Merge branch 'master' into ConfigRebrand-Eleven

.openpublishing.redirection.json

@@ -58,7 +58,7 @@
 {
 "source_path": "devices/surface/manage-surface-pro-3-firmware-updates.md",
 "redirect_url": "https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates",
-"redirect_document_id": true
+"redirect_document_id": false
 },
 {
 "source_path": "devices/surface/update.md",
@@ -15577,6 +15577,11 @@
 "redirect_document_id": false
 },
 {
+"source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md",
+"redirect_url": "/surface/manage-surface-driver-and-firmware-updates",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/deployment/planning/windows-10-1809-removed-features.md",
 "redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features",
 "redirect_document_id": false

devices/surface/TOC.md

@@ -28,7 +28,7 @@
 ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
 ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
 ### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
-### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
+### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
 ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
 ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
 ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
@@ -40,13 +40,14 @@
 
 ## Manage
 
+### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
 ### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md)
 ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
 ### [Surface Dock Firmware Update](surface-dock-firmware-update.md)
 ### [Battery Limit setting](battery-limit.md)
 ### [Surface Brightness Control](microsoft-surface-brightness-control.md)
 ### [Surface Asset Tag](assettag.md)
-### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
+
 
 ## Secure
 ### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)

devices/surface/change-history-for-surface.md

@@ -18,6 +18,12 @@ ms.date: 10/21/2019
 
 This topic lists new and updated topics in the Surface documentation library.
 
+## January 2020
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)| Updated with the latest information and links to related articles.|
+
+
 ## October 2019
 
 | **New or changed topic** | **Description** |
@@ -37,7 +43,7 @@ This topic lists new and updated topics in the Surface documentation library.
 | **New or changed topic** | **Description** |
 | ------------------------ | --------------- |
 | [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md)             | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. |
-| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)              | Updated to reflect minor changes in the file naming convention for Surface MSI files. |
+| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)            | Updated to reflect minor changes in the file naming convention for Surface MSI files. |
 
 
 ## July 2019
@@ -76,14 +82,14 @@ New or changed topic | Description
 --- | ---
 [Surface Brightness Control](microsoft-surface-brightness-control.md) | New
 [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2  |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Studio 2  |
 
 
 ## November 2018
 
 New or changed topic | Description
 --- | ---
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6  |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Pro 6  |
 [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New
 [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New
 [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New
@@ -93,7 +99,7 @@ New or changed topic | Description
 New or changed topic | Description
 --- | ---
 [Battery Limit setting](battery-limit.md) | New
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO  |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface GO  |
 
 ## May 2018
 
@@ -121,7 +127,7 @@ New or changed topic | Description
 
 |New or changed topic | Description |
 | --- | --- |
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information  |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information  |
 
 ## October 2017
 
@@ -160,7 +166,7 @@ New or changed topic | Description
 
 |New or changed topic | Description |
 | --- | --- |
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)  | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
 
 ## November 2016
 

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -1,105 +0,0 @@
----
-title: Deploy the latest firmware and drivers for Surface devices (Surface)
-description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
-ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
-ms.reviewer: dansimp
-manager: kaushika
-keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: dansimp
-ms.audience: itpro
-ms.date: 11/25/2019
-ms.author: dansimp
-ms.topic: article
----
-
-# Deploy the latest firmware and drivers for Surface devices
-
-> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
-
-Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows.
-
-## Downloading MSI files
-
-[Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface) provides links to download installation files for the following:
-
-- Administrative tools
-- Drivers for accessories
-- For some devices, updates for Windows
-
-## Deploying MSI files
-
-Specific versions of Windows 10 have separate MSI files. Each MSI file contains all required cumulative driver and firmware updates for Surface devices.
-
-The MSI file names contain useful information, including the minimum supported Windows build number that is required to install the drivers and firmware. For example, to install the drivers that are contained in SurfaceBook_Win10_17763_19.080.2031.0.msi on a Surface Book, the device must be running Windows 10 Fall Creators Update, version 1709 or later.
-
-For more information about build numbers for each Windows version, see [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
-
-### Surface MSI naming convention
-
-Beginning in August, 2019, MSI files have used the following naming convention:
-
-> *Product*\_*Windows release*\_*Windows build number*\_*Version number*\_*Revision of version number (typically zero)*.
-
-**Example**
-
-Consider the following MSI file:
-
-> SurfacePro6_Win10_18362_19.073.44195_0.msi
-
-This file name provides the following information:
-
-- **Product:** SurfacePro6
-- **Windows release:** Win10
-- **Build:** 18362
-- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows:
-  - **Year:** 19 (2019)
-  - **Month and week:** 073 (third week of July)
-  - **Minute of the month:** 44195
-- **Revision of version:** 0 (first release of this version)
-
-### Legacy Surface MSI naming convention
-
-Legacy MSI files (files that were built before August, 2019) followed the same overall naming formula, but used a different method to derive the version number.  
-
-**Example**
-
-Consider the following MSI file:
-
-> SurfacePro6_Win10_16299_1900307_0.msi
-
-This file name provides the following information:
-
-- **Product:** SurfacePro6
-- **Windows release:** Win10
-- **Build:** 16299
-- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows:
-  - **Year:** 19 (2019)
-  - **Number of release:** 003 (third release of the year)
-  - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
-- **Revision of version:** 0 (first release of this version)
-
-Use the **version** number to determine the latest files that contain the most recent security updates. For example, consider the following list:
-
-- SurfacePro6_Win10_16299_1900307_0.msi
-- SurfacePro6_Win10_17134_1808507_3.msi
-- SurfacePro6_Win10_17763_1808707_3.msi
-
-In this list, the newest file is the first file (SurfacePro6_Win10_16299_1900307_0.msi). Its **Version** field has the newest date (2019). The other files are from 2018.
-
-## Supported devices
-
-For downloadable MSI files for devices that run Surface Pro 2 and later versions, see [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). This article contains information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3, as they are released.  
-
-> [!NOTE]  
-> There are no downloadable firmware or driver updates available for Surface devices that run Windows RT, including Surface RT and Surface 2. To update these devices, use Windows Update.
-
-For more information about how to deploy Surface drivers and firmware, see the following articles:
-
-- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
-
-- [Surface for Business help](https://www.microsoft.com/surface/support/business)

devices/surface/get-started.md

@@ -46,9 +46,10 @@ Harness the power of Surface, Windows, and Office connected together through the
                     </div>
                     <div class="cardText">
                         <h3>Deploy</h3>
+                         <p><a href="manage-surface-driver-and-firmware-updates.md">Manage and deploy Surface driver and firmware updates</a></p>
                         <p><a href="windows-autopilot-and-surface-devices.md">Autopilot and Surface devices</a></p>
                         <p><a href="surface-pro-arm-app-management.md">Deploying, managing, and servicing Surface Pro X</a></p>
-                        <p><a href="deploy-the-latest-firmware-and-drivers-for-surface-devices.md">Deploy the latest firmware and drivers</a></p>
+                      
                     </div>
                 </div>
             </div>

devices/surface/maintain-optimal-power-settings-on-Surface-devices.md

@@ -28,12 +28,12 @@ low power idle state (S0ix).
 
 To ensure Surface devices across your organization fully benefit from Surface power optimization features:
 
--  Install the latest  drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings.  For more information, refer to [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+-  Install the latest  drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings.  For more information, refer to [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md).
 - Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI  (**System** > **Power & sleep**).
 - If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. 
 
->[!NOTE]
+    >[!NOTE]
->You can only export a power plan across the same type of Surface device.  For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro.  For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings).
+    >You can only export a power plan across the same type of Surface device.  For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro.  For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings).
 
 - Exclude Surface devices from any existing power management policy settings. 
 
@@ -166,7 +166,7 @@ To learn more, see:
 | Check app usage | Your apps | Close apps.|
 | Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.|
 
-# Learn more 
+## Learn more 
 
 - [Modern
     standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources)
@@ -178,4 +178,4 @@ To learn more, see:
 
 - [Battery
     saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
-- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
+- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)

devices/surface/microsoft-surface-deployment-accelerator.md

@@ -80,7 +80,7 @@ For environments where the SDA server will not be able to connect to the Interne
 
 *Figure 2. Specify a local source for Surface driver and app files*
 
-You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
+You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
 
 >[!NOTE]
 >Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.

devices/surface/surface-pro-arm-app-management.md

@@ -73,7 +73,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep
 
 - Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
 - If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). 
-- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+- For more information about deploying and managing updates on Surface devices, see [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md).
 - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
 
 ## Running apps on Surface Pro X

windows/client-management/mdm/applicationcontrol-csp.md

@@ -1,11 +1,13 @@
 ---
 title: ApplicationControl CSP
 description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server.
+keywords: whitelisting, security, malware
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: ManikaDhiman
+ms.reviewer: jsuther1974
 ms.date: 05/21/2019
 ---
 
@@ -62,6 +64,7 @@ This node specifies whether a policy is actually loaded by the enforcement engin
 Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
+
 - True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system.
 - False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default.
 
@@ -71,6 +74,7 @@ This node specifies whether a policy is deployed on the system and is present on
 Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
+
 - True — Indicates that the policy is deployed on the system and is present on the physical machine.
 - False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default.
 
@@ -80,6 +84,7 @@ This node specifies whether the policy is authorized to be loaded by the enforce
 Scope is dynamic. Supported operation is Get.
 
 Value type is bool. Supported values are as follows:
+
 - True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
 - False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default.
 
@@ -112,24 +117,43 @@ Scope is dynamic. Supported operation is Get.
 
 Value type is char.
 
-## Usage guidance  
+## Microsoft Endpoint Manager (MEM) Intune Usage Guidance  
 
-To use ApplicationControl CSP, you must:
+For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune)
-- Know a generated policy’s GUID, which can be found in the policy xml as `<PolicyTypeID>`.
-- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
 
-If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy via uploading the binary file.
+## Non-Intune Usage Guidance
+
+In order to leverage the ApplicationControl CSP without using Intune, you must:
+
+1. Know a generated policy’s GUID, which can be found in the policy xml as <PolicyID> or <PolicyTypeID> for pre-1903 systems.
+2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
+3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool.
+
+Below is a sample certutil invocation:
+
+```cmd
+certutil  -encode WinSiPolicy.p7b WinSiPolicy.cer
+```
+
+An alternative to using certutil would be to use the following PowerShell invocation:
+
+```powershell
+[Convert]::toBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
+```
+
+### Deploy Policies
 
-### Deploy policies
 To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
 
 To deploy base policy and supplemental policies:
-- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy.
+
-- Repeat for each base or supplemental policy (with its own GUID and data).
+1. Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy.
+2. Repeat for each base or supplemental policy (with its own GUID and data).
 
 The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD).
 
-**Example 1: Add first base policy**
+#### Example 1: Add first base policy
+
 ```xml
 <Add>
     <CmdID>1</CmdID>
@@ -144,7 +168,9 @@ The following example shows the deployment of two base policies and a supplement
     </Item>
 </Add>
 ```
-**Example 2: Add second base policy**
+
+#### Example 2: Add second base policy
+
 ```xml
 <Add>
     <CmdID>1</CmdID>
@@ -159,7 +185,9 @@ The following example shows the deployment of two base policies and a supplement
     </Item>
 </Add>
 ```
-**Example 3: Add supplemental policy**
+
+#### Example 3: Add supplemental policy
+
 ```xml
 <Add>
     <CmdID>1</CmdID>
@@ -174,6 +202,7 @@ The following example shows the deployment of two base policies and a supplement
     </Item>
 </Add>
 ```
+
 ### Get policies
 
 Perform a GET using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it.
@@ -191,6 +220,7 @@ The following table displays the result of Get operation on different nodes:
 |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy|
 
 The following is an example of Get command:
+
 ```xml
  <Get>
     <CmdID>1</CmdID>
@@ -203,17 +233,28 @@ The following is an example of Get command:
 ```
 
 ### Delete policies
+
+#### Rebootless Deletion
+
+Upon deletion, policies deployed via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot.
+
+#### Unsigned Policies
+
 To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**.
 
-> [!Note]
+#### Signed Policies
->  Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy.
+
+> [!NOTE]
+> A signed policy by default can only be replaced by another signed policy. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy.
 
