From c18f5cf4561192d2a33c43cd7d80b777fb05ed64 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 30 Dec 2020 21:19:53 +0500
Subject: [PATCH 01/38] Update indicator-ip-domain.md

---
 .../microsoft-defender-atp/indicator-ip-domain.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 800f2e0f16..8578ea6865 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -53,8 +53,8 @@ It's important to understand the following prerequisites prior to creating indic
 > NOTE:
 >- IP is supported for all three protocols
 >- Only single IP addresses are supported (no CIDR blocks or IP ranges)
->- Encrypted URLs (full path) can only be blocked on first party browsers
->- Encrypted URLS (FQDN only) can be blocked outside of first party browsers
+>- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
+>- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
 >- Full URL path blocks can be applied on the domain level and all unencrypted URLs
  
 >[!NOTE]

From f9ff878940fae57246d447f84a483b302e7633dd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 30 Dec 2020 09:29:20 -0800
Subject: [PATCH 02/38] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index 8578ea6865..b32d4960f4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -51,8 +51,8 @@ It's important to understand the following prerequisites prior to creating indic
 > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
 > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement: <br>
 > NOTE:
->- IP is supported for all three protocols
->- Only single IP addresses are supported (no CIDR blocks or IP ranges)
+> - IP is supported for all three protocols
+> - Only single IP addresses are supported (no CIDR blocks or IP ranges)
 >- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
 >- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
 >- Full URL path blocks can be applied on the domain level and all unencrypted URLs

From ed4e39ec8c49bdd5bc239c8ca110891deea03fd1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 30 Dec 2020 09:29:39 -0800
Subject: [PATCH 03/38] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index b32d4960f4..f859c87358 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -53,9 +53,9 @@ It's important to understand the following prerequisites prior to creating indic
 > NOTE:
 > - IP is supported for all three protocols
 > - Only single IP addresses are supported (no CIDR blocks or IP ranges)
->- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
->- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
->- Full URL path blocks can be applied on the domain level and all unencrypted URLs
+> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
+> - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
+> - Full URL path blocks can be applied on the domain level and all unencrypted URLs
  
 >[!NOTE]
 >There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. 

From 450a5f715b91452bac1d738c28e54fe866a36778 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 30 Dec 2020 09:29:45 -0800
Subject: [PATCH 04/38] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index f859c87358..bda2d79c6e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -57,7 +57,7 @@ It's important to understand the following prerequisites prior to creating indic
 > - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
 > - Full URL path blocks can be applied on the domain level and all unencrypted URLs
  
->[!NOTE]
+> [!NOTE]
 >There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. 
 
 ### Create an indicator for IPs, URLs, or domains from the settings page

From cd39eabbee12375fcb736c8ee5a3f657811345b4 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 31 Dec 2020 21:50:24 +0500
Subject: [PATCH 05/38] Correction in Syntax and addition of domain

As mentioned by the user, the domain was not added for cloud-based protection and there was a syntax issue with the smart screen domain.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8876
---
 .../windows-endpoints-20H2-non-enterprise-editions.md    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index 6f82f0ddf4..c19e120272 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -107,9 +107,10 @@ The following methodology was used to derive the network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
 |Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
-|||HTTPS/HTTP|*smartscreen-prod.microsoft.com|
+||||wdcpalt.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
 |||TLSv1.2|definitionupdates.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
 |||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|
@@ -180,6 +181,7 @@ The following methodology was used to derive the network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
 |Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
+||||wdcpalt.microsoft.com|
 |||HTTPS/HTTP|*smartscreen-prod.microsoft.com|
 ||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
@@ -245,6 +247,7 @@ The following methodology was used to derive the network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
 |Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
+||||wdcpalt.microsoft.com|
 |||HTTPS/HTTP|*smartscreen-prod.microsoft.com|
 ||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
@@ -261,4 +264,4 @@ The following methodology was used to derive the network endpoints:
 |Xbox Live|The following endpoints are used for Xbox Live.|
 |||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
 |||TLSv1.2/HTTPS|da.xboxservices.com|
-|
\ No newline at end of file
+|

From 14708380b48e7428b4e49b4d11e79d692d4180fa Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 1 Jan 2021 13:21:58 +0500
Subject: [PATCH 06/38] Update
 windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/indicator-ip-domain.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
index bda2d79c6e..3ed8df33d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md
@@ -58,7 +58,7 @@ It's important to understand the following prerequisites prior to creating indic
 > - Full URL path blocks can be applied on the domain level and all unencrypted URLs
  
 > [!NOTE]
->There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. 
+> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. 
 
 ### Create an indicator for IPs, URLs, or domains from the settings page
 

From c3b037390bd0960b5a81bcf4cb3af1958ce31645 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 1 Jan 2021 21:09:46 +0500
Subject: [PATCH 07/38] Update
 windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../privacy/windows-endpoints-20H2-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index c19e120272..946361ac1b 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -182,7 +182,7 @@ The following methodology was used to derive the network endpoints:
 |Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
 ||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*smartscreen-prod.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
 ||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|

From 324a5a11481e1014aebeb400a77e536ecf6cfd9d Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Fri, 1 Jan 2021 21:10:18 +0500
Subject: [PATCH 08/38] Update
 windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../privacy/windows-endpoints-20H2-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index 946361ac1b..635f62072e 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -248,7 +248,7 @@ The following methodology was used to derive the network endpoints:
 |Teams|The following endpoint is used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
 ||||wdcpalt.microsoft.com|
-|||HTTPS/HTTP|*smartscreen-prod.microsoft.com|
+|||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
 ||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|

From dd45d68fa1220c50427affd1e9eb5e94aca69b19 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 09:56:54 -0700
Subject: [PATCH 09/38] Update
 windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../privacy/windows-endpoints-20H2-non-enterprise-editions.md    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index 635f62072e..b1df5bfda6 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -264,4 +264,3 @@ The following methodology was used to derive the network endpoints:
 |Xbox Live|The following endpoints are used for Xbox Live.|
 |||TLSv1.2/HTTPS/HTTP|dlassets-ssl.xboxlive.com|
 |||TLSv1.2/HTTPS|da.xboxservices.com|
-|

From 67cee76a3bb382c19cb9fbb68c1b3a901b8ef6d9 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 10:12:20 -0700
Subject: [PATCH 10/38] Update
 windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../privacy/windows-endpoints-20H2-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index b1df5bfda6..ae59ae6afc 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -183,7 +183,7 @@ The following methodology was used to derive the network endpoints:
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
 ||||wdcpalt.microsoft.com|
 |||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
 |||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|

