From f317862090e06d629939494bd07349627e737a30 Mon Sep 17 00:00:00 2001
From: katoma2017 <48699113+katoma2017@users.noreply.github.com>
Date: Fri, 31 Jan 2020 14:42:46 -0800
Subject: [PATCH 01/18] Corrected number of days progress stalled

@cinglis-msft
---
 windows/deployment/update/update-compliance-need-attention.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index a4b940a236..66d0ac18ab 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -35,7 +35,7 @@ The different issues are broken down by Device Issues and Update Issues:
 * **Cancelled**: This issue occurs when a user cancels the update process.
 * **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
 * **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. Note that this might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
-* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 10 days.
+* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 7 days.
 
 Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
 

From 3f8d6890d1dd395f830e8207c90f8eae35d4ce89 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sun, 10 May 2020 02:21:51 +0200
Subject: [PATCH 02/18] Windows Endpoints 1903: escape MarkDown asterisks

Description:

As reported in issue ticket #6668
(Markdown oddities under Windows 10 Family section), several endpoint
URLs show up in italics/cursive text instead of showing the asterisk as
intended (and visible in other endpoint URLs). This is a result from
inconsistent use of the MarkDown escape character, backslash, to block
the next special character from being read as a formatting character.

Thanks to Tafkae (Lisa H.) for reporting this issue.

Changes proposed:
- Add backslash before all and any asterisk not used in formatting
- Remove all EOL (end-of-line) whitespace (blanks)
- Remove excessive blanks in the numbered list
- Add 1 blank line between the metadata section and the page title
- Add 1 blank space between each table pipe character and its cell text
- Add hyphens to align the width of the second row with the title row

Ticket closure or reference:

Closes #6668
---
 ...-endpoints-1903-non-enterprise-editions.md | 455 +++++++++---------
 1 file changed, 228 insertions(+), 227 deletions(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index b9920c7acc..36ad32df9f 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -14,6 +14,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 5/9/2019
 ---
+
 # Windows 10, version 1903, connection endpoints for non-Enterprise editions
 
  **Applies to**
@@ -26,14 +27,14 @@ In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1
 
 The following methodology was used to derive the network endpoints:
 
-1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
 2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
-3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.  
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
-5.  The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
-7.  These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
-8.  These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
 
 
 > [!NOTE]
@@ -41,234 +42,234 @@ The following methodology was used to derive the network endpoints:
 