 To delete a signed policy:
+
 1. Replace it with a signed update allowing unsigned policy.
-2. Deploy another update with unsigned policy.
+2. Deploy another update with unsigned Allow All policy.
 3. Perform delete.
 
 The following is an example of Delete command:
+
 ```xml
    <Delete>
      <CmdID>1</CmdID>

windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md

@@ -35,7 +35,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
 > [!NOTE]
 > -   Bulk-join is not supported in Azure Active Directory Join.
 > -   Bulk enrollment does not work in Intune standalone environment.
-> -   Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
+> -   Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
 > -   To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
 
 ## What you need

windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md

@@ -15,7 +15,7 @@ ms.date: 06/26/2017
 # Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
 
 
-Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using System Center Configuration Manager.
+Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using Microsoft Endpoint Configuration Manager.
 
 Here is a table of update path to Windows 10 Mobile.
 
@@ -79,7 +79,7 @@ Down the road, after the upgrade to Windows 10 is complete, if you decide to pus
 **Requirements:**
 
 -   The test device must be same as the other production devices that are receiving the updates.
--   Your test device must be enrolled with System Center Configuration Manager.
+-   Your test device must be enrolled with Microsoft Endpoint Configuration Manager.
 -   Your device can connect to the Internet.
 -   Your device must have an SD card with at least 0.5 GB of free space.
 -   Ensure that the settings app and PhoneUpdate applet are available via Assigned Access.
@@ -93,7 +93,7 @@ The following diagram is a high-level overview of the process.
 
 Define the baseline update set that will be applied to other devices. Use a device that is running the most recent image as the test device.
 
-Trigger the device to check for updates either manually or using System Center Configuration Manager.
+Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager.
 
 **Manually**
 
@@ -104,19 +104,19 @@ Trigger the device to check for updates either manually or using System Center C
 > **Note**  There is a bug in all OS versions up to GDR2 where the CSP will not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device.
 
 
-**Using System Center Configuration Manager**
+**Using Microsoft Endpoint Configuration Manager**
 
 1.  Remotely trigger a scan of the test device by deploying a Trigger Scan Configuration Baseline.
 
-    ![device scan using sccm](images/windowsembedded-update2.png)
+    ![device scan using Configuration Manager](images/windowsembedded-update2.png)
 
 2.  Set the value of this OMA-URI by browsing to the settings of this Configuration Item and selecting the newly created Trigger Scan settings from the previous step.
 
-    ![device scan using sccm](images/windowsembedded-update3.png)
+    ![device scan using Configuration Manager](images/windowsembedded-update3.png)
 
 3.  Ensure that the value that is specified for this URI is greater than the value on the device(s) and that the Remediate noncompliant rules when supported option is checked. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
 
-    ![device scan using sccm](images/windowsembedded-update4.png)
+    ![device scan using Configuration Manager](images/windowsembedded-update4.png)
 
 4.  Create a Configuration Baseline for TriggerScan and Deploy. It is recommended that this Configuration Baseline be deployed after the Controlled Updates Baseline has been applied to the device (the corresponding files are deployed on the device through a device sync session).
 5.  Follow the prompts for downloading the updates, but do not install the updates on the device.
@@ -132,16 +132,16 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
 
 1.  Create a Configuration Item using ConfigMgr to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml.
 
-    > **Note**  In System Center Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
+    > **Note**  In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
 
     If the XML file is greater than 32K you can also use ./Vendor/MSFT/FileSystem/<*filename*>.
 2.  Set a baseline for this Configuration Item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
 
     The dummy value is not be set; it is only used for comparison.
-3.  After the report XML is sent to the device, System Center Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
+3.  After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
 4.  Parse this log for the report XML content.
 
-For a step-by-step walkthrough, see [How to retrieve a device update report using System Center Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-system-center-configuration-manager-logs).
+For a step-by-step walkthrough, see [How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
 
 **Post-GDR1: Retrieve the report xml file using an SD card**
 
@@ -228,7 +228,7 @@ This process has three parts:
 1.  Create a configuration item and specify that file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
 2.  Check the box **Remediate noncompliant settings**.
 
-    ![embedded device upate](images/windowsembedded-update21.png)
+    ![embedded device update](images/windowsembedded-update21.png)
 
 3.  Click **OK**.
 
@@ -238,11 +238,11 @@ This process has three parts:
 1.  Create a configuration baseline item and give it a name (such as ControlledUpdates).
 2.  Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then click **OK**.
 
-    ![embedded device upate](images/windowsembedded-update22.png)
+    ![embedded device update](images/windowsembedded-update22.png)
 
 3.  Deploy the configuration baseline to the appropriate device or device collection.
 
-    ![embedded device upate](images/windowsembedded-update23.png)
+    ![embedded device update](images/windowsembedded-update23.png)
 
 4.  Click **OK**.
 
@@ -252,7 +252,7 @@ Now that the other "production" or "in-store" devices have the necessary informa
 
 ### Use this process for unmanaged devices
 
-If the update policy of the device is not managed or restricted by System Center Configuration Manager, an update process can be initiated on the device in one of the following ways:
+If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways:
 
 -   Initiated by a periodic scan that the device automatically performs.
 -   Initiated manually through **Settings** -> **Phone Update** -> **Check for Updates**.
@@ -261,14 +261,14 @@ If the update policy of the device is not managed or restricted by System Center
 
 If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways:
 
--   Trigger the device to scan for updates through System Center Configuration Manager.
+-   Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager.
 
     Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline.
 
     > **Note**  Ensure that the PhoneUpdateRestriction Policy is set to a value of 0, to ensure that the device will not perform an automatic scan.
 
 
--   Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in System Center Configuration Manager.
+-   Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager.
 
 After the installation of updates is completed, the IT Admin can use the DUReport generated in the production devices to determine if the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2).
 
@@ -456,7 +456,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
 ```
 
 <a href="" id="how-to-retrieve"></a>
-## How to retrieve a device update report using System Center Configuration Manager logs
+## How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs
 
 Use this procedure for pre-GDR1 devices.
 
@@ -465,17 +465,17 @@ Use this procedure for pre-GDR1 devices.
 1.  Trigger a device scan. Go to **Settings** -&gt; **Phone Update** -&gt; **Check for Updates**.
 
     Since the DUReport settings have not been remedied, you should see a non-compliance.
-2.  In System Center Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
+2.  In Microsoft Endpoint Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
 3.  Select **Create Configuration Item**.
 
-    ![device update using sccm](images/windowsembedded-update5.png)
+    ![device update using Configuration Manager](images/windowsembedded-update5.png)
 4.  Enter a filename (such as GetDUReport) and then choose **Mobile Device**.
 5.  In the **Mobile Device Settings** page, check the box **Configure Additional Settings that are not in the default settings group**, and the click **Next**.
 
-    ![device update using sccm](images/windowsembedded-update6.png)
+    ![device update using Configuration Manager](images/windowsembedded-update6.png)
 6.  In the **Additional Settings** page, click **Add**.
 
-    ![device update using sccm](images/windowsembedded-update7.png)
+    ![device update using Configuration Manager](images/windowsembedded-update7.png)
 7.  In the **Browse Settings** page, click **Create Setting**.
 
     ![device update](images/windowsembedded-update8.png)

windows/client-management/mdm/mdm-enrollment-of-windows-devices.md

@@ -279,7 +279,7 @@ There are a few instances where your device may not be able to connect to work,
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Your device is already connected to your organization’s cloud.                                                                                                                             | Your device is already connected to either Azure AD, a work or school account, or an AD domain.     |
 | We could not find your identity in your organization’s cloud.                                                                                                                              | The username you entered was not found on your Azure AD tenant.                                     |
-| Your device is already being managed by an organization.                                                                                                                                   | Your device is either already managed by MDM or System Center Configuration Manager.                |
+| Your device is already being managed by an organization.                                                                                                                                   | Your device is either already managed by MDM or Microsoft Endpoint Configuration Manager.                |
 | You don’t have the right privileges to perform this operation. Please talk to your admin.                                                                                                  | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. |
 | We couldn’t auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
 
@@ -359,7 +359,7 @@ The **Info** button can be found on work or school connections involving MDM. Th
 
 Clicking the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You’ll be able to view your organization’s support information (if configured) on this page. You’ll also be able to start a sync session which will force your device to communicate to the MDM server and fetch any updates to policies if needed.
 
-Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screehshot.
+Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
 
 ![work or school info](images/unifiedenrollment-rs1-35-b.png)
 

windows/client-management/mdm/policy-ddf-file.md

@@ -1657,10 +1657,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
 Default setting:  Disabled or not configured
 Related policies: Allow Developer Tools
 Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
 - How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager  (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
             <DFFormat>
               <chr/>
@@ -11034,10 +11034,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
 Default setting:  Disabled or not configured
 Related policies: Allow Developer Tools
 Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
 - How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager  (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
             <DFFormat>
               <chr/>
@@ -23032,10 +23032,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
 Default setting:  Disabled or not configured
 Related policies: Allow Developer Tools
 Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
 - How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager  (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
             <DFFormat>
               <chr/>
@@ -51686,10 +51686,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
 Default setting:  Disabled or not configured
 Related policies: Allow Developer Tools
 Related Documents:
-- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
 - How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
 - How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
-- Manage apps from the Microsoft Store for Business with System Center Configuration Manager  (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager  (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
 - How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
             <DFFormat>
               <chr/>

windows/client-management/windows-10-mobile-and-mdm.md

@@ -37,7 +37,7 @@ Windows 10 supports end-to-end device lifecycle management to give companies con
 ## Deploy
 
 Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which Mobile Device Management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced.
-Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or System Center Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
+Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or Microsoft Endpoint Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
 
 ### <a href="" id="deployment-scenarios"></a>Deployment scenarios
 
@@ -187,7 +187,6 @@ Azure AD is a cloud-based directory service that provides identity and access ma
 
 **Mobile Device Management**
 Microsoft [Intune](https://www.microsoft.com/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
-You can also integrate Intune with Configuration Manager to gain a single console for managing all devices in the cloud and on premises, mobile or PC. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](https://technet.microsoft.com/library/jj884158.aspx). For guidance on choosing between a stand-alone Intune installation and Intune integrated with System Center Configuration Manager, see Choose between Intune by itself or integrating Intune with System Center Configuration Manager.
 Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](https://azure.microsoft.com/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
 
 >**Note:** Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
@@ -280,7 +279,7 @@ Employees are usually allowed to change certain personal device settings that yo
 
 *Applies to: Corporate devices*
 
-Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi Fi. You can use hardware restrictions to control the availability of these features.
+Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can use hardware restrictions to control the availability of these features.
 
 The following lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
 
@@ -303,12 +302,12 @@ The following lists the MDM settings that Windows 10 Mobile supports to configur
 
 *Applies to: Personal and corporate devices*
 
-Certificates help improve security by providing account authentication, Wi Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation.
+Certificates help improve security by providing account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation.
 To install certificates manually, you can post them on Microsoft Edge website or send them directly via email, which is ideal for testing purposes.
 Using SCEP and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device (as long as the MDM system supports the Simple Certificate Enrollment Protocol (SCEP) or Personal Information Exchange (PFX)). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
 In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings.
 Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](/windows/access-protection/installing-digital-certificates-on-windows-10-mobile).
-Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
+Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidentally.
 
 > **Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Microsoft Store. This Windows 10 Mobile app can help you:
 > -   View a summary of all personal certificates
@@ -322,11 +321,11 @@ Use the Allow Manual Root Certificate Installation setting to prevent users from
 
 *Applies to: Corporate and personal devices*
 
-Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
+Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
 You can create multiple Wi-Fi profiles in your MDM system. The below table lists the Windows 10 Mobile Wi Fi connection profile settings that can be configured by administrators.
 
