diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index fd49bae28d..5fc4091e8c 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -802,7 +802,7 @@
},
{
"source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection",
"redirect_document_id": true
},
{
@@ -857,7 +857,7 @@
},
{
"source_path": "windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
"redirect_document_id": true
},
{
@@ -877,7 +877,7 @@
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language",
"redirect_document_id": true
},
{
@@ -887,10 +887,25 @@
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference",
"redirect_document_id": true
},
{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview",
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference",
+"redirect_document_id": false
+},
+{
"source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@@ -1573,7 +1588,7 @@
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hunting",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview",
"redirect_document_id": true
},
{
@@ -15077,6 +15092,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-1709-removed-features",
+"redirect_document_id": true
+},
+{
"source_path": "windows/deployment/planning/windows-10-creators-update-deprecation.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-1703-removed-features",
"redirect_document_id": true
@@ -15246,10 +15266,20 @@
"redirect_url": "https://docs.microsoft.com/microsoft-365/education/deploy/use-intune-for-education",
"redirect_document_id": false
},
+{
+ "source_path": "devices/surface/surface-dock-updater.md",
+ "redirect_url": "/surface/surface-dock-firmware-update",
+ "redirect_document_id": true
+ },
{
"source_path": "education/get-started/use-school-data-sync.md",
"redirect_url": "https://docs.microsoft.com/microsoft-365/education/deploy/school-data-sync",
"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
+"redirect_document_id": true
}
]
}
diff --git a/browsers/edge/about-microsoft-edge.md b/browsers/edge/about-microsoft-edge.md
index b58f9167db..5cd357aea7 100644
--- a/browsers/edge/about-microsoft-edge.md
+++ b/browsers/edge/about-microsoft-edge.md
@@ -19,6 +19,9 @@ ms.date: 10/02/2018
# Microsoft Edge system and language requirements
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index e02b6ba010..2529a88fea 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -16,6 +16,8 @@ ms.author: dansimp
# Change history for Microsoft Edge
Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile.
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
#### [2018](#tab/2018/)
## October 2018
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index 2925106064..880289a39d 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -20,6 +20,9 @@ ms.localizationpriority: medium
> Applies to: Windows 10
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
If you have specific websites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md
index c9cf088a60..d718092a90 100644
--- a/browsers/edge/group-policies/address-bar-settings-gp.md
+++ b/browsers/edge/group-policies/address-bar-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Address bar
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md
index 5fc4021fce..7d9d3e6652 100644
--- a/browsers/edge/group-policies/adobe-settings-gp.md
+++ b/browsers/edge/group-policies/adobe-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Adobe Flash
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md
index c8742367b6..b2689d9638 100644
--- a/browsers/edge/group-policies/books-library-management-gp.md
+++ b/browsers/edge/group-policies/books-library-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Books Library
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data.
diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md
index c4f392209e..2301806f5f 100644
--- a/browsers/edge/group-policies/browser-settings-management-gp.md
+++ b/browsers/edge/group-policies/browser-settings-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Browser experience
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users.
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index 67fce97c58..67c6d1284c 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Developer tools
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md
index 22ad6057c4..dc9b9406b4 100644
--- a/browsers/edge/group-policies/extensions-management-gp.md
+++ b/browsers/edge/group-policies/extensions-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Extensions
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md
index 58ce30eb7f..9a022da181 100644
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@@ -18,6 +18,9 @@ ms.sitesec: library
# Favorites
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
>[!TIP]
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index 8993518748..8f498a5d58 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Home button
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
## Relevant group policies
diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
index 009ea51226..f1a0929bb3 100644
--- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
+++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Interoperability and enterprise mode guidance
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
>[!TIP]
diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md
index 838228b705..2f61f0bd35 100644
--- a/browsers/edge/group-policies/new-tab-page-settings-gp.md
+++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md
@@ -17,6 +17,9 @@ ms.topic: reference
# New Tab page
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads.
>[!NOTE]
diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md
index 3f41505fce..5c4bf7c5fe 100644
--- a/browsers/edge/group-policies/prelaunch-preload-gp.md
+++ b/browsers/edge/group-policies/prelaunch-preload-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Prelaunch Microsoft Edge and preload tabs in the background
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs.
diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md
index 52cf1ca380..480d0e275f 100644
--- a/browsers/edge/group-policies/search-engine-customization-gp.md
+++ b/browsers/edge/group-policies/search-engine-customization-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Search engine customization
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default.
## Relevant group policies
diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md
index 66fc6f99a7..033d73b50e 100644
--- a/browsers/edge/group-policies/security-privacy-management-gp.md
+++ b/browsers/edge/group-policies/security-privacy-management-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Security and privacy
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes.
Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md
index 4b9682362f..5ea55bba9f 100644
--- a/browsers/edge/group-policies/start-pages-gp.md
+++ b/browsers/edge/group-policies/start-pages-gp.md
@@ -16,6 +16,9 @@ ms.topic: reference
# Start pages
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
## Relevant group policies
diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md
index fc5a62e81c..cdce19d2e5 100644
--- a/browsers/edge/group-policies/sync-browser-settings-gp.md
+++ b/browsers/edge/group-policies/sync-browser-settings-gp.md
@@ -13,6 +13,8 @@ ms.topic: reference
# Sync browser settings
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md
index a14fc3aaf6..fb3329f960 100644
--- a/browsers/edge/group-policies/telemetry-management-gp.md
+++ b/browsers/edge/group-policies/telemetry-management-gp.md
@@ -13,6 +13,9 @@ ms.topic: reference
# Telemetry and data collection
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md
index 4e520db1e3..632905e3cb 100644
--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@@ -17,6 +17,9 @@ ms.localizationpriority: medium
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
## How can I get the next major version of Microsoft Edge, based on Chromium?
In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/).
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index b8899ba2b6..130038d3a2 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -17,7 +17,10 @@ ms.date: 10/29/2018
# Deploy Microsoft Edge kiosk mode
>Applies to: Microsoft Edge on Windows 10, version 1809
->Professional, Enterprise, and Education
+>Professional, Enterprise, and Education
+
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode.
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index 5007545950..4c11b5c85e 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -41,7 +41,7 @@ sections:
- type: markdown
text: "
Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
-
"
- title: Manage
@@ -49,7 +49,7 @@ sections:
- type: markdown
text: "
Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
-
"
- title: Support
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index a834e039ee..ff76987746 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -30,7 +30,7 @@ If you prefer to use a graphical user interface, you can create a device account
### Create the account in the admin center
-1. Sign in to Office 365 by visiting http://portal.office.com
+1. Sign in to Office 365 by visiting https://portal.office.com
2. Provide the admin credentials for your Office 365 tenant. This will take you to your Microsoft 365 Admin Center.
diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md
index 3726eae176..7cc48d747d 100644
--- a/devices/surface-hub/surface-hub-2s-connect.md
+++ b/devices/surface-hub/surface-hub-2s-connect.md
@@ -131,4 +131,4 @@ You can connect the following accessories to Surface Hub-2S using Bluetooth:
- Speakers
> [!NOTE]
-> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/en-us/surface-hub/local-management-surface-hub-settings).
+> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/surface-hub/local-management-surface-hub-settings).
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index 3a335c36cb..99c584e4ba 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -27,6 +27,7 @@
### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
+### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
diff --git a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
new file mode 100644
index 0000000000..3fa2512ccf
--- /dev/null
+++ b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
@@ -0,0 +1,84 @@
+---
+title: How to enable the Surface Laptop keyboard during MDT deployment (Surface)
+description: When you use MDT to deploy Windows 10 to Surface laptops, you need to import keyboard drivers to use in the Windows PE environment.
+keywords: windows 10 surface, automate, customize, mdt
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: surface
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.date: 10/2/2019
+ms.reviewer: scottmca
+manager: jarrettr
+appliesto:
+- Surface Laptop (1st Gen)
+- Surface Laptop 2
+---
+
+# How to enable the Surface Laptop keyboard during MDT deployment
+
+> [!NOTE]
+> This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies.
+
+> [!IMPORTANT]
+> If you are deploying a Windows 10 image to a Surface Laptop that has Windows 10 in S mode preinstalled, see KB [4032347, Problems when deploying Windows to Surface devices with preinstalled Windows 10 in S mode](https://support.microsoft.com/help/4032347/surface-preinstall-windows10-s-mode-issues).
+
+On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository).
+
+To add the keyboard drivers to the selection profile, follow these steps:
+
+1. Download the latest Surface Laptop MSI file from the appropriate locations:
+ - [Surface Laptop (1st Gen) Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=55489)
+ - [Surface Laptop 2 Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=57515)
+
+1. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the following command:
+
+ ```cmd
+ Msiexec.exe /a SurfaceLaptop_Win10_15063_1703008_1.msi targetdir=c:\surface_laptop_drivers /qn
+ ```
+
+1. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder.
+
+ 
+
+1. Right-click the **WindowsPEX64** folder and select **Import Drivers**.
+1. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder.
+
+ To support Surface Laptop (1st Gen), import the following folders:
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+
+ To support Surface Laptop 2, import the following folders:
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\I2C
+ - SurfacePlatformInstaller\Drivers\System\SPI
+ - SurfacePlatformInstaller\Drivers\System\UART
+
+1. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
+
+ 
+
+1. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following:
+
+ 
+
+1. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows:
+
+ - For **Platform**, select **x64**.
+ - For **Selection profile**, select the new profile.
+ - Select **Include all drivers from the selection profile**.
+
+ 
+
+1. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
+ - For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list.
+ - For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.