From d40da597c5ff4b0c21e8bcaae2dea83d8e632345 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Jan 2021 10:12:29 -0700
Subject: [PATCH 11/38] Update
 windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../privacy/windows-endpoints-20H2-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index ae59ae6afc..66a3637398 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -249,7 +249,7 @@ The following methodology was used to derive the network endpoints:
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled|TLSv1.2/HTTPS|wdcp.microsoft.com|
 ||||wdcpalt.microsoft.com|
 |||HTTPS/HTTP|*.smartscreen-prod.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*smartscreen.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications.|TLSv1.2|*.smartscreen.microsoft.com|
 |||TLSv1.2/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips.|TLSv1.2/HTTPS/HTTP|arc.msn.com*|
 |||TLSv1.2/HTTPS/HTTP|ris.api.iris.microsoft.com|

From fee4a005f198eca3a96b7d8bbd892f16b40829f6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 7 Jan 2021 10:51:47 +0500
Subject: [PATCH 12/38] Updated the broken link

A link was pointing to a point where there was no information for Bluetooth pairing. Link updated to point to the correct information.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8905
---
 windows/whats-new/whats-new-windows-10-version-2004.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 38d51da399..562b8ec51b 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -212,7 +212,7 @@ You can now [rename your virtual desktops](https://docs.microsoft.com/windows-in
 
 ### Bluetooth pairing
 
-Pairing Bluetooth devices with your computer will occur through notifications, so you won't need to go to the Settings app to finish pairing. Other improvements include faster pairing and device name display. For more information, see [Improving your Bluetooth pairing experience](https://docs.microsoft.com/windows-insider/at-home/Whats-new-wip-at-home-20h1#improving-your-bluetooth-pairing-experience-build-18985).
+Pairing Bluetooth devices with your computer will occur through notifications, so you won't need to go to the Settings app to finish pairing. Other improvements include faster pairing and device name display. For more information, see [Improving your Bluetooth pairing experience](https://docs.microsoft.com/windows-insider/archive/new-in-20h1#improving-your-bluetooth-pairing-experience-build-18985).
 
 ### Reset this PC
 

From c4fa84e1dc3620c144718bc29780aa8bcdf697b9 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Mon, 11 Jan 2021 21:58:03 -0800
Subject: [PATCH 13/38] Add release notes for MDEP for Mac 101.19.21

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 692a50914e..4f5d0daced 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -29,6 +29,10 @@ ms.topic: conceptual
 > [!IMPORTANT]
 > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
 
+## 101.19.21
+
+- Bug fixes
+
 ## 101.15.26
 
 - Improved the reliability of the agent when running on macOS 11 Big Sur

From c27c8d67503bb45cc8139081c0afad99ffc0f5e7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:23:39 -0800
Subject: [PATCH 14/38] Update
 common-exclusion-mistakes-microsoft-defender-antivirus.md

---
 ...n-mistakes-microsoft-defender-antivirus.md | 120 ++----------------
 1 file changed, 11 insertions(+), 109 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index d33ce3552f..c4401ca56a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -26,128 +26,30 @@ This article describes some common mistake that you should avoid when defining e
 Before defining your exclusion lists, see [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions).
 
 ## Excluding certain trusted items
-Certain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious. Refer to the following section for items that you should not exclude from scanning.
 
-**Do not add exclusions for the following folder locations:**
+Certain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious. 
 
-- %systemdrive%
-- C:
-- C:\
-- C:\*
-- %ProgramFiles%\Java
-- C:\Program Files\Java
-- %ProgramFiles%\Contoso\
-- C:\Program Files\Contoso\
-- %ProgramFiles(x86)%\Contoso\
-- C:\Program Files (x86)\Contoso\
-- C:\Temp
-- C:\Temp\
-- C:\Temp\*
-- C:\Users\
-- C:\Users\*
-- C:\Users\<UserProfileName>\AppData\Local\Temp\
-- C:\Users\<UserProfileName>\AppData\LocalLow\Temp\
-- C:\Users\<UserProfileName>\AppData\Roaming\Temp\
-- %Windir%\Prefetch
-- C:\Windows\Prefetch
-- C:\Windows\Prefetch\
-- C:\Windows\Prefetch\*
-- %Windir%\System32\Spool
-- C:\Windows\System32\Spool
-- C:\Windows\System32\CatRoot2
-- %Windir%\Temp
-- C:\Windows\Temp
-- C:\Windows\Temp\
-- C:\Windows\Temp\*
+Do not define exclusions for the folder locations, file extensions, and processes that are listed in the following table:
 
-**Do not add exclusions for the following file extensions:**  
-- `.7zip`
-- `.bat`
-- `.bin`
-- `.cab`
-- `.cmd`
-- `.com`
-- `.cpl`
-- `.dll`
-- `.exe`
-- `.fla`
-- `.gif`
-- `.gz`
-- `.hta`
-- `.inf`
-- `.java`
-- `.jar`
-- `.job`
-- `.jpeg`
-- `.jpg`
-- `.js`
-- `.ko`
-- `.ko.gz`
-- `.msi`
-- `.ocx`
-- `.png`
-- `.ps1`
-- `.py`
-- `.rar`
-- `.reg`
-- `.scr`
-- `.sys`
-- `.tar`
-- `.tmp`
-- `.url`
-- `.vbe`
-- `.vbs`
-- `.wsf`
-- `.zip`
+| Folder locations | File extensions | Processes |
+|:--|:--|:--|
+| `%systemdrive%` <br/> `C:`<br/> `C:\` <br/> `C:\*` <br/> `%ProgramFiles%\Java` <br/> `C:\Program Files\Java` <br/> `%ProgramFiles%\Contoso\` <br/> `C:\Program Files\Contoso\` <br/> `%ProgramFiles(x86)%\Contoso\` <br/> `C:\Program Files (x86)\Contoso\` <br/> `C:\Temp` <br/> `C:\Temp\` <br/> `C:\Temp\*` <br/> `C:\Users\` <br/> `C:\Users\*` <br/> `C:\Users\<UserProfileName>\AppData\Local\Temp\` <br/> `C:\Users\<UserProfileName>\AppData\LocalLow\Temp\` <br/> `C:\Users\<UserProfileName>\AppData\Roaming\Temp\` <br/> `%Windir%\Prefetch` <br/> `C:\Windows\Prefetch` <br/> `C:\Windows\Prefetch\` <br/> `C:\Windows\Prefetch\*` <br/> `%Windir%\System32\Spool` <br/> `C:\Windows\System32\Spool` <br/> `C:\Windows\System32\CatRoot2` <br/> `%Windir%\Temp` <br/> `C:\Windows\Temp` <br/> `C:\Windows\Temp\` <br/> `C:\Windows\Temp\*` | `.7zip` <br/> `.bat` <br/> `.bin` <br/> `.cab` <br/> `.cmd` <br/> `.com` <br/> `.cpl` <br/> `.dll` <br/> `.exe` <br/> `.fla` <br/> `.gif` <br/> `.gz` <br/> `.hta` <br/> `.inf` <br/> `.java` <br/> `.jar` <br/> `.job` <br/> `.jpeg` <br/> `.jpg` <br/> `.js` <br/> `.ko` <br/> `.ko.gz` <br/> `.msi` <br/> `.ocx` <br/> `.png` <br/> `.ps1` <br/> `.py` <br/> `.rar` <br/> `.reg` <br/> `.scr` <br/> `.sys` <br/> `.tar` <br/> `.tmp` <br/> `.url` <br/> `.vbe` <br/> `.vbs` <br/> `.wsf` <br/> `.zip` | `AcroRd32.exe` <br/> `bitsadmin.exe` <br/> `excel.exe` <br/> `iexplore.exe` <br/> `java.exe` <br/> `outlook.exe` <br/> `psexec.exe` <br/> `powerpnt.exe` <br/> `powershell.exe` <br/> `schtasks.exe`  <br/> `svchost.exe` <br/>`wmic.exe` <br/> `winword.exe` <br/> `wuauclt.exe` <br/> `addinprocess.exe` <br/> `addinprocess32.exe` <br/> `addinutil.exe` <br/> `bash.exe` <br/> `bginfo.exe`[1] <br/>`cdb.exe` <br/> `csi.exe` <br/> `dbghost.exe` <br/> `dbgsvc.exe` <br/> `dnx.exe` <br/> `fsi.exe` <br/> `fsiAnyCpu.exe` <br/> `kd.exe` <br/> `ntkd.exe` <br/> `lxssmanager.dll` <br/> `msbuild.exe`[2] <br/> `mshta.exe` <br/> `ntsd.exe` <br/> `rcsi.exe` <br/> `system.management.automation.dll` <br/> `windbg.exe` |
 