--   **SSID** The case-sensitive name of the Wi Fi network Service Set Identifier
+-   **SSID** The case-sensitive name of the Wi-Fi network Service Set Identifier
--   **Security type** The type of security the Wi Fi network uses; can be one of the following authentication types:
+-   **Security type** The type of security the Wi-Fi network uses; can be one of the following authentication types:
     -   Open 802.11
     -   Shared 802.11
     -   WPA-Enterprise 802.11
@@ -341,13 +340,13 @@ You can create multiple Wi-Fi profiles in your MDM system. The below table lists
 -   **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication
 -   **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication
 -   **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.
--   **Proxy** The configuration of any network proxy that the Wi Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
+-   **Proxy** The configuration of any network proxy that the Wi-Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
--   **Disable Internet connectivity checks** Whether the Wi Fi connection should check for Internet connectivity
+-   **Disable Internet connectivity checks** Whether the Wi-Fi connection should check for Internet connectivity
 -   **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file
 -   **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled
 
 In addition, you can set a few device wide Wi-Fi settings.
--   **Allow Auto Connect to Wi Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi  networks
+-   **Allow Auto Connect to Wi-Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi  networks
 -   **Allow Manual Wi-Fi Configuration** Whether the user can manually configure Wi-Fi  settings
 -   **Allow Wi-Fi** Whether the Wi-Fi hardware is enabled
 -   **Allow Internet Sharing** Allow or disallow Internet sharing
@@ -958,7 +957,7 @@ DHA-enabled device management solutions help IT managers create a unified securi
 
 For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](/windows/device-security/windows-10-mobile-security-guide).
 
-Thisis a lists of attributes that are supported by DHA and can trigger the corrective actions mentioned above.
+This is a list of attributes that are supported by DHA and can trigger the corrective actions mentioned above.
 -   **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK).
 -   **Data Execution Prevention (DEP) enabled** Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.
 -   **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.

windows/configuration/TOC.md

@@ -141,7 +141,7 @@
 ### [Administering UE-V](ue-v/uev-administering-uev.md)
 #### [Manage Configurations for UE-V](ue-v/uev-manage-configurations.md)
 ##### [Configuring UE-V with Group Policy Objects](ue-v/uev-configuring-uev-with-group-policy-objects.md)
-##### [Configuring UE-V with System Center Configuration Manager](ue-v/uev-configuring-uev-with-system-center-configuration-manager.md)
+##### [Configuring UE-V with Microsoft Endpoint Configuration Manager](ue-v/uev-configuring-uev-with-system-center-configuration-manager.md)
 ##### [Administering UE-V with Windows PowerShell and WMI](ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md)
 ###### [Managing the UE-V Service and Packages with Windows PowerShell and WMI](ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md)
 ###### [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)

windows/configuration/cortana-at-work/cortana-at-work-overview.md

@@ -45,7 +45,7 @@ Cortana requires the following hardware and software to successfully run the inc
 |Client operating system |<ul><li>**Desktop:** Windows 10, version 1703</li><li>**Mobile:** Windows 10 Mobile, version 1703 (with limited functionality)</li> |
 |Azure Active Directory (Azure AD) |While all employees signing into Cortana need an Azure AD account; an Azure AD premium tenant isn’t required. |
 |Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana, but won't turn Cortana off.<p>For example:<p>If you turn **Location** off, Cortana won't be able to provide location-based reminders, such as reminding you to visit the mail room when you get to work.<p>If you turn **Speech** off, your employees won't be able to use “Hello Cortana” for hands free usage or voice commands to easily ask for help. |
-|Windows Information Protection (WIP) (optional) |If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)<p>If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft System Center Configuration Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.|
+|Windows Information Protection (WIP) (optional) |If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)<p>If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Configuration Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.|
 
 ## Signing in using Azure AD
 Your organization must have an Azure AD tenant and your employees’ devices must all be Azure AD-joined for Cortana to work properly. For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [What is an Azure AD directory?](https://msdn.microsoft.com/library/azure/jj573650.aspx)

windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md

@@ -36,7 +36,7 @@ To enable voice commands in Cortana
 
     - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Activate a background app in Cortana using voice commands](https://docs.microsoft.com/cortana/voice-commands/launch-a-background-app-with-voice-commands-in-cortana).
 
-2.	**Install the VCD file on employees' devices**. You can use System Center Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
+2.	**Install the VCD file on employees' devices**. You can use Microsoft Endpoint Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
 
 ## Test scenario: Use voice commands in a Microsoft Store app
 While these aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.

windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md

@@ -42,7 +42,7 @@ CSPs are behind many of the management tasks and policies for Windows 10, both i
 
 ![how intune maps to csp](../images/policytocsp.png)
 
-CSPs receive configuration policies in the XML-based SyncML format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as System Center Configuration Manager, can also target CSPs, by using a client-side WMI-to-CSP bridge.
+CSPs receive configuration policies in the XML-based SyncML format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side WMI-to-CSP bridge.
 
 ### Synchronization Markup Language (SyncML)
 

windows/configuration/provisioning-packages/provisioning-create-package.md

@@ -71,7 +71,7 @@ You use Windows Configuration Designer to create a provisioning package (.ppkg)
    | Common to Windows 10 Team edition |    Common settings and settings specific to Windows 10 Team     | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) |
 
 
-5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning packge to import to your project, and then click **Finish**.
+5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning package to import to your project, and then click **Finish**.
 
 >[!TIP]
 >**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.
@@ -148,7 +148,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 - Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
-- [How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://docs.microsoft.com/sccm/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
+- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
 
 ## Related topics
 

windows/configuration/provisioning-packages/provisioning-packages.md

@@ -112,7 +112,7 @@ The following table provides some examples of settings that you can configure us
 |          Start menu customization          |                                           Start menu layout, application pinning                                            |
 |                   Other                    |                     Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on                     |
 
-\* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices.
+\* Using a provisioning package for auto-enrollment to Microsoft Endpoint Configuration Manager is not supported. Use the Configuration Manager console to enroll devices.
 
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
@@ -136,7 +136,7 @@ Windows ICD in Windows 10, version 1607, supported the following scenarios for I
 
 * **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
 
-    * System Center Configuration Manager and Microsoft Intune hybrid (certificate-based enrollment) 
+    * Microsoft Intune (certificate-based enrollment) 
     * AirWatch (password-string based enrollment) 
     * Mobile Iron (password-string based enrollment) 
     * Other MDMs (cert-based enrollment) 

windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
-title: Configuring UE-V with System Center Configuration Manager
+title: Configuring UE-V with Microsoft Endpoint Configuration Manager
-description: Configuring UE-V with System Center Configuration Manager 
+description: Configuring UE-V with Microsoft Endpoint Configuration Manager 
 author: dansimp
 ms.pagetype: mdop, virtualization
 ms.mktglfcycl: deploy
@@ -14,12 +14,12 @@ ms.topic: article
 ---
 
 
-# Configuring UE-V with System Center Configuration Manager 
+# Configuring UE-V with Microsoft Endpoint Configuration Manager 
 
 **Applies to**
 -   Windows 10, version 1607
 
-After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager (2012 SP1 or later) to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of Microsoft Endpoint Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
 
 ## UE-V Configuration Pack supported features
 

windows/configuration/ue-v/uev-deploy-required-features.md

@@ -117,7 +117,7 @@ You can configure UE-V before, during, or after you enable the UE-V service on u
 
     Windows Server 2012 and Windows Server 2012 R2
 
--   [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+-   [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of Microsoft Endpoint Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
 
 -   [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service.
 

windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md

@@ -222,7 +222,7 @@ After you create a settings location template with the UE-V template generator,
 
 You can deploy settings location templates using of these methods:
 
--   An electronic software distribution (ESD) system such as System Center Configuration Manager
+-   An electronic software distribution (ESD) system such as Microsoft Endpoint Configuration Manager
 
 -   Group Policy preferences
 

windows/configuration/ue-v/uev-manage-configurations.md

@@ -27,11 +27,11 @@ You can use Group Policy Objects to modify the settings that define how UE-V syn
 
 [Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md)
 
-## Configuring UE-V with System Center Configuration Manager
+## Configuring UE-V with Microsoft Endpoint Configuration Manager
 
-You can use System Center Configuration Manager to manage the UE-V service by using the UE-V Configuration Pack.
+You can use Microsoft Endpoint Configuration Manager to manage the UE-V service by using the UE-V Configuration Pack.
 
-[Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
+[Configuring UE-V with Microsoft Endpoint Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
 
 ## Administering UE-V with PowerShell and WMI
 

windows/configuration/ue-v/uev-prepare-for-deployment.md

@@ -267,9 +267,9 @@ For more information, see the [Windows Application List](uev-managing-settings-l
 
 If you are deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
 
-Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including System Center Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
+Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Endpoint Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
 
-For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md).
+For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with Microsoft Endpoint Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md).
 
 ### Prevent unintentional user settings configuration
 
@@ -362,7 +362,7 @@ The UE-V service synchronizes user settings for devices that are not always conn
 
 Enable this configuration using one of these methods:
 
-- After you enable the UE-V service, use the Settings Management feature in System Center Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
+- After you enable the UE-V service, use the Settings Management feature in Microsoft Endpoint Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
 
 - Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
 

windows/deployment/TOC.md

@@ -35,7 +35,7 @@
 
 ### [Windows 10 deployment test lab](windows-10-poc.md)
 #### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-#### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
+#### [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
 
 ### [Plan for Windows 10 deployment](planning/index.md)
 #### [Windows 10 Enterprise FAQ for IT Pros](planning/windows-10-enterprise-faq-itpro.md)
@@ -267,7 +267,7 @@
 ### Use Windows Server Update Services
 #### [Deploy Windows 10 updates using Windows Server Update Services](update/waas-manage-updates-wsus.md)
 #### [Enable FoD and language pack updates in Windows Update](update/fod-and-lang-packs.md)
-### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)
+### [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md)
 ### [Manage device restarts after updates](update/waas-restart.md)
 ### [Manage additional Windows Update settings](update/waas-wu-settings.md)
 ### [Determine the source of Windows updates](update/windows-update-sources.md)

windows/deployment/change-history-for-deploy-windows-10.md

@@ -8,7 +8,8 @@ ms.author: greglin
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
@@ -46,7 +47,7 @@ New or changed topic | Description
 ## April 2017
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | Updated: The "refresh" and "replace" procedures were swapped in order so that it would not be necessary to save and restore VMs. Also a missing step was added to include the State migration point role. | 
+| [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) | Updated: The "refresh" and "replace" procedures were swapped in order so that it would not be necessary to save and restore VMs. Also a missing step was added to include the State migration point role. | 
 | [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)| Updated with minor fixes. |
 | [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)| Updated child topics under this node to include new feature and user interface changes. |
 | [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)| Added a table summarizing connection scenarios under the Enable data sharing topic. |
@@ -61,7 +62,7 @@ The topics in this library have been updated for Windows 10, version 1703 (also
 |----------------------|-------------|
 | [What's new in Windows 10 deployment](deploy-whats-new.md) | New | 
 | [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) | Topic moved under [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) in the table of contents and title adjusted to clarify in-place upgrade. | 
-| [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md) | Topic moved under [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) in the table of contents and title adjusted to clarify in-place upgrade. | 
+| [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md) | Topic moved under [Deploy Windows 10 with Microsoft Endpoint Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) in the table of contents and title adjusted to clarify in-place upgrade. | 
 | [Convert MBR partition to GPT](mbr-to-gpt.md) | New | 
 
 ## February 2017
@@ -84,7 +85,7 @@ The topics in this library have been updated for Windows 10, version 1703 (also
 |----------------------|-------------|
 | [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New | 
 | [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New | 
-| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | New | 
+| [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) | New | 
 | [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) | New (previously published in other topics) | 
 | [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package) | New (previously published in Hardware Dev Center on MSDN) | 
 | [Create a provisioning package with multivariant settings](/windows/configuration/provisioning-packages/provisioning-multivariant) | New (previously published in Hardware Dev Center on MSDN) | 

windows/deployment/deploy-m365.md

@@ -10,7 +10,8 @@ ms.sitesec: library
 ms.pagetype: deploy
 keywords: deployment, automate, tools, configure, mdt, sccm, M365
 ms.localizationpriority: medium
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ms.collection: M365-modern-desktop
 ---
@@ -30,8 +31,8 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
 - Windows Autopilot
 - In-place upgrade
 - Deploying Windows 10 upgrade with Intune
-- Deploying Windows 10 upgrade with System Center Configuration Manager
+- Deploying Windows 10 upgrade with Microsoft Endpoint Configuration Manager
-- Deploying a computer refresh with System Center Configuration Manager
+- Deploying a computer refresh with Microsoft Endpoint Configuration Manager
 
 ## Free trial account
 

windows/deployment/deploy-whats-new.md

@@ -49,7 +49,7 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
 
 ## Windows 10 servicing and support
 
-- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon! 
+- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
 - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
@@ -157,7 +157,7 @@ For more information, see the following guides:
 
 - [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
+- [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
 
 
 ## Troubleshooting guidance

windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md

@@ -10,7 +10,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
@@ -22,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-Operating system images are typically the production image used for deployment throughout the organization. This topic shows you how to add a Windows 10 operating system image created with Microsoft System Center 2012 R2 Configuration Manager, and how to distribute the image to a distribution point.
+Operating system images are typically the production image used for deployment throughout the organization. This topic shows you how to add a Windows 10 operating system image created with Microsoft Endpoint Configuration Manager, and how to distribute the image to a distribution point.
 
