12:15:40.6052029Z",
            "lastUpdateTimeUtc": "2018-12-04T12:16:14.2899973Z",
 			"relatedFileInfo": {
@ -151,10 +162,12 @@ Content-type: application/json
        {
            "id": "69dc3630-1ccc-4342-acf3-35286eec741d",
            "type": "CollectInvestigationPackage",
 			"scope": null,
            "requestor": "Analyst@contoso.com",
            "requestorComment": "test",
            "status": "Succeeded",
            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
 			"computerDnsName": "desktop-39g9tgl",
            "creationDateTimeUtc": "2018-12-04T12:43:57.2011911Z",
            "lastUpdateTimeUtc": "2018-12-04T12:45:25.4049122Z",
 			"relatedFileInfo": null
@ -162,10 +175,12 @@ Content-type: application/json
        {
            "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
            "type": "RunAntiVirusScan",
 			"scope": "Full",
            "requestor": "Analyst@contoso.com",
            "requestorComment": "Check machine for viruses due to alert 3212",
            "status": "Succeeded",
            "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f",
 			"computerDnsName": "desktop-39g9tgl",
            "creationDateTimeUtc": "2018-12-04T12:18:27.1293487Z",
            "lastUpdateTimeUtc": "2018-12-04T12:18:57.5511934Z",
 			"relatedFileInfo": null
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@ -18,17 +18,23 @@ ms.topic: article
 # List machines API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 This API can do the following actions:
- Retrieves a collection of machines that have communicated with  Microsoft Defender ATP cloud on the last 30 days.
+## API description
- Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+Retrieves a collection of [Machines](machine.md) that have communicated with  Microsoft Defender ATP cloud on the last 30 days.
- The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
+<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```lastIpAddress```, ```healthStatus```, ```osPlatform```, ```riskScore```, ```rbacGroupId``` and ```machineTags``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 ## Limitations
 1. You can get machines last seen in the past 30 days.
 2. Maximum page size is 10,000.
 3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 ## Permissions
@ -88,42 +94,25 @@ Content-type: application/json
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
+			"version": "1709",
-            "lastIpAddress": "172.17.230.209",
+			"osProcessor": "x64",
-            "lastExternalIpAddress": "167.220.196.71",
+			"lastIpAddress": "172.17.230.209",
-            "agentVersion": "10.5830.18209.1001",
+			"lastExternalIpAddress": "167.220.196.71",
-            "osBuild": 18209,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "Active",
            "rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
            "riskScore": "Low",
 			"isAadJoined": true,
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        },
        {
            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
            "computerDnsName": "mymachine2.contoso.com",
            "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "192.168.12.225",
            "lastExternalIpAddress": "79.183.65.82",
            "agentVersion": "10.5820.17724.1000",
            "osBuild": 17724,
            "healthStatus": "Inactive",
 			"rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
-            "riskScore": "Low",
+			"riskScore": "Low",
-			"isAadJoined": false,
+			"exposureLevel": "Medium",
-            "aadDeviceId": null,
+			"isAadJoined": true,
-			"machineTags": [ "test tag 1" ]
+			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        }
 		...
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@ -18,11 +18,14 @@ ms.topic: article
 # Get package SAS URI API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Get a URI that allows downloading of an [Investigation package](collect-investigation-package.md).
 Get a URI that allows downloading of an [investigation package](collect-investigation-package.md).
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@ -0,0 +1,54 @@
 ---
 title: Become a Microsoft Defender ATP partner
 ms.reviewer: 
 description: Learn the steps and requirements so that you can integrate your solution with Microsoft Defender ATP and be a partner
 keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual 
 ---
 # Become a Microsoft Defender ATP partner
 **Applies to:** 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 To become a Microsoft Defender ATP solution partner, you'll need to follow and complete the following steps.
 ## Step 1: Subscribe to a Microsoft Defender ATP Developer license
 Subscribing to the [Microsoft Defender ATP Developer license](https://winatpregistration-prd.trafficmanager.net/Developer/UserAgreement?Length=9) allows you to use a Microsoft Defender ATP tenant with up to 10 devices for developing solutions to integrate with Microsoft Defender ATP. 
 ## Step 2: Fulfill the solution validation and certification requirements
 The best way for technology partners to certify their integration works, is to have a joint customer approve the suggested integration design and have it tested and demoed to the Microsoft Defender ATP team.
 Once the Microsoft Defender ATP team has reviewed and approves the integration, we will direct you to be included as a partner at the Microsoft Intelligent Security Association.
 ## Step 3: Become a  Microsoft Intelligent Security Association member
 [Microsoft Intelligent Security Association](https://www.microsoft.com/security/partnerships/intelligent-security-association) is a program specifically for Microsoft security partners to help enrich your security products and improve customer discoverability of your integrations to Microsoft security products.