+
+ 
+
+After configuring the MDT Deployment Share to use the new selection profile and related settings, continue the deployment process as described in [Deploy a Windows 10 image using MDT: Step 6: Create the deployment task sequence](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt#step-6-create-the-deployment-task-sequence).
diff --git a/devices/surface/images/surface-laptop-keyboard-1.png b/devices/surface/images/surface-laptop-keyboard-1.png
new file mode 100644
index 0000000000..090ca2b58e
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-1.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-2.png b/devices/surface/images/surface-laptop-keyboard-2.png
new file mode 100644
index 0000000000..2a2cb8b3be
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-2.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-3.png b/devices/surface/images/surface-laptop-keyboard-3.png
new file mode 100644
index 0000000000..80ccc1fc3c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-3.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-4.png b/devices/surface/images/surface-laptop-keyboard-4.png
new file mode 100644
index 0000000000..cf08e7a292
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-4.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-5.png b/devices/surface/images/surface-laptop-keyboard-5.png
new file mode 100644
index 0000000000..cf4bc9109c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-5.png differ
diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md
index 42d9e3a2c5..fbbaec21e8 100644
--- a/devices/surface/surface-wireless-connect.md
+++ b/devices/surface/surface-wireless-connect.md
@@ -27,7 +27,7 @@ This document assumes you have successfully deployed a wireless network that sup
## Configuring access points for optimal roaming capabilities
-If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/en-us/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
+If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device.
- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization.
diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md
index ddc39aa7c2..0c63bbe4b5 100644
--- a/devices/surface/wake-on-lan-for-surface-devices.md
+++ b/devices/surface/wake-on-lan-for-surface-devices.md
@@ -6,12 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
+ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 01/03/2018
-ms.reviewer:
+ms.date: 10/10/2019
+ms.reviewer: scottmca
manager: dansimp
+ms.audience: itpro
---
# Wake On LAN for Surface devices
@@ -41,6 +43,7 @@ The following devices are supported for WOL:
* Surface Laptop 2
* Surface Go
* Surface Go with LTE Advanced
+* Surface Studio (see Surface Studio instructions below)
## WOL driver
@@ -57,6 +60,26 @@ To extract the contents of SurfaceWOL.msi, use the MSIExec administrative instal
`msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
+## Surface Studio instructions
+
+To enable WOL on Surface Studio, you must use the following procedure
+
+1. Create the following registry keys:
+
+ ```
+; Set CONNECTIVITYINSTANDBY to 1:
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9]
+"Attributes"=dword:00000001
+; Set EnforceDisconnectedStandby to 0 and AllowSystemRequiredPowerRequests to 1:
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power]
+"EnforceDisconnectedStandby"=dword:00000000
+"AllowSystemRequiredPowerRequests"=dword:00000001
+```
+
+2. Run the following command
+
+ ```powercfg /SETACVALUEINDEX SCHEME_BALANCED SUB_NONE CONNECTIVITYINSTANDBY 1```
+
## Using Surface WOL
The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computer’s MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet).
diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index aee66dbdb7..9c6fafb2d6 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -19,7 +19,7 @@ Windows Autopilot is a cloud-based deployment technology available in Windows 10
With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution.
-In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements).
+In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library. For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements).
### Windows version considerations
Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices ship with Windows 10 Version 1709 or above.
diff --git a/mdop/appv-v5/TOC.md b/mdop/appv-v5/TOC.md
index db147e8a98..6f2058280a 100644
--- a/mdop/appv-v5/TOC.md
+++ b/mdop/appv-v5/TOC.md
@@ -62,7 +62,7 @@
##### [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md)
##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console 5.1](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md)
##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console 5.1](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md)
-##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console 5.1](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md)
+##### [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md)
#### [Managing Connection Groups 5.1](managing-connection-groups51.md)
##### [About the Connection Group Virtual Environment 5.1](about-the-connection-group-virtual-environment51.md)
##### [About the Connection Group File 5.1](about-the-connection-group-file51.md)
diff --git a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
index d0bcc87058..50214f1054 100644
--- a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -54,7 +54,7 @@ The most common tasks that you can perform with the App-V 5.0 Management console
- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md)
-- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md)
+- [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md)
The main elements of the App-V 5.0 Management Console are:
diff --git a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
index 9431f2a486..26ff07008e 100644
--- a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
+++ b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md
@@ -54,7 +54,7 @@ The most common tasks that you can perform with the App-V 5.1 Management console
- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md)
-- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md)
+- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md)
The main elements of the App-V 5.1 Management Console are:
diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md b/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
similarity index 89%
rename from mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
rename to mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
index 808352b5e4..c96dff8cbe 100644
--- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-51.md
+++ b/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md
@@ -1,5 +1,5 @@
---
-title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
+title: Configure Applications and Default Virtual Application Extensions in Management Console
description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
author: dansimp
ms.assetid: 1e1941d3-fb22-4077-8ec6-7a0cb80335d8
@@ -10,14 +10,12 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
-ms.date: 03/16/2017
+ms.date: 09/26/2019
---
+# Configure Applications and Default Virtual Application Extensions in Management Console
-# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
-
-
-Use the following procedure to view and configure default package extensions.
+Use the following procedure to *view* and *configure* default package extensions.
**To view and configure default virtual application extensions**
diff --git a/mdop/dart-v8/TOC.md b/mdop/dart-v8/TOC.md
index e6b9c3194c..b2c907364b 100644
--- a/mdop/dart-v8/TOC.md
+++ b/mdop/dart-v8/TOC.md
@@ -39,5 +39,5 @@
#### [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md)
## [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md)
## [Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md)
-### [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+### [Use Windows Defender Offline (WDO) for malware protection, not DaRT ](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md
index bcee6aaf64..d51694005d 100644
--- a/mdop/dart-v8/index.md
+++ b/mdop/dart-v8/index.md
@@ -7,7 +7,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 10/03/2017
---
@@ -38,7 +38,7 @@ DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
[Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md)
-[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md)
@@ -54,7 +54,7 @@ View updated product information and known issues for DaRT 8.0.
Learn about the latest MDOP information and resources.
[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com), or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
diff --git a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
index 0733bc4bef..ec7b892511 100644
--- a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
+++ b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -48,7 +48,7 @@ For more information about **Crash Analyzer**, see [Diagnosing System Failures w
### Defender
**Important**
-Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md).
+Environments with the DaRT Defender deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md).
diff --git a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
index da7f794b85..6fefab5848 100644
--- a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
+++ b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md
@@ -10,7 +10,7 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 06/16/2016
+ms.date: 10/03/2016
---
@@ -22,7 +22,7 @@ This section includes technical reference information about Microsoft Diagnostic
## Technical reference
-- [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection](microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md)
+[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md)
Environments with the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection.
diff --git a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
similarity index 87%
rename from mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
rename to mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
index fe85973fc6..6265073d6b 100644
--- a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
+++ b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md
@@ -1,5 +1,5 @@
---
-title: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
+title: Use Windows Defender Offline (WDO) for malware protection not DaRT
description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
author: dansimp
ms.assetid: 59678283-4b44-4d02-ba8f-0e7315efd5d1
@@ -10,12 +10,12 @@ ms.pagetype: mdop
ms.mktglfcycl: support
ms.sitesec: library
ms.prod: w10
-ms.date: 08/30/2016
+ms.date: 09/25/2019
---
-
-# Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Windows Defender Offline (WDO) for malware detection
-
+
+# Use Windows Defender Offline (WDO) for malware protection, not DaRT.
Environments that have the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Windows Defender Offline (WDO) protection image for malware detection. This applies to all currently supported versions of DaRT. These versions include DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs.
diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md
index 8d746d6841..cc24ad5c89 100644
--- a/mdop/mbam-v25/deploy-mbam.md
+++ b/mdop/mbam-v25/deploy-mbam.md
@@ -553,7 +553,7 @@ Now that you have finished the deployment activity, you should review the follow
* If a certificate is used, the certificate must have both FQDN and NetBIOS names entered into the **Subject Alternative Name** field for all IIS servers in the load balance group and also as the Friendly Name (for example: bitlocker.corp.net). Otherwise, the certificate will be reported as not trusted by the browser when you browse load-balanced addresses.
-For more information, see [IIS Network Load Balancing](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-high-availability#a-href-idbkmk-load-balanceaiis-network-load-balancing) and [Registering SPNs for the application pool account](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites#registering-spns-for-the-application-pool-account).
+For more information, see [IIS Network Load Balancing](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-high-availability#a-href-idbkmk-load-balanceaiis-network-load-balancing) and [Registering SPNs for the application pool account](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites#registering-spns-for-the-application-pool-account).
### How to configure a certificate
@@ -589,6 +589,6 @@ For more information, see [MBAM Setup fails with “Register SPN Deferred” err
You'll see multiple OS options in the MBAM root node for GPO after you update the ADMX templates to their latest versions. For example, Windows 7, Windows 8.1, and Windows 10, version 1511 and later versions.
For more information about how to update the ADMX templates, see the following articles:
-* [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates)
-* [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements)
+* [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates)
+* [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements)
* [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531)
diff --git a/store-for-business/sign-up-microsoft-store-for-business-overview.md b/store-for-business/sign-up-microsoft-store-for-business-overview.md
index 0159084242..68548aeb8b 100644
--- a/store-for-business/sign-up-microsoft-store-for-business-overview.md
+++ b/store-for-business/sign-up-microsoft-store-for-business-overview.md
@@ -12,7 +12,7 @@ author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
-ms.date: 10/13/2017
+ms.date: 10/03/2019
---
# Sign up and get started
@@ -29,10 +29,10 @@ IT admins can sign up for Microsoft Store for Business and Education, and get st
| Topic | Description |
| ----- | ----------- |
| [Microsoft Store for Business and Education overview](windows-store-for-business-overview.md) | Learn about Microsoft Store for Business. |
-| [Prerequisites for Microsoft Store for Business and Education](prerequisites-windows-store-for-business.md) | There are a few prerequisites for using Microsoft Store for Business and Education. |
-| [Sign up for Microsoft Store for Business or Microsoft Store for Education](sign-up-windows-store-for-business.md) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
-| [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-windows-store-for-business.md) | The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
-| [Settings reference: Microsoft Store for Business and Education](settings-reference-windows-store-for-business.md) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
+| [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) | There are a few prerequisites for using Microsoft Store for Business and Education.](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business) |
+| [Sign up for Microsoft Store for Business or Microsoft Store for Education](https://docs.microsoft.com/microsoft-store/sign-up-microsoft-store-for-business) | Before you sign up for Store for Business and Education, at a minimum, you'll need an Azure Active Directory (AD) or Office 365 account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD or Office 365 account and directory as part of the sign up process. |
+| [Roles and permissions in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/roles-and-permissions-microsoft-store-for-business)| The first person to sign in to Microsoft Store for Business and Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. |
+| [Settings reference: Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) | Microsoft Store for Business and Education has a group of settings that admins use to manage the store. |
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 894ed853fc..6601e238eb 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -103,9 +103,9 @@ To do this, follow these steps:
### Use the keyboard
-[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
+[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
### Use Debugger
-[Forcing a System Crash from the Debugger](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
+[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index c90eee3566..7b0b676166 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -159,6 +159,15 @@
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
+#### [Policies supported by Group Policy](policies-supported-by-group-policy.md)
+#### [ADMX-backed policies](policies-admx-backed.md)
+#### [Policies supported by HoloLens 2](policies-supported-by-hololens2.md)
+#### [Policies supported by HoloLens (1st gen) Commercial Suite](policies-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies supported by HoloLens (1st gen) Development Edition](policies-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies supported by Windows 10 IoT Enterprise](policies-supported-by-iot-enterprise.md)
+#### [Policies supported by Windows 10 IoT Core](policies-supported-by-iot-core.md)
+#### [Policies supported by Microsoft Surface Hub](policies-supported-by-surface-hub.md)
+#### [Policies that can be set using Exchange Active Sync (EAS)](policies-that-can-be-set-using-eas.md)
#### [ApplicationRestrictions XSD](applicationrestrictions-xsd.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 7dc2e66ea2..052d05d6a0 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -11,7 +11,7 @@ ms.date: 05/21/2019
# ApplicationControl CSP
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
+Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using AppLocker CSP’s CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only.
