diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 8cbeaf26eb..838674f0dc 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -102,6 +102,6 @@ Provisioning packages are files created by the Windows Configuration Designer to
Encryption is silent on HoloLens. To verify the device encryption status:
-- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
+- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index ef830c3525..418cfce2d9 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -22,9 +22,9 @@ manager: dansimp
For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
To configure how and when updates are applied, use the following policies:
-- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
-- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 8d704d0165..2191e66e9c 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -277,23 +277,23 @@ Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
-- 0x0: System meets hardware configuration requirements
-- 0x1: SecureBoot required
-- 0x2: DMA Protection required
-- 0x4: HyperV not supported for Guest VM
-- 0x8: HyperV feature is not available
+- 0x0: System meets hardware configuration requirements
+- 0x1: SecureBoot required
+- 0x2: DMA Protection required
+- 0x4: HyperV not supported for Guest VM
+- 0x8: HyperV feature is not available
Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
-- 0 - Running
-- 1 - Reboot required
-- 2 - 64 bit architecture required
-- 3 - not licensed
-- 4 - not configured
-- 5 - System doesn't meet hardware requirements
-- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
+- 0 - Running
+- 1 - Reboot required
+- 2 - 64 bit architecture required
+- 3 - not licensed
+- 4 - not configured
+- 5 - System doesn't meet hardware requirements
+- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
Supported operation is Get.
@@ -301,11 +301,11 @@ Supported operation is Get.
**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
-- 0 - Running
-- 1 - Reboot required
-- 2 - Not licensed for Credential Guard
-- 3 - Not configured
-- 4 - VBS not running
+- 0 - Running
+- 1 - Reboot required
+- 2 - Not licensed for Credential Guard
+- 3 - Not configured
+- 4 - VBS not running
Supported operation is Get.
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index f97a70c2f7..fe5a5b2d1e 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -19,10 +19,10 @@ This is a step-by-step guide to configuring ADMX-backed policies in MDM.
Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy.
Summary of steps to enable a policy:
-- Find the policy from the list ADMX-backed policies.
-- Find the Group Policy related information from the MDM policy description.
-- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
-- Create the data payload for the SyncML.
+- Find the policy from the list ADMX-backed policies.
+- Find the Group Policy related information from the MDM policy description.
+- Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy.
+- Create the data payload for the SyncML.
See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) for a walk-through using Intune.
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 1fad0a54a6..386f5a8c48 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -14,13 +14,13 @@ ms.topic:
# How Mobile Device Management Providers support eSIM Management on Windows
The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
-- Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
-- Assess solution type that you would like to provide your customers
-- Batch/offline solution
-- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
-- Real-time solution
-- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
-- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
+- Onboard to Azure Active Directory
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties.
+- Assess solution type that you would like to provide your customers
+- Batch/offline solution
+- IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
+- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Real-time solution
+- MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
+- Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 564059ef4e..e35af4bde2 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -16,13 +16,13 @@ manager: dansimp
The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703.
The following conditions are supported:
-- Network traffic from a specific application name
-- Network traffic from specific source or destination ports
-- Network traffic from a specific IP protocol (TCP, UDP, or both)
+- Network traffic from a specific application name
+- Network traffic from specific source or destination ports
+- Network traffic from a specific IP protocol (TCP, UDP, or both)
The following actions are supported:
-- Layer 2 tagging using a IEEE 802.1p priority value
-- Layer 3 tagging using a differentiated services code point (DSCP) value
+- Layer 2 tagging using a IEEE 802.1p priority value
+- Layer 3 tagging using a differentiated services code point (DSCP) value
> [!NOTE]
> The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index b49fa49949..aad7447b3e 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -633,9 +633,9 @@ ADMX Info:
Supported values:
-- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
-- 0 - Never send tracking information.
-- 1 - Send tracking information.
+- Blank (default) - Do not send tracking information but let users choose to send tracking information to sites they visit.
+- 0 - Never send tracking information.
+- 1 - Send tracking information.
Most restricted value: 1
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index cecaec5871..0c2b8a9c14 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -806,11 +806,11 @@ If the policy is not specified, the behavior will be that no pages are affected.
The format of the PageVisibilityList value is as follows:
-- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
-- There are two variants: one that shows only the given pages and one which hides the given pages.
