Merge pull request #3374 from MicrosoftDocs/master

Publish 07/24/2020 3:30 PM

windows/privacy/index.yml

@@ -14,7 +14,7 @@ metadata:
   author: danihalfin
   ms.author: daniha
   manager: dansimp
-  ms.date: 02/21/2019 #Required; mm/dd/yyyy format.
+  ms.date: 07/21/2020 #Required; mm/dd/yyyy format.
   ms.localizationpriority: high
 
 # highlightedContent section (optional)
@@ -55,7 +55,7 @@ productDirectory:
     - title: Changes to Windows diagnostic data collection
       imageSrc: https://docs.microsoft.com/media/common/i_build.svg
       summary: See what changes Windows is making to align to the new data collection taxonomy
-      url: windows-diagnostic-data.md  
+      url: changes-to-windows-diagnostic-data-collection.md  
 
 # conceptualContent section (optional)
 # conceptualContent:
@@ -179,4 +179,4 @@ additionalContent:
             - text: Support for GDPR Accountability on Service Trust Portal
               url: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
   # footer (optional)
-  # footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"
+  # footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -30,6 +30,7 @@ This article describes the network connections that Windows 10 components make t
 Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Windows Defender are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
 
 >[!IMPORTANT]
+> - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices.
 > - The Allowed Traffic endpoints are listed here: [Allowed Traffic](#bkmk-allowedtraffic)
 >     -   CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 > - For security reasons, it is important to take care in deciding which settings to configure as some of them may result in a less secure device. Examples of settings that can lead to a less secure device configuration include: Windows Update, Automatic Root Certificates Update, and Windows Defender. Accordingly, we do not recommend disabling any of these features.

windows/security/threat-protection/TOC.md

@@ -848,6 +848,8 @@
 ####### [Event 4689 S: A process has exited.](auditing/event-4689.md)
 ###### [Audit RPC Events](auditing/audit-rpc-events.md)
 ####### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md)
+###### [Audit Token Right Adjusted](auditing/audit-token-right-adjusted.md)
+####### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md)
 ###### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md)
 ####### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md)
 ####### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md)

windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md

@@ -25,6 +25,9 @@ manager: dansimp
 
 This article describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Microsoft Defender AV.
 
+> [!NOTE]
+> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices).
+
 On at least two devices that are experiencing the same issue, obtain the .cab diagnostic file by taking the following steps:
 
 1. Open an administrator-level version of the command prompt as follows:

windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md

@@ -27,6 +27,9 @@ ms.topic: article
 
 Investigate the details of an alert raised on a specific device to identify other behaviors or events that might be related to the alert or the potential scope of the breach.
 
+> [!NOTE]
+> As part of the investigation or response process, you can collect an investigation package from a device. Here's how: [Collect investigation package from devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#collect-investigation-package-from-devices).
+
 You can click on affected devices whenever you see them in the portal to open a detailed report about that device. Affected devices are identified in the following areas:
 
 - [Devices list](investigate-machines.md)

windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md

@@ -19,6 +19,10 @@ ms.topic: conceptual
 
 # What's new in Microsoft Defender Advanced Threat Protection for Linux
 
+## 101.03.48
+
+- Bug fixes
+
 ## 101.02.55
 
 - Fixed an issue where the product sometimes does not start following a reboot / upgrade