 ## Windows 10 Family
 
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|\*.aria.microsoft.com*|HTTPS|Microsoft Office Telemetry
-|\*.b.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
-|\*.c-msedge.net|HTTP|Microsoft Office 
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
-|\*.download.windowsupdate.com*|HTTP|Used to download operating system patches and updates
-|\*.g.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
-|\*.login.msa.*.net|HTTPS|Microsoft Account related
-|\*.msn.com*|TLSv1.2/HTTPS|Windows Spotlight 
-|\*.skype.com|HTTP/HTTPS|Skype 
-|\*.smartscreen.microsoft.com*|HTTPS|Windows Defender Smartscreen 
-|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
-|*cdn.onenote.net*|HTTP|OneNote 
-|*displaycatalog.*mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store 
-|*emdl.ws.microsoft.com*|HTTP|Windows Update 
-|*geo-prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update 
-|*hwcdn.net*|HTTP|Highwinds Content Delivery Network / Windows updates 
-|*img-prod-cms-rt-microsoft-com*|HTTPS|Microsoft Store or Inbox MSN Apps image download 
-|*licensing.*mp.microsoft.com*|HTTPS|Licensing 
-|*maps.windows.com*|HTTPS|Related to Maps application 
-|*msedge.net*|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
-|*nexusrules.officeapps.live.com*|HTTPS|Microsoft Office Telemetry
-|*photos.microsoft.com*|HTTPS|Photos App 
-|*prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for Windows Update downloads of apps and OS updates 
-|*purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store 
-|*settings.data.microsoft.com.akadns.net|HTTPS|Used for Windows apps to dynamically update their configuration
-|*wac.phicdn.net*|HTTP|Windows Update 
-|*windowsupdate.com*|HTTP|Windows Update 
-|*wns.*windows.com*|TLSv1.2/HTTPS|Used for the Windows Push Notification Services (WNS)
-|*wpc.v0cdn.net*|HTTP|Windows Telemetry 
-|arc.msn.com|HTTPS|Spotlight  
-|auth.gfx.ms*|HTTPS|MSA related
-|cdn.onenote.net|HTTPS|OneNote Live Tile
-|dmd.metaservices.microsoft.com*|HTTP|Device Authentication 
-|e-0009.e-msedge.net|HTTPS|Microsoft Office 
-|e10198.b.akamaiedge.net|HTTPS|Maps application 
-|evoke-windowsservices-tas.msedge*|HTTPS|Photos app 
-|fe2.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|fe3.*.mp.microsoft.com.*|TLSv1.2/HTTPS|Windows Update, Microsoft Update, and Microsoft Store services 
-|g.live.com*|HTTPS|OneDrive 
-|go.microsoft.com|HTTP|Windows Defender
-|iriscoremetadataprod.blob.core.windows.net|HTTPS|Windows Telemetry
-|login.live.com|HTTPS|Device Authentication  
-|msagfx.live.com|HTTP|OneDrive 
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|officeclient.microsoft.com|HTTPS|Microsoft Office 
-|oneclient.sfx.ms*|HTTPS|Used by OneDrive for Business to download and verify app updates
-|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office
-|ow1.res.office365.com|HTTP|Microsoft Office
-|pti.store.microsoft.com|HTTPS|Microsoft Store
-|purchase.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
-|query.prod.cms.rt.microsoft.com*|HTTPS|Used to retrieve Windows Spotlight metadata
-|ris.api.iris.microsoft.com*|TLSv1.2/HTTPS|Used to retrieve Windows Spotlight metadata
-|ris-prod-atm.trafficmanager.net|HTTPS|Azure traffic manager
-|s-0001.s-msedge.net|HTTPS|Microsoft Office
-|self.events.data.microsoft.com|HTTPS|Microsoft Office
-|settings.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
-|settings-win.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
-|share.microsoft.com|HTTPS|Microsoft Store
-|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Store
-|sls.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update
-|slscr.update.microsoft.com*|HTTPS|Enables connections to Windows Update
-|store*.dsx.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
-|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store
-|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
-|store-images.*microsoft.com*|HTTP|Used to get images that are used for Microsoft Store suggestions
-|storesdk.dsx.mp.microsoft.com|HTTP|Microsoft Store
-|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
-|time.windows.com|HTTP|Microsoft Windows Time related
-|tsfe.trafficshaping.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for content regulation
-|v10.events.data.microsoft.com|HTTPS|Diagnostic Data
-|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
-|wdcp.microsoft.*|TLSv1.2, HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
-|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com|HTTPS|Windows Defender 
-|wusofficehome.msocdn.com|HTTPS|Microsoft Office
-|www.bing.com*|HTTP|Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
+| Destination | Protocol | Description |
+| ----------- | -------- | ----------- |