-- The first variant starts with the string "showonly:" and the second with the string "hide:".
-- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
-- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
+- The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
+- There are two variants: one that shows only the given pages and one which hides the given pages.
+- The first variant starts with the string "showonly:" and the second with the string "hide:".
+- Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
+- Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi".
The default value for this setting is an empty string, which is interpreted as show everything.
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index 233e581a91..33001ff094 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -23,8 +23,8 @@ In addition to standard policies, the Policy CSP can now also handle ADMX-backed
ADMX files can either describe operating system (OS) Group Policies that are shipped with Windows or they can describe settings of applications, which are separate from the OS and can usually be downloaded and installed on a PC.
Depending on the specific category of the settings that they control (OS or application), the administrative template settings are found in the following two locations in the Local Group Policy Editor:
-- OS settings: Computer Configuration/Administrative Templates
-- Application settings: User Configuration/Administrative Templates
+- OS settings: Computer Configuration/Administrative Templates
+- Application settings: User Configuration/Administrative Templates
In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are leveraged to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), is not required.
@@ -42,17 +42,17 @@ To capture the end-to-end MDM handling of ADMX Group Policies, an IT administrat
The ADMX file that the MDM ISV uses to determine what UI to display to the IT administrator is the same ADMX file that the client uses for the policy definition. The ADMX file is processed either by the OS at build time or set by the client at OS runtime. In either case, the client and the MDM ISV must be synchronized with the ADMX policy definitions. Each ADMX file corresponds to a Group Policy category and typically contains several policy definitions, each of which represents a single Group Policy. For example, the policy definition for the “Publishing Server 2 Settings” is contained in the appv.admx file, which holds the policy definitions for the Microsoft Application Virtualization (App-V) Group Policy category.
Group Policy option button setting:
-- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
- - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.
- - The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition.
+- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
+ - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.
+ - The MDM client stack receives this data, which causes the Policy CSP to update the device’s registry per the ADMX-backed policy definition.
-- If **Disabled** is selected and you click **Apply**, the following events occur:
- - The MDM ISV server sets up a Replace SyncML command with a payload set to ``.
- - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
+- If **Disabled** is selected and you click **Apply**, the following events occur:
+ - The MDM ISV server sets up a Replace SyncML command with a payload set to ``.
+ - The MDM client stack receives this command, which causes the Policy CSP to either delete the device’s registry settings, set the registry keys, or both, per the state change directed by the ADMX-backed policy definition.
-- If **Not Configured** is selected and you click **Apply**, the following events occur:
- - MDM ISV server sets up a Delete SyncML command.
- - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
+- If **Not Configured** is selected and you click **Apply**, the following events occur:
+ - MDM ISV server sets up a Delete SyncML command.
+ - The MDM client stack receives this command, which causes the Policy CSP to delete the device’s registry settings per the ADMX-backed policy definition.
The following diagram shows the main display for the Group Policy Editor.
diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md
index 26d48d6ccb..0c13fc8950 100644
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@@ -107,8 +107,8 @@ You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that
More information on how to use Dumpchk.exe to check your dump files:
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
### Pagefile Settings
diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md
index 920e5a1ff0..664dc7700e 100644
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@@ -145,8 +145,8 @@ If the computer is no longer frozen and now is running in a good state, use the
Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid.
-- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
-- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
Learn how to use Dumpchk.exe to check your dump files:
diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md
index 3dc34d0551..9790bdb770 100644
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@@ -27,11 +27,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t
Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
**In this article**
-- [Deploy](#deploy)
-- [Configure](#configure)
-- [Apps](#apps)
-- [Manage](#manage)
-- [Retire](#retire)
+- [Deploy](#deploy)
+- [Configure](#configure)
+- [Apps](#apps)
+- [Manage](#manage)
+- [Retire](#retire)
## Deploy
@@ -365,18 +365,18 @@ You can define and deploy APN profiles in MDM systems that configure cellular da
- **APN name** The APN name
- *IP connection type* The IP connection type; set to one of the following values:
- - IPv4 only
- - IPv6 only
- - IPv4 and IPv6 concurrently
- - IPv6 with IPv4 provided by 46xlat
+ - IPv4 only
+ - IPv6 only
+ - IPv4 and IPv6 concurrently
+ - IPv6 with IPv4 provided by 46xlat
- **LTE attached** Whether the APN should be attached as part of an LTE Attach
- **APN class ID** The globally unique identifier that defines the APN class to the modem
- **APN authentication type** The APN authentication type; set to one of the following values:
- - None
- - Auto
- - PAP
- - CHAP
- - MSCHAPv2
+ - None
+ - Auto
+ - PAP
+ - CHAP
+ - MSCHAPv2
- **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
- **Password** The password for the user account specified in User name
- **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md
index 8516293eec..b4d228ce4e 100644
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@@ -19,9 +19,9 @@ Microsoft is dedicated to making its products and services accessible and usable
This topic helps IT administrators learn about built-in accessibility features, and includes a few recommendations for how to support people in your organization who use these features.