ApplicationControl CSP was added in Windows 10, version 1903.
@@ -117,7 +117,7 @@ Value type is char.
To use ApplicationControl CSP, you must:
- Know a generated policy’s GUID, which can be found in the policy xml as ``.
- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
+- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
Here is a sample certutil invocation:
```
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 5d09981ed6..82139a98a6 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,12 +6,16 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 08/05/2019
+ms.localizationpriority: medium
+ms.date: 09/27/2019
ms.reviewer:
manager: dansimp
---
# BitLocker CSP
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
> [!NOTE]
@@ -25,7 +29,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
The following diagram shows the BitLocker configuration service provider in tree format.
-
+
**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
@@ -57,7 +61,7 @@ Allows the administrator to require storage card encryption on the device. This
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
- 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require Storage cards to be encrypted.
+- 1 – Require storage cards to be encrypted.
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
@@ -125,10 +129,10 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
The following list shows the supported values:
-- 0 (default) – Disable. If the policy setting is not set or is set to 0, the device's enforcement status will not be checked. The policy will not enforce encryption and it will not decrypt encrypted volumes.
-- 1 – Enable. The device's enforcement status will be checked. Setting this policy to 1 will trigger encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
+- 0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
+- 1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
-If you want to disable this policy use the following SyncML:
+If you want to disable this policy, use the following SyncML:
```xml
@@ -151,7 +155,7 @@ If you want to disable this policy use the following SyncML:
**EncryptionMethodByDriveType**
-Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
+Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
Home
@@ -520,7 +524,8 @@ Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery informatio
Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
-> [!Note] > If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+> [!Note]
+> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
@@ -532,26 +537,18 @@ Sample value for this node to enable this policy is:
```
-The possible values for 'xx' are:
-
-
true = Explicitly allow
-
false = Policy not set
-
-
+The possible values for 'xx' are:
+- true = Explicitly allow
+- false = Policy not set
-The possible values for 'yy' are:
-
-
2 = Allowed
-
1 = Required
-
0 = Disallowed
-
+The possible values for 'yy' are:
+- 2 = Allowed
+- 1 = Required
+- 0 = Disallowed
-The possible values for 'zz' are:
-
-
2 = Store recovery passwords only
-
1 = Store recovery passwords and key packages
-
-
+The possible values for 'zz' are:
+- 2 = Store recovery passwords only
+- 1 = Store recovery passwords and key packages
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
@@ -896,6 +893,161 @@ If you want to disable this policy use the following SyncML:
```
+
+**ConfigureRecoveryPasswordRotation**
+This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operations are Add, Delete, Get, and Replace.
+
+Supported values are:
+- 0 – Refresh off (default)
+- 1 – Refresh on for Azure AD-joined devices
+- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices
+
+**RotateRecoveryPasswords**
+This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
+
+The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
+
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client will not retry, but if needed, the server can re-issue the execute request.
+
+Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh.
+
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices cannot refresh recovery passwords if they are only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account.
+
+Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
+- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
+- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+
+**Status**
+Interior node. Supported operation is Get.
+
+**Status/DeviceEncryptionStatus**
+This node reports compliance state of device encryption on the system.
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+Supported values:
+- 0 - Indicates that the device is compliant.
+- Any other value represents a non-compliant device.
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsStatus**
+This node reports the status of RotateRecoveryPasswords request.
+
+Status code can be one of the following:
+
+- 2 – Not started
+- 1 - Pending
+- 0 - Pass
+- Any other code - Failure HRESULT
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsRequestID**
+This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Get.
+
### SyncML example
The following example is provided to show proper format and should not be taken as a recommendation.
@@ -1058,4 +1210,4 @@ The following example is provided to show proper format and should not be taken
-```
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 1fed0144fa..19421997ba 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -6,7 +6,8 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 06/29/2018
+ms.localizationpriority: medium
+ms.date: 09/30/2019
ms.reviewer:
manager: dansimp
---
@@ -20,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **BitLock
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version Windows 10, version 1809.
+The XML below is the current version for this CSP.
```xml
@@ -46,7 +47,7 @@ The XML below is the current version Windows 10, version 1809.
- com.microsoft/3.0/MDM/BitLocker
+ com.microsoft/5.0/MDM/BitLocker
@@ -736,6 +737,206 @@ The XML below is the current version Windows 10, version 1809.
+
+
+ ConfigureRecoveryPasswordRotation
+
+
+
+
+
+
+
+ Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
+ When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
+ Active Directory back up for recovery password is configured to required.
+ For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
+ For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
+
+ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
+ 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
+ 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+
+ If you want to disable this policy use the following SyncML:
+
+
+ 112
+
+
+ ./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotation
+
+
+ int
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+
+
+ RotateRecoveryPasswords
+
+
+
+
+ Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
+ This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
+
+The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
+ * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
+ *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
+
+ Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
+
+* status\RotateRecoveryPasswordsStatus
+ * status\RotateRecoveryPasswordsRequestID
+
+
+
+Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
+
+
+ 113
+
+
+ ./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswords
+
+
+ chr
+
+ <RequestID/>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DeviceEncryptionStatus
+
+
+
+
+ This node reports compliance state of device encryption on the system.
+ Value '0' means the device is compliant. Any other value represents a non-compliant device.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsStatus
+
+
+
+
+ This Node reports the status of RotateRecoveryPasswords request.
+ Status code can be one of the following:
+ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsRequestID
+
+
+
+
+ This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+ This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
+ To ensure the status is correctly matched to the request ID.
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
```
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 6b3a628eb7..d0a24d5007 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -979,7 +979,7 @@ The data type is string.
Default string is as follows:
-https://docs.microsoft.com/en-us/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
+https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
Add **SDDL**
``` xml
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index ec63a3f303..c4591652a5 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -2030,7 +2030,7 @@ The content below are the latest versions of the DDF files:
- SDDL String controlling access to the channel. Default: https://docs.microsoft.com/en-us/windows/desktop/WES/eventmanifestschema-channeltype-complextype
+ SDDL String controlling access to the channel. Default: https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 548a34e79e..384babdddb 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -6,6 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
manager: dansimp
@@ -32,9 +33,9 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
## Enable a policy
> [!NOTE]
-> See [Understanding ADMX-backed policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
-1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.
+1. Find the policy from the list [ADMX-backed policies](policies-admx-backed.md). You need the following information listed in the policy description.
- GP English name
- GP name
- GP ADMX file name
diff --git a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png
index d3d33ff9f6..63ccb6fc89 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-bitlocker.png and b/windows/client-management/mdm/images/provisioning-csp-bitlocker.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 3d60ebdc20..43377d2ca0 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -12,6 +12,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
+ms.localizationpriority: medium
ms.date: 07/01/2019
---
@@ -23,6 +24,7 @@ This topic provides information about what's new and breaking changes in Windows
For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
- **What’s new in MDM for Windows 10 versions**
+ - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909)
- [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903)
- [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809)
- [What’s new in MDM for Windows 10, version 1803](#whats-new-in-mdm-for-windows-10-version-1803)
@@ -56,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
+ - [October 2019](#october-2019)
- [September 2019](#september-2019)
- [August 2019](#august-2019)
- [July 2019](#july-2019)
@@ -81,6 +84,27 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [September 2017](#september-2017)
- [August 2017](#august-2017)
+## What’s new in MDM for Windows 10, version 1909
+
Added the following new nodes in Windows 10, version 1909:
+ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.
+
+
+
+
## What’s new in MDM for Windows 10, version 1903
Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
@@ -1905,6 +1929,17 @@ What data is handled by dmwappushsvc? | It is a component handling the internal
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
## Change history in MDM documentation
+### October 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes: ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID|
+
+### October 2019
+
+|New or updated topic | Description|
+|--- | ---|
+|[Policy CSP - Update](policy-csp-update.md)|Added the following new policy: Update/TargetReleaseVersion|
### September 2019
@@ -2377,7 +2412,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
Added a new section:
-
Policies supported by GP - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
+
Policies supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
@@ -4575,6 +4580,82 @@ The following list shows the supported values:
+
+**Update/TargetReleaseVersion**
+
+
+
+
+
Windows Edition
+
Supported?
+
+
+
Home
+
+
+
+
Pro
+
7
+
+
+
Business
+
7
+
+
+
Enterprise
+
7
+
+
+
Education
+
7
+
+
+
Mobile
+
+
+
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Enables IT administrators to specify which version they would like their device(s) to move to and/or stay on until they reach end of service or reconfigure the policy. For details about different Windows 10 versions, see [Windows 10 release information](https://docs.microsoft.com/windows/release-information/).