 For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard, as the distribution point. CM01 is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). Our image is named REFW10-X64-001.wim. For details on building this image, please see [Create a Windows 10 reference image](../deploy-windows-mdt/create-a-windows-10-reference-image.md).
 

windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

@@ -24,8 +24,8 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
 In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
 

windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: Microsoft System Center 2012 R2 Configuration Manager can create custom Windows Preinstallation Environment (Windows PE) boot images with extra features.
+description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -23,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
+In Microsoft Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
 
 For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Create an app to deploy with Windows 10 using Configuration Manager
-description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
+description: Microsoft Microsoft Endpoint Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
 ms.reviewer: 
 manager: laurawi
@@ -23,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for  Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in System Center 2012 R2 Configuration Manager that you later configure the task sequence to use.
+Microsoft Endpoint Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Endpoint Configuration Manager that you later configure the task sequence to use.
 
 For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
-description: In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences.
+description: In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences.
 ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
 ms.reviewer: 
 manager: laurawi
@@ -10,7 +10,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
@@ -22,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001.
+In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001.
 
 For the purposes of this topic, we will use two additional machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. DC01, CM01, and PC0001 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows 10 with System Center 2012 R2 Configuration Manager (Windows 10)
+title: Deploy Windows 10 with Microsoft Endpoint Configuration Manager (Windows 10)
-description: If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10.
+description: If you have Microsoft Endpoint Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10.
 ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
 ms.reviewer: 
 manager: laurawi
@@ -10,11 +10,12 @@ ms.prod: w10
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
-# Deploy Windows 10 with System Center 2012 R2 Configuration Manager
+# Deploy Windows 10 with Microsoft Endpoint Configuration Manager
 
 
 **Applies to**
@@ -22,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
 
-If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT).
+If you have Microsoft Endpoint Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT).
 
 For the purposes of this topic, we will use four machines: DC01, CM01, PC0003, and PC0004. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 standard. PC0003 and PC0004 are machines with Windows 7 SP1, on which Windows 10 will be deployed via both refresh and replace scenarios. In addition to these four ready-made machines, you could also include a few blank virtual machines to be used for bare-metal deployments. DC01, CM01, PC003, and PC0004 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md

@@ -23,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
+This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft Endpoint Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
 
 For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md

@@ -23,14 +23,14 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. You will also use the Deployment Workbench to access the computer remotely via the Microsoft Diagnostics and Recovery Toolkit (DaRT) Remote Connection feature.
+In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft Endpoint Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. You will also use the Deployment Workbench to access the computer remotely via the Microsoft Diagnostics and Recovery Toolkit (DaRT) Remote Connection feature.
 
 For the purposes of this topic, we will use four machines: DC01, CM01, and PC0001. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0001 is a Unified Extensible Firmware Interface (UEFI) machine to which Windows 10 Enterprise has been deployed. DC01, CM01, and PC0001 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 
-To monitor an operating system deployment conducted through System Center 2012 R2 Configuration Manager, you will use the Deployment Workbench in MDT as follows:
+To monitor an operating system deployment conducted through  Microsoft Endpoint Configuration Manager, you will use the Deployment Workbench in MDT as follows:
 
 1.  On CM01, using the Deployment Workbench, expand **MDT Production**, and use the **Monitoring** node to view the deployment process (press **F5** to refresh).
 

windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md

@@ -23,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
+This topic will walk you through the process of integrating Microsoft Endpoint Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
 
 ## Prerequisites
 
@@ -45,7 +45,7 @@ In this topic, you will use an existing Configuration Manager server structure t
 
 -   A Configuration Manager console folder structure for packages has been created.
 
--   System Center 2012 R2 Configuration Manager SP1 and any additional Windows 10 prerequisites are installed.
+-   Microsoft Endpoint Configuration Manager and any additional Windows 10 prerequisites are installed.
 
 For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. DC01 and CM01 are both members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md

@@ -23,12 +23,12 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
+This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft Endpoint Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
 
-A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
+A computer refresh with Microsoft Endpoint Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
 
 1.  Data and settings are backed up locally in a backup folder.
 

windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
 title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
-description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager.
+description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
 ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
 ms.reviewer: 
 manager: laurawi
@@ -10,7 +10,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
@@ -22,10 +23,10 @@ ms.topic: article
 -   Windows 10 versions 1507, 1511
 
 >[!IMPORTANT]
->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
+>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). 
->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
+>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10).
 
-In this topic, you will learn how to replace a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the machine, you have to run the backup job separately from the deployment of Windows 10.
+In this topic, you will learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the machine, you have to run the backup job separately from the deployment of Windows 10.
 
 For the purposes of this topic, we will use three machines: DC01, CM01, and PC0004. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0004 is a machine with Windows 7 SP1 that will be replaced with a new machine running Windows 10. DC01, CM01, and PC0004 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 

windows/deployment/deploy.md

@@ -28,10 +28,10 @@ Windows 10 upgrade options are discussed and information is provided about plann
 |[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
 |[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
 |[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
-|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
+|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md). |
 |[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
-|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
+|[Deploy Windows 10 with Microsoft Endpoint Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft Endpoint Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
 |[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
 |[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
 

windows/deployment/index.yml

@@ -10,8 +10,7 @@ metadata:
   ms.localizationpriority: high
   author: greg-lindsay
   ms.author: greglin
-  manager: elizapo
+  manager: laurawi
-  ms.date: 02/09/2018
   ms.topic: article
   ms.devlang: na
 
@@ -35,11 +34,11 @@ sections:
       image:
         src: https://docs.microsoft.com/media/common/i_upgrade.svg
       title: Windows as a service
-    - href: update/windows-analytics-overview
+    - href: windows-autopilot/windows-autopilot
-      html: <p>Windows Analytics provides deep insights into your Windows 10 environment.</p>
+      html: <p>Windows Autopilot greatly simplifies deployment of Windows devices</p>
       image:
-        src: https://docs.microsoft.com/media/common/i_investigate.svg
+        src: https://docs.microsoft.com/media/common/i_delivery.svg
-      title: Windows Analytics
+      title: Windows Autopilot
 - title:
 - items:
   - type: markdown

windows/deployment/mbr-to-gpt.md

@@ -6,11 +6,13 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.date: 02/13/2018
 ms.reviewer: 
 manager: laurawi
-ms.audience: itpro
author: greg-lindsay
+ms.audience: itpro
+author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
 ---
@@ -73,7 +75,7 @@ If any of these checks fails, the conversion will not proceed and an error will
 |/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. |
 |/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as that used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
 |/logs:\<logDirectory\>| Specifies the directory where MBR2GPT.exe logs should be written. If not specified, **%windir%** is used. If specified, the directory must already exist, it will not be automatically created or overwritten.|
-|/map:\<source\>=\<destination\>| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexidecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
+|/map:\<source\>=\<destination\>| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexadecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
 |/allowFullOS| By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment. <br>**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it cannot be reused. In this case, a new ESP is created by shrinking the OS partition.|
 
 ## Examples
@@ -409,7 +411,7 @@ When you start a Windows 10, version 1903-based computer in the Windows Preinsta
 
 **Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool.
 
-**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a System Center Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
+**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a Microsoft Endpoint Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
 
 #### Cause
 

windows/deployment/planning/act-technical-reference.md

@@ -34,7 +34,7 @@ Use Windows Analytics to get:
 - Guidance and insights into application and driver compatibility issues, with suggested fixes 
 - Data driven application rationalization tools
 - Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-- Data export to commonly used software deployment tools, including System Center Configuration Manager
+- Data export to commonly used software deployment tools, including Microsoft Endpoint Configuration Manager
 
 The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
 

windows/deployment/planning/prepare-your-organization-for-windows-to-go.md

@@ -55,7 +55,7 @@ The following scenarios are examples of situations in which Windows To Go worksp
 
 -   **Managed free seating.** The employee is issued a Windows To Go drive that is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return they use the same USB flash drive but use a different host computer.
 
--   **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including System Center Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work, which caches the employee’s credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
+-   **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Endpoint Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work, which caches the employee’s credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
 
 -   **Travel lightly.** In this situation you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
 

windows/deployment/planning/windows-10-deprecated-features.md

@@ -57,7 +57,7 @@ The features described below are no longer being actively developed, and might b
 |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
 |Trusted Platform Module (TPM): TPM.msc and TPM Remote Management  | To be replaced by a new user interface in a future release. | 1709 |
 |Trusted Platform Module (TPM) Remote Management |This functionality within TPM.msc will be migrated to a new user interface. | 1709 |
-|Windows Hello for Business deployment that uses System Center Configuration Manager   |Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
+|Windows Hello for Business deployment that uses Microsoft Endpoint Configuration Manager   |Windows Server 2016 Active Directory Federation Services – Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
 |Windows PowerShell 2.0  | Applications and components should be migrated to PowerShell 5.0+. | 1709 |
 |Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 |
 |Tile Data Layer | The [Tile Data Layer](https://docs.microsoft.com/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 |

windows/deployment/planning/windows-10-enterprise-faq-itpro.md

@@ -6,12 +6,14 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.date: 08/18/2017
 ms.reviewer: 
 manager: laurawi
 ms.author: greglin
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ---
 
@@ -44,7 +46,7 @@ Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [Tech
 For many devices, drivers will be automatically installed in Windows 10 and there will be no need for additional action.
 - For some devices, Windows 10 may be unable to install drivers that are required for operation. If your device drivers are not automatically installed, visit the manufacturer’s support website for your device to download and manually install the drivers. If Windows 10 drivers are not available, the most up-to-date drivers for Windows 8.1 will often work in Windows 10.
 - For some devices, the manufacturer may provide more up-to-date drivers or drivers that enable additional functionality than the drivers installed by Windows 10. Always follow the recommendations of the device manufacturer for optimal performance and stability.
-- Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft System Center Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
+- Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
     - [HP driver pack](http://www8.hp.com/us/en/ads/clientmanagement/drivers-pack.html)
     - [Dell driver packs for enterprise client OS deployment](http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
     - [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/documents/ht074984)
@@ -64,12 +66,12 @@ Many existing Win32 and Win64 applications already run reliably on Windows 10 wi
 
 Updated versions of Microsoft deployment tools, including MDT, Configuration Manager, and the Windows Assessment and Deployment Kit (Windows ADK) have been released to support Windows 10.
 - [MDT](https://www.microsoft.com/mdt) is Microsoft’s recommended collection of tools, processes, and guidance for automating desktop and server deployment.
-- Configuration Manager simplifies the deployment and management of Windows 10. If you are not currently using Configuration Manager, you can download a free 180-day trial of [System Center Configuration Manager and Endpoint Protection (current branch)](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) from the TechNet Evaluation Center.
+- Configuration Manager simplifies the deployment and management of Windows 10. If you are not currently using Configuration Manager, you can download a free 180-day trial of [Microsoft Endpoint Configuration Manager and Endpoint Protection (current branch)](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) from the TechNet Evaluation Center.
 - The [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit#winADK) has tools that allow you to customize Windows images for large-scale deployment, and test system quality and performance. You can download the latest version of the Windows ADK for Windows 10 from the Hardware Dev Center.
 
 ### Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
 
-Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with System Center Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit).
+Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit).
 
 ### Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
 
@@ -97,7 +99,7 @@ There are many tools are available. You can choose from these:
 - Windows Update
 - Windows Update for Business
 - Windows Server Update Services
-- System Center Configuration Manager
+- Microsoft Endpoint Configuration Manager
 
 For more information on pros and cons for these tools, see [Servicing Tools](/windows/deployment/update/waas-overview#servicing-tools).
 

windows/deployment/planning/windows-10-infrastructure-requirements.md

@@ -50,7 +50,7 @@ For System Center Configuration Manager, Windows 10 support is offered with var
 
 
 > [!NOTE]
-> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require System Center Configuration Manager current branch for supported management. 
+> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require Microsoft Endpoint Configuration Manager current branch for supported management. 
  