## General recommendations
-- **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10.
-- **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings.
-- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
+- **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10.
+- **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings.
+- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
## Vision
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index acef50c475..aed5ac00b0 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -36,12 +36,12 @@ At Microsoft, we use Windows diagnostic data to inform our decisions and focus o
To frame a discussion about diagnostic data, it is important to understand Microsoft’s privacy principles. We earn customer trust every day by focusing on six key privacy principles as described at [privacy.microsoft.com](https://privacy.microsoft.com/). These principles guided the implementation of the Windows diagnostic data system in the following ways:
-- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools.
-- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions.
-- **Security.** We encrypt diagnostic data in transit from your device via TLS 1.2, and additionally use certificate pinning to secure the connection.
-- **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right.
-- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting.
-- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
+- **Control.** We offer customers control of the diagnostic data they share with us by providing easy-to-use management tools.
+- **Transparency.** We provide information about the diagnostic data that Windows and Windows Server collects so our customers can make informed decisions.
+- **Security.** We encrypt diagnostic data in transit from your device via TLS 1.2, and additionally use certificate pinning to secure the connection.
+- **Strong legal protections.** We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right.
+- **No content-based targeting.** We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or emails, through the Windows diagnostic data system. Customer content inadvertently collected is kept confidential and not used for user targeting.
+- **Benefits to you.** We collect Windows diagnostic data to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all our customers.
In previous versions of Windows and Windows Server, Microsoft used diagnostic data to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server, you can control diagnostic data streams by using the Privacy option in Settings, Group Policy, or MDM.
@@ -56,16 +56,16 @@ The release cadence of Windows may be fast, so feedback is critical to its succe
### What is Windows diagnostic data?
Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
-- Keep Windows up to date
-- Keep Windows secure, reliable, and performant
-- Improve Windows – through the aggregate analysis of the use of Windows
-- Personalize Windows engagement surfaces
+- Keep Windows up to date
+- Keep Windows secure, reliable, and performant
+- Improve Windows – through the aggregate analysis of the use of Windows
+- Personalize Windows engagement surfaces
Here are some specific examples of Windows diagnostic data:
-- Type of hardware being used
-- Applications installed and usage details
-- Reliability information on device drivers
+- Type of hardware being used
+- Applications installed and usage details
+- Reliability information on device drivers
### What is NOT diagnostic data?
@@ -96,9 +96,9 @@ There was a version of a video driver that was crashing on some devices running
Windows diagnostic data also helps Microsoft better understand how customers use (or do not use) the operating system’s features and related services. The insights we gain from this data helps us prioritize our engineering effort to directly impact our customers’ experiences. Examples are:
-- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time.
-- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
-- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
+- **Start menu.** How do people change the Start menu layout? Do they pin other apps to it? Are there any apps that they frequently unpin? We use this dataset to adjust the default Start menu layout to better reflect people’s expectations when they turn on their device for the first time.
+- **Cortana.** We use diagnostic data to monitor the scalability of our cloud service, improving search performance.
+- **Application switching.** Research and observations from earlier Windows versions showed that people rarely used Alt+Tab to switch between applications. After discussing this with some users, we learned they loved the feature, saying that it would be highly productive, but they did not know about it previously. Based on this, we created the Task View button in Windows 10 to make this feature more discoverable. Later diagnostic data showed significantly higher usage of this feature.
