Merged PR 4937: 12/12 PM Publish

.gitignore

@@ -11,5 +11,8 @@ Tools/NuGet/
 .openpublishing.buildcore.ps1
 packages.config
 
-# User-specific files  
+# User-specific files
 .vs/
+wdav-pm-sln.csproj
+wdav-pm-sln.csproj.user
+wdav-pm-sln.sln

education/windows/set-up-school-pcs-technical.md

@@ -9,7 +9,7 @@ ms.pagetype: edu
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 10/13/2017
+ms.date: 12/12/2017
 ---
 
 # Technical reference for the Set up School PCs app 
@@ -190,17 +190,17 @@ The Set up School PCs app produces a specialized provisioning package that makes
 </tr> 
 <tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
 </tr>
-<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p>1 hour</p></td>
+<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p> 5 minutes</p></td>
 </tr> 
-<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p>1 hour</p></td>
+<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p> 5 minutes</p></td>
 </tr> 
 <tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
 <tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 1 hour</p> </td>
+<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 5 minutes </p> </td>
 </tr> 
-<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 1 hour</p> </td> 
+<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 5 minutes</p> </td> 
 </tr> 
 <tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
@@ -211,9 +211,9 @@ The Set up School PCs app produces a specialized provisioning package that makes
 <tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0</p> </td> 
 </tr> 
 <tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Video and Display Settings</strong></p> </td> </tr> 
-<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 1 hour</p> </td> 
+<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 5 minutes</p> </td> 
 </tr>
- <tr> <td> <p> Turn off the display (on battery </p> </td> <td> <p> 1 hour</p> </td>
+ <tr> <td> <p> Turn off the display (on battery) </p> </td> <td> <p> 5 minutes</p> </td>
 </tr> 
 <tr> <td colspan="2"> <p> <strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Energy Saver Settings</strong></p> </td> </tr> 
 <tr> <td> <p> Energy Saver Battery Threshold (on battery) </p> </td> <td> <p> 70</p> </td> 

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -3561,7 +3561,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)  
 -   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)  
 -   [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)  
--   [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard)  
 -   [Privacy/EnableActivityFeed](#privacy-enableactivityfeed)  
 -   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
 -   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
@@ -3588,9 +3587,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)  
 -   [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)  
 -   [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)  
--   [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock)  
--   [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry)  
--   [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage)  
 -   [Update/AllowAutoUpdate](#update-allowautoupdate)  
 -   [Update/AllowUpdateService](#update-allowupdateservice)  
 -   [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)  

windows/client-management/mdm/policy-csp-deviceguard.md

@@ -180,9 +180,3 @@ Footnote:
 
 <!--EndPolicies-->
 
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>DeviceGuard policies supported by Microsoft Surface Hub  
-
--   [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard)  
-<!--EndSurfaceHub-->
-

windows/client-management/mdm/policy-csp-storage.md

@@ -19,14 +19,54 @@ ms.date: 11/13/2017
 ## Storage policies  
 
 <dl>
+   <dd>
+    <a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
+  </dd>
   <dd>
     <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
   </dd>
-    <dd>
-    <a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
-  </dd>
 </dl>
 
+<hr/>
+<!--StartPolicy-->
+<a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709.  Allows disk health model updates.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 - Do not allow
+-   1 (default) - Allow
+
+<p style="margin-left: 20px">Value type is integer.
+
+<!--EndDescription-->
+<!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
@@ -88,46 +128,6 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
-<!--StartPolicy-->
-<a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>Mobile Enterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709.  Allows disk health model updates.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 - Do not allow
--   1 (default) - Allow
-
-<p style="margin-left: 20px">Value type is integer.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<hr/>
 
 Footnote:
 

windows/client-management/mdm/policy-csp-timelanguagesettings.md

@@ -80,11 +80,3 @@ Footnote:
 
 <!--EndPolicies-->
 
-<!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>TimeLanguageSettings policies supported by Microsoft Surface Hub  
-
--   [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock)  
--   [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry)  
--   [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage)  
-<!--EndSurfaceHub-->
-

windows/device-security/device-guard/deploy-code-integrity-policies-steps.md

@@ -39,6 +39,9 @@ Members of the security community<sup>\*</sup> continuously collaborate with Mic
 
 Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent Application Whitelisting policies, including Windows Defender Device Guard:
 