 ## Step 4: Get listed in the Microsoft Defender ATP partner application portal
 Microsoft Defender ATP supports third-party applications discovery and integration using the in-product [partner page](partner-applications.md) that is embedded within the Microsoft Defender ATP management portal. 
 To have your company listed as a partner in the in-product partner page, you will need to provide the following:
 1. A square logo (SVG).
 2. Name of the product to be presented.
 3. Provide a 15-word product description.
 4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Please note that any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. You should allow at least 10 days for review process to be performed.
 5.	If you use a multi-tenant Azure AD approach, we will need the AAD application name to track usage of the application.
 Partnership with Microsoft Defender ATP help our mutual customers to further streamline, integrate, and orchestrate defenses. We are happy that you chose to become a Microsoft Defender ATP partner and to achieve our common goal of effectively protecting customers and their assets by preventing and responding to modern threats together.
 ## Related topics
 - [Technical partner opportunities](partner-integration.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@ -18,16 +18,21 @@ ms.topic: article
 # List Indicators API
-**Applies to:** 
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
->[!NOTE]
+## API description
-> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
+Retrieves a collection of all active [Indicators](ti-indicator.md).
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: ```indicatorValue```, ```indicatorType```, ```creationTimeDateTimeUtc```, ```createdBy```, ```action``` and ```severity``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
- Gets collection of TI Indicators.
+## Limitations
- Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -36,7 +41,7 @@ Permission type |	Permission	|	Permission display name
 :---|:---|:---
 Application |	Ti.ReadWrite |	'Read and write Indicators'
 Application |	Ti.ReadWrite.All |	'Read and write All Indicators'
-
+Delegated (work or school account) |	Ti.ReadWrite |	'Read and write Indicators'
 ## HTTP request
 ```
@ -82,26 +87,38 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
    "value": [
        {
 			"id": "995",
            "indicatorValue": "12.13.14.15",
            "indicatorType": "IpAddress",
 			"action": "Alert",
 			"application": "demo-test",
 			"source": "TestPrdApp",
 			"sourceType": "AadApp",
            "title": "test",
            "creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z",
            "createdBy": "45097602-1234-5678-1234-9f453233e62c",
            "expirationTime": "2020-12-12T00:00:00Z",
-            "action": "Alert",
+			"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
 			"lastUpdatedBy": TestPrdApp,
            "severity": "Informational",
            "description": "test",
            "recommendedActions": "test",
 			"rbacGroupNames": []
        },
        {
 			"id": "996",
            "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
            "indicatorType": "FileSha1",
 			"action": "AlertAndBlock",
 			"application": null,
 			"source": "TestPrdApp",
 			"sourceType": "AadApp",
            "title": "test",
            "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
            "createdBy": "45097602-1234-5678-1234-9f453233e62c",
            "expirationTime": "2020-12-12T00:00:00Z",
-            "action": "AlertAndBlock",
+			"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
 			"lastUpdatedBy": TestPrdApp,
            "severity": "Informational",
            "description": "test",
            "recommendedActions": "TEST",
@ -119,7 +136,7 @@ Content-type: application/json
 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 
 ```
-GET https://api.securitycenter.windows.com/api/indicators?$filter=action eq 'AlertAndBlock'
+GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```
 **Response**
@ -133,13 +150,19 @@ Content-type: application/json
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
    "value": [
        {
-            "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+			"id": "997",
            "indicatorValue": "111e7d15b0b3d7fac48f2bd61114db1022197f7f",
            "indicatorType": "FileSha1",
 			"action": "AlertAndBlock",
 			"application": null,
 			"source": "TestPrdApp",
 			"sourceType": "AadApp",
            "title": "test",
            "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
            "createdBy": "45097602-1234-5678-1234-9f453233e62c",
            "expirationTime": "2020-12-12T00:00:00Z",
-            "action": "AlertAndBlock",
+			"lastUpdateTime": "2019-10-24T10:54:23.2009016Z",
 			"lastUpdatedBy": TestPrdApp,
            "severity": "Informational",
            "description": "test",
            "recommendedActions": "TEST",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@ -18,12 +18,19 @@ ms.topic: article
 # Get user related alerts API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of alerts related to a given user ID.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -70,59 +77,4 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/users/user1/alerts
-```
+```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {    
 	"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
    "value": [
        {
            "id": "441688558380765161_2136280442",
 			"incidentId": 8633,
 			"assignedTo": "secop@contoso.com",
 			"severity": "Low",
 			"status": "InProgress",
 			"classification": "TruePositive",
 			"determination": "Malware",
 			"investigationState": "Running",
 			"category": "MalwareDownload",
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 			"description": "Some description",
 			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-25T16:18:01.809871Z",
 			"resolvedTime": null,
 			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        },
        {
            "id": "121688558380765161_2136280442",
 			"incidentId": 4123,
 			"assignedTo": "secop@contoso.com",
 			"severity": "Low",
 			"status": "InProgress",
 			"classification": "TruePositive",
 			"determination": "Malware",
 			"investigationState": "Running",
 			"category": "MalwareDownload",
 			"detectionSource": "WindowsDefenderAv",
 			"threatFamilyName": "Mikatz",
 			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
 			"description": "Some description",
 			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
 			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
 			"lastEventTime": "2018-11-24T16:18:01.809871Z",
 			"resolvedTime": null,
 			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
        }
 	]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@ -18,12 +18,19 @@ ms.topic: article
 # Get user related machines API
-**Applies to:**
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Retrieves a collection of machines related to a given user ID.