**These examples show how the use of diagnostic data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md
index 4797029729..3ad1a4a14e 100644
--- a/windows/privacy/gdpr-win10-whitepaper.md
+++ b/windows/privacy/gdpr-win10-whitepaper.md
@@ -105,11 +105,11 @@ A key provision within the GDPR is data protection by design and by default, and
The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
-- Generate, store, and limit the use of cryptographic keys.
+- Generate, store, and limit the use of cryptographic keys.
-- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself.
+- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself.
-- Help to ensure platform integrity by taking and storing security measurements.
+- Help to ensure platform integrity by taking and storing security measurements.
Additional advanced device protection relevant to your operating without data breaches include Windows Trusted Boot to help maintain the integrity of the system by ensuring malware is unable to start before system defenses.
diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md
index 4f007d6da6..ae5da4bba4 100644
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@@ -23,11 +23,11 @@ ms.reviewer:
Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md
index c8c4bffe0c..2ad044d990 100644
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@@ -23,11 +23,11 @@ ms.reviewer:
Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md
index 2f2f90b82d..f574f6409d 100644
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@@ -23,11 +23,11 @@ ms.reviewer:
Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index 5400e152f2..01c084966d 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -22,11 +22,11 @@ ms.date: 5/3/2019
Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
-- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
-- Connecting to email servers to send and receive email.
-- Connecting to the web for every day web browsing.
-- Connecting to the cloud to store and access backups.
-- Using your location to show a weather forecast.
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 1a19c1ea01..e50ae1fdfb 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -34,14 +34,14 @@ The following known issue has been fixed in the [Cumulative Security Update for
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
-- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217)
+- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217)
This issue can potentially lead to unexpected account lockouts. See also Microsoft® Knowledge Base articles [KB4015219](https://support.microsoft.com/help/4015219/windows-10-update-kb4015219) and [KB4015221](https://support.microsoft.com/help/4015221/windows-10-update-kb4015221)
-- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows 10](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview)
+- [KB4033236 Two incorrect logon attempts sent to Active Directory after Windows Defender Credential Guard installed on Windows 10](https://support.microsoft.com/help/4033236/two-incorrect-logon-attempts-sent-to-active-directory-after-credential?preview)
- This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems:
+ This issue can potentially lead to unexpected account lockouts. The issue was fixed in servicing updates for each of the following operating systems:
- Windows 10 Version 1607 and Windows Server 2016:
[KB4015217 (OS Build 14393.1066 and 14393.1083)](https://support.microsoft.com/help/4015217)
@@ -52,30 +52,30 @@ The following known issues have been fixed by servicing releases made available
The following issue affects the Java GSS API. See the following Oracle bug database article:
-- [JDK-8161921: Windows 10 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
+- [JDK-8161921: Windows 10 Windows Defender Credential Guard does not allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
When Windows Defender Credential Guard is enabled on Windows 10, the Java GSS API will not authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and will not provide the TGT session key to applications regardless of registry key settings. For further information see [Application requirements](https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
The following issue affects Cisco AnyConnect Secure Mobility Client:
-- [Blue screen on Windows 10 computers running Windows Defender Device Guard and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
+- [Blue screen on Windows 10 computers running Windows Defender Device Guard and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692) \*
*Registration required to access this article.
The following issue affects McAfee Application and Change Control (MACC):
-- [KB88869 Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) [1]
+- [KB88869 Windows 10 machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kc.mcafee.com/corporate/index?page=content&id=KB88869) [1]
The following issue affects AppSense Environment Manager.
For further information, see the following Knowledge Base article:
-- [Installing AppSense Environment Manager on Windows 10 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) [1] \**
+- [Installing AppSense Environment Manager on Windows 10 machines causes LSAISO.exe to exhibit high CPU usage when Windows Defender Credential Guard is enabled](http://www.appsense.com/kb/160525073917945) [1] \**
The following issue affects Citrix applications:
-- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1]
+- Windows 10 machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. [1]
[1] Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10 or Windows Server 2016 machines to exhibit high CPU usage. For technical and troubleshooting information, see the following Microsoft Knowledge Base article:
-- [KB4032786 High CPU usage in the LSAISO process on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4032786)
+- [KB4032786 High CPU usage in the LSAISO process on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4032786)
For further technical information on LSAISO.exe, see the MSDN article: [Isolated User Mode (IUM) Processes](https://msdn.microsoft.com/library/windows/desktop/mt809132(v=vs.85).aspx)
@@ -86,7 +86,7 @@ For further technical information on LSAISO.exe, see the MSDN article: [Isolated
## Vendor support
See the following article on Citrix support for Secure Boot:
-- [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/)
+- [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/)
Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index a3455dcc67..0379951dbd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -58,10 +58,10 @@ The Windows Defender AV threat severity represents the absolute severity of the
The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization.