+| \*.aria.microsoft.com\* | HTTPS | Microsoft Office Telemetry
+| \*.b.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
+| \*.c-msedge.net | HTTP | Microsoft Office
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
+| \*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates
+| \*.g.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
+| \*.login.msa.\*.net | HTTPS | Microsoft Account related
+| \*.msn.com\* | TLSv1.2/HTTPS | Windows Spotlight
+| \*.skype.com | HTTP/HTTPS | Skype
+| \*.smartscreen.microsoft.com\* | HTTPS | Windows Defender Smartscreen
+| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
+| \*cdn.onenote.net\* | HTTP | OneNote
+| \*displaycatalog.\*mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
+| \*emdl.ws.microsoft.com\* | HTTP | Windows Update
+| \*geo-prod.do.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
+| \*hwcdn.net\* | HTTP | Highwinds Content Delivery Network / Windows updates
+| \*img-prod-cms-rt-microsoft-com\* | HTTPS | Microsoft Store or Inbox MSN Apps image download
+| \*licensing.\*mp.microsoft.com\* | HTTPS | Licensing
+| \*maps.windows.com\* | HTTPS | Related to Maps application
+| \*msedge.net\* | HTTPS | Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps
+| \*nexusrules.officeapps.live.com\* | HTTPS | Microsoft Office Telemetry
+| \*photos.microsoft.com\* | HTTPS | Photos App
+| \*prod.do.dsp.mp.microsoft.com* | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates
+| \*purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
+| \*settings.data.microsoft.com.akadns.net | HTTPS | Used for Windows apps to dynamically update their configuration
+| \*wac.phicdn.net\* | HTTP | Windows Update
+| \*windowsupdate.com\* | HTTP | Windows Update
+| \*wns.\*windows.com\* | TLSv1.2/HTTPS | Used for the Windows Push Notification Services (WNS)
+| \*wpc.v0cdn.net\* | HTTP | Windows Telemetry
+| arc.msn.com | HTTPS | Spotlight
+| auth.gfx.ms\* | HTTPS | MSA related
+| cdn.onenote.net | HTTPS | OneNote Live Tile
+| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
+| e-0009.e-msedge.net | HTTPS | Microsoft Office
+| e10198.b.akamaiedge.net | HTTPS | Maps application
+| evoke-windowsservices-tas.msedge\* | HTTPS | Photos app
+| fe2.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
+| fe3.\*.mp.microsoft.com.\* | TLSv1.2/HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
+| g.live.com\* | HTTPS | OneDrive
+| go.microsoft.com | HTTP | Windows Defender
+| iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
+| login.live.com | HTTPS | Device Authentication
+| msagfx.live.com | HTTP | OneDrive
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| officeclient.microsoft.com | HTTPS | Microsoft Office
+| oneclient.sfx.ms\* | HTTPS | Used by OneDrive for Business to download and verify app updates
+| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
+| ow1.res.office365.com | HTTP | Microsoft Office
+| pti.store.microsoft.com | HTTPS | Microsoft Store
+| purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
+| query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata
+| ris.api.iris.microsoft.com\* | TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata
+| ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
+| s-0001.s-msedge.net | HTTPS | Microsoft Office
+| self.events.data.microsoft.com | HTTPS | Microsoft Office
+| settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
+| settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
+| share.microsoft.com | HTTPS | Microsoft Store
+| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Store
+| sls.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
+| slscr.update.microsoft.com\* | HTTPS | Enables connections to Windows Update
+| store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
+| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
+| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
+| store-images.\*microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions
+| storesdk.dsx.mp.microsoft.com | HTTP | Microsoft Store
+| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
+| time.windows.com | HTTP | Microsoft Windows Time related
+| tsfe.trafficshaping.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Used for content regulation
+| v10.events.data.microsoft.com | HTTPS | Diagnostic Data
+| watson.telemetry.microsoft.com | HTTPS | Diagnostic Data
+| wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
+| wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
+| wusofficehome.msocdn.com | HTTPS | Microsoft Office
+| www.bing.com\* | HTTP | Used for updates for Cortana, apps, and Live Tiles
+| www.msftconnecttest.com | HTTP | Network Connection (NCSI)
+| www.office.com | HTTPS | Microsoft Office
 