 >[!NOTE]
-> You can chose to exclude file types, such as .gif, .jpg, .jpeg, .png if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
-
-**Do not add exclusions for the following processes:**  
-- AcroRd32.exe
-- bitsadmin.exe
-- excel.exe
-- iexplore.exe
-- java.exe
-- outlook.exe
-- psexec.exe
-- powerpnt.exe
-- powershell.exe
-- schtasks.exe
-- svchost.exe
-- wmic.exe
-- winword.exe
-- wuauclt.exe
-- addinprocess.exe
-- addinprocess32.exe
-- addinutil.exe
-- bash.exe
-- bginfo.exe[1]
-- cdb.exe
-- csi.exe
-- dbghost.exe
-- dbgsvc.exe
-- dnx.exe
-- fsi.exe
-- fsiAnyCpu.exe
-- kd.exe
-- ntkd.exe
-- lxssmanager.dll
-- msbuild.exe[2]
-- mshta.exe
-- ntsd.exe
-- rcsi.exe
-- system.management.automation.dll
-- windbg.exe
+> You can chose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
 
 ## Using just the file name in the exclusion list
-A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude **Filename.exe** from scanning, use the complete path to the file, such as **C:\program files\contoso\Filename.exe**.
+
+A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude `Filename.exe` from scanning, use the complete path to the file, such as `C:\program files\contoso\Filename.exe`.
 
 ## Using a single exclusion list for multiple server workloads
+
 Do not use a single exclusion list to define exclusions for multiple server workloads. Split the exclusions for different application or service workloads into multiple exclusion lists. For example, the exclusion list for your IIS Server workload must be different from the exclusion list for your SQL Server workload.
 
 ## Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists
+
 Microsoft Defender Antivirus Service runs in system context using the LocalSystem account, which means it gets information from the system environment variable, and not from the user environment variable. Use of environment variables as a wildcard in exclusion lists is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, do not use user environment variables as wildcards when adding Microsoft Defender Antivirus folder and process exclusions. See the table under [System environment variables](configure-extension-file-exclusions-microsoft-defender-antivirus.md#system-environment-variables) for a complete list of system environment variables.
+
 See [Use wildcards in the file name and folder path or extension exclusion lists](configure-extension-file-exclusions-microsoft-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for information on how to use wildcards in exclusion lists.
 
 ## Related articles

From 38c178a46b614dfdcf63f215d2d83dcaf758abdf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:25:20 -0800
Subject: [PATCH 15/38] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 25a5417d95..99c0b4887e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -195,8 +195,7 @@
 ##### [Customize, initiate, and review the results of scans and remediation]()
 ###### [Configuration overview](microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
    
-###### [Configure and validate exclusions in antivirus scans]()
-###### [Exclusions overview](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
+###### [Configure and validate exclusions in antivirus scans](microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure and validate exclusions based on file name, extension, and folder location](microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure and validate exclusions for files opened by processes](microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
 ###### [Configure antivirus exclusions Windows Server](microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md)

From e5a5466ec95e154c7c4c774cea0b2e2a4ea38db2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:38:23 -0800
Subject: [PATCH 16/38] AV content fixes

---
 ...exclusions-microsoft-defender-antivirus.md |  2 -
 ...exclusions-microsoft-defender-antivirus.md | 40 ++-----------------
 2 files changed, 4 insertions(+), 38 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 725634e323..4943302a17 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -77,8 +77,6 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 5. Click **OK**.
 
-![The Group Policy setting for specifying process exclusions](images/defender/wdav-process-exclusions.png)
-
 ### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans
 
 Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender).
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 7c834bd8e4..3ac64a1e57 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -204,43 +204,11 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r
 
 #### Hyper-V exclusions
 
-This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role
+The following table lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role.
 
-- File type exclusions:
-
-  - `*.vhd`
-
-  - `*.vhdx`
-
-  - `*.avhd`
-
-  - `*.avhdx`
-
-  - `*.vsv`
-
-  - `*.iso`
-
-  - `*.rct`
-
-  - `*.vmcx`
-
-  - `*.vmrs`
-
-- Folder exclusions:
-
-  - `%ProgramData%\Microsoft\Windows\Hyper-V`
-
-  - `%ProgramFiles%\Hyper-V`
-
-  - `%SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots`
-
-  - `%Public%\Documents\Hyper-V\Virtual Hard Disks`
-
-- Process exclusions:
-
-  - `%systemroot%\System32\Vmms.exe`
-
-  - `%systemroot%\System32\Vmwp.exe`
+|File type exclusions |Folder exclusions  | Process exclusions |
+|:--|:--|:--|
+| `*.vhd` <br/> `*.vhdx` <br/> `*.avhd` <br/> `*.avhdx` <br/> `*.vsv` <br/> `*.iso` <br/> `*.rct` <br/> `*.vmcx` <br/> `*.vmrs` | `%ProgramData%\Microsoft\Windows\Hyper-V` <br/> `%ProgramFiles%\Hyper-V` <br/> `%SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots` <br/> `%Public%\Documents\Hyper-V\Virtual Hard Disks` | `%systemroot%\System32\Vmms.exe` <br/> `%systemroot%\System32\Vmwp.exe` |
 
 #### SYSVOL files
 

From 6325beafe40f41a4d79f250ef22b4a650fdf39e0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:39:54 -0800
Subject: [PATCH 17/38] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...n-file-exclusions-microsoft-defender-antivirus.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 88a2e71534..37b5c8ad0a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -36,12 +36,12 @@ You can exclude certain files from Microsoft Defender Antivirus scans by modifyi
 