So, for example:
-- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred.
-- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat.
-- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
-- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
+- The severity of a Microsoft Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred.
+- An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as "Low" because it may have caused some damage to the individual machine but poses no organizational threat.
+- An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
+- Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
#### Understanding alert categories
We've redefined the alert categories to align to the [enterprise attack tactics](https://attack.mitre.org/tactics/enterprise/) in the [MITRE ATT&CK matrix](https://attack.mitre.org/). New category names apply to all new alerts. Existing alerts will retain the previous category names.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
index ee65c7302f..ef5226c49c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
@@ -45,8 +45,8 @@ Sensitivity labels classify and help protect sensitive content.
Sensitive information types in the Office 365 data loss prevention (DLP) implementation fall under two categories:
-- Default
-- Custom
+- Default
+- Custom
Default sensitive information types include information such as bank account numbers, social security numbers, or national IDs. For more information, see [What the sensitive information type look for](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
index 095c078b1f..9747f2d0ae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@@ -61,8 +61,8 @@ Comment | String | Comment to associate with the action. **Required**.
IsolationType | String | Type of the isolation. Allowed values are: 'Full' or 'Selective'.
**IsolationType** controls the type of isolation to perform and can be one of the following:
-- Full – Full isolation
-- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details)
+- Full – Full isolation
+- Selective – Restrict only limited set of applications from accessing the network (see [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) for more details)
## Response
diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 5bb659b44e..d9cfb97c3f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -96,7 +96,7 @@ The package contains the following folders:
|:---|:---------|
|Autoruns | Contains a set of files that each represent the content of the registry of a known auto start entry point (ASEP) to help identify attacker’s persistency on the machine. NOTE: If the registry key is not found, the file will contain the following message: “ERROR: The system was unable to find the specified registry key or value.” |
|Installed programs | This .CSV file contains the list of installed programs that can help identify what is currently installed on the machine. For more information, see [Win32_Product class](https://go.microsoft.com/fwlink/?linkid=841509). |
-|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections. - ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process. - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces. ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack. - DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections. - IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. - FirewassExecutionLog.txt and pfirewall.log |
+|Network connections | This folder contains a set of data points related to the connectivity information which can help in identifying connectivity to suspicious URLs, attacker’s command and control (C&C) infrastructure, any lateral movement, or remote connections. - ActiveNetConnections.txt – Displays protocol statistics and current TCP/IP network connections. Provides the ability to look for suspicious connectivity made by a process. - Arp.txt – Displays the current address resolution protocol (ARP) cache tables for all interfaces. ARP cache can reveal additional hosts on a network that have been compromised or suspicious systems on the network that night have been used to run an internal attack. - DnsCache.txt - Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. This can help in identifying suspicious connections. - IpConfig.txt – Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. - FirewassExecutionLog.txt and pfirewall.log |
| Prefetch files| Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. - Prefetch folder – Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder. |
| Processes| Contains a .CSV file listing the running processes which provides the ability to identify current processes running on the machine. This can be useful when identifying a suspicious process and its state. |
| Scheduled tasks| Contains a .CSV file listing the scheduled tasks which can be used to identify routines performed automatically on a chosen machine to look for suspicious code which was set to run automatically. |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index f7c9eff384..731963f220 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -75,7 +75,7 @@ The **Sensor health** tile provides information on the individual machine’s ab
There are two status indicators that provide information on the number of machines that are not reporting properly to the service:
-- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
+- **Misconfigured** – These machines might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
- **Inactive** - Machines that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index f981d9c12a..289a76f1c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -296,8 +296,8 @@ You might also need to check the following:
## Licensing requirements
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
- - Windows 10 Enterprise E5
- - Windows 10 Education E5
+ - Windows 10 Enterprise E5
+ - Windows 10 Education E5
- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index 994b79b7b6..b3c05cd9a2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -79,8 +79,8 @@ For more information preview features, see [Preview features](https://docs.micro
Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
- New in Windows 10 version 1809, there are two new attack surface reduction rules:
- - Block Adobe Reader from creating child processes
- - Block Office communication application from creating child processes.