+- addinprocess.exe
+- addinprocess32.exe
+- addinutil.exe
 - bash.exe
 - bginfo.exe<sup>[1]</sup> 
 - cdb.exe
@@ -116,26 +119,29 @@ Microsoft recommends that you block the following Microsoft-signed applications
   <EKUs />
   <!--File Rules-->
   <FileRules>
-    <Deny  ID="ID_DENY_BGINFO"        FriendlyName="bginfo.exe"         FileName="BGINFO.Exe" MinimumFileVersion = "4.21.0.0" />
-    <Deny  ID="ID_DENY_CBD"           FriendlyName="cdb.exe"            FileName="CDB.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_KD"            FriendlyName="kd.exe"             FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_KD_KMCI"       FriendlyName="kd.exe"             FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_NTKD"          FriendlyName="ntkd.exe"           FileName="ntkd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_WINDBG"        FriendlyName="windbg.exe"         FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_MSBUILD"       FriendlyName="MSBuild.exe"        FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_CSI"           FriendlyName="csi.exe"            FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_DBGHOST"       FriendlyName="dbghost.exe"        FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" /> 
-    <Deny  ID="ID_DENY_DBGSVC"        FriendlyName="dbgsvc.exe"         FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0" />    
-    <Deny  ID="ID_DENY_DNX"           FriendlyName="dnx.exe"            FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535" />   
-    <Deny  ID="ID_DENY_RCSI"          FriendlyName="rcsi.exe"           FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_NTSD"          FriendlyName="ntsd.exe"           FileName="ntsd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_LXSS"          FriendlyName="LxssManager.dll"    FileName="LxssManager.dll" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_BASH"          FriendlyName="bash.exe"           FileName="bash.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_FSI"           FriendlyName="fsi.exe"            FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_FSI_ANYCPU"    FriendlyName="fsiAnyCpu.exe"      FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_MSHTA"         FriendlyName="mshta.exe"          FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_VISUALUIAVERIFY"         FriendlyName="visualuiaverifynative.exe"          FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535" />
-    <Deny  ID="ID_DENY_RUNSCRIPTHELPER"         FriendlyName="runscripthelper.exe"                FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_BGINFO"            FriendlyName="bginfo.exe"                  FileName="BGINFO.Exe" MinimumFileVersion = "4.21.0.0" />
+    <Deny  ID="ID_DENY_CBD"               FriendlyName="cdb.exe"                     FileName="CDB.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_KD"                FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_KD_KMCI"           FriendlyName="kd.exe"                      FileName="kd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_NTKD"              FriendlyName="ntkd.exe"                    FileName="ntkd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_WINDBG"            FriendlyName="windbg.exe"                  FileName="windbg.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_MSBUILD"           FriendlyName="MSBuild.exe"                 FileName="MSBuild.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_CSI"               FriendlyName="csi.exe"                     FileName="csi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_DBGHOST"           FriendlyName="dbghost.exe"                 FileName="DBGHOST.Exe" MinimumFileVersion = "2.3.0.0" /> 
+    <Deny  ID="ID_DENY_DBGSVC"            FriendlyName="dbgsvc.exe"                  FileName="DBGSVC.Exe" MinimumFileVersion = "2.3.0.0" />    
+    <Deny  ID="ID_DENY_DNX"               FriendlyName="dnx.exe"                     FileName="dnx.Exe" MinimumFileVersion = "65535.65535.65535.65535" />   
+    <Deny  ID="ID_DENY_RCSI"              FriendlyName="rcsi.exe"                    FileName="rcsi.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_NTSD"              FriendlyName="ntsd.exe"                    FileName="ntsd.Exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_LXSS"              FriendlyName="LxssManager.dll"             FileName="LxssManager.dll" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_BASH"              FriendlyName="bash.exe"                    FileName="bash.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_FSI"               FriendlyName="fsi.exe"                     FileName="fsi.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_FSI_ANYCPU"        FriendlyName="fsiAnyCpu.exe"               FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_MSHTA"             FriendlyName="mshta.exe"                   FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_VISUALUIAVERIFY"   FriendlyName="visualuiaverifynative.exe"   FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_RUNSCRIPTHELPER"   FriendlyName="runscripthelper.exe"         FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_ADDINPROCESS"      FriendlyName="AddInProcess.exe"            FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_ADDINPROCESS32"    FriendlyName="AddInProcess32.exe"          FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_ADDINUTIL"         FriendlyName="AddInUtil.exe"               FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -421,6 +427,9 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_MSHTA" />
           <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
           <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER"/>
+          <FileRuleRef RuleID="ID_DENY_ADDINPROCESS"/>
+          <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32"/>
+          <FileRuleRef RuleID="ID_DENY_ADDINUTIL"/>
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />

windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 08/26/2017
+ms.date: 12/12/2017
 ---
 
 # Deploy and enable Windows Defender Antivirus
@@ -33,7 +33,7 @@ See the table in the [Deploy, manage, and report on Windows Defender AV](deploy-
 
 Some scenarios require additional guidance on how to successfully deploy or configure Windows Defender AV protection, such as Virtual Desktop Infrastructure (VDI) environments.
 