 This article  describes how to configure exclusion lists for the files and folders. See [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
 
-Exclusion | Examples | Exclusion list
----|---|---
-Any file with a specific extension | All files with the specified extension, anywhere on the machine.<br/>Valid syntax: `.test` and `test`  | Extension exclusions
-Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions
-A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions
-A specific process | The executable file `c:\test\process.exe` | File and folder exclusions
+| Exclusion | Examples | Exclusion list |
+|:---|:---|:---|
+|Any file with a specific extension | All files with the specified extension, anywhere on the machine.<br/>Valid syntax: `.test` and `test`  | Extension exclusions |
+|Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions |
+| A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions |
+| A specific process | The executable file `c:\test\process.exe` | File and folder exclusions |
 
 Exclusion lists have the following characteristics:
 

From 80ced9e5f49884b8fdff4ff41d5aa245c5390963 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 12:42:50 -0800
Subject: [PATCH 18/38] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...exclusions-microsoft-defender-antivirus.md | 52 ++++++++-----------
 1 file changed, 23 insertions(+), 29 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 37b5c8ad0a..2643fbb1a0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -48,21 +48,18 @@ Exclusion lists have the following characteristics:
 - Folder exclusions apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately.
 - File extensions apply to any file name with the defined extension if a path or folder is not defined.
 
->[!IMPORTANT]
->Using wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work.
->
->You cannot exclude mapped network drives. You must specify the actual network path.
->
->Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
+> [!IMPORTANT]
+> - Using wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work.
+> - You cannot exclude mapped network drives. You must specify the actual network path.
+> - Folders that are reparse points that are created after the Microsoft Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
 
 To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md).
 
 The exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md).
 
->[!IMPORTANT]
->Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
->
->Changes made in the Windows Security app **will not show** in the Group Policy lists.
+> [!IMPORTANT]
+> Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](microsoft-defender-security-center-antivirus.md#exclusions).
+> Changes made in the Windows Security app **will not show** in the Group Policy lists.
 
 By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists take precedence when there are conflicts.
 
@@ -134,13 +131,13 @@ Remove item from the list | `Remove-MpPreference`
 
 The following are allowed as the `<exclusion list>`:
 
-Exclusion type | PowerShell parameter
----|---
-All files with a specified file extension | `-ExclusionExtension`
-All files under a folder (including files in subdirectories), or a specific file | `-ExclusionPath`
+| Exclusion type | PowerShell parameter |
+|:---|:---|
+| All files with a specified file extension | `-ExclusionExtension` |
+| All files under a folder (including files in subdirectories), or a specific file | `-ExclusionPath` |
 
->[!IMPORTANT]
->If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
+> [!IMPORTANT]
+> If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
 
 For example, the following code snippet would cause Microsoft Defender AV scans to exclude any file with the `.test` file extension:
 
@@ -175,29 +172,26 @@ See [Add exclusions in the Windows Security app](microsoft-defender-security-cen
 
 You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations.
 
->[!IMPORTANT]
->There are key limitations and usage scenarios for these wildcards:
->
->- Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
->- You cannot use a wildcard in place of a drive letter.
->- An asterisk `*` in a folder exclusion stands in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names.
+> [!IMPORTANT]
+> There are key limitations and usage scenarios for these wildcards:
+> - Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
+> - You cannot use a wildcard in place of a drive letter.
+> - An asterisk `*` in a folder exclusion stands in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names.
 
 The following table describes how the wildcards can be used and provides some examples.
 
 
 |Wildcard  |Examples  |
-|---------|---------|
+|:---------|:---------|
 |`*` (asterisk) <br/><br/>In **file name and file extension inclusions**, the asterisk replaces any number of characters, and only applies to files in the last folder defined in the argument. <br/><br/>In **folder exclusions**, the asterisk replaces a single folder. Use multiple `*` with folder slashes `\` to indicate multiple nested folders. After matching the number of wild carded and named folders, all subfolders are also included.   | `C:\MyData\*.txt` would include `C:\MyData\notes.txt`<br/><br/>`C:\somepath\*\Data` would include any file in `C:\somepath\Archives\Data and its subfolders` and `C:\somepath\Authorized\Data and its subfolders` <br/><br/>`C:\Serv\*\*\Backup` would include any file in `C:\Serv\Primary\Denied\Backup and its subfolders` and `C:\Serv\Secondary\Allowed\Backup and its subfolders`     |
 |`?` (question mark)  <br/><br/>In **file name and file extension inclusions**, the question mark replaces a single character, and only applies to files in the last folder defined in the argument. <br/><br/>In **folder exclusions**, the question mark replaces a single character in a folder name. After matching the number of wild carded and named folders, all subfolders are also included.   |`C:\MyData\my?` would include `C:\MyData\my1.zip` <br/><br/>`C:\somepath\?\Data` would include any file in `C:\somepath\P\Data` and its subfolders <br/><br/>`C:\somepath\test0?\Data` would include any file in `C:\somepath\test01\Data` and its subfolders          |
 |Environment variables <br/><br/>The defined variable is populated as a path when the exclusion is evaluated.          |`%ALLUSERSPROFILE%\CustomLogFiles` would include `C:\ProgramData\CustomLogFiles\Folder1\file1.txt`         |
         
 
->[!IMPORTANT]
->If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
->
->For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument `c:\data\*\marked\date*`.
->
->This argument, however, will not match any files in subfolders under `c:\data\final\marked` or `c:\data\review\marked`.
+> [!IMPORTANT]
+> If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
+> For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument `c:\data\*\marked\date*`.
+> This argument, however, will not match any files in subfolders under `c:\data\final\marked` or `c:\data\review\marked`.
 
 <a id="review"></a>
 

From b25fa3e84517722d7da5c09172084dfbacf199fb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:12:44 -0800
Subject: [PATCH 19/38] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...exclusions-microsoft-defender-antivirus.md | 329 ++++--------------
 1 file changed, 62 insertions(+), 267 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 2643fbb1a0..6715d17298 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -199,273 +199,68 @@ The following table describes how the wildcards can be used and provides some ex
 
 The following table lists and describes the system account environment variables. 
 