+ - Block Adobe Reader from creating child processes
+ - Block Office communication application from creating child processes.
- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
- Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
@@ -95,8 +95,8 @@ Query data using Advanced hunting in Microsoft Defender ATP.
- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
New attack surface reduction rules:
- - Use advanced protection against ransomware
- - Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+ - Use advanced protection against ransomware
+ - Block credential stealing from the Windows local security authority subsystem (lsass.exe)
- Block process creations originating from PSExec and WMI commands
- Block untrusted and unsigned processes that run from USB
- Block executable content from email client and webmail
diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md
index a9991a6eef..4c7c6be9c8 100644
--- a/windows/security/threat-protection/windows-10-mobile-security-guide.md
+++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md
@@ -22,16 +22,16 @@ ms.date: 10/13/2017
Smartphones now serve as a primary productivity tool for business workers and, just like desktops or laptops, need to be secured against malware and data theft. Protecting these devices can be challenging due to the wide range of device operating systems and configurations and the fact that many employees use their own personal devices. IT needs to secure corporate assets on every device, but also ensure the privacy of the user’s personal apps and data.
Windows 10 Mobile addresses these security concerns directly, whether workers are using personal or corporate-owned devices. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. These technologies include:
-- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods.
-- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps.
-- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices.
+- **Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods.
+- **Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps.
+- **Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices.
This guide helps IT administrators better understand the security features in Windows 10 Mobile, which can be used to improve protection against unauthorized access, data leakage, and malware.
**In this article:**
-- Windows Hello for Business
-- Windows Information Protection
-- Malware resistance
+- Windows Hello for Business
+- Windows Information Protection
+- Malware resistance
## Windows Hello
@@ -56,9 +56,9 @@ To compromise Windows Hello credentials, an attacker would need access to the ph
Biometrics help prevent credential theft and make it easier for users to login to their devices. Users always have their biometric identity with them – there is nothing to forget, lose, or leave behind. Attackers would need to have both access to the user’s device and be able to impersonate the user’s biometric identity to gain access to corporate resources, which is far more difficult than stealing a password.
Windows Hello supports three biometric sensor scenarios:
-- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
-- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
-- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
+- **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
+- **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
+- **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
>Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture.
@@ -87,12 +87,12 @@ Enterprises have seen huge growth in the convergence of personal and corporate d
Inadvertent disclosure is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. It’s easy to imagine that an employee using work email on their personal phone could unintentionally save an attachment containing sensitive company information to personal cloud storage, which could be shared with unauthorized people. This accidental sharing of corporate data is just one example of the challenges common to using mobile devices in the workplace. To prevent this type of data leakage, most solutions require users to login with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity.
Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data secure and personal data private. Because corporate data is always protected, users cannot inadvertently copy it or share it with unauthorized users or apps. Key features include:
-- Automatically tag personal and corporate data.
-- Protect data while it’s at rest on local or removable storage.
-- Control which apps can access corporate data.
-- Control which apps can access a virtual private network (VPN) connection.
-- Prevent users from copying corporate data to public locations.
-- Help ensure business data is inaccessible when the device is in a locked state.
+- Automatically tag personal and corporate data.
+- Protect data while it’s at rest on local or removable storage.
+- Control which apps can access corporate data.
+- Control which apps can access a virtual private network (VPN) connection.
+- Prevent users from copying corporate data to public locations.
+- Help ensure business data is inaccessible when the device is in a locked state.
### Enlightened apps
@@ -101,21 +101,21 @@ Third-party data loss protection solutions usually require developers to wrap th
Windows Information Protection classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data will be encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default.
When you do not want all data encrypted by default – because it would create a poor user experience – developers should consider enlightening apps by adding code and compiling them using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that:
-- Don’t use common controls for saving files.