 
 ## Windows 10 Pro
 
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|\*.cloudapp.azure.com|HTTPS|Azure 
-|\*.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, and Microsoft Store services 
-|\*.displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store 
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
-|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
-|\*.g.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
-|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
-|\*.windowsupdate.com*|HTTP|Enables connections to Windows Update
-|\*.wns.notify.windows.com.akadns.net|HTTPS|Used for the Windows Push Notification Services (WNS)
-|\*dsp.mp.microsoft.com.nsatc.net|HTTPS|Enables connections to Windows Update
-|\*c-msedge.net|HTTP|Office
-|a1158.g.akamai.net|HTTP|Maps application 
-|arc.msn.com*|HTTP / HTTPS|Used to retrieve Windows Spotlight metadata
-|blob.mwh01prdstr06a.store.core.windows.net|HTTPS|Microsoft Store 
-|browser.pipe.aria.microsoft.com|HTTPS|Microsoft Office 
-|bubblewitch3mobile.king.com|HTTPS|Bubble Witch application 
-|candycrush.king.com|HTTPS|Candy Crush application 
-|cdn.onenote.net|HTTP|Microsoft OneNote 
-|cds.p9u4n2q3.hwcdn.net|HTTP|Highwinds Content Delivery Network traffic for Windows updates
-|client.wns.windows.com|HTTPS|Winddows Notification System 
-|co4.telecommand.telemetry.microsoft.com.akadns.net|HTTPS|Windows Error Reporting 
-|config.edge.skype.com|HTTPS|Microsoft Skype 
-|cs11.wpc.v0cdn.net|HTTP|Windows Telemetry 
-|cs9.wac.phicdn.net|HTTP|Windows Update 
-|cy2.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
-|cy2.purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
-|cy2.settings.data.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
-|dmd.metaservices.microsoft.com.akadns.net|HTTP|Device Authentication 
-|e-0009.e-msedge.net|HTTPS|Microsoft Office 
-|e10198.b.akamaiedge.net|HTTPS|Maps application 
-|fe3.update.microsoft.com|HTTPS|Windows Update 
-|g.live.com|HTTPS|Microsoft OneDrive 
-|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
-|geo-prod.do.dsp.mp.microsoft.com|HTTPS|Windows Update 
-|go.microsoft.com|HTTP|Windows Defender 
-|iecvlist.microsoft.com|HTTPS|Microsoft Edge 
-|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP / HTTPS|Microsoft Store 
-|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
-|licensing.mp.microsoft.com|HTTP|Licensing 
-|location-inference-westus.cloudapp.net|HTTPS|Used for location data
-|login.live.com|HTTP|Device Authentication 
-|maps.windows.com|HTTP|Maps application 
-|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
-|msagfx.live.com|HTTP|OneDrive 
-|nav.smartscreen.microsoft.com|HTTPS|Windows Defender 
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms|HTTP|OneDrive 
-|pti.store.microsoft.com|HTTPS|Microsoft Store 
-|ris.api.iris.microsoft.com.akadns.net|HTTPS|Used to retrieve Windows Spotlight metadata
-|ris-prod-atm.trafficmanager.net|HTTPS|Azure 
-|s2s.config.skype.com|HTTP|Microsoft Skype 
-|settings-win.data.microsoft.com|HTTPS|Application settings 
-|share.microsoft.com|HTTPS|Microsoft Store 
-|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Skype 
-|slscr.update.microsoft.com|HTTPS|Windows Update 
-|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store 
-|store-images.microsoft.com|HTTPS|Microsoft Store 
-|tile-service.weather.microsoft.com/*|HTTP|Used to download updates to the Weather app Live Tile
-|time.windows.com|HTTP|Windows time 
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation
-|v10.events.data.microsoft.com*|HTTPS|Microsoft Office 
-|vip5.afdorigin-prod-am02.afdogw.com|HTTPS|Used to serve office 365 experimentation traffic
-|watson.telemetry.microsoft.com|HTTPS|Telemetry 
-|wdcp.microsoft.com|HTTPS|Windows Defender 
-|wusofficehome.msocdn.com|HTTPS|Microsoft Office 
-|www.bing.com|HTTPS|Cortana and Search 
-|www.microsoft.com|HTTP|Diagnostic 
-|www.msftconnecttest.com|HTTP|Network connection 
-|www.office.com|HTTPS|Microsoft Office