-<table border="0" cellspacing="0" cellpadding="20">
-<thead>
-<tr>
-<th valign="top">System environment variables</th>
-<th valign="top">Will redirect to:</th>
-</tr>
-</thead><tbody>
-<tr>
-<td valign="top">%APPDATA%</td>
-<td valign="top">C:\Users\UserName.DomainName\AppData\Roaming</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Internet Explorer\Quick Launch</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu\Programs</td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA% </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
-</tr>
-<tr>
-<td valign="top">%ProgramData%</td>
-<td valign="top">C:\ProgramData</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%</td>
-<td valign="top">C:\Program Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Common Files </td>
-<td valign="top">C:\Program Files\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Windows Sidebar\Gadgets </td>
-<td valign="top">C:\Program Files\Windows Sidebar\Gadgets</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles%\Common Files</td>
-<td valign="top">C:\Program Files\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles(x86)% </td>
-<td valign="top">C:\Program Files (x86)</td>
-</tr>
-<tr>
-<td valign="top">%ProgramFiles(x86)%\Common Files </td>
-<td valign="top">C:\Program Files (x86)\Common Files</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%</td>
-<td valign="top">C:</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Program Files</td>
-<td valign="top">C:\Program Files</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Program Files (x86) </td>
-<td valign="top">C:\Program Files (x86)</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Users </td>
-<td valign="top">C:\Users</td>
-</tr>
-<tr>
-<td valign="top">%SystemDrive%\Users\Public</td>
-<td valign="top">C:\Users\Public</td>
-</tr>
-<tr>
-<td valign="top">%SystemRoot%</td>
-<td valign="top"> C:\Windows</td>
-</tr>
-<tr>
-<td valign="top">%windir%</td>
-<td valign="top">C:\Windows</td>
-</tr>
-<tr>
-<td valign="top">%windir%\Fonts</td>
-<td valign="top">C:\Windows\Fonts</td>
-</tr>
-<tr>
-<td valign="top">%windir%\Resources </td>
-<td valign="top">C:\Windows\Resources</td>
-</tr>
-<tr>
-<td valign="top">%windir%\resources\0409</td>
-<td valign="top">C:\Windows\resources\0409</td>
-</tr>
-<tr>
-<td valign="top">%windir%\system32</td>
-<td valign="top">C:\Windows\System32</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%</td>
-<td valign="top">C:\ProgramData</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Application Data</td>
-<td valign="top">C:\ProgramData\Application Data</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents</td>
-<td valign="top">C:\ProgramData\Documents</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Music\Sample Music</td>
-<td valign="top">
-<p>C:\ProgramData\Documents\My Music\Sample Music</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Music </td>
-<td valign="top">C:\ProgramData\Documents\My Music</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures </td>
-<td valign="top">
-<p>C:\ProgramData\Documents\My Pictures
-</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures </td>
-<td valign="top">C:\ProgramData\Documents\My Pictures\Sample Pictures</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Documents\My Videos </td>
-<td valign="top">C:\ProgramData\Documents\My Videos</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\DeviceMetadataStore</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\GameExplorer</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Ringtones</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs </td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Templates </td>
-<td valign="top">C:\ProgramData\Microsoft\Windows\Templates</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu </td>
-<td valign="top">C:\ProgramData\Start Menu</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs </td>
-<td valign="top">C:\ProgramData\Start Menu\Programs</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools </td>
-<td valign="top">C:\ProgramData\Start Menu\Programs\Administrative Tools</td>
-</tr>
-<tr>
-<td valign="top">%ALLUSERSPROFILE%\Templates </td>
-<td valign="top">C:\ProgramData\Templates</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates</td>
-</tr>
-<tr>
-<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\History </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History</td>
-</tr>
-<tr>
-<td valign="top">
-<p>
-%PUBLIC% </p>
-</td>
-<td valign="top">C:\Users\Public</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\AccountPictures </td>
-<td valign="top">C:\Users\Public\AccountPictures</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Desktop </td>
-<td valign="top">C:\Users\Public\Desktop</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Documents </td>
-<td valign="top">C:\Users\Public\Documents</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Downloads </td>
-<td valign="top">C:\Users\Public\Downloads</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Music\Sample Music </td>
-<td valign="top">
-<p>C:\Users\Public\Music\Sample Music</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Music\Sample Playlists </td>
-<td valign="top">
-<p>C:\Users\Public\Music\Sample Playlists</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Pictures\Sample Pictures </td>
-<td valign="top">C:\Users\Public\Pictures\Sample Pictures</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\RecordedTV.library-ms</td>
-<td valign="top">C:\Users\Public\RecordedTV.library-ms</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Videos</td>
-<td valign="top">C:\Users\Public\Videos</td>
-</tr>
-<tr>
-<td valign="top">%PUBLIC%\Videos\Sample Videos</td>
-<td valign="top">
-<p>C:\Users\Public\Videos\Sample Videos</p>
-<p>.</p>
-</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE% </td>
-<td valign="top">C:\Windows\System32\config\systemprofile</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\Local </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\LocalLow </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\LocalLow</td>
-</tr>
-<tr>
-<td valign="top">%USERPROFILE%\AppData\Roaming </td>
-<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming</td>
-</tr>
-</tbody>
-</table>
+| This system environment variable... | Redirects to this |
+|:--|:--|
+| `%APPDATA%`| `C:\Users\UserName.DomainName\AppData\Roaming` |
+| `%APPDATA%\Microsoft\Internet Explorer\Quick Launch` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch` |
+| `%APPDATA%\Microsoft\Windows\Start Menu` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu` |
+| `%APPDATA%\Microsoft\Windows\Start Menu\Programs` | `C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs` |
+| `%LOCALAPPDATA%` | `C:\Windows\System32\config\systemprofile\AppData\Local` |
+| `%ProgramData%` | `C:\ProgramData` |
+| `%ProgramFiles%` | `C:\Program Files` |
+| `%ProgramFiles%\Common Files` | `C:\Program Files\Common Files` |
+| `%ProgramFiles%\Windows Sidebar\Gadgets` | `C:\Program Files\Windows Sidebar\Gadgets` |
+| `%ProgramFiles%\Common Files` | `C:\Program Files\Common Files` |
+| `%ProgramFiles(x86)%` | `C:\Program Files (x86)` |
+| `%ProgramFiles(x86)%\Common Files` | `C:\Program Files (x86)\Common Files` |
+| `%SystemDrive%` | `C:` |
+| `%SystemDrive%\Program Files` | `C:\Program Files` |
+| `%SystemDrive%\Program Files (x86)` | `C:\Program Files (x86)` |
+| `%SystemDrive%\Users` | `C:\Users` |
+| `%SystemDrive%\Users\Public` | `C:\Users\Public` |
+| `%SystemRoot%` | `C:\Windows` |
+| `%windir%` | `C:\Windows` |
+| `%windir%\Fonts` | `C:\Windows\Fonts` |
+| `%windir%\Resources` | `C:\Windows\Resources` |
+| `%windir%\resources\0409` | `C:\Windows\resources\0409` |
+| `%windir%\system32` | `C:\Windows\System32` |
+| `%ALLUSERSPROFILE%` | `C:\ProgramData` |
+| `%ALLUSERSPROFILE%\Application Data` | `C:\ProgramData\Application Data` |
+| `%ALLUSERSPROFILE%\Documents` | `C:\ProgramData\Documents` |
+| `%ALLUSERSPROFILE%\Documents\My Music\Sample Music` | `C:\ProgramData\Documents\My Music\Sample Music` |
+| `%ALLUSERSPROFILE%\Documents\My Music` | `C:\ProgramData\Documents\My Music` |
+| `%ALLUSERSPROFILE%\Documents\My Pictures` | `C:\ProgramData\Documents\My Pictures` |
+| `%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures` | `C:\ProgramData\Documents\My Pictures\Sample Pictures` |
+| `%ALLUSERSPROFILE%\Documents\My Videos` | `C:\ProgramData\Documents\My Videos` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore` | `C:\ProgramData\Microsoft\Windows\DeviceMetadataStore` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer` | `C:\ProgramData\Microsoft\Windows\GameExplorer` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones` | `C:\ProgramData\Microsoft\Windows\Ringtones` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu` | `C:\ProgramData\Microsoft\Windows\Start Menu` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp` | `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp` |
+| `%ALLUSERSPROFILE%\Microsoft\Windows\Templates` | `C:\ProgramData\Microsoft\Windows\Templates` |
+| `%ALLUSERSPROFILE%\Start Menu` | `C:\ProgramData\Start Menu` |
+| `%ALLUSERSPROFILE%\Start Menu\Programs` | C:\ProgramData\Start Menu\Programs |
+| `%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools` | `C:\ProgramData\Start Menu\Programs\Administrative Tools` | 
+| `%ALLUSERSPROFILE%\Templates` | `C:\ProgramData\Templates` |
+| `%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates` | `C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates` |
+| `%LOCALAPPDATA%\Microsoft\Windows\History` | `C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History` |
+| `%PUBLIC%` | `C:\Users\Public` |
+| `%PUBLIC%\AccountPictures` | `C:\Users\Public\AccountPictures` |
+| `%PUBLIC%\Desktop` | `C:\Users\Public\Desktop` |
+| `%PUBLIC%\Documents` | `C:\Users\Public\Documents` |
+| `%PUBLIC%\Downloads` | `C:\Users\Public\Downloads` |
+| `%PUBLIC%\Music\Sample Music` | `C:\Users\Public\Music\Sample Music` |
+| `%PUBLIC%\Music\Sample Playlists` | `C:\Users\Public\Music\Sample Playlists` |
+| `%PUBLIC%\Pictures\Sample Pictures` | `C:\Users\Public\Pictures\Sample Pictures` |
+| `%PUBLIC%\RecordedTV.library-ms` | `C:\Users\Public\RecordedTV.library-ms` |
+| `%PUBLIC%\Videos` | `C:\Users\Public\Videos` |
+| `%PUBLIC%\Videos\Sample Videos` | `C:\Users\Public\Videos\Sample Videos` | 
+| `%USERPROFILE%` | `C:\Windows\System32\config\systemprofile` |
+| `%USERPROFILE%\AppData\Local` | `C:\Windows\System32\config\systemprofile\AppData\Local` |
+| `%USERPROFILE%\AppData\LocalLow` | `C:\Windows\System32\config\systemprofile\AppData\LocalLow` |
+| `%USERPROFILE%\AppData\Roaming` | `C:\Windows\System32\config\systemprofile\AppData\Roaming` |
 