+
+
+ADMX Info:
+- GP English name: *Select the target Feature Update version*
+- GP name: *TargetReleaseVersion*
+- GP element: *TargetReleaseVersionId*
+- GP path: *Windows Components/Windows Update/Windows Update for Business*
+- GP ADMX file name: *WindowsUpdate.admx*
+
+
+
+Value type is a string containing Windows 10 version number. For example, 1809, 1903.
+
+
+
+
+
+
+
+
+
+
+
**Update/UpdateNotificationLevel**
@@ -4846,6 +4927,6 @@ Footnotes:
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
-
+- 7 - Added in the next major release of Windows 10.
diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md
index 04dcbbafc9..28f7edaab0 100644
--- a/windows/client-management/system-failure-recovery-options.md
+++ b/windows/client-management/system-failure-recovery-options.md
@@ -202,4 +202,4 @@ To view system failure and recovery settings for your local computer, type **wmi
## References
-[Varieties of Kernel-Mode Dump Files](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
+[Varieties of Kernel-Mode Dump Files](https://docs.microsoft.com/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)
diff --git a/windows/client-management/troubleshoot-windows-startup.md b/windows/client-management/troubleshoot-windows-startup.md
index 70bda5a8f5..308677bcef 100644
--- a/windows/client-management/troubleshoot-windows-startup.md
+++ b/windows/client-management/troubleshoot-windows-startup.md
@@ -46,8 +46,8 @@ To understand the underlying cause of Windows startup problems, it's important t
These articles will walk you through the resources you need to troubleshoot Windows startup issues:
-- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-boot-problems)
+- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/windows/client-management/advanced-troubleshooting-boot-problems)
-- [Advanced troubleshooting for Stop error or blue screen error](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-stop-errors)
+- [Advanced troubleshooting for Stop error or blue screen error](https://docs.microsoft.com/windows/client-management/troubleshoot-stop-errors)
-- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-windows-freeze)
+- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/windows/client-management/troubleshoot-windows-freeze)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index cca3071cad..e1100ede91 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -12,6 +12,7 @@ ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.topic: article
+ms.date: 10/03/2019
---
# Change history for Configure Windows 10
@@ -118,14 +119,14 @@ The following topics were moved into the [Privacy](/windows/privacy/index) libra
New or changed topic | Description
--- | ---
-[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
+[Configure Windows diagnostic data in your organizationspro](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | Updated endpoints.
[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
## March 2018
New or changed topic | Description
--- | ---
-[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the March update.
+[Windows 10, version 1709 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) | Added events and fields that were added in the March update.
Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it **Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education** and reorganized the information to make the choices clearer.
@@ -133,7 +134,7 @@ Set up a kiosk on Windows 10 Pro, Enterprise, or Education | Renamed it **Set up
New or changed topic | Description
--- | ---
-[Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) | Added events and fields that were added in the February update.
+[Windows 10, version 1709 basic diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709) and [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) | Added events and fields that were added in the February update.
[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Updated the instructions for applying a customized Start layout using Microsoft Intune.
@@ -144,9 +145,9 @@ New or changed topic | Description
[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added videos demonstrating how to use Microsoft Intune and how to use provisioning packages to configure multi-app kiosks.
[ConnectivityProfiles](wcd/wcd-connectivityprofiles.md) | Added settings for VPN **Native** and **Third Party** profile types.
[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) | Clarified that the TopMFUApps elements in layoutmodification.xml are not supported in Windows 10, version 1709.
-| [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) | New topic |
+| [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overviewd) | New topic |
[Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Added section for removing default apps from the taskbar.
-[Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them.
+[Manage Windows 10 connection endpoints](https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them.
[Configure Windows Spotlight on the lock screen](windows-spotlight.md) | Added section for resolution of custom lock screen images.
[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added section for automatic sign-in after restart on unmanaged devices.
@@ -155,7 +156,7 @@ New or changed topic | Description
New or changed topic | Description
--- | ---
-|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)| Added events that were added in November. |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)| Added events that were added in November. |
[Create a provisioning package with multivariant settings](provisioning-packages/provisioning-multivariant.md) | Add support for desktop to [Conditions](provisioning-packages/provisioning-multivariant.md#conditions) table.
## October 2017
@@ -170,16 +171,16 @@ The topics in this library have been updated for Windows 10, version 1709 (also
- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
-- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
-- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
-
+- [Windows 10, version 1709 basic diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709)
+- [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)
+
## September 2017
|New or changed topic | Description|
|--- | ---|
-|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
-|[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
+|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](https://docs.microsoft.com/windows/privacy/gdpr-win10-whitepaper)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
+|[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
@@ -194,12 +195,12 @@ The topics in this library have been updated for Windows 10, version 1709 (also
| New or changed topic | Description |
| --- | --- |
-|[Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md)|Updated categories and included diagnostic data.|
+|[Windows 10, version 1703 Diagnostic Data](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)|Updated categories and included diagnostic data.|
|[Add image for secondary tiles](start-secondary-tiles.md) | Added XML example for Edge secondary tiles and **ImportEdgeAssets** |
|[Customize and export Start layout](customize-and-export-start-layout.md) | Added explanation for tile behavior when the app is not installed |
|[Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added that Microsoft Edge is not supported for assigned access |
-|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)|Updated several Appraiser events and added Census.Speech. |
-|[Manage connections from Windows operating system components to Microsoft-services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Updated Date & Time and Windows spotlight sections. |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)|Updated several Appraiser events and added Census.Speech. |
+|[Manage connections from Windows operating system components to Microsoft-services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Updated Date & Time and Windows spotlight sections. |
## June 2017
@@ -214,7 +215,7 @@ The topics in this library have been updated for Windows 10, version 1709 (also
| New or changed topic | Description |
| --- | --- |
| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | New |
-| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added MDM policies for privacy settings |
+| [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) | Added MDM policies for privacy settings |
## April 2017
@@ -232,5 +233,4 @@ The topics in this library have been updated for Windows 10, version 1703 (also
- [Use the Lockdown Designer app to create a Lockdown XML file](mobile-devices/mobile-lockdown-designer.md)
- [Add image for secondary tiles](start-secondary-tiles.md)
- [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)
-- [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
-- [Windows 10, version 1703 Diagnostic Data](windows-diagnostic-data-1703.md)
+- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703)
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md
index eb5c4b579b..562f287c68 100644
--- a/windows/deployment/planning/windows-10-1803-removed-features.md
+++ b/windows/deployment/planning/windows-10-1803-removed-features.md
@@ -21,7 +21,8 @@ Each release of Windows 10 adds new features and functionality; we also occasion
> [!TIP]
> - You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes.
-> - Have questions about other releases? Check out the information for [Windows 10, version 1703](windows-10-1703-removed-features.md) , and [Windows 10, version 1709](windows-10-1709-removed-features.md).
+- Have questions about other releases? Check out the information for [Features that are removed or deprecated in Windows 10, version 1703](https://docs.microsoft.com/windows/deployment/planning/windows-10-1703-removed-features), [Features that are removed or deprecated in Windows 10, version 1709](https://docs.microsoft.com/windows/deployment/planning/windows-10-1709-removed-features), and [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/en-us/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).
+
**The list is subject to change and might not include every affected feature or functionality.**
diff --git a/windows/deployment/planning/windows-10-1809-removed-features.md b/windows/deployment/planning/windows-10-1809-removed-features.md
index a613905aca..9a2cb63049 100644
--- a/windows/deployment/planning/windows-10-1809-removed-features.md
+++ b/windows/deployment/planning/windows-10-1809-removed-features.md
@@ -20,8 +20,9 @@ ms.topic: article
Each release of Windows 10 adds new features and functionality; we also occasionally remove features and functionality, usually because we've added a better option. Here are the details about the features and functionalities that we removed in Windows 10, version 1809.
> [!TIP]
-> - You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes.
-> - Have questions about other releases? Check out the information for [Windows 10, version 1803](windows-10-1803-removed-features.md), [Windows 10, version 1709](windows-10-1709-removed-features.md), and [Windows 10, version 1703](windows-10-1703-removed-features.md).
+> You can get early access to Windows 10 builds by joining the [Windows Insider program](https://insider.windows.com) - this is a great way to test feature changes.
+> Have questions about other releases? Check out the information for [Features removed or planned for replacement starting with Windows 10, version 1809](https://docs.microsoft.com/windows/deployment/planning/windows-10-1809-removed-features), [Features removed or planned for replacement starting with Windows Server, version 1709](https://docs.microsoft.com/windows-server/get-started/removed-features-1709), and [Features that are removed or deprecated in Windows 10, version 1703](https://docs.microsoft.com/windows/deployment/planning/windows-10-1703-removed-features).
+
**The list is subject to change and might not include every affected feature or functionality.**
@@ -36,7 +37,7 @@ We're removing the following features and functionalities from the installed pro
|Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.|
|limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.|
|Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.|
-|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.|
+|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.|
## Features we’re no longer developing
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 210ebcaf84..9c45228695 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -36,7 +36,7 @@ Windows as a service provides a new way to think about building, deploying, and
| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
| [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy. |
| [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates. |
-| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
+| [Assign devices to servicing branches for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-servicing-channels-windows-10-updates) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization. |
| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md
index b5cc63019b..7aacf56861 100644
--- a/windows/deployment/windows-autopilot/white-glove.md
+++ b/windows/deployment/windows-autopilot/white-glove.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
-audience: itpro
+audience: itproF
author: greg-lindsay
manager: laurawi
ms.audience: itpro
@@ -30,7 +30,7 @@ With **Windows Autopilot for white glove deployment**, the provisioning process
-Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven [Azure AD join](user-driven-aad.md) and [Hybrid Azure AD](user-driven-hybrid.md) join scenarios.
+Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven mode for Azure Active Directory Join, and user-driven mode for Hybrid Azure Active directory join scenarios.
## Prerequisites
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index ac44c5d8fd..80be0dc299 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -124,4 +124,4 @@ There are no additional hardware requirements to use Windows 10 Autopilot, beyon
## Related topics
-[Configure Autopilot deployment](configure-autopilot.md)
+[Configure Autopilot deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index f307fbf265..04f3d13f0c 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -1,65 +1,66 @@
----
-title: Overview of Windows Autopilot
-description: Windows Autopilot deployment
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
-ms.reviewer: mniehaus
-manager: laurawi
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Overview of Windows Autopilot
-
-**Applies to**
-
-- Windows 10
-
-Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
-
-Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following diagram:
-
- 
-
-When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
-
-Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
-
-Windows Autopilot enables you to:
-* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
-* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](windows-autopilot-requirements-configuration.md)).