+| Destination | Protocol | Description |
+| ----------- | -------- | ----------- |
+| \*.cloudapp.azure.com | HTTPS | Azure
+| \*.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
+| \*.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
+| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
+| \*.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
+| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
+| \*.windowsupdate.com\* | HTTP | Enables connections to Windows Update
+| \*.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS)
+| \*dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update
+| \*c-msedge.net | HTTP | Office
+| a1158.g.akamai.net | HTTP | Maps application
+| arc.msn.com\* | HTTP / HTTPS | Used to retrieve Windows Spotlight metadata
+| blob.mwh01prdstr06a.store.core.windows.net | HTTPS | Microsoft Store
+| browser.pipe.aria.microsoft.com | HTTPS | Microsoft Office
+| bubblewitch3mobile.king.com | HTTPS | Bubble Witch application
+| candycrush.king.com | HTTPS | Candy Crush application
+| cdn.onenote.net | HTTP | Microsoft OneNote
+| cds.p9u4n2q3.hwcdn.net | HTTP | Highwinds Content Delivery Network traffic for Windows updates
+| client.wns.windows.com | HTTPS | Winddows Notification System
+| co4.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Windows Error Reporting
+| config.edge.skype.com | HTTPS | Microsoft Skype
+| cs11.wpc.v0cdn.net | HTTP | Windows Telemetry
+| cs9.wac.phicdn.net | HTTP | Windows Update
+| cy2.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
+| cy2.purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
+| cy2.settings.data.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
+| dmd.metaservices.microsoft.com.akadns.net | HTTP | Device Authentication
+| e-0009.e-msedge.net | HTTPS | Microsoft Office
+| e10198.b.akamaiedge.net | HTTPS | Maps application
+| fe3.update.microsoft.com | HTTPS | Windows Update
+| g.live.com | HTTPS | Microsoft OneDrive
+| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
+| geo-prod.do.dsp.mp.microsoft.com | HTTPS | Windows Update
+| go.microsoft.com | HTTP | Windows Defender
+| iecvlist.microsoft.com | HTTPS | Microsoft Edge
+| img-prod-cms-rt-microsoft-com.akamaized.net | HTTP / HTTPS | Microsoft Store
+| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
+| licensing.mp.microsoft.com | HTTP | Licensing
+| location-inference-westus.cloudapp.net | HTTPS | Used for location data
+| login.live.com | HTTP | Device Authentication
+| maps.windows.com | HTTP | Maps application
+| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
+| msagfx.live.com | HTTP | OneDrive
+| nav.smartscreen.microsoft.com | HTTPS | Windows Defender
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| oneclient.sfx.ms | HTTP | OneDrive
+| pti.store.microsoft.com | HTTPS | Microsoft Store
+| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata
+| ris-prod-atm.trafficmanager.net | HTTPS | Azure
+| s2s.config.skype.com | HTTP | Microsoft Skype
+| settings-win.data.microsoft.com | HTTPS | Application settings
+| share.microsoft.com | HTTPS | Microsoft Store
+| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Skype
+| slscr.update.microsoft.com | HTTPS | Windows Update
+| storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
+| store-images.microsoft.com | HTTPS | Microsoft Store
+| tile-service.weather.microsoft.com/\* | HTTP | Used to download updates to the Weather app Live Tile
+| time.windows.com | HTTP | Windows time
+| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation
+| v10.events.data.microsoft.com\* | HTTPS | Microsoft Office
+| vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic
+| watson.telemetry.microsoft.com | HTTPS | Telemetry
+| wdcp.microsoft.com | HTTPS | Windows Defender
+| wusofficehome.msocdn.com | HTTPS | Microsoft Office
+| www.bing.com | HTTPS | Cortana and Search
+| www.microsoft.com | HTTP | Diagnostic
+| www.msftconnecttest.com | HTTP | Network connection
+| www.office.com | HTTPS | Microsoft Office
 