 
 For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
@@ -58,7 +58,7 @@ For more details about System Center Configuration Manager support for Windows
 ## Management tools
 
 
-In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
+In addition to Microsoft Endpoint Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
 
 No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
 

windows/deployment/planning/windows-to-go-frequently-asked-questions.md

@@ -165,7 +165,7 @@ Yes, if the user has administrator permissions they can self-provision a Windows
 ## <a href="" id="wtg-faq-mng"></a>How can Windows To Go be managed in an organization?
 
 
-Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
+Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Endpoint Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
 
 ## <a href="" id="wtf-faq-startup"></a>How do I make my computer boot from USB?
 

windows/deployment/planning/windows-to-go-overview.md

@@ -56,7 +56,7 @@ The applications that you want to use from the Windows To Go workspace should be
 
 ## <a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go
 
-Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
+Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Endpoint Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
 
 These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
 

windows/deployment/update/PSFxWhitepaper.md

@@ -72,7 +72,7 @@ numerous advantages:
 
 Historically, download sizes of Windows 10 quality updates (Windows 10, version 1803 and older supported versions of Windows 10) are optimized by using express download. Express download is optimized such that updating Windows 10 systems will download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
 
-For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), System Center Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
+For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
 
 The flip side of express download is that the size of PSF files can be very large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they are unable to leverage express updates to keep their fleet of devices running Windows 10 up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it is only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.
 

windows/deployment/update/feature-update-mission-critical.md

@@ -19,7 +19,7 @@ ms.topic: article
 
 **Applies to**: Windows 10
 
-Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the System Center Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates. 
+Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the Microsoft Endpoint Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates. 
 
 For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, please see [Using Windows 10 servicing plans to deploy Windows 10 feature updates](waas-manage-updates-configuration-manager.md#use-windows-10-servicing-plans-to-deploy-windows-10-feature-updates). 
 

windows/deployment/update/index.md

@@ -41,12 +41,12 @@ Windows as a service provides a new way to think about building, deploying, and
 | [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
 | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
 | [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
-| [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates.  |
+| [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates.  |
 | [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
 | [Manage additional Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
 | [Windows Insider Program for Business](waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |
 
 >[!TIP]
->Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as System Center Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows.
+>Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as Microsoft Endpoint Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows.
 >With each release of a new feature update for CB, Microsoft makes available new .iso files for use in updating your custom images. Each Windows 10 build has a finite servicing lifetime, so it’s important that images stay up to date with the latest build. For detailed information about how to deploy Windows 10 to bare-metal machines or to upgrade to Windows 10 from previous builds of Windows, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). Additionally, Windows 10 clients can move from any supported version of Windows 10 (i.e. Version 1511) to the latest version directly (i.e 1709).
 

windows/deployment/update/waas-branchcache.md

@@ -20,7 +20,7 @@ ms.topic: article
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it’s easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. 
+BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it’s easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. 
 
 - Distributed Cache mode operates like the [Delivery Optimization](waas-delivery-optimization.md) feature in Windows 10: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file. 
 
@@ -39,7 +39,7 @@ In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization
 
 ## Configure servers for BranchCache
 
-You can use WSUS and Configuration Manager with BranchCache in Distributed Cache mode. BranchCache in Distributed Cache mode is easy to configure for both WSUS and System Center Configuration Manager. 
+You can use WSUS and Configuration Manager with BranchCache in Distributed Cache mode. BranchCache in Distributed Cache mode is easy to configure for both WSUS and Microsoft Endpoint Configuration Manager. 
 
 For a step-by-step guide to configuring BranchCache on Windows Server devices, see the [BranchCache Deployment Guide (Windows Server 2012)](https://technet.microsoft.com/library/jj572990) or [BranchCache Deployment Guide (Windows Server 2016)](https://technet.microsoft.com/windows-server-docs/networking/branchcache/deploy/branchcache-deployment-guide).
 

windows/deployment/update/waas-configure-wufb.md

@@ -190,7 +190,7 @@ Starting with Windows 10, version 1709, you can set policies to manage preview b
 The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
 * MDM: **Update/ManagePreviewBuilds**
-* System Center Configuration Manager: **Enable dual scan, manage through Windows Update for Business policy**
+* Microsoft Endpoint Configuration Manager: **Enable dual scan, manage through Windows Update for Business policy**
 
 >[!IMPORTANT]
 >This policy replaces the "Toggle user control over Insider builds" policy under that is only supported up to Windows 10, version 1703. You can find the older policy here:
@@ -273,5 +273,5 @@ When a device running a newer version sees an update available on Windows Update
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)

windows/deployment/update/waas-delivery-optimization.md

@@ -24,7 +24,7 @@ ms.topic: article
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization can accomplish this because it is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization in conjunction with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or System Center Configuration Manager (when installation of Express Updates is enabled).  
+Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization can accomplish this because it is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization in conjunction with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Configuration Manager (when installation of Express Updates is enabled).  
 
 Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet.
 
@@ -190,5 +190,5 @@ If you suspect this is the problem, try a Telnet test between two devices on the
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)

windows/deployment/update/waas-deployment-rings-windows-10-updates.md

@@ -56,7 +56,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is
 | ![done](images/checklistdone.png) | Build deployment rings for Windows 10 updates (this topic) |
 | ![to do](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 ## Related topics
 

windows/deployment/update/waas-integrate-wufb.md

@@ -1,6 +1,6 @@
 ---
 title: Integrate Windows Update for Business (Windows 10)
-description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and System Center Configuration Manager.
+description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -21,7 +21,7 @@ ms.topic: article
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and System Center Configuration Manager.
+You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
 
 ## Integrate Windows Update for Business with Windows Server Update Services
 
@@ -85,7 +85,7 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 >[!NOTE]
 > Because the admin enabled **Update/AllowMUUpdateService**, placing the content on WSUS was not needed for the particular device, as the device will always receive Microsoft Update content from Microsoft when configured in this manner.
 
-## Integrate Windows Update for Business with System Center Configuration Manager
+## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
 
 For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (i.e. setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
 
@@ -109,6 +109,6 @@ For more information, see [Integration with Windows Update for Business in Windo
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)
 

windows/deployment/update/waas-manage-updates-configuration-manager.md

@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows 10 updates via System Center Configuration Manager
+title: Deploy Windows 10 updates via Microsoft Endpoint Configuration Manager
-description: System Center Configuration Manager provides maximum control over quality and feature updates for Windows 10.
+description: Microsoft Endpoint Configuration Manager provides maximum control over quality and feature updates for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
@@ -11,7 +11,7 @@ manager: laurawi
 ms.topic: article
 ---
 
-# Deploy Windows 10 updates using System Center Configuration Manager
+# Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager
 
 
 **Applies to**
@@ -25,21 +25,21 @@ ms.topic: article
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
 
 
-System Center Configuration Manager provides maximum control over quality and feature updates for Windows 10. Unlike other servicing tools, Configuration Manager has capabilities that extend beyond servicing, such as application deployment, antivirus management, software metering, and reporting, and provides a secondary deployment method for LTSB clients. Configuration Manager can effectively control bandwidth usage and content distribution through a combination of BranchCache and distribution points. Microsoft encourages organizations currently using Configuration Manager for Windows update management to continue doing so for Windows 10 client computers.
+Microsoft Endpoint Configuration Manager provides maximum control over quality and feature updates for Windows 10. Unlike other servicing tools, Configuration Manager has capabilities that extend beyond servicing, such as application deployment, antivirus management, software metering, and reporting, and provides a secondary deployment method for LTSB clients. Configuration Manager can effectively control bandwidth usage and content distribution through a combination of BranchCache and distribution points. Microsoft encourages organizations currently using Configuration Manager for Windows update management to continue doing so for Windows 10 client computers.
 
 You can use Configuration Manager to service Windows 10 devices in two ways. The first option is to use Windows 10 Servicing Plans to deploy Windows 10 feature updates automatically based on specific criteria, similar to an Automatic Deployment Rule for software updates. The second option is to use a task sequence to deploy feature updates, along with anything else in the installation. 
 
 >[!NOTE]
->This topic focuses on updating and upgrading Windows 10 after it has already been deployed. To use Configuration Manager to upgrade your systems from the Windows 8.1, Windows 8, or Windows 7 operating system, see [Upgrade to Windows 10 with System Center Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager).
+>This topic focuses on updating and upgrading Windows 10 after it has already been deployed. To use Configuration Manager to upgrade your systems from the Windows 8.1, Windows 8, or Windows 7 operating system, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager).
 
 ## Windows 10 servicing dashboard
 
-The Windows 10 servicing dashboard gives you a quick-reference view of your active servicing plans, compliance for servicing plan deployment, and other key information about Windows 10 servicing. For details about what each tile on the servicing dashboard represents, see [Manage Windows as a service using System Center Configuration Manager](https://technet.microsoft.com/library/mt627931.aspx).
+The Windows 10 servicing dashboard gives you a quick-reference view of your active servicing plans, compliance for servicing plan deployment, and other key information about Windows 10 servicing. For details about what each tile on the servicing dashboard represents, see [Manage Windows as a service using Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627931.aspx).
 
 For the Windows 10 servicing dashboard to display information, you must adhere to the following requirements: 
 
 - **Heartbeat discovery**. Enable heartbeat discovery for the site receiving Windows 10 servicing information. Configuration for heartbeat discovery can be found in Administration\Overview\Hierarchy Configuration\Discovery Methods.
-- **Windows Server Update Service (WSUS)**. System Center Configuration Manager must have the Software update point site system role added and configured to receive updates from a WSUS 4.0 server with the hotfix KB3095113 installed.
+- **Windows Server Update Service (WSUS)**. Microsoft Endpoint Configuration Manager must have the Software update point site system role added and configured to receive updates from a WSUS 4.0 server with the hotfix KB3095113 installed.
 - **Service connection point**. Add the Service connection point site system role in Online, persistent connection mode.
 - **Upgrade classification**. Select **Upgrade** from the list of synchronized software update classifications.
 
@@ -143,7 +143,7 @@ After you have updated the membership, this new collection will contain all mana
 
 ## Use Windows 10 servicing plans to deploy Windows 10 feature updates
 
-There are two ways to deploy Windows 10 feature updates with System Center Configuration Manager. The first is to use servicing plans, which provide an automated method to update devices consistently in their respective deployment rings, similar to Automatic Deployment Rules for software updates. 
+There are two ways to deploy Windows 10 feature updates with Microsoft Endpoint Configuration Manager. The first is to use servicing plans, which provide an automated method to update devices consistently in their respective deployment rings, similar to Automatic Deployment Rules for software updates. 
 
 **To configure Windows feature updates for CBB clients in the Ring 4 Broad business users deployment ring using a servicing plan**
 
@@ -160,7 +160,7 @@ There are two ways to deploy Windows 10 feature updates with System Center Confi
     >
     >![This is a high-risk deployment](images/waas-sccm-fig9.png) 
     >
-    >For details about how to manage the settings for high-risk deployments in Configuration Manager, see [Settings to manage high-risk deployments for System Center Configuration Manager](https://technet.microsoft.com/library/mt621992.aspx).
+    >For details about how to manage the settings for high-risk deployments in Configuration Manager, see [Settings to manage high-risk deployments for Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt621992.aspx).
 
 5. On the **Deployment Ring** page, select the **Business Ready (Current Branch for Business)** readiness state, leave the delay at **0 days**, and then click **Next**.
 
@@ -213,9 +213,6 @@ Each time Microsoft releases a new Windows 10 build, it releases a new .iso file
 
     In this example, the Windows 10 Enterprise 1607 installation media is deployed to \\contoso-cm01\Sources\Operating Systems\Windows 10 Enterprise\Windows 10 Enterprise - Version 1607.
 
-    >[!NOTE]
-    >System Center Configuration Manager version 1606 is required to manage machines running Windows 10, version 1607.
-    
 4. On the **General** page, in the **Name** field, type the name of the folder (**Windows 10 Enterprise - Version 1607** in this example). Set the **Version** to **1607**, and then click **Next**.
 