-The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender AV ion virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-windows-defender-antivirus.md).
+The remaining topic in this section provides end-to-end advice and best practices for [setting up Windows Defender AV on virtual machines (VMs) in a VDI or Remote Desktop Services (RDS) environment](deployment-vdi-windows-defender-antivirus.md).
 
 ## Related topics
 

windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 08/26/2017
+ms.date: 12/12/2017
 ---
 
 # Manage Windows Defender Antivirus updates and apply baselines
@@ -40,7 +40,7 @@ The cloud-delivered protection is always on and requires an active connection to
 
 ## Product updates
 
-Windows Defender AV requires monthly updates (known as "engine updates"), and will receive major feature updates alongside Windows 10 releases.
+Windows Defender AV requires [monthly updates](https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform) (known as "engine updates" and "platform updates"), and will receive major feature updates alongside Windows 10 releases.
 
 You can manage the distribution of updates through Windows Server Update Service (WSUS), with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network.
 

windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 08/26/2017
+ms.date: 12/12/2017
 ---
 
 # Use PowerShell cmdlets to configure and manage Windows Defender AV
@@ -31,7 +31,7 @@ PowerShell cmdlets are most useful in Windows Server environments that don't rel
 
 Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, System Center Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell. 
 
-You can [configure which settings can be overridden locally  with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md).
+You can [configure which settings can be overridden locally with local policy overrides](configure-local-policy-overrides-windows-defender-antivirus.md).
 
 PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
 

windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 11/10/2017
+ms.date: 12/12/2017
 ---
 
 # Configure non-Windows endpoints
@@ -41,7 +41,7 @@ You'll need to take the following steps to oboard non-Windows endpoints:
 
 3. 	Click **Generate access token** button and then **Copy**.
 
-4. 	Depending on the third-party implementation you're using, the implementation might vary. Refer to the third-party solution documentation for guidance on how to use the token.
+4. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
 
 
 >[!WARNING] 

windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md

@@ -57,6 +57,7 @@ Area | Description
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
 **Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Security analytics dashboard.
 **Endpoint management** |	Provides access to endpoints such as clients and servers. Allows you to download the onboarding configuration package for endpoints. It also provides access to endpoint offboarding.
+**Community center** | Access the Community center to learn, collaborate, and share experiences about the product. 
 (2) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list.
 (3) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.  </br> **Feedback** - Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
 

windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/10/2017
+ms.date: 12/12/2017
 ---
 
 # Take response actions on a machine
@@ -29,7 +29,8 @@ ms.date: 11/10/2017
 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
 
 >[!IMPORTANT]
-> These response actions are only available for machines on Windows 10, version  1703 or later. 
+> - These response actions are only available for machines on Windows 10, version  1703 or later. 
+> - For non-Windows platforms, response capabilities (such as Machine isolation) are dependent on the third-party capabilities. 
 
 ## Collect investigation package from machines
 As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.

windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md

@@ -102,6 +102,7 @@ Topic | Description
 [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. 
 [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service.
 [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.
+[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)| The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
 [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information.
 [Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues.
 [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.

windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/20/2017
+ms.date: 12/12/2017
 ---
 
 

windows/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/01/2017
+ms.date: 12/12/2017
 ---
 
 # Collect diagnostic data for Windows Defender Exploit Guard file submissions

windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -119,7 +119,7 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m
 
 
 
- ## Allow specifc apps to make changes to controlled folders
+ ## Allow specific apps to make changes to controlled folders
 
 You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the Controlled folder access feature. 
 
@@ -130,9 +130,9 @@ You can specify if certain apps should always be considered safe and given write
 
 You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders.
 
-When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the whitelist and may be blocked by Controlled folder access.
+When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by Controlled folder access.
 