 
 
 ## Windows 10 Education
 
-| **Destination** | **Protocol** | **Description** |
-| --- | --- | --- |
-|\*.b.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
-|\*.c-msedge.net|HTTP|Used by OfficeHub to get the metadata of Office apps
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Windows Update
-|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
-|\*.g.akamaiedge.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
-|\*.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
-|\*.settings.data.microsoft.com.akadns.net|HTTPS|Microsoft Store
-|\*.skype.com*|HTTPS|Used to retrieve Skype configuration values 
-|\*.smartscreen*.microsoft.com|HTTPS|Windows Defender 
-|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
-|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
-|\*.wac.phicdn.net|HTTP|Windows Update 
-|\*.windowsupdate.com*|HTTP|Windows Update
-|\*.wns.windows.com|HTTPS|Windows Notifications Service 
-|\*.wpc.*.net|HTTP|Diagnostic Data
-|\*displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
-|\*dsp.mp.microsoft.com|HTTPS|Windows Update
-|a1158.g.akamai.net|HTTP|Maps 
-|a122.dscg3.akamai.net|HTTP|Maps 
-|a767.dscg3.akamai.net|HTTP|Maps 
-|au.download.windowsupdate.com*|HTTP|Windows Update
-|bing.com/*|HTTPS|Used for updates for Cortana, apps, and Live Tiles
-|blob.dz5prdstr01a.store.core.windows.net|HTTPS|Microsoft Store 
-|browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps
-|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
-|cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates
-|client-office365-tas.msedge.net/*|HTTPS|Microsoft 365 admin center and Office in a browser
-|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
-|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
-|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
-|download.windowsupdate.com*|HTTPS|Windows Update
-|emdl.ws.microsoft.com/*|HTTP|Used to download apps from the Microsoft Store
-|evoke-windowsservices-tas.msedge.net|HTTPS|Photo app 
-|fe2.update.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
-|fe3.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
-|fe3.delivery.mp.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
-|g.live.com*|HTTPS|Used by OneDrive for Business to download and verify app updates
-|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
-|go.microsoft.com|HTTP|Windows Defender 
-|iecvlist.microsoft.com|HTTPS|Microsoft Edge browser 
-|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
-|licensing.mp.microsoft.com*|HTTPS|Used for online activation and some app licensing
-|login.live.com|HTTPS|Device Authentication
-|maps.windows.com/windows-app-web-link|HTTPS|Maps application
-|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
-|msagfx.live.com|HTTPS|OneDrive 
-|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Microsoft 365 admin center's shared infrastructure
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates
-|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office 
-|pti.store.microsoft.com|HTTPS|Microsoft Store 
-|settings-win.data.microsoft.com/settings/*|HTTPS|Used as a way for apps to dynamically update their configuration 
-|share.microsoft.com|HTTPS|Microsoft Store 
-|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Skype 
-|sls.update.microsoft.com*|HTTPS|Windows Update
-|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
-|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
-|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Windows Update 
-|v10.events.data.microsoft.com*|HTTPS|Diagnostic Data
-|vip5.afdorigin-prod-ch02.afdogw.com|HTTPS|Used to serve Office 365 experimentation traffic
-|watson.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
-|wdcp.microsoft.com|HTTPS|Windows Defender 
-|wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com|HTTPS|Azure 
-|wusofficehome.msocdn.com|HTTPS|Microsoft Office 
-|www.bing.com|HTTPS|Cortana and Search 
-|www.microsoft.com|HTTP|Diagnostic Data
-|www.microsoft.com/pkiops/certs/*|HTTP|CRL and OCSP checks to the issuing certificate authorities
-|www.msftconnecttest.com|HTTP|Network Connection 
-|www.office.com|HTTPS|Microsoft Office
+| Destination | Protocol | Description |
+| ----------- | -------- | ----------- |
+| \*.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
+| \*.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Windows Update
+| \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
+| \*.g.akamaiedge.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
+| \*.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
+| \*.settings.data.microsoft.com.akadns.net | HTTPS | Microsoft Store
+| \*.skype.com\* | HTTPS | Used to retrieve Skype configuration values
+| \*.smartscreen\*.microsoft.com | HTTPS | Windows Defender
+| \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
+| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
+| \*.wac.phicdn.net | HTTP | Windows Update
+| \*.windowsupdate.com\* | HTTP | Windows Update
+| \*.wns.windows.com | HTTPS | Windows Notifications Service
+| \*.wpc.\*.net | HTTP | Diagnostic Data
+| \*displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
+| \*dsp.mp.microsoft.com | HTTPS | Windows Update
+| a1158.g.akamai.net | HTTP | Maps
+| a122.dscg3.akamai.net | HTTP | Maps
+| a767.dscg3.akamai.net | HTTP | Maps
+| au.download.windowsupdate.com\* | HTTP | Windows Update
+| bing.com/\* | HTTPS | Used for updates for Cortana, apps, and Live Tiles
+| blob.dz5prdstr01a.store.core.windows.net | HTTPS | Microsoft Store
+| browser.pipe.aria.microsoft.com | HTTP | Used by OfficeHub to get the metadata of Office apps
+| cdn.onenote.net/livetile/\* | HTTPS | Used for OneNote Live Tile
+| cds.p9u4n2q3.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates
+| client-office365-tas.msedge.net/\* | HTTPS | Microsoft 365 admin center and Office in a browser
+| ctldl.windowsupdate.com\* | HTTP | Used to download certificates that are publicly known to be fraudulent
+| displaycatalog.mp.microsoft.com/\* | HTTPS | Microsoft Store
+| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
+| download.windowsupdate.com\* | HTTPS | Windows Update
+| emdl.ws.microsoft.com/\* | HTTP | Used to download apps from the Microsoft Store
+| evoke-windowsservices-tas.msedge.net | HTTPS | Photo app
+| fe2.update.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
+| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
+| fe3.delivery.mp.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
+| g.live.com\* | HTTPS | Used by OneDrive for Business to download and verify app updates
+| g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
+| go.microsoft.com | HTTP | Windows Defender
+| iecvlist.microsoft.com | HTTPS | Microsoft Edge browser
+| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
+| licensing.mp.microsoft.com\* | HTTPS | Used for online activation and some app licensing
+| login.live.com | HTTPS | Device Authentication
+| maps.windows.com/windows-app-web-link | HTTPS | Maps application
+| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
+| msagfx.live.com | HTTPS | OneDrive
+| ocos-office365-s2s.msedge.net/\* | HTTPS | Used to connect to the Microsoft 365 admin center's shared infrastructure
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| oneclient.sfx.ms/\* | HTTPS | Used by OneDrive for Business to download and verify app updates
+| onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
+| pti.store.microsoft.com | HTTPS | Microsoft Store
+| settings-win.data.microsoft.com/settings/\* | HTTPS | Used as a way for apps to dynamically update their configuration
+| share.microsoft.com | HTTPS | Microsoft Store
+| skypeecs-prod-usw-0.cloudapp.net | HTTPS | Skype
+| sls.update.microsoft.com\* | HTTPS | Windows Update
+| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
+| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
+| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Windows Update
+| v10.events.data.microsoft.com\* | HTTPS | Diagnostic Data
+| vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve Office 365 experimentation traffic
+| watson.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
+| wdcp.microsoft.com | HTTPS | Windows Defender
+| wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com | HTTPS | Azure
+| wusofficehome.msocdn.com | HTTPS | Microsoft Office
+| www.bing.com | HTTPS | Cortana and Search
+| www.microsoft.com | HTTP | Diagnostic Data
+| www.microsoft.com/pkiops/certs/\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| www.msftconnecttest.com | HTTP | Network Connection
+| www.office.com | HTTPS | Microsoft Office
 