 5. On the **Summary** page, click **Next** to create the package.
@@ -303,11 +300,11 @@ With the task sequence created, you’re ready to deploy it. If you’re using t
 | ![done](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![done](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or Deploy Windows 10 updates using System Center Configuration Manager (this topic) |
+| ![done](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager (this topic) |
 
 ## See also
 
-[Manage Windows as a service using System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/manage-windows-as-a-service)
+[Manage Windows as a service using Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/manage-windows-as-a-service)
 
 
 ## Related topics

windows/deployment/update/waas-manage-updates-wsus.md

@@ -24,7 +24,7 @@ ms.topic: article
 >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy or the registry. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
 
 
-WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that System Center Configuration Manager provides.
+WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Configuration Manager provides.
 
 When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows 10 client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 10. 
 
@@ -331,7 +331,7 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 | ![done](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![done](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows 10 updates using Windows Server Update Services (this topic)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![done](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows 10 updates using Windows Server Update Services (this topic)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 
 
@@ -351,5 +351,5 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)

windows/deployment/update/waas-manage-updates-wufb.md

@@ -118,7 +118,7 @@ For more information about Update Compliance, see [Monitor Windows Updates using
 | ![done](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![done](images/checklistdone.png) | Deploy updates using Windows Update for Business (this topic) </br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![done](images/checklistdone.png) | Deploy updates using Windows Update for Business (this topic) </br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 ## Related topics
 - [Update Windows 10 in the enterprise](index.md)
@@ -135,7 +135,7 @@ For more information about Update Compliance, see [Monitor Windows Updates using
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)
 
 

windows/deployment/update/waas-mobile-updates.md

@@ -70,7 +70,7 @@ Only the following Windows Update for Business policies are supported for Window
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)
 
 

windows/deployment/update/waas-optimize-windows-10-updates.md

@@ -33,7 +33,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10.
     >[!NOTE]
     >Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
 
-    Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
+    Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
 
 </br></br>
 
@@ -43,9 +43,9 @@ Two methods of peer-to-peer content distribution are available in Windows 10.
 | BranchCache | ![no](images/crossmark.png) | ![no](images/crossmark.png) |![yes](images/checkmark.png) | ![yes](images/checkmark.png) |
 
 > [!NOTE]
-> System Center Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use System Center Configuration Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/client-peer-cache).
+> Microsoft Endpoint Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use Microsoft Endpoint Configuration Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](https://docs.microsoft.com/configmgr/core/plan-design/hierarchy/client-peer-cache).
 >
-> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with System Center Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in System Center Configuration Manager](https://docs.microsoft.com/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
+> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with Microsoft Endpoint Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
 
 ## Express update delivery
 
@@ -55,7 +55,7 @@ Windows 10 quality update downloads can be large because every package contains
 > Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business.
 
 ### How Microsoft supports Express
-- **Express on System Center Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
+- **Express on Microsoft Endpoint Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
 - **Express on WSUS Standalone**
 
   Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).
@@ -93,7 +93,7 @@ At this point, the download is complete and the update is ready to be installed.
 | ![done](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this topic) |
-| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 
 ## Related topics

windows/deployment/update/waas-overview.md

@@ -112,7 +112,7 @@ The concept of servicing channels is new, but organizations can use the same man
 
 In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Starting with Windows 10, version 1607, more servicing tools that can delay feature updates for up to 365 days are available. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
 
-When Microsoft officially releases a feature update for Windows 10, it is made available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
+When Microsoft officially releases a feature update for Windows 10, it is made available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
 
 
 Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases.  All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release.
@@ -163,9 +163,9 @@ There are many tools with which IT pros can service Windows as a service. Each o
 - **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 device.
 - **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
 - **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
-- **System Center Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
+- **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
 
-With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses System Center Configuration Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1.
+With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses Microsoft Endpoint Configuration Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1.
 
 **Table 1**
 
@@ -190,7 +190,7 @@ With all these options, which an organization chooses depends on the resources,
 | ![to do](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![to do](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 
 

windows/deployment/update/waas-quick-start.md

@@ -48,7 +48,7 @@ See [Assign devices to servicing channels for Windows 10 updates](waas-servicing
 
 ## Staying up to date
 
-The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. A variety of management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, System Center Configuration Manager, and third-party products) can be used to help with this process. [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
+The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. A variety of management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and third-party products) can be used to help with this process. [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
 
 Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
 

windows/deployment/update/waas-servicing-channels-windows-10-updates.md

@@ -178,7 +178,7 @@ By enabling the Group Policy setting under **Computer Configuration\Administrati
 | ![done](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done](images/checklistdone.png) | Assign devices to servicing channels for Windows 10 updates (this topic) |
 | ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 ## Related topics
 

windows/deployment/update/waas-servicing-differences.md

@@ -87,7 +87,7 @@ Moving to the cumulative model for legacy OS versions continues to improve predi
 Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month’s B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month’s B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
 
 > [!NOTE]
-> Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as System Center Configuration Manager that rely on it, will not see preview updates for older versions of Windows 10.
+> Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as Microsoft Endpoint Configuration Manager that rely on it, will not see preview updates for older versions of Windows 10.
 
 > [!NOTE]
 > Preview updates for Windows 10 are not named differently than their LCU counterparts and do not contain the word 'Preview'. They can be identified by their release date (C or D week) and their classification as non-security updates.

windows/deployment/update/waas-servicing-strategy-windows-10-updates.md

@@ -32,7 +32,7 @@ Windows 10 spreads the traditional deployment effort of a Windows upgrade, which
 - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
 - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
 - **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
-- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or System Center Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
+- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
 - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md). 
 
 >[!NOTE]
@@ -56,7 +56,7 @@ Each time Microsoft releases a Windows 10 feature update, the IT department shou
 | ![to do](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
 | ![to do](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
 | ![to do](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
-| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) |
+| ![to do](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md) |
 
 
 ## Related topics

windows/deployment/update/waas-wufb-group-policy.md

@@ -138,7 +138,7 @@ We recommend that you set up a ring to receive preview builds by joining the Win
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)
 
 

windows/deployment/update/waas-wufb-intune.md

@@ -282,7 +282,7 @@ You have now configured the **Ring 4 Broad business users** deployment ring to r
 - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
+- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](waas-manage-updates-configuration-manager.md)
 - [Manage device restarts after updates](waas-restart.md)
 
 

windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

@@ -73,7 +73,7 @@ If devices are not showing up as expected, find a representative device and foll
 5. Check the output of the script in the command window and/or log **UA_dateTime_machineName.txt** to ensure that all steps were completed successfully.
 6. If you are still seeing errors you can't diagnose, then consider open a support case with Microsoft Support through your regular channel and provide this information.
 
-If you want to check a large number of devices, you should run the latest script at scale from your management tool of choice (for example, System Center Configuration Manager) and check the results centrally.
+If you want to check a large number of devices, you should run the latest script at scale from your management tool of choice (for example, Microsoft Endpoint Configuration Manager) and check the results centrally.
 
 If you think the issue might be related to a network proxy, check "Enable data sharing" section of the [Enrolling devices in Windows Analytics](windows-analytics-get-started.md) topic. Also see [Understanding connectivity scenarios and the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog.
 
@@ -284,12 +284,12 @@ Beyond the cost of Windows operating system licenses, there is no additional cos
 Note that different Azure Log Analytics plans have different data retention periods, and the Windows Analytics solutions inherit the workspace's data retention policy. So, for example, if your workspace is on the free plan then Windows Analytics will retain the last week's worth of "daily snapshots" that are collected in the workspace.
 
 
-### Why do SCCM and Upgrade Readiness show different counts of devices that are ready to upgrade?
+### Why do Microsoft Endpoint Configuration Manager and Upgrade Readiness show different counts of devices that are ready to upgrade?
-System Center Configuration Manager (SCCM) considers a device ready to upgrade if *no installed app* has an upgrade decision of “not ready” (that is, they are all "ready" or "in progress"), while Upgrade Readiness considers a device ready to upgrade only if *all* installed apps are marked “ready”.
+Microsoft Endpoint Configuration Manager considers a device ready to upgrade if *no installed app* has an upgrade decision of “not ready” (that is, they are all "ready" or "in progress"), while Upgrade Readiness considers a device ready to upgrade only if *all* installed apps are marked “ready”.
 
 Currently, you can choose the criteria you wish to use:
-- To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector).
+- To use the Configuration Manager criteria, create the collection of devices ready to upgrade within the Configuration Manager console (using the analytics connector).
-- To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet.
+- To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the Configuration Manager collection from that spreadsheet.
 
 ### How does Upgrade Readiness collect the inventory of devices and applications?
 For details about this process and some tips, see [How does Upgrade Readiness in WA collects application inventory for your OMS workspace?](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586) on the Windows Analytics blog.

windows/deployment/windows-autopilot/user-driven.md

@@ -28,7 +28,7 @@ Windows Autopilot user-driven mode is designed to enable new Windows 10 devices
 
 After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization.  Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available.
 
-Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory.  Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release.  See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
+Today, Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices.  See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options.
 
 ## Available user-driven modes
 

windows/privacy/diagnostic-data-viewer-overview.md

@@ -149,3 +149,20 @@ The **Review problem reports** tool opens, showing you your Windows Error Report
 
 ![View problem reports tool with report statuses](images/control-panel-problem-reports-screen.png)
 
+## Known Issues with Diagnostic Data Viewer
+
+### Microsoft Edge diagnostic data appearing as a blob of text
+
+**Applicable to:** The new Microsoft Edge (v. 79.x.x.x or higher)
+
+**Issue:** In some cases, diagnostic data collected and sent from the New Microsoft Edge fails to be translated by the decoder. When decoding fails, the data appears as a blob of text in the Diagnostic Data Viewer. We are working on a fix for this issue.
+
+**Workaround:**
+
+- Restart your computer and open Diagnostic Data Viewer.
+
+*OR*
+
+- Restart the *DiagTrack* service, through the Services tab in task manager, and open Diagnostic Data Viewer.
+
+**Background:** Some of the diagnostic data collected from the new Microsoft Edge is sent using a Protocol Buffers (protobuf) to reduce network bandwidth and to improve data transfer efficiency. Diagnostic Data Viewer has a decoding capability to translate this protobuf format into human readable text. Due to a bug, sometimes the decoder fails to translate these protobuf messages and hence some of the New Microsoft Edge diagnostic data will appear as a blob of encoded text.

windows/release-information/resolved-issues-windows-10-1903.yml

@@ -37,7 +37,6 @@ sections:
       <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
       <tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
       <tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
-      <tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
       <tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
@@ -54,8 +53,6 @@ sections:
       <tr><td><div id='236msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.<br><br><a href = '#236msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
       <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
-      <tr><td><div id='227msg'></div><b>Display brightness may not respond to adjustments</b><br>Devices configured with certain Intel display drivers may experience a driver compatibility issue.<br><br><a href = '#227msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
-      <tr><td><div id='249msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#249msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
       </table>
       "
 
@@ -116,15 +113,6 @@ sections:
       </table>
       "
 
-- title: June 2019
-- items:
-  - type: markdown
-    text: "
-      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='249msgdesc'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><div>The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0.&nbsp;You may also receive an error in the<strong> Application section </strong>of <strong>Windows Logs</strong> <strong>in</strong>&nbsp;<strong>Event Viewer&nbsp;</strong>with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.</div><div><br></div><div>This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.</div><div><br></div><div><strong>Affected platforms</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a>.</div><br><a href ='#249msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>June 28, 2019 <br>05:01 PM PT</td></tr>
-      </table>
-      "
-
 - title: May 2019
 - items:
   - type: markdown
@@ -133,8 +121,6 @@ sections:
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
       <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='236msgdesc'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><div>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#236msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 24, 2019 <br>04:20 PM PT</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='227msgdesc'></div><b>Display brightness may not respond to adjustments</b><div>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in <a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.</div><br><a href ='#227msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:56 AM PT</td></tr>
       </table>
       "

windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml

@@ -60,7 +60,7 @@ sections:
   - type: markdown
     text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
       <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
-      <tr><td><div id='384msg'></div><b>Custom wallpaper displays as black</b><br>Using a custom image set to \"Stretch\" might not display as expected.<br><br><a href = '#384msgdesc'>See details ></a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>January 24, 2020 <br>09:15 AM PT</td></tr>
+      <tr><td><div id='384msg'></div><b>Custom wallpaper displays as black</b><br>Using a custom image set to \"Stretch\" might not display as expected.<br><br><a href = '#384msgdesc'>See details ></a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>January 27, 2020 <br>12:27 PM PT</td></tr>
       <tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>January 23, 2020 <br>02:08 PM PT</td></tr>
       <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
       <tr><td><div id='310msg'></div><b>IA64 and x64 devices may fail to start after installing updates</b><br>After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.<br><br><a href = '#310msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>August 17, 2019 <br>12:59 PM PT</td></tr>
@@ -79,7 +79,7 @@ sections:
   - type: markdown
     text: "
       <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
-      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='384msgdesc'></div><b>Custom wallpaper displays as black</b><div>After installing <a href='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a>, your desktop wallpaper when set to \"Stretch\" might display as black.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, you can do one of the following:</div><ul><li>Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or</li><li>Choose a custom wallpaper that matches the resolution of your desktop.</li></ul><div></div><div><strong>Next steps: </strong>We are working on a resolution and estimate a solution will be available in mid-February&nbsp;for organizations who have purchased Windows 7 <a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/how-to-get-extended-security-updates-for-eligible-windows/ba-p/917807\" target=\"_blank\" rel=\"noopener noreferrer\">Extended Security Updates (ESU)</a>.</div><br><a href ='#384msg'>Back to top</a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>January 24, 2020 <br>09:15 AM PT<br><br>Opened:<br>January 24, 2020 <br>09:15 AM PT</td></tr>
+      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='384msgdesc'></div><b>Custom wallpaper displays as black</b><div>After installing <a href='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a>, your desktop wallpaper when set to \"Stretch\" might display as black.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, you can do one of the following:</div><ul><li>Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or</li><li>Choose a custom wallpaper that matches the resolution of your desktop.</li></ul><div></div><div><strong>Next steps: </strong>We are working on a resolution and estimate a solution will be available mid-February, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.</div><br><a href ='#384msg'>Back to top</a></td><td>January 14, 2020<br><a href ='https://support.microsoft.com/help/4534310' target='_blank'>KB4534310</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>January 27, 2020 <br>12:27 PM PT<br><br>Opened:<br>January 24, 2020 <br>09:15 AM PT</td></tr>
       </table>
       "
 

windows/release-information/windows-message-center.yml

@@ -50,6 +50,7 @@ sections:
     text: "
       <table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
       
+      <tr><td id='385'><a href = 'https://support.microsoft.com/help/4532695' target='_blank'><b>January 2020 Windows 10, version 1909 \"D\" optional release is available.</b></a><a class='docon docon-link heading-anchor' aria-labelledby='385' href='#385'></a><br><div>The January<strong> </strong>2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 28, 2020 <br>08:00 AM PT</td></tr>
       <tr><td id='383'><b>January 2020 Windows \"C\" optional release is available.</b><a class='docon docon-link heading-anchor' aria-labelledby='383' href='#383'></a><br><div>The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>January 23, 2020 <br>12:00 PM PT</td></tr>
       <tr><td id='382'><a href = 'https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/14/windows-7-support-ends-today-and-windows-10-is-better-than-ever/' target='_blank'><b>Windows 7 has reached end of support</b></a><a class='docon docon-link heading-anchor' aria-labelledby='382' href='#382'></a><br><div>Windows&nbsp;7 reached end of support on January 14, 2020. If your organization has&nbsp;not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read <a href=\"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/how-to-get-extended-security-updates-for-eligible-windows/ba-p/917807\" rel=\"noopener noreferrer\" target=\"_blank\">How to get Extended Security Updates for eligible Windows devices</a>. For more information on end of service dates for currently supported versions of Windows 10, see the&nbsp;<a href=\"https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet\" rel=\"noopener noreferrer\" target=\"_blank\">Windows lifecycle fact sheet</a>.</div></td><td>January 15, 2020 <br>10:00 AM PT</td></tr>
       <tr><td id='379'><a href = 'https://support.microsoft.com/help/4528760' target='_blank'><b>Take action: January 2020 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='379' href='#379'></a><br><div>The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>January 14, 2020 <br>08:00 AM PT</td></tr>

windows/security/threat-protection/TOC.md

@@ -34,8 +34,11 @@
 
 #### [Web protection]()
 ##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
-##### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
+##### [Web threat protection]()
-##### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
+###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
+###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
+###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
+##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
 
 #### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
 #### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
@@ -400,6 +403,9 @@
 ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
 ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
 ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
+####### [Get installed software](microsoft-defender-atp/get-installed-software.md)
+####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md)
+####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md)
 ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
 ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
 
@@ -450,6 +456,34 @@
 ####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
 ####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
 
+###### [Score]()
+####### [Score methods and properties](microsoft-defender-atp/score.md)
+####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md)
+####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md)
+####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md)
+
+###### [Software]()
+####### [Software methods and properties](microsoft-defender-atp/software.md)
+####### [List software](microsoft-defender-atp/get-software.md)
+####### [Get software by Id](microsoft-defender-atp/get-software-by-id.md)
+####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md)
+####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md)
+####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md)
+
+###### [Vulnerability]()
+####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md)
+####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
+####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md)
+####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md)
+
+###### [Recommendation]()
+####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md)
+####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md)
+####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md)
+####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md)
+####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md)
+####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md)
+
 ##### [How to use APIs - Samples]()
 ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md)
 ###### [Power BI](microsoft-defender-atp/api-power-bi.md)
@@ -457,6 +491,13 @@
 ###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
 ###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
 
+#### [Windows updates (KB) info]()
+##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
+
+#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
+##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
+
+#### [Pull detections to your SIEM tools]()
 #### [Raw data streaming API]()
 ##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
 ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)

windows/security/threat-protection/microsoft-defender-atp/configuration-score.md

@@ -74,3 +74,8 @@ See how you can [improve your security configuration](https://docs.microsoft.com
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
 - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
+- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
+- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
+- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
+- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
+

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md

@@ -1,7 +1,7 @@
 ---
 title: Onboarding tools and methods for Windows 10 machines
 description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
-keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
+keywords: Onboard Windows 10 machines, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -31,7 +31,7 @@ Machines in your organization must be configured so that the Microsoft Defender
 The following deployment tools and methods are supported:
 
 - Group Policy
-- System Center Configuration Manager
+- Microsoft Endpoint Configuration Manager
 - Mobile Device Management (including Microsoft Intune)
 - Local script
 
@@ -39,7 +39,7 @@ The following deployment tools and methods are supported:
 Topic | Description
 :---|:---
 [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md) | Use Group Policy to deploy the configuration package on machines.
-[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
+[Onboard Windows machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) | You can use either use Microsoft Endpoint Configuration Manager (current branch) version 1606 or Microsoft Endpoint Configuration Manager (current branch) version 1602 or earlier to deploy the configuration package on machines.
 [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
 [Onboard Windows 10 machines using a local script](configure-endpoints-script.md) | Learn how to use the local script to deploy the configuration package on endpoints.
 [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines.

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -129,7 +129,7 @@ Once completed, you should see onboarded servers in the portal within an hour.
 To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below.
 
 > [!NOTE]
-> The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
+> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Microsoft Endpoint Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs).
 
 Supported tools include:
 - Local script

windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md

@@ -25,13 +25,13 @@ ms.custom: asr
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the System Center Configuration Manager (SCCM) and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
 
 Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list.
 
-Apps can also be manually added to the trusted list via SCCM and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console.
+Apps can also be manually added to the trusted list via Configuration Manager and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console.
 
 Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
 

windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md

@@ -33,11 +33,11 @@ You can enable attack surface reduction rules by using any of these methods:
 
 * [Microsoft Intune](#intune)
 * [Mobile Device Management (MDM)](#mdm)
-* [System Center Configuration Manager (SCCM)](#sccm)
+* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
 * [Group Policy](#group-policy)
 * [PowerShell](#powershell)
 
-Enterprise-level management such as Intune or SCCM is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup.
+Enterprise-level management such as Intune or Microsoft Endpoint Configuration Manager is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup.
 
 ## Exclude files and folders from ASR rules
 
@@ -99,9 +99,9 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
 > [!NOTE]
 > Be sure to enter OMA-URI values without spaces.
 
-## SCCM
+## Microsoft Endpoint Configuration Manager
 
-1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
 1. Click **Home** > **Create Exploit Guard Policy**.
 1. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**.
 1. Choose which rules will block or audit actions and click **Next**.
@@ -111,7 +111,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
 ## Group Policy
 
 > [!WARNING]
-> If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup.
+> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup.
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
@@ -134,7 +134,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
 ## PowerShell
 
 >[!WARNING]
->If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
+>If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
 
 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.
 

windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md

@@ -30,7 +30,7 @@ You can enable controlled folder access by using any of these methods:
 * [Windows Security app](#windows-security-app)
 * [Microsoft Intune](#intune)
 * [Mobile Device Management (MDM)](#mdm)
-* [System Center Configuration Manager (SCCM)](#sccm)
+* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
 * [Group Policy](#group-policy)
 * [PowerShell](#powershell)
 
@@ -78,9 +78,9 @@ For more information about disabling local list merging, see [Prevent or allow u
 
 Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-controlledfolderaccessprotectedfolders) configuration service provider (CSP) to allow apps to make changes to protected folders.
 
-## SCCM
+## Microsoft Endpoint Configuration Manager
 
-1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
 2. Click **Home** > **Create Exploit Guard Policy**.
 3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
 4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.

windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md

@@ -32,12 +32,12 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include
 
 You can enable each mitigation separately by using any of these methods:
 
-- [Windows Security app](#windows-security-app)
+* [Windows Security app](#windows-security-app)
-- [Microsoft Intune](#intune)
+* [Microsoft Intune](#intune)
-- [Mobile Device Management (MDM)](#mdm)
+* [Mobile Device Management (MDM)](#mdm)
-- [System Center Configuration Manager (SCCM)](#sccm)
+* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
-- [Group Policy](#group-policy)
+* [Group Policy](#group-policy)
-- [PowerShell](#powershell)
+* [PowerShell](#powershell)
 
 Exploit protection is configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have additional options.
 
@@ -121,14 +121,14 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab
 
 Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
 
-## SCCM
+## Microsoft Endpoint Configuration Manager
 
-1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
-2. Click **Home** > **Create Exploit Guard Policy**.
+1. Click **Home** > **Create Exploit Guard Policy**.
-3. Enter a name and a description, click **Exploit protection**, and click **Next**.
+1. Enter a name and a description, click **Exploit protection**, and click **Next**.
-4. Browse to the location of the exploit protection XML file and click **Next**.
+1. Browse to the location of the exploit protection XML file and click **Next**.
-5. Review the settings and click **Next** to create the policy.
+1. Review the settings and click **Next** to create the policy.
-6. After the policy is created, click **Close**.
+1. After the policy is created, click **Close**.
 
 ## Group Policy
 

windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md

@@ -30,7 +30,7 @@ You can enable network protection by using any of these methods:
 
 * [Microsoft Intune](#intune)
 * [Mobile Device Management (MDM)](#mdm)
-* [System Center Configuration Manager (SCCM)](#sccm)
+* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
 * [Group Policy](#group-policy)
 * [PowerShell](#powershell)
 
@@ -49,9 +49,9 @@ You can enable network protection by using any of these methods:
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
 
-## SCCM
+## Microsoft Endpoint Configuration Manager
 
-1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
+1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
 1. Click **Home** > **Create Exploit Guard Policy**.
 1. Enter a name and a description, click **Network protection**, and click **Next**.
 1. Choose whether to block or audit access to suspicious domains and click **Next**.

windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md

@@ -46,7 +46,7 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
 
 > [!TIP]
 > If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
-You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
+You can also use Group Policy, Intune, MDM, or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
 
 ## Review controlled folder access events in Windows Event Viewer
 

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md

@@ -57,6 +57,10 @@ Machines | Run API calls such as get machines, get machines by ID, information a
 Machine Actions | Run API call such as Isolation, Run anti-virus scan and more.
 Indicators | Run API call such as create Indicator, get Indicators and delete Indicators.
 Users | Run API calls such as get user related alerts and user related machines.
+Score | Run API calls such as get exposure score or get device secure score.
+Software | Run API calls such as list vulnerabilities by software.
+Vulnerability | Run API calls such as list machines by vulnerability.
+Recommendation | Run API calls such as Get recommendation by Id.
 