-### Use the Windows Defender Security app to whitelist specific apps
+### Use the Windows Defender Security app to allow specific apps
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
@@ -146,7 +146,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
     ![Screenshot of the add an allowed app button](images/cfa-allow-app.png)
 
-### Use Group Policy to whitelist specific apps
+### Use Group Policy to allow specific apps
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
@@ -160,13 +160,13 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 
 
-### Use PowerShell to whitelist specific apps
+### Use PowerShell to allow specific apps
 
 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
 
     ```PowerShell
-    Add-MpPreference -ControlledFolderAccessAllowedApplications "<the app that should be whitelisted, including the path>"
+    Add-MpPreference -ControlledFolderAccessAllowedApplications "<the app that should be allowed, including the path>"
     ```
 
     For example, to add the executable *test.exe*, located in the folder *C:\apps*, the cmdlet would be as follows:
@@ -186,7 +186,7 @@ Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to
 
 
 
-### Use MDM CSPs to whitelist specific apps
+### Use MDM CSPs to allow specific apps
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders. 
 

windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/30/2017
+ms.date: 12/12/2017
 ---
 
 # Customize Exploit protection
@@ -45,6 +45,8 @@ You configure these settings using the Windows Defender Security Center on an in
 
 It also describes how to enable or configure the mitigations using Windows Defender Security Center, PowerShell, and MDM CSPs. This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating or exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
 
+>[!WARNING] 
+>Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
 
 ## Exploit protection mitigations
 

windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md

@@ -1,6 +1,6 @@
 ---
 title: Compare the features in Exploit protection with EMET
-keywords: emet, enhanced mitigation experience toolkit, configuration, exploit
+keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert
 description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 10/16/2017
+ms.date: 12/12/2017
 ---
 
 
@@ -22,6 +22,7 @@ ms.date: 10/16/2017
 **Applies to:**
 
 - Windows 10, version 1709
+- Enhanced Mitigation Experience Toolkit version 5.5 (latest version)
 
 
 
@@ -30,17 +31,110 @@ ms.date: 10/16/2017
 - Enterprise security administrators
 
 
+>[!IMPORTANT]
+>If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows 10. 
+>  
+>You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
+
+This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and its replacement in Windows 10: Windows Defender Exploit Guard. 
+
+ In Windows 10, version 1709 (also known as the Fall Creators Update) we released [Windows Defender Exploit Guard](windows-defender-exploit-guard.md), which provides unparalleled mitigation of known and unknown threat attack vectors, including exploits. 
+ 
+ Windows Defender Exploit Guard is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
+
+ EMET is a stand-alone product that is available on earlier versions of Windows and provides some mitigation against older, known exploit techniques.
+
+ After July 31, 2018, it will reach its end of life, which means it will not be supported and no additional development will be made on it.
+
+ For more information about the individual features and mitigations available in Windows Defender Exploit Guard, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
+
+- [Windows Defender Exploit Guard](windows-defender-exploit-guard.md)
+- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
+- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
 
 
 
-We're still working on this content and will have it published soon!
+
+ ## Feature comparison
+
+ The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
+
+  | Windows Defender Exploit Guard | EMET
+ -|:-:|:-:
+Windows versions | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Windows 8.1; Windows 8; Windows 7<br />Cannot be installed on Windows 10, version 1709 and later
+Installation requirements | [Windows Defender Security Center in Windows 10](../windows-defender-security-center/windows-defender-security-center.md) <br />(no additional installation required)<br />Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device
+User interface | Modern interface integrated with the [Windows Defender Security Center](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training
+Supportability | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Dedicated submission-based support channel](https://www.microsoft.com/en-us/wdsi/filesubmission)<sup id="ref1">[[1](#fn1)]</sup><br />[Part of the Windows 10 support lifecycle](https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]<br />Ends after July 31, 2018
+Updates | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.svg)]<br />No planned updates or development
+Exploit protection | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison))<br />[Can convert and import existing EMET configurations](import-export-exploit-protection-emet-xml.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited set of mitigations
+Attack surface reduction<sup id="ref2-1">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block known infection vectors](attack-surface-reduction-exploit-guard.md)<br />[Can configure individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited ruleset configuration only for modules (no processes)
+Network protection<sup id="ref2-2">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block malicious network connections](network-protection-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
+Controlled folder access<sup id="ref2-3">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps protect important folders](controlled-folders-exploit-guard.md)<br/>[Configurable for apps and folders](customize-controlled-folders-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
+Configuration with GUI (user interface) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Windows Defender Security Center app to customize and manage configurations](customize-exploit-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires installation and use of EMET tool
+Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Group Policy to deploy and manage configurations](import-export-exploit-protection-emet-xml.md#manage-or-deploy-a-configuration) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Available
+Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires use of EMET tool (EMET_CONF)
+System Center Configuration Manager |  [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
+Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/en-us/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
+Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Windows Defender Advanced Threat Protection](../windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
+Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
 
 
 
-Check out the following topics for more information about Exploit protection:
+<span id="fn1"></span>([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx).
+
+<span id="fn2"></span>([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [Exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus.
+
+
+
+## Mitigation comparison
+
+The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [Exploit protection feature](exploit-protection-exploit-guard.md).
+
+The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection.  
+
+Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
+-|:-:|:-:
+Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br />As "Memory Protection Check"
+Block remote images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br/>As "Load Library Check"
+Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Included natively in Windows 10<br/>See  [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
+Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | [!include[Check mark yes](images/svg/check-yes.svg)]
+Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection<br/>See  [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
+Block low integrity images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Code integrity guard | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Disable extension points | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Validate handle usage | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
+
+
+
+
+
+
+>[!NOTE] 
+>The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process.
+> 
+>See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
+
+
+## Related topics
 
 - [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
 - [Evaluate Exploit protection](evaluate-exploit-protection.md)
 - [Enable Exploit protection](enable-exploit-protection.md)
 - [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
 - [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+
+

windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 10/16/2017
+ms.date: 12/12/2017
 ---
 
 
@@ -56,6 +56,9 @@ You can also set mitigations to audit mode. Audit mode allows you to test how th
 
 For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
 
+>[!WARNING] 
+>Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
+
 You can also convert an existing EMET configuration file (in XML format) and import it into Exploit protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using.
 
 See the following topics for instructions on configuring Exploit protection mitigations and importing, exporting, and converting configurations:

windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md

@@ -8,7 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-ms.date: 10/16/2017
+ms.date: 12/12/2017
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
@@ -29,13 +29,13 @@ ms.author: iawilt
 
 - Enterprise security administrators
 
-Each of the four features in Windows Defender Exploit Guard allow you to review events in the Windos Event log. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
+Each of the four features in Windows Defender Exploit Guard allow you to review events in the Windows Event log. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow.
 
 Reviewing the events is also handy when you are evaluating the features, as you can enable audit mode for the features or settings, and then review what would have happened if they were fully enabled.
 
 This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
 
-You can also get detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md) in the Windows Defender Security Center console, which you gain access to if you have an E5 subsciption and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md). 
+You can also get detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md) in the Windows Defender Security Center console, which you gain access to if you have an E5 subscription and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md). 
 
 ## Use custom views to review Windows Defender Exploit Guard features
 

windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/20/2017
+ms.date: 12/12/2017
 ---
 
 
@@ -53,12 +53,13 @@ Exploit protection works best with [Windows Defender Advanced Threat Protection]
 
   You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Exploit protection would impact your organization if it were enabled.
 
- Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection.
+ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See the [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard topic](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to Exploit protection on Windows 10. 
 
  >[!IMPORTANT]
  >If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit protection in Windows 10. You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
 
- 
+>[!WARNING] 
+>Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
 
 ## Requirements
 

windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/01/2017
+ms.date: 12/12/2017
 ---
 
 # Troubleshoot Attack surface reduction rules

windows/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/02/2017
+ms.date: 12/12/2017
 ---
 
 # Troubleshoot Network protection

windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 11/20/2017
+ms.date: 12/12/2017
 ---
 
 
@@ -35,7 +35,7 @@ There are four features in Windows Defender EG:
 
 - [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps
 - [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-,  script- and mail-based malware 
-- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Edge to cover network traffic and connectivity on your organization's devices
+- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices
 - [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware
 
 
@@ -57,6 +57,8 @@ Windows Defender EG can be managed and reported on in the Windows Defender Secur
 
 You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
 
+## Requirements
+
 Each of the features in Windows Defender EG have slightly different requirements:
 
 Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | [Windows Defender Advanced Threat Protection license](../windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) 

windows/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md

@@ -73,4 +73,9 @@ This can only be done in Group Policy.
 
 6.  Open the **Hide the App and browser protection area** setting and set it to **Enabled**. Click **OK**.
 
-7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)

windows/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md

@@ -53,3 +53,7 @@ This can only be done in Group Policy.
 
 7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
 
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)

windows/threat-protection/windows-defender-security-center/wdsc-family-options.md

@@ -50,4 +50,9 @@ This can only be done in Group Policy.
 
 6.  Open the **Hide the Family options area** setting and set it to **Enabled**. Click **OK**.
 
-7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)

windows/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md

@@ -50,3 +50,8 @@ This can only be done in Group Policy.
 
 7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
 
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)
+

windows/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md

@@ -53,4 +53,9 @@ This can only be done in Group Policy.
 
 6.  Open the **Hide the Virus and threat protection area** setting and set it to **Enabled**. Click **OK**.
 
-7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
+
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)

windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md

@@ -55,7 +55,10 @@ You can find more information about each section, including options for configur
 - [Family options](wdsc-family-options.md), which includes access to parental controls along with tips and information for keeping kids safe online
 
 
-
+>[!NOTE]
+>If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+>  
+>![Windows Defender Security Center app with all sections hidden by Group Policy](images/wdsc-all-hide.png)