 
 ## Review the list of exclusions

From 88dbf9fdaddb2dbd1ef54532128c81cbb41bdffc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:14:48 -0800
Subject: [PATCH 20/38] Update
 configure-extension-file-exclusions-microsoft-defender-antivirus.md

---
 ...n-file-exclusions-microsoft-defender-antivirus.md | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index 6715d17298..a969dcf58a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -12,7 +12,6 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/21/2020
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -107,7 +106,6 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 
 7. Click **OK**.
 
-    ![The Group Policy setting for extension exclusions](images/defender/wdav-extension-exclusions.png)
 
 <a id="ps"></a>
 
@@ -123,11 +121,11 @@ The format for the cmdlets is as follows:
 
 The following are allowed as the `<cmdlet>`:
 
-Configuration action | PowerShell cmdlet
----|---
-Create or overwrite the list | `Set-MpPreference`
-Add to the list | `Add-MpPreference`
-Remove item from the list | `Remove-MpPreference`
+| Configuration action | PowerShell cmdlet |
+|:---|:---|
+|Create or overwrite the list | `Set-MpPreference` |
+|Add to the list | `Add-MpPreference` |
+|Remove item from the list | `Remove-MpPreference` |
 
 The following are allowed as the `<exclusion list>`:
 

From d536a77139a0cc30d5069ca781cc11292500cd4b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:16:03 -0800
Subject: [PATCH 21/38] Update
 configure-exclusions-microsoft-defender-antivirus.md

---
 .../configure-exclusions-microsoft-defender-antivirus.md      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
index 4d3ba69753..55b286bcf0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
@@ -10,7 +10,6 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 03/12/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -41,8 +40,11 @@ Defining exclusions lowers the protection offered by Microsoft Defender Antiviru
 The following is a list of recommendations that you should keep in mind when defining exclusions:  
 
 - Exclusions are technically a protection gap—always consider additional mitigations when defining exclusions. Additional mitigations could be as simple as making sure the excluded location has the appropriate access-control lists (ACLs), audit policy, is processed by an up-to-date software, etc.
+
 - Review the exclusions periodically. Re-check and re-enforce the mitigations as part of the review process.
+
 - Ideally, avoid defining proactive exclusions. For instance, don't exclude something just because you think it might be a problem in the future. Use exclusions only for specific issues—mostly around performance, or sometimes around application compatibility that exclusions could mitigate.
+
 - Audit the exclusion list changes. The security admin should preserve enough context around why a certain exclusion was added. You should be able to provide answer with specific reasoning as to why a certain path was excluded.
 
 ## Related articles

From a6e292c1822bd0b912fe5fa4c871cb9e5388935c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:20:50 -0800
Subject: [PATCH 22/38] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 4943302a17..db2519b9ab 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -104,7 +104,7 @@ For example, the following code snippet would cause Microsoft Defender AV scans
 Add-MpPreference -ExclusionProcess "c:\internal\test.exe"
 ```
 
-For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender/?view=win10-ps&preserve=true).
+For more information on how to use PowerShell with Microsoft Defender Antivirus, see Manage antivirus with PowerShell cmdlets and [Microsoft Defender Antivirus cmdlets](https://docs.microsoft.com/powershell/module/defender).
 
 ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 

From 006f0e658ee935411581f4ef272b3495b89ec7c0 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 13:21:20 -0800
Subject: [PATCH 23/38] Update .openpublishing.redirection.json

---
 .openpublishing.redirection.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 0cf060785e..edaafad269 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16510,6 +16510,11 @@
       "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection",
+      "redirect_document_id": true
+    },
     {
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",

From 308a4437c19903e4eba7b154e92ad991db15676d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:21:29 -0800
Subject: [PATCH 24/38] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index db2519b9ab..4d432355f1 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -108,7 +108,7 @@ For more information on how to use PowerShell with Microsoft Defender Antivirus,
 
 ### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 
-Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
+Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties:
 
 ```WMI
 ExclusionProcess

From 1ccca48e53b4bef374612464b0fbcba1280732af Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:22:04 -0800
Subject: [PATCH 25/38] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ocess-opened-file-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 4d432355f1..14b6cea060 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -116,7 +116,7 @@ ExclusionProcess
 
 The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`.
 