-* Restrict the Administrator account creation.
-* Create and auto-assign devices to configuration groups based on a device's profile.
-* Customize OOBE content specific to the organization.
-
-## Windows Autopilot walkthrough
-
-The following video shows the process of setting up Windows Autopilot:
-
-
-
-
-
-## Benefits of Windows Autopilot
-
-Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach.
-
-From the user's perspective, it only takes a few simple operations to make their device ready to use.
-
-From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
-
-## Requirements
-
-Windows 10 version 1703 or higher is required to use Windows Autopilot. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
-
-## Related topics
-
-[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot)
-[Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md)
+---
+title: Overview of Windows Autopilot
+description: Windows Autopilot deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.reviewer: mniehaus
+manager: laurawi
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: greg-lindsay
+ms.author: greglin
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Overview of Windows Autopilot
+
+**Applies to**
+
+- Windows 10
+
+Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
+
+Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following diagram:
+
+ 
+
+When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
+
+Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
+
+Windows Autopilot enables you to:
+* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
+* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription for configuration*](https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Windows-10-Azure-AD-and-Microsoft-Intune-Automatic-MDM/ba-p/244067)).
+* Restrict the Administrator account creation.
+* Create and auto-assign devices to configuration groups based on a device's profile.
+* Customize OOBE content specific to the organization.
+
+## Windows Autopilot walkthrough
+
+The following video shows the process of setting up Windows Autopilot:
+
+
+
+
+
+## Benefits of Windows Autopilot
+
+Traditionally, IT pros spend a lot of time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach.
+
+From the user's perspective, it only takes a few simple operations to make their device ready to use.
+
+From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
+
+## Requirements
+
+Windows 10 version 1703 or higher is required to use Windows Autopilot. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
+
+## Related topics
+
+[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot)
+[Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md)
diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml
index e858c87806..1504e2cae3 100644
--- a/windows/hub/windows-10.yml
+++ b/windows/hub/windows-10.yml
@@ -33,7 +33,7 @@ sections:
- type: markdown
text: "
Learn about the latest releases and servicing options.
-
"
- title: Frequently asked questions
@@ -41,7 +41,7 @@ sections:
- type: markdown
text: "
Get answers to common questions, or get help with a specific problem.
-
"
- title: Plan
@@ -57,7 +57,7 @@ sections:
- type: markdown
text: "
Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
-
"
- title: Management and security
@@ -65,7 +65,7 @@ sections:
- type: markdown
text: "
Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
-
"
- title: Stay informed
diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md
index 50d0770521..ba1428445d 100644
--- a/windows/privacy/gdpr-it-guidance.md
+++ b/windows/privacy/gdpr-it-guidance.md
@@ -224,7 +224,7 @@ IT Professionals that are interested in this configuration, see [Windows 10 pers
### Windows 10 connections to Microsoft
-To find out more about the network connections that Windows components make to Microsoft as well as the privacy settings that affect data shared with either Microsoft or apps, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) and [Manage Windows 10 connection endpoints](manage-windows-endpoints.md). These articles describe how these settings can be managed by an IT Professional.
+To find out more about the network connections that Windows components make to Microsoft as well as the privacy settings that affect data shared with either Microsoft or apps, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). This article describe how these settings can be managed by an IT Professional, and fronts an array of Windows version-specific articles.
### At-a-glance: the relationship between an IT organization and the GDPR
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index 8211fc3089..b9a39fb4e3 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -138,10 +138,11 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. **Windows Defender**
1. [Defender/AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
1. [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)**
+ 1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)**
1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)**
1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
- 1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
- 1. [Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
+ 1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
+ 1. [Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
1. **Windows Spotlight** - [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight). Disable Windows Spotlight. **Set to 0 (zero)**
1. **Microsoft Store**
1. [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps). Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
@@ -151,8 +152,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode). Let’s you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
1. **Windows Update**
1. [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Control automatic updates. **Set to 5 (five)**
- 1. Windows Update Allow Update Service - [Update/AllowUpdateService](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
- 1. Windows Update Service URL - [Update/UpdateServiceUrl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value:
+ 1. Windows Update Allow Update Service - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice). Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. **Set to 0 (zero)**
+ 1. Windows Update Service URL - [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl). Allows the device to check for updates from a WSUS server instead of Microsoft Update. **Set to String** with the Value:
1. **\\$CmdID$\\\chr\text/plain\\ \./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl\\http://abcd-srv:8530\\**
### Allowed traffic for Microsoft Intune / MDM configurations
@@ -164,6 +165,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
|client.wns.windows.com|
|crl.microsoft.com/pki/crl/*|
|ctldl.windowsupdate.com|
+|*displaycatalog.mp.microsoft.com|
|dm3p.wns.windows.com|
|\*microsoft.com/pkiops/\*|
|ocsp.digicert.com/*|
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 71b2aa6e37..48a8bcd1ea 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1437,15 +1437,15 @@ To turn this Off in the UI:
-OR-
-- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)**
-and-
-- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)**
-and-
-- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)**
### 18.23 Voice Activation
@@ -1466,11 +1466,11 @@ To turn this Off in the UI:
-OR-
-- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
+- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**
-and-
-- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
+- Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy** with a **value of 2 (two)**
diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md
index d398441cbc..73ccd75c12 100644
--- a/windows/privacy/windows-diagnostic-data-1703.md
+++ b/windows/privacy/windows-diagnostic-data-1703.md
@@ -21,7 +21,7 @@ ms.reviewer:
**Applies to:**
- Windows 10, version 1703
-Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) and [Windows 10, version 1703 Basic level diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md).
+Microsoft collects Windows diagnostic data to keep Windows up-to-date, secure, and operating properly. It also helps us improve Windows and, for users who have turned on “tailored experiences”, can be used to provide more relevant tips and recommendations to tailor Microsoft products to the user’s needs. This article describes all types diagnostic data collected by Windows at the Full diagnostic data level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1709 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709) and [Windows 10, version 1703 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703).
The data covered in this article is grouped into the following categories:
diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
index 2d1b7a1a36..13660e8f01 100644
--- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
@@ -23,7 +23,7 @@ ms.reviewer:
- Windows 10 Professional, version 1709
- Windows 10 Education, version 1709
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1709.
+In addition to the endpoints listed for [Windows 10 Enterprise](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services), the following endpoints are available on other editions of Windows 10, version 1709.
We used the following methodology to derive these network endpoints:
diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
index 885bdb44c7..208f378b9e 100644
--- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
@@ -23,7 +23,7 @@ ms.reviewer:
- Windows 10 Professional, version 1803
- Windows 10 Education, version 1803
-In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1803.
+In addition to the endpoints listed for [Windows 10 Enterprise](https://docs.microsoft.com/en-gb/windows/privacy/manage-windows-1803-endpoints ), the following endpoints are available on other editions of Windows 10, version 1803.
We used the following methodology to derive these network endpoints:
diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md
index 0b5997a3eb..93c2b4da00 100644
--- a/windows/privacy/windows-personal-data-services-configuration.md
+++ b/windows/privacy/windows-personal-data-services-configuration.md
@@ -399,7 +399,7 @@ These settings whether employees send “Do Not Track” header from the Microso
### Windows Privacy on docs.microsoft.com
* [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
-* [Manage Windows 10 connection endpoints](manage-windows-endpoints.md)
+* [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
* [Understanding Windows diagnostic data](configure-windows-diagnostic-data-in-your-organization.md#understanding-windows-diagnostic-data)
* [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
diff --git a/windows/release-information/resolved-issues-windows-10-1507.yml b/windows/release-information/resolved-issues-windows-10-1507.yml
index 4b08bb66bc..bc005f4a92 100644
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@@ -37,9 +37,6 @@ sections:
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.
Event Viewer may close or you may receive an error when using Custom Views When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.
Affected platforms:
Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: We have released an \"optional, out-of-band\" update for Windows 10 (KB4505051) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505051 from Windows Update and then restarting your device.
This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505051, search for it in the Microsoft Update Catalog.
Custom URI schemes may not start corresponding application
After installing KB4489872, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Custom URI schemes may not start corresponding application
After installing KB4489882, Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Custom URI schemes may not start corresponding application
After installing KB4489871, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
MSXML6 causes applications to stop responding if an exception was thrown MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Stop error when attempting to start SSH from WSL A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.
Custom URI schemes may not start corresponding application
After installing KB4489886, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
After applying KB4489886, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.
Affected platforms:
Client: Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1803; Windows Server, version 1709
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
MSXML6 causes applications to stop responding if an exception was thrown
After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
Stop error when attempting to start SSH from WSL A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Custom URI schemes may not start corresponding application
After installing KB4489868, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
After applying KB4489868, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh -A) or a configuration setting.
Affected platforms:
Client: Windows 10, version 1803; Windows 10, version 1709
Server: Windows Server, version 1803; Windows Server, version 1709
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
System may be unresponsive after restart if ArcaBit antivirus software installed After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
End-user-defined characters (EUDC) may cause blue screen at startup If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
System may be unresponsive after restart if ArcaBit antivirus software installed
ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.
Affected platforms:
Client: Windows 8.1; Windows 7 SP1
Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article.
Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart.
Authentication may fail for services after the Kerberos ticket expires Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Devices may not respond at login or Welcome screen if running certain Avast software Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
Authentication may fail for services after the Kerberos ticket expires
After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Custom URI schemes may not start corresponding application
After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
System may be unresponsive after restart if ArcaBit antivirus software installed Devices with ArcaBit antivirus software installed may become unresponsive upon restart.
System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Devices may not respond at login or Welcome screen if running certain Avast software Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.
Custom URI schemes may not start corresponding application Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.
MSXML6 may cause applications to stop responding. MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Custom URI schemes may not start corresponding application
After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart.
Authentication may fail for services after the Kerberos ticket expires Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Authentication may fail for services after the Kerberos ticket expires
After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.
Affected platforms:
Client: Windows 7 SP1
Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
System unresponsive after restart if Sophos Endpoint Protection installed Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.