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
@ -72,54 +79,3 @@ Here is an example of the request.
 ```
 GET https://api.securitycenter.windows.com/api/users/user1/machines
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 OK
 Content-type: application/json
 {    
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
            "computerDnsName": "mymachine1.contoso.com",
            "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "172.17.230.209",
            "lastExternalIpAddress": "167.220.196.71",
            "agentVersion": "10.5830.18209.1001",
            "osBuild": 18209,
            "healthStatus": "Active",
            "rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
            "riskScore": "Low",
            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
 			"machineTags": [ "test tag 1", "test tag 2" ]
        },
        {
            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
            "computerDnsName": "mymachine2.contoso.com",
            "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
            "osPlatform": "Windows10",
            "osVersion": "10.0.0.0",
            "lastIpAddress": "192.168.12.225",
            "lastExternalIpAddress": "79.183.65.82",
            "agentVersion": "10.5820.17724.1000",
            "osBuild": 17724,
            "healthStatus": "Inactive",
 			"rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
            "riskScore": "Low",
            "aadDeviceId": null,
 			"machineTags": [ "test tag 1" ]
        }
    ]
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/images/api-and-integration.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/api-and-integration.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/atp-apis.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/atp-apis.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-apis.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-apis.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/remediationtype_swupdatefilter.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/remediationtype_swupdatefilter.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/secrec_flyouteolsw.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/secrec_flyouteolsw.png
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@ -1,7 +1,7 @@
 ---
-title: Initiate machine investigation API
+title: Start Investigation API
-description: Use this API to create calls related to initiating an investigation on a machine.
+description: Use this API to start investigation on a machine.
-keywords: apis, graph api, supported apis, initiate AutoIR investigation
+keywords: apis, graph api, supported apis, investigation
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -16,38 +16,39 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
-# Initiate machine investigation API (Preview)
+# Start Investigation API
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-> [!IMPORTANT]
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-Initiate AutoIR investigation on a machine.
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 ## API description
 Start automated investigation on a machine.
 <br>See [Overview of automated investigations](automated-investigations.md) for more information.
 >[!Note]
 > This page focuses on performing an automated investigation on a machine. See [automated investigation](automated-investigations.md) for more information.
 ## Limitations
-1. The number of executions is limited (up to 5 calls per hour).
+1. Rate limitations for this API are 50 calls per hour.
-2. For Automated Investigation limitations, see [Automated Investigation](automated-investigations.md).
+
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
-Application |	Alert.ReadWrite.All	 |	'Read and write all alerts'
+Application |	Alert.ReadWrite.All |	'Read and write all alerts'
-Delegated (work or school account) |	Alert.ReadWrite |	'Read and write alerts'
+Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information)
 >- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/InitiateInvestigation
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/startInvestigation
 ```
 ## Request headers
@ -64,8 +65,10 @@ Parameter |	Type	| Description
 :---|:---|:---
 Comment |	String |	Comment to associate with the action. **Required**.
 ## Response
-If successful, this method returns 200 OK response code with object that holds the investigation ID in the "value" parameter. If machine was not found - 404 Not Found.
+If successful, this method returns 201 - Created response code and [Investigation](investigation.md) in the response body.
 ## Example
@ -76,23 +79,8 @@ Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ```
-POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/InitiateInvestigation
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
 Content-type: application/json
 {
-  "Comment": "Initiate an investigation on machine fb9ab6be3965095a09c057be7c90f0a2"
+  "Comment": "Test investigation",
 }
 ```
 **Response**
 Here is an example of the response.
 ```
 HTTP/1.1 200 Created
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.Int64",
    "value": 5146
 }
 ```
--- a/Show More
+++ b/Show More