-For more information and allowed parameters, see  [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
+For more information and allowed parameters, see  [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal).
 
 ### Use the Windows Security app to exclude files that have been opened by specified processes from scans
 

From 659fbcd62042f39f0e2eb33e9b8426b8a3e3bb7c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 13:22:08 -0800
Subject: [PATCH 26/38] Delete mbsa-removal-and-guidance.md

---
 .../mbsa-removal-and-guidance.md              | 44 -------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 windows/security/threat-protection/mbsa-removal-and-guidance.md

diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
deleted file mode 100644
index 59f32f84e6..0000000000
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
-keywords: MBSA, security, removal
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.author: dansimp
-author: dulcemontemayor
-ms.date: 10/05/2018
-ms.reviewer: 
-manager: dansimp
----
- 
-# What is Microsoft Baseline Security Analyzer and its uses?
- 
-Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive. 
- 
-MBSA was largely used in situations where neither Microsoft Update nor a local WSUS or Configuration Manager server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
-
-> [!NOTE]
-> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file. 
- 
-## The Solution 
-A script can help you with an alternative to MBSA’s patch-compliance checking:
- 
-- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. 
-For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be).
- 
-For example:
- 
-[![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) 
-[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be) 
-  
-The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
-The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers.
- 
-## More Information  
-
-For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit.
-
-- [Windows security baselines](windows-security-baselines.md) 
-- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319) 
-- [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/)  

From d173252d051e82c185b9393208f4c8f2cbee3ae9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:23:06 -0800
Subject: [PATCH 27/38] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ess-opened-file-exclusions-microsoft-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 14b6cea060..51ae6f0011 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -164,7 +164,7 @@ Use the following cmdlet:
 Get-MpPreference
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/en-us/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ### Retrieve a specific exclusions list by using PowerShell
 
@@ -175,7 +175,7 @@ $WDAVprefs = Get-MpPreference
 $WDAVprefs.ExclusionProcess
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ## Related articles
 

From 32e33487a5d384ee2b7611c7d6824fd64ec63bb2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:31:38 -0800
Subject: [PATCH 28/38] antivirus

---
 ...exclusions-microsoft-defender-antivirus.md | 21 +++++++++----------
 ...exclusions-microsoft-defender-antivirus.md |  2 +-
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
index a969dcf58a..dcf0ef8305 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -28,7 +28,7 @@ manager: dansimp
 
 ## Exclusion lists
 
-You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes many automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
 
 > [!NOTE]
 > Automatic exclusions apply only to Windows Server 2016 and above. These exclusions are not visible in the Windows Security app and in PowerShell.
@@ -81,31 +81,30 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 >[!NOTE]
 >If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder are excluded.
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
 
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+2. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 
-3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.
+3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Exclusions**.
 
-4. Double-click the **Path Exclusions** setting and add the exclusions.
+4. Open the **Path Exclusions** setting for editing, and add your exclusions.
 
     - Set the option to **Enabled**.
     - Under the **Options** section, click **Show...**.
     - Specify each folder on its own line under the **Value name** column.
     - If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.
 
-5. Click **OK**.
+5. Choose **OK**.
 
     ![The Group Policy setting for file and folder exclusions](images/defender/wdav-path-exclusions.png)
 
-6. Double-click the **Extension Exclusions** setting and add the exclusions.
+6. Open the **Extension Exclusions** setting for editing and add your exclusions.
 
     - Set the option to **Enabled**.
-    - Under the **Options** section, click **Show...**.
+    - Under the **Options** section, select **Show...**.
     - Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.
 
-7. Click **OK**.
-
+7. Choose **OK**.
 
 <a id="ps"></a>
 
@@ -277,7 +276,7 @@ You can retrieve the items in the exclusion list using one of the following meth
 
 If you use PowerShell, you can retrieve the list in two ways:
 
-- Retrieve the status of all Microsoft Defender Antivirus preferences. Each of the lists are displayed on separate lines, but the items within each list are combined into the same line.
+- Retrieve the status of all Microsoft Defender Antivirus preferences. Each list is displayed on separate lines, but the items within each list are combined into the same line.
 - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
 
 ### Validate the exclusion list by using MpCmdRun
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 51ae6f0011..968b2a6975 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -164,7 +164,7 @@ Use the following cmdlet:
 Get-MpPreference
 ```
 
-See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/en-us/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
+See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender) for more information on how to use PowerShell with Microsoft Defender Antivirus.
 
 ### Retrieve a specific exclusions list by using PowerShell
 

From 2fde0b93007535aa84cce056c82774709f95c9a9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 12 Jan 2021 13:32:35 -0800
Subject: [PATCH 29/38] Update
 configure-process-opened-file-exclusions-microsoft-defender-antivirus.md

---
 ...ess-opened-file-exclusions-microsoft-defender-antivirus.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
index 968b2a6975..466126fe0d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md
@@ -152,8 +152,8 @@ To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://
 MpCmdRun.exe -CheckExclusion -path <path>
 ```
 
->[!NOTE]
->Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
+> [!NOTE]
+> Checking exclusions with MpCmdRun requires Microsoft Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
 
 
 ### Review the list of exclusions alongside all other Microsoft Defender Antivirus preferences by using PowerShell

From 01d866018e9f61aa59e4b27d9822c6100eba9e1d Mon Sep 17 00:00:00 2001
From: Thomas Raya <v-thraya@microsoft.com>
Date: Tue, 12 Jan 2021 14:29:21 -0800
Subject: [PATCH 30/38] remove mbsa-removal-and-guidance from TOC

---
 windows/security/threat-protection/TOC.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 25a5417d95..90d6dfa378 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1334,7 +1334,6 @@
 #### [Windows security baselines](windows-security-configuration-framework/windows-security-baselines.md)
 ##### [Security Compliance Toolkit](windows-security-configuration-framework/security-compliance-toolkit-10.md)
 ##### [Get support](windows-security-configuration-framework/get-support-for-security-baselines.md)
-### [MBSA removal and alternatives](mbsa-removal-and-guidance.md)
 
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 

From b4bbcfefa942343ea8f11d5621a5e85d588f7edd Mon Sep 17 00:00:00 2001
From: dstrome <dstrome@microsoft.com>
Date: Wed, 13 Jan 2021 00:29:22 +0000
Subject: [PATCH 31/38] Initialize Docs repository:
 https://github.com/MicrosoftDocs/windows-docs-pr of branch master

---
 .openpublishing.publish.config.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 3e1c1d1d11..f9ebdac192 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -390,7 +390,7 @@
     "elizapo@microsoft.com"
   ],
   "sync_notification_subscribers": [
-    "daniha@microsoft.com"
+    "dstrome@microsoft.com"
   ],
   "branches_to_filter": [
     ""
@@ -431,9 +431,9 @@
       "template_folder": "_themes.pdf"
     }
   },
-  "need_generate_pdf": false,
-  "need_generate_intellisense": false,
   "docs_build_engine": {
     "name": "docfx_v3"
-  }
-}
+  },
+  "need_generate_pdf": false,
+  "need_generate_intellisense": false
+}
\ No newline at end of file