-- Don’t use common controls for text boxes.
-- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance).
+- Don’t use common controls for saving files.
+- Don’t use common controls for text boxes.
+- Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance).
In many cases, most apps don’t require enlightenment for them to use Windows Information Protection. Simply adding them to the allow list is the only step you need to take. Line-of-Business (LOB) apps are a good example of where this works well because they only handle corporate data.
**When is app enlightenment required?**
-- **Required**
- - App needs to work with both personal and enterprise data.
-- **Recommended**
- - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps.
- - App needs to access enterprise data, while protection under lock is activated.
-- **Not required**
- - App handles only corporate data
- - App handles only personal data
+- **Required**
+ - App needs to work with both personal and enterprise data.
+- **Recommended**
+ - App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps.
+ - App needs to access enterprise data, while protection under lock is activated.
+- **Not required**
+ - App handles only corporate data
+ - App handles only personal data
### Data leakage control
@@ -124,10 +124,10 @@ To configure Windows Information Protection in a Mobile Device Management (MDM)
Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data.
The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set:
-- **Block.** Windows Information Protection blocks users from completing the operation.
-- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
-- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log.
-- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log.
+- **Block.** Windows Information Protection blocks users from completing the operation.
+- **Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
+- **Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log.
+- **Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log.
### Data separation
@@ -140,11 +140,11 @@ Windows Information Protection provides data separation without requiring a cont
Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating systems and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored – even if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device.
You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. The list below shows the policies you can change to customize device encryption on Windows 10 Mobile devices.
-- Cryptography
- - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.
- - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.
-- BitLocker
- - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.
+- Cryptography
+ - Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.
+ - TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.
+- BitLocker
+ - Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.
To help make the device even more secured against outside interference, Windows 10 Mobile also now includes protection-under-lock. That means that encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is in a locked state, so hackers and malware have no way to find and co-opt keys. Everything is locked up tight with the TPM until the user unlocks the device with Windows Hello.
@@ -230,9 +230,9 @@ A Trusted Platform Module (TPM) is a tamper-resistant cryptographic module that
A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling a reliable report of the software used to start a platform.
The following list describes key functionality that a TPM provides in Windows 10 Mobile:
-- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
-- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
-- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM.
+- **Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
+- **Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
+- **Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM.
Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. When the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since then, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection, as well as the ability to plug-in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
@@ -241,9 +241,9 @@ Many assume that original equipment manufacturers (OEMs) must implant a TPM in h
>Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](https://technet.microsoft.com/library/dn915086.aspx)
Several Windows 10 Mobile security features require TPM:
-- Virtual smart cards
-- Measured Boot
-- Health attestation (requires TPM 2.0 or later)
+- Virtual smart cards
+- Measured Boot
+- Health attestation (requires TPM 2.0 or later)
Still other features will use the TPM if it is available. For example, Windows Hello does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Windows Hello.
@@ -312,9 +312,9 @@ Malware depends on its ability to insert a malicious payload into memory with th
The heap is a location in memory that Windows uses to store dynamic application data. Microsoft continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that an attacker could use.
Windows 10 Mobile has made several important improvements to the security of the heap over previous versions of Windows:
-- Internal data structures that the heap uses are better protected against memory corruption.
-- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable.
-- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
+- Internal data structures that the heap uses are better protected against memory corruption.
+- Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable.
+- Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
### Memory reservations
@@ -342,9 +342,9 @@ The security policy of a specific AppContainer defines the operating system capa
A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. Access to other capabilities can be declared within the app code itself. Unlike traditional desktop applications, access to additional capabilities and privileges cannot be requested at run time.
The AppContainer concept is advantageous because it provides:
-- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
-- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
-- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types.
+- **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
+- **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Microsoft Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
+- **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types.
Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Microsoft Store displays the permissions that the app requires along with the app’s age rating and publisher.
@@ -355,9 +355,9 @@ The combination of Device Guard and AppContainer help to prevent unauthorized ap
The web browser is a critical component of any security strategy. It is the user’s interface to the Internet, an environment teeming with malicious sites and potentially dangerous content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways:
-- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability.
-- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
-- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
+- **Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability.
+- **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
+- **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
## Summary