System may be unresponsive after restart if Avira antivirus software installed Devices with Avira antivirus software installed may become unresponsive upon restart.
Embedded objects may display incorrectly Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
Internet Explorer 11 authentication issue with multiple concurrent logons Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.
MSXML6 may cause applications to stop responding MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
After installing KB4489891, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.
Affected platforms
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
Cache size and location show zero or empty.
Keyboard shortcuts may not work properly.
Webpages may intermittently fail to load or render correctly.
Issues with credential prompts.
Issues when downloading files.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.
Affected platforms:
Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
- "
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 9f123d8aeb..69a1b1cd91 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -21,7 +21,7 @@ sections:
Find information on known issues for Windows 10, version 1703. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-
Current status as of August 23, 2019:
The Enterprise and Education editions of Windows 10, version 1703 (the Windows 10 Creators Update) will reach end of life on October 9, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions reached end of service on October 8, 2018.
There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats.
To continue receiving security and quality updates, Microsoft recommends that you update your devices to the latest version of Windows 10. For more information on end of service dates and currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
+
Windows 10, version 1703 has reached end of service
Consumer and commercial editions of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
Consumer and commercial editions of Windows 10, version 1703 have reached end of service. As devices running these editions are no longer receiving monthly security and quality updates containing protections from the latest security threats, we recommend that you update these devices to the latest version of Windows 10 immediately. For more information on end of service dates currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
The October 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
On October 3, 2019, Microsoft expanded delivery of the out-of-band Internet Explorer scripting engine security vulnerability (CVE-2019-1367) update released on September 23, 2019 to Windows Update and Windows Server Update Services (WSUS). This is now a required security update for all supported versions of Windows as it includes the Internet Explorer scripting engine vulnerability mitigation and corrects a recent printing issue some users have experienced. All customers using Windows Update or WSUS will be offered this update automatically. We recommend that you install this update as soon as a possible, then restart your PC to fully apply the mitigations and help secure your devices. As with all cumulative updates, this update supersedes any preceding update.
Note: This update does not replace the standard October 2019 monthly security update release, which is scheduled for October 8, 2019.
The September 2019 optional monthly “D” release for Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
September 26, 2019 02:00 PM PT
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index 5738d0e7ff..cf4016e37e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -60,7 +60,7 @@ If the error occurs again, check the error code against the following table to s
0x80090036
-
User cancelled an interactive dialog
+
User canceled an interactive dialog
User will be asked to try again
@@ -204,8 +204,9 @@ If the error occurs again, check the error code against the following table to s
-
+
## Errors with unknown mitigation
+
For errors listed in this table, contact Microsoft Support for assistance.
| Hex | Cause |
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index f6259064c6..f8776c4535 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -107,11 +107,11 @@
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
### [Advanced hunting]()
-#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
-#### [Learn the query language](microsoft-defender-atp/advanced-hunting.md)
+#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
+#### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]()
-##### [Understand the schema](microsoft-defender-atp/advanced-hunting-reference.md)
+##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md)
##### [FileCreationEvents](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md)
##### [ImageLoadEvents](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md)
@@ -301,7 +301,6 @@
#### [Manage next generation protection in your business]()
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 080a09e0b5..663976a44a 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -1,7 +1,7 @@
---
title: Threat Protection (Windows 10)
description: Learn how Microsoft Defender ATP helps protect against threats.
-keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting
+keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting, cyber threat hunting
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -64,7 +64,7 @@ The attack surface reduction set of capabilities provide the first line of defen
- [Application control](windows-defender-application-control/windows-defender-application-control.md)
- [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
- [Exploit protection](microsoft-defender-atp/exploit-protection.md)
-- [Network protection](microsoft-defender-atp/network-protection.md)
+- [Network protection](microsoft-defender-atp/network-protection.md), [Web protection](microsoft-defender-atp/web-protection-overview.md)
- [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
- [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
@@ -83,7 +83,7 @@ To further reinforce the security perimeter of your network, Microsoft Defender
**[Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)**
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to intrusion attempts and active breaches. With Advanced hunting, you have a query-based threat-hunting tool that lets your proactively find breaches and create custom detections.
- [Alerts](microsoft-defender-atp/alerts-queue.md)
- [Historical endpoint data](microsoft-defender-atp/investigate-machines.md#timeline)
@@ -91,9 +91,8 @@ Endpoint detection and response capabilities are put in place to detect, investi
- [Forensic collection](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
- [Threat intelligence](microsoft-defender-atp/threat-indicator-concepts.md)
- [Advanced detonation and analysis service](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-- [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
- - [Custom detection](microsoft-defender-atp/overview-custom-detections.md)
- - [Realtime and historical hunting](microsoft-defender-atp/advanced-hunting.md)
+- [Advanced hunting](microsoft-defender-atp/advanced-hunting-overview.md)
+ - [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
index 2904a8e60e..84eb799e45 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
@@ -1,21 +1,21 @@
---
-title: AlertEvents table in the advanced hunting schema
-description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent
+title: AlertEvents table in the Advanced hunting schema
+description: Learn about alert generation events in the AlertEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# AlertEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The AlertEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
+The AlertEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -47,6 +47,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| Table | string | Table that contains the details of the event |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index 5acedaa5f1..10961a9499 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -1,7 +1,7 @@
---
-title: Advanced hunting best practices in Microsoft Defender ATP
-description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
-keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, kusto
+title: Query best practices for Advanced hunting
+description: Learn how to construct fast, efficient, and error-free threat hunting queries when using Advanced hunting
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
---
# Advanced hunting query best practices
@@ -88,6 +88,6 @@ ProcessCreationEvents
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md
index 04b9c39707..957282b72c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md
@@ -1,21 +1,21 @@
---
title: FileCreationEvents table in the Advanced hunting schema
-description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents
+description: Learn about file-related events in the FileCreationEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, filecreationevents, files, path, hash, sha1, sha256, md5
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# FileCreationEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The FileCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
+The FileCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -73,6 +73,6 @@ For information on other tables in the Advanced hunting schema, see [the Advanc
| IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md
index 6f682f0578..68ceff1055 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md
@@ -1,21 +1,21 @@
---
title: ImageLoadEvents table in the Advanced hunting schema
-description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents
+description: Learn about DLL loading events in the ImageLoadEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, imageloadevents, DLL loading, library, file image
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# ImageLoadEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The ImageLoadEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
+The ImageLoadEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -59,6 +59,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md
index 0ef85d6027..eb6044fda7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md
@@ -1,21 +1,21 @@
---
title: LogonEvents table in the Advanced hunting schema
-description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents
+description: Learn about authentication or sign-in events in the LogonEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, logonevents, authentication, logon, sign in
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# LogonEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The LogonEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
+The LogonEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -67,6 +67,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| IsLocalAdmin | boolean | Boolean indicator of whether the user is a local administrator on the machine |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md
index 5dd8272cc3..a986602549 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md
@@ -1,21 +1,21 @@
---
title: MachineInfo table in the Advanced hunting schema
-description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo
+description: Learn about OS, computer name, and other machine information in the MachineInfo table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machineinfo, device, machine, OS, platform, users
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# MachineInfo
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The MachineInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
+The MachineInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -48,6 +48,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md
index 6ed1b6e9b3..a09d2619f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md
@@ -1,21 +1,21 @@
---
title: MachineNetworkInfo table in the Advanced hunting schema
-description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo
+description: Learn about network configuration information in the MachineNetworkInfo table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machinenetworkinfo, device, machine, mac, ip, adapter, dns, dhcp, gateway, tunnel
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# MachineNetworkInfo
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The MachineNetworkInfo table in the [Advanced hunting](overview-hunting.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
+The MachineNetworkInfo table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -49,6 +49,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md
index 6a3f93d80f..2e6c3ad70f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md
@@ -1,21 +1,21 @@
---
title: MiscEvents table in the advanced hunting schema
-description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents
+description: Learn about antivirus, firewall, and other event types in the miscellaneous events (MiscEvents) table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# MiscEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
+The miscellaneous events or MiscEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -80,6 +80,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md
index b1f12de327..5485d2b86e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md
@@ -1,21 +1,21 @@
---
title: NetworkCommunicationEvents table in the Advanced hunting schema
-description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents
+description: Learn about network connection events you can query from the NetworkCommunicationEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, networkcommunicationevents, network connection, remote ip, local ip
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# NetworkCommunicationEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The NetworkCommunicationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
+The NetworkCommunicationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -63,6 +63,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
similarity index 76%
rename from windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index ab47dc3981..33df9bb93f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -1,7 +1,7 @@
---
title: Overview of Advanced hunting
-description: Hunt for possible threats across your organization using a powerful search and query tool
-keywords: advanced hunting, hunting, search, query, tool, telemetry, custom detection, schema, kusto
+description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,6 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
+ms.date: 10/08/2019
---
# Proactively hunt for threats with Advanced hunting
@@ -23,9 +24,9 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
-Advanced hunting provides access to 30 days of raw data through a flexible query-based interface, allowing you to proactively explore events in your environment and locate interesting indicators and entities. This flexible access to data enables unconstrained hunting for both known and potential threats.
+Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats.
-With custom detection rules, you can also use Advanced hunting queries to proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines.
+You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured machines.
## Get started with Advanced hunting
@@ -33,8 +34,8 @@ We recommend going through several steps to quickly get up and running with Adva
| Learning goal | Description | Resource |
|--|--|--|
-| **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting.md) |
-| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-reference.md) |
+| **Get a feel for the language** | Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/), supporting the same syntax and operators. Start learning the query language by running your first query. | [Query language overview](advanced-hunting-query-language.md) |
+| **Understand the schema** | Get a good, high-level understanding of the tables in the schema and their columns. This will help you determine where to look for data and how to construct your queries. | [Schema reference](advanced-hunting-schema-reference.md) |
| **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) |
| **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | [Custom detections overview](overview-custom-detections.md) |
@@ -65,8 +66,8 @@ Refine your query by selecting the "+" or "-" buttons next to the values that yo
Once you apply the filter to modify the query and then run the query, the results are updated accordingly.