From 61f1f92e4240818b08c64114b468f98d50bc0453 Mon Sep 17 00:00:00 2001
From: dstrome <dstrome@microsoft.com>
Date: Wed, 13 Jan 2021 00:29:22 +0000
Subject: [PATCH 32/38] Initialize Docs repository:
 https://github.com/MicrosoftDocs/windows-docs-pr of branch live

---
 .openpublishing.publish.config.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 3e1c1d1d11..f9ebdac192 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -390,7 +390,7 @@
     "elizapo@microsoft.com"
   ],
   "sync_notification_subscribers": [
-    "daniha@microsoft.com"
+    "dstrome@microsoft.com"
   ],
   "branches_to_filter": [
     ""
@@ -431,9 +431,9 @@
       "template_folder": "_themes.pdf"
     }
   },
-  "need_generate_pdf": false,
-  "need_generate_intellisense": false,
   "docs_build_engine": {
     "name": "docfx_v3"
-  }
-}
+  },
+  "need_generate_pdf": false,
+  "need_generate_intellisense": false
+}
\ No newline at end of file

From 9d726047980cc19578ad51ca1f12251d74fe0727 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 21:47:01 -0800
Subject: [PATCH 33/38] returning MBSA topic

---
 .openpublishing.redirection.json              |  5 ---
 .../mbsa-removal-and-guidance.md              | 44 +++++++++++++++++++
 2 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 windows/security/threat-protection/mbsa-removal-and-guidance.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index edaafad269..0cf060785e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -16510,11 +16510,6 @@
       "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
       "redirect_document_id": true
     },
-    {
-      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection",
-      "redirect_document_id": true
-    },
     {
       "source_path": "windows/hub/windows-10.yml",
       "redirect_url": "https://docs.microsoft.com/windows/windows-10",
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
new file mode 100644
index 0000000000..59f32f84e6
--- /dev/null
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -0,0 +1,44 @@
+---
+title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
+description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
+keywords: MBSA, security, removal
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.author: dansimp
+author: dulcemontemayor
+ms.date: 10/05/2018
+ms.reviewer: 
+manager: dansimp
+---
+ 
+# What is Microsoft Baseline Security Analyzer and its uses?
+ 
+Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive. 
+ 
+MBSA was largely used in situations where neither Microsoft Update nor a local WSUS or Configuration Manager server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
+
+> [!NOTE]
+> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file. 
+ 
+## The Solution 
+A script can help you with an alternative to MBSA’s patch-compliance checking:
+ 
+- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. 
+For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be).
+ 
+For example:
+ 
+[![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) 
+[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be) 
+  
+The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
+The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers.
+ 
+## More Information  
+
+For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit.
+
+- [Windows security baselines](windows-security-baselines.md) 
+- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319) 
+- [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/)  

From 515a89a3428c3e4df151440f197f7bad073fb13e Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 12 Jan 2021 21:52:14 -0800
Subject: [PATCH 34/38] Update mbsa-removal-and-guidance.md

---
 .../security/threat-protection/mbsa-removal-and-guidance.md    | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index 59f32f84e6..24bcf88c2d 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -6,8 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: dansimp
-author: dulcemontemayor
-ms.date: 10/05/2018
+author: dansimp
 ms.reviewer: 
 manager: dansimp
 ---

From d5d0eea52c9b5bc15a8bb089d02194ce609faf19 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 13 Jan 2021 09:29:14 +0200
Subject: [PATCH 35/38] Update gov.md

Update Windows 10 version 1803 required KB and marking as supported for GCC.
---
 .../security/threat-protection/microsoft-defender-atp/gov.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 2942c525e6..165f8e65d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -45,7 +45,7 @@ Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/44
 Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
-Windows 10, version 1803 | ![No](../images/svg/check-no.svg) Rolling out | ![Yes](../images/svg/check-yes.svg) With [KB4499183](https://support.microsoft.com/help/4499183)
+Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1709 | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br>Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade
 Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported
 Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)

From 42f360182c1ec8164c1f6babeca0eee677565cf5 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 13 Jan 2021 09:45:49 +0200
Subject: [PATCH 36/38] Update gov.md

Some Acrolinx fixes.
---
 .../threat-protection/microsoft-defender-atp/gov.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 165f8e65d7..58e711d459 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -46,8 +46,8 @@ Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/45
 Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
-Windows 10, version 1709 | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br>Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade
-Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported | ![No](../images/svg/check-no.svg)<br>Note: Will not be supported
+Windows 10, version 1709 | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br>Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade
+Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported
 Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows Server 2016 | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development
 Windows Server 2012 R2 | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) In development
@@ -100,7 +100,7 @@ GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter.
 
 
 ## Feature parity with commercial
-Defender for Endpoint do not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
+Defender for Endpoint does not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
 
 These are the known gaps as of January 2021:
 

From 6d92e929b3db2fbda09bf768a044cfde76468b19 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 13 Jan 2021 09:56:09 +0200
Subject: [PATCH 37/38] Update gov.md

---
 .../security/threat-protection/microsoft-defender-atp/gov.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 58e711d459..488bdb73d9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -100,7 +100,7 @@ GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter.
 
 
 ## Feature parity with commercial
-Defender for Endpoint does not have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
+Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available that we'd like to highlight.
 
 These are the known gaps as of January 2021:
 

From c35d9dc74070e02efc8a0dc1fe5b15e587b26f38 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Wed, 13 Jan 2021 12:22:17 +0200
Subject: [PATCH 38/38] Update gov.md

---
 .../threat-protection/microsoft-defender-atp/gov.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 488bdb73d9..6f872b82ce 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -40,12 +40,12 @@ The following OS versions are supported:
 
 OS version | GCC | GCC High
 :---|:---|:---
-Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4490481)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
-Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4490481)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
+Windows 10, version 20H2 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
+Windows 10, version 2004 (with [KB4586853](https://support.microsoft.com/help/4586853)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1909 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1903 (with [KB4586819](https://support.microsoft.com/help/4586819)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1809 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
-Windows 10, version 1803 (with [KB4586839](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
+Windows 10, version 1803 (with [KB4598245](https://support.microsoft.com/help/4598245)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)
 Windows 10, version 1709 | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported | ![Yes](../images/svg/check-yes.svg) With [KB4499147](https://support.microsoft.com/help/4499147)<br>Note: [Deprecated](https://docs.microsoft.com/lifecycle/announcements/revised-end-of-service-windows-10-1709), please upgrade
 Windows 10, version 1703 and earlier | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported | ![No](../images/svg/check-no.svg)<br>Note: Won't be supported
 Windows Server 2019 (with [KB4586839](https://support.microsoft.com/help/4586839)) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg)