From 174e4e6952bafe0ea434c4b8014d7385e6963f60 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Fri, 23 Oct 2020 13:04:09 +0300
Subject: [PATCH 01/10] add info about Cloud Windows Hello for Business
 deployment model

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8423
---
 .../hello-for-business/hello-feature-remote-desktop.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 0ebcd33ec5..8e34c873e2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -23,7 +23,7 @@ ms.reviewer:
 
 - Windows 10
 - Certificate trust deployments
-- Hybrid and On-premises Windows Hello for Business deployments
+- Cloud, Hybrid and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 
@@ -35,7 +35,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 
 **Requirements**
 
-- Hybrid and On-premises Windows Hello for Business deployments
+- Cloud, Hybrid and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 - Biometric enrollments

From fc189fc8a8f16f81d2d6ba7e07f077696d31cd52 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Mon, 26 Oct 2020 10:02:46 +0200
Subject: [PATCH 02/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 8e34c873e2..800ee54bd4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -22,7 +22,6 @@ ms.reviewer:
 **Requirements**
 
 - Windows 10
-- Certificate trust deployments
 - Cloud, Hybrid and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments

From bcdd52d07715e6821e746233ff90957936a9b15d Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 18 Nov 2020 13:18:19 +0200
Subject: [PATCH 03/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 800ee54bd4..d44c977b17 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -22,7 +22,7 @@ ms.reviewer:
 **Requirements**
 
 - Windows 10
-- Cloud, Hybrid and On-premises Windows Hello for Business deployments
+- Cloud, Hybrid, and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 

From b92fb88b56658e582c0ad224c2ca6bb5ea284c41 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 18 Nov 2020 21:26:58 +0200
Subject: [PATCH 04/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index d44c977b17..57b76a1aa8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -34,7 +34,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 
 **Requirements**
 
-- Cloud, Hybrid and On-premises Windows Hello for Business deployments
+- Cloud, Hybrid, and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 - Biometric enrollments

From 778e34c1d7ff525f4d27ba38197ea2b6d43ef83e Mon Sep 17 00:00:00 2001
From: Oludele0315 <79658488+Oludele0315@users.noreply.github.com>
Date: Sun, 14 Mar 2021 22:31:25 -0700
Subject: [PATCH 05/10] Update enable-attack-surface-reduction.md

@denisebmsft , please review.
---
 .../enable-attack-surface-reduction.md        | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index ae6ac815b2..bceccdf264 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -32,11 +32,13 @@ ms.technology: mde
 - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
 - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
-Each ASR rule contains one of three settings:
+Each ASR rule contains one of four settings:
 
 - Not configured: Disable the ASR rule
 - Block: Enable the ASR rule
 - Audit: Evaluate how the ASR rule would impact your organization if enabled
+- Warn:  Enable the ASR rule but allow the end-user to bypass the block 
+
 
 It's highly recommended you use ASR rules with a Windows E5 license (or similar licensing SKU) to take advantage of the advanced monitoring and reporting capabilities available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). However, for other licenses like Windows Professional or E3 that don't have access to advanced monitoring and reporting capabilities, you can develop your own monitoring and reporting tools on top of the events that are generated at each endpoint when ASR rules are triggered (e.g., Event Forwarding).
 
@@ -92,11 +94,13 @@ The following is a sample for reference, using [GUID values for ASR rules](attac
 
 `Value: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84=2|3B576869-A4EC-4529-8536-B80A7769E899=1|D4F940AB-401B-4EfC-AADC-AD5F3C50688A=2|D3E037E1-3EB8-44C8-A917-57927947596D=1|5BEB7EFE-FD9A-4556-801D-275E5FFC04CC=0|BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550=1`
 
-The values to enable, disable, or enable in audit mode are:
+The values to enable (Block), disable, warn, or enable in audit mode are:
+
+  •	 0 : Disable (Disable the ASR rule)
+  •	 1 : Block (Enable the ASR rule)
+  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
-- Disable = 0
-- Block (enable ASR rule) = 1
-- Audit = 2
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
 
@@ -138,9 +142,10 @@ Example:
 
    Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:
 
-   - Disable = 0
-   - Block (enable ASR rule) = 1
-   - Audit = 2
+  •	 0 : Disable (Disable the ASR rule)
+  •	 1 : Block (Enable the ASR rule)
+  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
    ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png)
 
@@ -158,6 +163,8 @@ Example:
 
 2. Enter the following cmdlet:
 
+   To enable ASR rules in enable (block) mode, use the following cmdlet:
+
     ```PowerShell
     Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled
     ```
@@ -167,6 +174,12 @@ Example:
     ```PowerShell
     Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode
     ```
+    
+    To enable ASR rules in warn mode, use the following cmdlet:
+
+    ```PowerShell
+    Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Warn
+    ```
 
     To turn off ASR rules, use the following cmdlet:
 

From 5281498d2893b6ad640a884fdc26dcdfd85d11a7 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 17 Mar 2021 09:31:30 +0200
Subject: [PATCH 06/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: mapalko <mapalko@microsoft.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 57b76a1aa8..c66240753c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -22,7 +22,7 @@ ms.reviewer:
 **Requirements**
 
 - Windows 10
-- Cloud, Hybrid, and On-premises Windows Hello for Business deployments
+- Cloud only, Hybrid, and On-premises only  Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 

From a55fded46efc759d1b716814b4bdfc77cb9a78c9 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 17 Mar 2021 09:32:16 +0200
Subject: [PATCH 07/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: mapalko <mapalko@microsoft.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index c66240753c..d96a6787a6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -34,7 +34,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 
 **Requirements**
 
-- Cloud, Hybrid, and On-premises Windows Hello for Business deployments
+- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Certificate trust deployments
 - Biometric enrollments

From f59482448d3732fd5df752c63ed6ad9d444d0e71 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 17 Mar 2021 09:34:34 +0200
Subject: [PATCH 08/10] remove duplicate entry

as advised by mapalko
---
 .../hello-for-business/hello-feature-remote-desktop.md           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index d96a6787a6..0f12c2f618 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -24,7 +24,6 @@ ms.reviewer:
 - Windows 10
 - Cloud only, Hybrid, and On-premises only  Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
-- Certificate trust deployments
 
 Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/remote-credential-guard).
 

From ebc504c9ede7738fde4cf97c1a64c720776f62ce Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Thu, 18 Mar 2021 09:53:43 +0200
Subject: [PATCH 09/10] Update
 windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-feature-remote-desktop.md           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 0f12c2f618..3e87af814e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -35,7 +35,6 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 
 - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
-- Certificate trust deployments
 - Biometric enrollments
 - Windows 10, version 1809
 

From 967dd02dc782f12c1dc44f4db3eda8702bed89ee Mon Sep 17 00:00:00 2001
From: Gary Moore <beneluxboy@gmail.com>
Date: Mon, 22 Mar 2021 17:51:23 -0700
Subject: [PATCH 10/10] Fix broken bulleted lists

This fixes bulleted lists that were broken by commit https://github.com/MicrosoftDocs/windows-docs-pr/pull/4952/commits/778e34c1d7ff525f4d27ba38197ea2b6d43ef83e in PR https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9353
---
 .../enable-attack-surface-reduction.md           | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index ef3ef1edff..df36f96ede 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -97,10 +97,10 @@ The following is a sample for reference, using [GUID values for ASR rules](attac
 
 The values to enable (Block), disable, warn, or enable in audit mode are:
 
-  •	 0 : Disable (Disable the ASR rule)
-  •	 1 : Block (Enable the ASR rule)
-  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
-  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
+- 0 : Disable (Disable the ASR rule)
+- 1 : Block (Enable the ASR rule)
+- 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+- 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
@@ -143,10 +143,10 @@ Example:
 
    Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:
 
-  •	 0 : Disable (Disable the ASR rule)
-  •	 1 : Block (Enable the ASR rule)
-  •	 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
-  •	 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
+   - 0 : Disable (Disable the ASR rule)
+   - 1 : Block (Enable the ASR rule)
+   - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+   - 6 : Warn  (Enable the ASR rule but allow the end-user to bypass the block)
 
    ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png)