## Related topics
-- [Learn the query language](advanced-hunting.md)
+- [Learn the query language](advanced-hunting-query-language.md)
- [Use shared queries](advanced-hunting-shared-queries.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
- [Apply query best practices](advanced-hunting-best-practices.md)
- [Custom detections overview](overview-custom-detections.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md
index 84aeeafcd5..43746ac557 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md
@@ -1,21 +1,21 @@
---
title: ProcessCreationEvents table in the Advanced hunting schema
-description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents
+description: Learn about the process spawning or creation events in the ProcessCreationEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, processcreationevents, process id, command line
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# ProcessCreationEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The ProcessCreationEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
+The ProcessCreationEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -71,6 +71,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
similarity index 91%
rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index 6ef8ce1994..89e50cf072 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -1,7 +1,7 @@
---
title: Learn the Advanced hunting query language
-description: Get an overview of the common operators and other aspects of the Advanced hunting query language you can use to formulate queries
-keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto
+description: Create your first threat hunting query and learn about common operators and other aspects of the Advanced hunting query language
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
---
# Learn the Advanced hunting query language
@@ -25,7 +25,7 @@ ms.date: 09/25/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
-Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query.
+Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for Advanced hunting. To understand these concepts better, run your first query.
## Try your first query
@@ -138,6 +138,6 @@ For more information on Kusto query language and supported operators, see [Quer
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
- [Apply query best practices](advanced-hunting-best-practices.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md
index b5150e366e..05c6b7386b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md
@@ -1,21 +1,21 @@
---
title: RegistryEvents table in the Advanced hunting schema
-description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents
+description: Learn about registry events you can query from the RegistryEvents table of the Advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, registryevents, registry, key, subkey, value
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: v-maave
-author: martyav
+ms.author: lomayor
+author: lomayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
---
# RegistryEvents
@@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The RegistryEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
+The RegistryEvents table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
-For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
+For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-schema-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|
@@ -61,6 +61,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance
| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
-- [Understand the schema](advanced-hunting-reference.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
similarity index 77%
rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index 88124e8c37..8841cd7785 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -1,7 +1,7 @@
---
title: Advanced hunting schema reference
-description: Learn about the tables in the advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
+description: Learn about the tables in the Advanced hunting schema to understand the data you can run threat hunting queries on
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, data
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
---
# Understand the Advanced hunting schema
@@ -27,7 +27,7 @@ ms.date: 09/25/2019
## Schema tables
-The [Advanced hunting](overview-hunting.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.
+The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.
The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table.
@@ -47,5 +47,5 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index a7f66ba422..d32a485fd7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -1,7 +1,7 @@
---
-title: Use shared queries in advanced hunting
-description: Take advantage of shared advanced hunting queries. Share your queries to the public or to your organization.
-keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto, github repo
+title: Use shared queries in Advanced hunting
+description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization.
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
---
# Use shared queries in Advanced hunting
@@ -25,7 +25,7 @@ ms.date: 09/25/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
-[Advanced hunting](overview-hunting.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
+[Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
@@ -60,5 +60,5 @@ Microsoft security researchers regularly share Advanced hunting queries in a [de
>Microsoft security researchers also provide Advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the [threat analytics](threat-analytics.md) reports in Microsoft Defender Security Center.
## Related topics
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the query language](advanced-hunting.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the query language](advanced-hunting-query-language.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index bd14cbf032..2c44e8cfe9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -39,7 +39,7 @@ Method|Return Type |Description
Property | Type | Description
:---|:---|:---
id | String | Alert ID.
-incidentId | String | The [Incident](view-incidents-queue.md) ID of the Alert.
+incidentId | String | The [Incident](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) ID of the Alert.
assignedTo | String | Owner of the alert.
severity | Enum | Severity of the alert. Possible values are: 'UnSpecified', 'Informational', 'Low', 'Medium' and 'High'.
status | Enum | Specifies the current status of the alert. Possible values are: 'Unknown', 'New', 'InProgress' and 'Resolved'.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index c630ee1d51..b5bd5c3d18 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -1,7 +1,7 @@
---
title: Use attack surface reduction rules to prevent malware infection
description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect machines with malware
-keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
+keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@@ -12,7 +12,6 @@ ms.localizationpriority: medium
audience: ITPro
author: levinec
ms.author: ellevin
-ms.date: 05/07/2019
ms.reviewer:
manager: dansimp
---
@@ -28,7 +27,7 @@ manager: dansimp
Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, versions 1709 and 1803 or later, Windows Server, version 1803 (Semi-Annual Channel) or later, or Windows Server 2019.
-To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 Security Center. These advanced capabilities aren't available with an E3 license or with Windows 10 Enterprise without subscription, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment.
+To use the entire feature set of attack surface reduction rules, you need a Windows 10 Enterprise license. With a Windows E5 license you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 security center. These advanced capabilities aren't available with an E3 license, but you can use Event Viewer to review attack surface reduction rule events.
Attack surface reduction rules target behaviors that malware and malicious apps typically use to infect computers, including:
@@ -42,11 +41,11 @@ Triggered rules display a notification on the device. You can [customize the not
For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
-## Review attack surface reduction events in the Microsoft Security Center
+## Review attack surface reduction events in the Microsoft Defender Security Center
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to see how controlled folder access settings could affect your environment.
+You can query Microsoft Defender ATP data by using [Advanced hunting](advanced-hunting-query-language.md). If you're using [audit mode](audit-windows-defender.md), you can use Advanced hunting to understand how attack surface reduction rules could affect your environment.
Here is an example query:
@@ -208,7 +207,7 @@ This rule blocks the following file types from launching unless they either meet
* Executable files (such as .exe, .dll, or .scr)
> [!NOTE]
-> You must [enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.
+> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule.
> [!IMPORTANT]
> The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly.
@@ -228,7 +227,7 @@ GUID: 01443614-cd74-433a-b99e-2ecdc07bfc25
This rule provides an extra layer of protection against ransomware. It scans executable files entering the system to determine whether they're trustworthy. If the files closely resemble ransomware, this rule blocks them from running, unless they're in a trusted list or exclusion list.
> [!NOTE]
-> You must [enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule.
+> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule.
This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, SCCM CB 1802
@@ -329,4 +328,4 @@ GUID: e6db77e5-3df2-4cf1-b95a-636979351e5b
* [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
* [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
-* [Compatibility of Microsoft Defender with other antivirus/antimalware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility)
+* [Compatibility of Microsoft Defender with other antivirus/antimalware](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
index 3974d3dc84..484a763167 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -57,7 +57,7 @@ From the device compliance page, create a configuration profile specifically for
- Select **Create a device configuration profile to configure ATP sensor** to start with a predefined device configuration profile.
- Create the device configuration profile from scratch.
-For more information, [read about using Intune device configuration profiles to onboard machines to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
+For more information, [read about using Intune device configuration profiles to onboard machines to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 010274d097..e8692e242a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -23,7 +23,7 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Custom detection rules built from [Advanced hunting](overview-hunting.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
+Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
> [!NOTE]
> To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
@@ -114,5 +114,5 @@ You can also take the following actions on the rule from this page:
## Related topic
- [Custom detections overview](overview-custom-detections.md)
-- [Advanced hunting overview](overview-hunting.md)
-- [Learn the Advanced hunting query language](advanced-hunting.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Learn the Advanced hunting query language](advanced-hunting-query-language.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
index bc33d59c55..b657e78ae2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md
@@ -112,7 +112,7 @@ Use the test machines to run attack simulations by connecting to them.
If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
-You can also use [Advanced hunting](advanced-hunting.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
+You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
>[!NOTE]
>The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
index b78325e026..379a0c8d3e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md
@@ -78,7 +78,6 @@ You can click the circles on the incident graph to view the details of the malic
## Related topics
-- [View and organize the Incidents queue](view-incidents-queue.md)
-- [Manage incidents](manage-incidents.md)
-
-
+- [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
+- [Investigate incidents in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents)
+- [Manage Microsoft Defender ATP incidents](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-incidents)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
index 2e124ba8aa..0d82ce51ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md
@@ -29,4 +29,4 @@ Topic | Description
[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Microsoft Defender Security Center.
[Machines list](machines-view-overview.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts.
[Take response actions](response-actions.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
-[Query data using advanced hunting](advanced-hunting.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool.
+[Query data using advanced hunting](advanced-hunting-query-language.md)| Proactively hunt for possible threats across your organization using a powerful search and query tool.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
index 6f2cd9df63..56e0d4eeb2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md
@@ -60,6 +60,6 @@ Added comments instantly appear on the pane.
## Related topics
-- [Incidents queue](incidents-queue.md)
+- [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
- [View and organize the Incidents queue](view-incidents-queue.md)
- [Investigate incidents](investigate-incidents.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index 33bd480db3..de8a73f329 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Microsoft Defender Advanced Threat Protection
description: Microsoft Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
-keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection
+keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -78,7 +78,7 @@ This built-in capability uses a game-changing risk-based approach to the discove
**[Attack surface reduction](overview-attack-surface-reduction.md)**
-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs.
@@ -88,8 +88,7 @@ To further reinforce the security perimeter of your network, Microsoft Defender
**[Endpoint detection and response](overview-endpoint-detection-response.md)**
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
-You can also do advanced hunting to create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
+Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. [Advanced hunting](advanced-hunting-overview.md) provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
index 9dd1998f62..ffdde6dfa0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
+++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt
@@ -105,11 +105,11 @@
### [Advanced hunting]()
-#### [Advanced hunting overview](overview-hunting.md)
+#### [Advanced hunting overview](advanced-hunting-overview.md)
#### [Query data using Advanced hunting]()
-##### [Data querying basics](advanced-hunting.md)
-##### [Advanced hunting reference](advanced-hunting-reference.md)
+##### [Data querying basics](advanced-hunting-query-language.md)
+##### [Advanced hunting reference](advanced-hunting-schema-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections]()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
index 425427b295..13b9cef73c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
-Custom detections work with [Advanced hunting](overview-hunting.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
+Custom detections work with [Advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
Custom detections provide:
- Alerts for rule-based detections built from Advanced hunting queries
@@ -36,4 +36,4 @@ Custom detections provide:
## Related topic
- [Create and manage custom detection rules](custom-detection-rules.md)
-- [Advanced hunting overview](overview-hunting.md)
\ No newline at end of file
+- [Advanced hunting overview](advanced-hunting-overview.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index 8343dc2003..4c4cf5edcf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -37,7 +37,7 @@ The response capabilities give you the power to promptly remediate threats by ac
Topic | Description
:---|:---
[Security operations dashboard](security-operations-dashboard.md) | Explore a high level overview of detections, highlighting where response actions are needed.
