fix merge conflict

# Conflicts:
#	windows/application-management/per-user-services-in-windows.md

windows/application-management/per-user-services-in-windows.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: mobile
 ms.author: elizapo
 author: lizap
-ms.date: 08/14/2017
+ms.date: 09/13/2017
 ---
 
 # Per-user services in Windows 10 and Windows Server 
@@ -35,7 +35,7 @@ For more information about disabling system services for Windows Server, see [Gu
 
 ## Per-user services
 
-Windows 10 and Windows Server 2016 (with the Desktop Experience) have the following per-user services. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
+Windows 10 and Windows Server (with the Desktop Experience) have the following per-user services. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
 
 Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly.
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -992,6 +992,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> 
 <ul>
+<li>Authentication/AllowAadPasswordReset</li>
 <li>Browser/LockdownFavorites</li>
 <li>Browser/ProvisionFavorites</li>
 <li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
@@ -1355,6 +1356,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
 <ul>
+<li>Authentication/AllowAadPasswordReset</li>
 <li>Search/AllowCloudSearch</li>
 <li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
 </ul>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -307,6 +307,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Authentication policies
 
 <dl>
+<dd>
+    <a href="./policy-csp-authentication.md#authentication-allowaadpasswordreset" id="authentication-allowaadpasswordreset">Authentication/AllowAadPasswordReset</a>
+  </dd>
   <dd>
     <a href="./policy-csp-authentication.md#authentication-alloweapcertsso" id="authentication-alloweapcertsso">Authentication/AllowEAPCertSSO</a>
   </dd>

windows/client-management/mdm/policy-csp-authentication.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/06/2017
 ---
 
 # Policy CSP - Authentication
@@ -19,6 +19,42 @@ ms.date: 08/30/2017
 
 ## Authentication policies  
 
+<!--StartPolicy-->
+<a href="" id="authentication-allowaadpasswordreset"></a>**Authentication/AllowAadPasswordReset**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. 
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
 <!--StartPolicy-->
 <a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**  
 
@@ -46,10 +82,6 @@ ms.date: 08/30/2017
 
 <!--EndSKU-->
 <!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
 <p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
 
 > [!IMPORTANT]

windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md

@@ -29,6 +29,11 @@ You can use mobile device management (MDM) solutions to configure endpoints. Win
 
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
+## Before you begin
+If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. 
+
+For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune).
+
 ## Configure endpoints using Microsoft Intune
 
 For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).

windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md

@@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and
 You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
 - View, sort, and triage alerts from your endpoints
 - Search for more information on observed indicators such as files and IP Addresses
-- Change Windows Defender ATP settings, including time zone and alert suppression rules
+- Change Windows Defender ATP settings, including time zone and licensing information.
 
 ## Windows Defender ATP portal
 When you open the portal, you’ll see the main areas of the application:
@@ -48,10 +48,10 @@ You can navigate through the portal using the menu options available in all sect
 
 Area | Description
 :---|:---
-(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.  </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
+(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text.  </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones and view license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
 (2) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Endpoint management**.
 **Dashboards**	| Enables you to view the Security operations or the Security analytics dashboard.
-**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
+**Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules.
 **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
 **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
 **Preferences setup** |	Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.

windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -34,6 +34,9 @@ You'll have access to upcoming features which you can provide feedback on to hel
 Turn on the preview experience setting to be among the first to try upcoming features.
 
 1. In the navigation pane, select **Preferences setup** > **Preview experience**.
+
+    ![Image of Preferences setup and preview experience](images/atp-preview-features.png)
+
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 
 ## Preview features

windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -93,11 +93,15 @@ You can roll back and remove a file from quarantine if you’ve determined that
 > Windows Defender ATP will remove all files that were quarantined on this machine in the last 30 days.
 
 ## Block files in your network
-You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
+You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
 
 >[!NOTE]
 >This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled.  For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. The coverage will be extended over time. The action takes effect on machines with the latest Windows 10 Insider Preview build.
+This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later.
+
+>[!IMPORTANT]
+> The PE file needs to be in the machine timeline for you to be able to take this action.  
+
 
 ### Enable the block file feature
 1.	In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
@@ -109,9 +113,7 @@ This feature is designed to prevent suspected malware (or potentially malicious
 
 3. Type a comment and select **Yes, block file** to take action on the file.
 
-
     The Action center shows the submission information:
-
     ![Image of block file](images/atp-blockfile.png)
 
   - **Submission time** - Shows when the action was submitted. <br>