 ## Related topic
 - [Microsoft Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md

@@ -0,0 +1,108 @@
+---
+title: List all recommendations
+description: Retrieves a list of all security recommendations affecting the organization.
+keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# List all recommendations
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of all security recommendations affecting the organization.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	SecurityRecommendation.Read.All |	'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read |	'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
+    "value": [
+        {
+            "id": "va-_-microsoft-_-windows_10",
+            "productName": "windows_10",
+            "recommendationName": "Update Windows 10",
+            "weaknesses": 397,
+            "vendor": "microsoft",
+            "recommendedVersion": "",
+            "recommendationCategory": "Application",
+            "subCategory": "",
+            "severityScore": 0,
+            "publicExploit": true,
+            "activeAlert": false,
+            "associatedThreats": [
+                "3098b8ef-23b1-46b3-aed4-499e1928f9ed",
+                "40c189d5-0330-4654-a816-e48c2b7f9c4b",
+                "4b0c9702-9b6c-4ca2-9d02-1556869f56f8",
+                "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d",
+                "94b6e94b-0c1d-4817-ac06-c3b8639be3ab"
+            ],
+            "remediationType": "Update",
+            "status": "Active",
+            "configScoreImpact": 0,
+            "exposureImpact": 7.674418604651163,
+            "totalMachineCount": 37,
+            "exposedMachinesCount": 7,
+            "nonProductivityImpactedAssets": 0,
+            "relatedComponent": "Windows 10"
+        }
+        ]
+}
+```
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)
+

windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md

@@ -0,0 +1,96 @@
+---
+title: Get all vulnerabilities
+description: Retrieves a list of all the vulnerabilities affecting the organization
+keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get all vulnerabilities
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of all the vulnerabilities affecting the organization.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Vulnerability.Read.All |	'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read |	'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of vulnerabilities in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
+    "value": [
+        {
+            "id": "CVE-2019-0608",
+            "name": "CVE-2019-0608",
+            "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
+            "severity": "Medium",
+            "cvssV3": 4.3,
+            "exposedMachines": 4,
+            "publishedOn": "2019-10-08T00:00:00Z",
+            "updatedOn": "2019-12-16T16:20:00Z",
+            "publicExploit": false,
+            "exploitVerified": false,
+            "exploitInKit": false,
+            "exploitTypes": [],
+            "exploitUris": []
+        }
+        ]
+        {
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md

@@ -0,0 +1,84 @@
+---
+title: Get Device Secure score
+description: Retrieves the organizational device secure score.
+keywords: apis, graph api, supported apis, get, alerts, recent
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get Device Secure score
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves the organizational device secure score.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Score.Read.Alll |	'Read Threat and Vulnerability Management score'
+Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
+
+## HTTP request
+```
+GET /api/configurationScore
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK, with the with device secure score data in the response body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/configurationScore
+```
+
+**Response**
+
+Here is an example of the response.
+
+>[!NOTE]
+>The response list shown here may be truncated for brevity. 
+
+
+```json
+{
+    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
+    "time": "2019-12-03T09:15:58.1665846Z",
+    "score": 340,
+    "rbacGroupId": null
+}
+```
+
+## Related topics
+- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md

@@ -0,0 +1,93 @@
+---
+title: Get discovered vulnerabilities
+description: Retrieves a collection of discovered vulnerabilities related to a given machine ID.
+keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get discovered vulnerabilities
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a collection of discovered vulnerabilities related to a given machine ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |Vulnerability.Read.All |	'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read |	'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/machines/{machineId}/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the discovered vulnerability information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+    "value": [
+        {
+            "id": "CVE-2019-1348",
+            "name": "CVE-2019-1348",
+            "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.",
+            "severity": "Medium",
+            "cvssV3": 4.3,
+            "exposedMachines": 1,
+            "publishedOn": "2019-12-13T00:00:00Z",
+            "updatedOn": "2019-12-13T00:00:00Z",
+            "publicExploit": false,
+            "exploitVerified": false,
+            "exploitInKit": false,
+            "exploitTypes": [],
+            "exploitUris": []
+        }
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md

@@ -0,0 +1,89 @@
+---
+title: Get exposure score
+description: Retrieves the organizational exposure score.
+keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get exposure score
+
+**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves the organizational exposure score.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Score.Read.All |	'Read Threat and Vulnerability Management score'
+Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
+
+
+## HTTP request
+```
+GET /api/exposureScore
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK, with the exposure data in the response body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/exposureScore
+```
+
+**Response**
+
+Here is an example of the response.
+
+>[!NOTE]
+>The response list shown here may be truncated for brevity. 
+
+
+```json
+{
+    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
+    "time": "2019-12-03T07:23:53.280499Z",
+    "score": 33.491554051195706,
+    "rbacGroupId": null
+}
+
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)
+
+

windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md

@@ -0,0 +1,89 @@
+---
+title: Get installed software
+description: Retrieves a collection of installed software related to a given machine ID.
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get installed software
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a collection of installed software related to a given machine ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |Software.Read.All |	'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read |	'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/machines/{machineId}/software
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the installed software information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+{
+"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software",
+"value": [
+        {
+"id": "microsoft-_-internet_explorer",
+"name": "internet_explorer",
+"vendor": "microsoft",
+"weaknesses": 67,
+"publicExploit": true,
+"activeAlert": false,
+"exposedMachines": 42115,
+"impactScore": 46.2037163
+        }
+    ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md

@@ -0,0 +1,100 @@
+---
+title: List exposure score by machine group
+description: Retrieves a list of exposure scores by machine group.
+keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# List exposure score by machine group
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a collection of alerts related to a given domain address.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+
+Permission type |   Permission  |   Permission display name
+:---|:---|:---
+Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
+Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
+
+## HTTP request
+```
+GET /api/exposureScore/ByMachineGroups
+```
+
+## Request headers
+
+| Name        | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body. 
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore",
+    "value": [
+        {
+            "time": "2019-12-03T09:51:28.214338Z",
+            "score": 41.38041766305988,
+            "rbacGroupId": 10
+        },
+        {
+            "time": "2019-12-03T09:51:28.2143399Z",
+            "score": 37.403726933165366,
+            "rbacGroupId": 11
+        },
+        {
+            "time": "2019-12-03T09:51:28.2143407Z",
+            "score": 26.390921344426033,
+            "rbacGroupId": 9
+        },
+        {
+            "time": "2019-12-03T09:51:28.2143414Z",
+            "score": 23.58823563070858,
+            "rbacGroupId": 5
+        }
+    ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md

@@ -0,0 +1,92 @@
+---
+title: List machines by software
+description: Retrieve a list of machines that has this software installed.
+keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# List machines by software
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieve a list of machines that has this software installed.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |   Permission  |   Permission display name
+:---|:---|:---
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
+Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
+
+## HTTP request
+```
+GET /api/Software/{Id}/machineReferences 
+```
+
+## Request headers
+
+| Name        | Type | Description
+|:--------------|:-------|:--------------|
+| Authorization | String | Bearer {token}.**Required**.
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK and a list of machines with the software installed in the body. 
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+
+{
+    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "value": [
+        {
+            "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
+            "computerDnsName": "dave_desktop",
+            "osPlatform": "Windows10",
+            "rbacGroupId": 9
+        },
+        {
+            "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d",
+            "computerDnsName": "jane_PC",
+            "osPlatform": "Windows10",
+            "rbacGroupId": 9
+        }
+]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md

@@ -0,0 +1,92 @@
+---
+title: List machines by vulnerability
+description: Retrieves a list of machines affected by a vulnerability.
+keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# List machines by vulnerability
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of machines affected by a vulnerability.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |Vulnerability.Read.All |	'Read Threat and Vulnerability Management vulnerability information'
+Delegated (work or school account) | Vulnerability.Read |	'Read Threat and Vulnerability Management vulnerability information'
+
+## HTTP request
+```
+GET /api/vulnerabilities/{cveId}/machineReferences
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the vulnerability information in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "value": [
+        {
+            "id": "235a2e6278c63fcf85bab9c370396972c58843de",
+            "computerDnsName": "h1mkn_PC",
+            "osPlatform": "Windows10",
+            "rbacGroupId": 1268
+        },
+        {
+            "id": "afb3f807d1a185ac66668f493af028385bfca184",
+            "computerDnsName": "chat_Desk ",
+            "osPlatform": "Windows10",
+            "rbacGroupId": 410
+        }
+    ]
+ }
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md

@@ -0,0 +1,97 @@
+---
+title: Get recommendation by Id
+description: Retrieves a security recommendation by its ID.
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get recommendation by ID
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a security recommendation by its ID.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	SecurityRecommendation.Read.All |	'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read |	'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
+    "id": "va-_-google-_-chrome",
+    "productName": "chrome",
+    "recommendationName": "Update Chrome",
+    "weaknesses": 38,
+    "vendor": "google",
+    "recommendedVersion": "",
+    "recommendationCategory": "Application",
+    "subCategory": "",
+    "severityScore": 0,
+    "publicExploit": false,
+    "activeAlert": false,
+    "associatedThreats": [],
+    "remediationType": "Update",
+    "status": "Active",
+    "configScoreImpact": 0,
+    "exposureImpact": 3.9441860465116285,
+    "totalMachineCount": 6,
+    "exposedMachinesCount": 5,
+    "nonProductivityImpactedAssets": 0,
+    "relatedComponent": "Chrome"
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md

@@ -0,0 +1,84 @@
+---
+title: Get recommendation by machines
+description: Retrieves a list of machines associated with the security recommendation. 
+keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get recommendation by machines
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of machines associated with the security recommendation.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	SecurityRecommendation.Read.All |	'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read |	'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/machineReferences
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the list of machines associated with the security recommendation.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences
+```
+
+**Response**
+
+Here is an example of the response.
+
+```json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "value": [
+        {
+            "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",
+            "computerDnsName": "niw_pc",
+            "osPlatform": "Windows10",
+            "rbacGroupId": 2154
+        }
+        ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md

@@ -0,0 +1,85 @@
+---
+title: Get recommendation by software
+description: Retrieves a security recommendation related to a specific software.
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get recommendation by software
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a security recommendation related to a specific software.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	SecurityRecommendation.Read.All |	'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read |	'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/software
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK with the software associated with the security recommendations in the body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software 
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
+    "id": "google-_-chrome",
+    "name": "chrome",
+    "vendor": "google",
+    "weaknesses": 38,
+    "publicExploit": false,
+    "activeAlert": false,
+    "exposedMachines": 5,
+    "impactScore": 3.94418621
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md

@@ -0,0 +1,94 @@
+---
+title: Get recommendation by vulnerabilities
+description: Retrieves a list of vulnerabilities associated with the security recommendation.
+keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api 
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dolmont
+author: DulceMontemayor
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Get recommendation by vulnerabilities
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+[!include[Prerelease information](../../includes/prerelease.md)]
+
+Retrieves a list of vulnerabilities associated with the security recommendation.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	SecurityRecommendation.Read.All |	'Read Threat and Vulnerability Management security recommendation information'
+Delegated (work or school account) | SecurityRecommendation.Read |	'Read Threat and Vulnerability Management security recommendation information'
+
+## HTTP request
+```
+GET /api/recommendations/{id}/vulnerabilities
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+
+
+## Request body
+Empty
+
+## Response
+If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+Content-type: json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+    "value": [
+        {
+            "id": "CVE-2019-13748",
+            "name": "CVE-2019-13748",
+            "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
+            "severity": "Medium",
+            "cvssV3": 6.5,
+            "exposedMachines": 0,
+            "publishedOn": "2019-12-10T00:00:00Z",
+            "updatedOn": "2019-12-16T12:15:00Z",
+            "publicExploit": false,
+            "exploitVerified": false,
+            "exploitInKit": false,
+            "exploitTypes": [],
+            "exploitUris": []
+        }
+        ]
+}
+```
+
+## Related topics
+- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)