-[Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts.
+[Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) | View and organize the incidents queue, and manage and investigate alerts.
[Alerts queue](alerts-queue.md) | View and organize the machine alerts queue, and manage and investigate alerts.
[Machines list](machines-view-overview.md) | Investigate machines with generated alerts and search for specific events over time.
[Take response actions](response-actions.md) | Learn about the available response actions and apply them to machines and files.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview.md b/windows/security/threat-protection/microsoft-defender-atp/overview.md
index e649152e6b..7d78d67bc7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview.md
@@ -2,7 +2,7 @@
title: Overview of Microsoft Defender ATP
ms.reviewer:
description: Understand the concepts behind the capabilities in Microsoft Defender ATP so you take full advantage of the complete threat protection platform
-keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
+keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air, cyber threat hunting, advanced hunting
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -34,13 +34,13 @@ Understand the concepts behind the capabilities in Microsoft Defender ATP so you
Topic | Description
:---|:---
[Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) | Reduce organizational vulnerability exposure and increase threat resilience while seamlessly connecting workflows across security stakeholders—security administrators, security operations, and IT administrators in remediating threats.
-[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization.
+[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage exploit protection, attack surface reduction rules, and other capabilities to protect the perimeter of your organization. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs.
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Microsoft Defender ATP so you can protect desktops, portable computers, and servers.
[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Microsoft Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
[Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
-[Advanced hunting](overview-hunting.md) | Use a powerful search and query language to create custom queries and detection rules.
+[Advanced hunting](advanced-hunting-overview.md) | Use a powerful query-based threat-hunting tool to proactively find breach activity and create custom detection rules.
[Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
[Portal overview](portal-overview.md) |Learn to navigate your way around Microsoft Defender Security Center.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
index f689022abe..7f28e73b98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md
@@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each event hub message in Azure Event Hubs contains list of records.
- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md).
+- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
## Data types mapping:
@@ -83,7 +83,7 @@ To get the data types for event properties do the following:
## Related topics
-- [Overview of Advanced Hunting](overview-hunting.md)
+- [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Microsoft Defender ATP streaming API](raw-data-export.md)
- [Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)
- [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
index a30dc4ead2..3d9ca8313a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md
@@ -62,7 +62,7 @@ Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://w
- Each blob contains multiple rows.
- Each row contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "properties".
-- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](overview-hunting.md).
+- For more information about the schema of Microsoft Defender ATP events, see [Advanced Hunting overview](advanced-hunting-overview.md).
## Data types mapping:
@@ -83,7 +83,7 @@ In order to get the data types for our events properties do the following:
## Related topics
-- [Overview of Advanced Hunting](overview-hunting.md)
+- [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Microsoft Defender Advanced Threat Protection Streaming API](raw-data-export.md)
- [Stream Microsoft Defender Advanced Threat Protection events to your Azure storage account](raw-data-export-storage.md)
- [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
index 75e88ccf52..7155ac0422 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
@@ -27,17 +27,17 @@ ms.topic: article
## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
-Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
+Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](advanced-hunting-overview.md) to an [Event Hubs](https://docs.microsoft.com/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/azure/event-hubs/).
## In this section
Topic | Description
:---|:---
-[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to Event Hubs.
-[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](overview-hunting.md) to your Azure storage account.
+[Stream Microsoft Defender ATP events to Azure Event Hubs](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to Event Hubs.
+[Stream Microsoft Defender ATP events to your Azure storage account](raw-data-export-storage.md)| Learn about enabling the streaming API in your tenant and configure Microsoft Defender ATP to stream [Advanced Hunting](advanced-hunting-overview.md) to your Azure storage account.
## Related topics
-- [Overview of Advanced Hunting](overview-hunting.md)
+- [Overview of Advanced Hunting](advanced-hunting-overview.md)
- [Azure Event Hubs documentation](https://docs.microsoft.com/azure/event-hubs/)
- [Azure Storage Account documentation](https://docs.microsoft.com/azure/storage/common/storage-account-overview)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
index 457a33f85a..079a79034a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@@ -145,5 +145,5 @@ If the 'roles' section in the token does not include the necessary permission:
## Related topic
- [Microsoft Defender ATP APIs](apis-intro.md)
-- [Advanced Hunting from Portal](advanced-hunting.md)
+- [Advanced Hunting from Portal](advanced-hunting-query-language.md)
- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
index c3753c466c..4bda743be9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md
@@ -64,7 +64,7 @@ You can choose to limit the list of incidents shown based on their status to see
Use this filter to show incidents that contain sensitivity labels.
## Related topics
-- [Incidents queue](incidents-queue.md)
+- [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue)
- [Manage incidents](manage-incidents.md)
- [Investigate incidents](investigate-incidents.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 26179100a3..6832c65573 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -21,38 +21,41 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-You can perform various Windows Defender Antivirus functions with the dedicated command-line tool mpcmdrun.exe.
+You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*.
This utility can be useful when you want to automate Windows Defender Antivirus use.
You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt.
> [!NOTE]
-> You may need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+> You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
The utility has the following commands:
```DOS
MpCmdRun.exe [command] [-options]
```
+Here's an example:
+```
+MpCmdRun.exe -scan -2
+```
-
-| Command | Description |
-|:--------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------|
-| \-? **or** -h | Displays all available options for this tool |
-| \-Scan [-ScanType [0\|1\|2\|3]] [-File \ [-DisableRemediation] [-BootSectorScan]] [-Timeout \] [-Cancel] | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **1** Quick scan, **2** Full scan, **3** File and directory custom scan. |
-| \-Trace [-Grouping #] [-Level #] | Starts diagnostic tracing |
-| \-GetFiles | Collects support information |
-| \-GetFilesDiagTrack | Same as Getfiles but outputs to temporary DiagTrack folder |
-| \-RemoveDefinitions [-All] | Restores the installed Security intelligence to a previous backup copy or to the original default set |
-| \-RemoveDefinitions [-DynamicSignatures] | Removes only the dynamically downloaded Security intelligence |
-| \-RemoveDefinitions [-Engine] | Restores the previous installed engine |
-| \-SignatureUpdate [-UNC \| -MMPC] | Checks for new Security intelligence updates |
-| \-Restore [-ListAll \| [[-Name \] [-All] \| [-FilePath \]] [-Path \]] | Restores or lists quarantined item(s) |
-| \-AddDynamicSignature [-Path] | Loads dynamic Security intelligence |
-| \-ListAllDynamicSignatures | Lists the loaded dynamic Security intelligence |
-| \-RemoveDynamicSignature [-SignatureSetID] | Removes dynamic Security intelligence |
-| \-CheckExclusion -path \ | Checks whether a path is excluded |
+| Command | Description |
+|:----|:----|
+| \-? **or** -h | Displays all available options for this tool |
+| \-Scan [-ScanType [0\|1\|2\|3]] [-File \ [-DisableRemediation] [-BootSectorScan]] [-Timeout \] [-Cancel] | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
+| \-Trace [-Grouping #] [-Level #] | Starts diagnostic tracing |
+| \-GetFiles | Collects support information |
+| \-GetFilesDiagTrack | Same as Getfiles but outputs to temporary DiagTrack folder |
+| \-RemoveDefinitions [-All] | Restores the installed Security intelligence to a previous backup copy or to the original default set |
+| \-RemoveDefinitions [-DynamicSignatures] | Removes only the dynamically downloaded Security intelligence |
+| \-RemoveDefinitions [-Engine] | Restores the previous installed engine |
+| \-SignatureUpdate [-UNC \| -MMPC] | Checks for new Security intelligence updates |
+| \-Restore [-ListAll \| [[-Name \] [-All] \| [-FilePath \]] [-Path \]] | Restores or lists quarantined item(s) |
+| \-AddDynamicSignature [-Path] | Loads dynamic Security intelligence |
+| \-ListAllDynamicSignatures | Lists the loaded dynamic Security intelligence |
+| \-RemoveDynamicSignature [-SignatureSetID] | Removes dynamic Security intelligence |
+| \-CheckExclusion -path \ | Checks whether a path is excluded |
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md
index 45d099e7d3..7312d11a2d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md
@@ -20,6 +20,10 @@ ms.topic: conceptual
# What's new in Microsoft Defender Advanced Threat Protection for Mac
+## 100.70.99
+
+- Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender ATP locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.
+
## 100.68.99
- Added the ability to configure the antivirus functionality to run in [passive mode](microsoft-defender-atp-mac-preferences.md#enable--disable-passive-mode)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index bf87000f78..610fcc1a0c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -1,6 +1,7 @@
---
-title: Use a reference device to create and maintain AppLocker policies (Windows 10)
+title: "Use a reference device to create and maintain AppLocker policies (Windows 10)"
description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
+ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
ms.author: macapara
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index b8e2098917..387ba074e2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -18,6 +18,7 @@ ms.author: dansimp
**Applies to**
- Windows 10
- Windows Server 2016
+- Windows Server 2019
Members of the security community\* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
@@ -69,8 +70,8 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
->[!Note]
->This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
+> [!Note]
+> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
Certain software applications may allow additional code to run by design.
These types of applications should be blocked by your Windows Defender Application Control policy.
@@ -1513,3 +1514,10 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
```
+
+> [!Note]
+> To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy.
+
+## More information
+
+- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index cde7dc4fc5..15c54f8ada 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -34,7 +34,7 @@ Select Windows Defender Firewall.
## Firewall rule components
-The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp).
+The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](https://docs.microsoft.com/windows/client-management/mdm/firewall-csp).
## Application
Control connections for an app or program.
diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index e59d8d582b..30b70df2a4 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -20,8 +20,8 @@ ms.reviewer:
**Applies to**
- Windows 10
-- Windows Server 2016
-- Office 2016
+- Windows Server
+- Office 365 ProPlus
## Using security baselines in your organization
Windows deployment for education environments