From 5ebd60e8f342d32d11cee6470a535c0837961269 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sun, 10 May 2020 02:39:28 +0200
Subject: [PATCH 03/18] Remove 2 unneeded backslashes

- a slash character may sometimes work as an escape character
- www.bing.com does not need to have an ending asterisk escaped
---
 .../privacy/windows-endpoints-1903-non-enterprise-editions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index 36ad32df9f..ebf9ee6c89 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -118,7 +118,7 @@ The following methodology was used to derive the network endpoints:
 | wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
 | wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| www.bing.com\* | HTTP | Used for updates for Cortana, apps, and Live Tiles
+| www.bing.com* | HTTP | Used for updates for Cortana, apps, and Live Tiles
 | www.msftconnecttest.com | HTTP | Network Connection (NCSI)
 | www.office.com | HTTPS | Microsoft Office
 
@@ -269,7 +269,7 @@ The following methodology was used to derive the network endpoints:
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
 | www.bing.com | HTTPS | Cortana and Search
 | www.microsoft.com | HTTP | Diagnostic Data
-| www.microsoft.com/pkiops/certs/\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| www.microsoft.com/pkiops/certs/* | HTTP | CRL and OCSP checks to the issuing certificate authorities
 | www.msftconnecttest.com | HTTP | Network Connection
 | www.office.com | HTTPS | Microsoft Office
 

From 65cfd14dacbe35c4e29213444ae9e5eac9895e9d Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sun, 10 May 2020 03:23:39 +0200
Subject: [PATCH 04/18] Deployment/S mode: Link & whitespace correction

Description:

As reported in issue ticket #6676 (Broken links), the link URL "S mode
devices" (www.microsoft.com/windows/view-all-devices) returns error 404
unless you access the link from a computer using the locale EN-US (only
existing version of the page, non-localized and non-auto-adjusting).

Thank you to RAJU2529 (VARADHARAJAN K) for reporting this issue.

Changes proposed:

- Add /en-us/ to the URL microsoft.com/windows/view-all-devices
- Remove redundant EOL whitespace
- Consistency: add 1 blank line after the page title and next Heading

Ticket closure or reference:

Ref. #6676 (already closed (prematurely), as an incorrect report)
---
 windows/deployment/s-mode.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index 3d5adb42f4..e8a3556632 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 Pro in S mode
-description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers? 
+description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
 keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
@@ -18,33 +18,35 @@ ms.topic: article
 ---
 
 # Windows 10 in S mode - What is it?
-S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS. 
+
+S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS.
 
 ![Configuration and features of S mode](images/smodeconfig.png)
 
 ## S mode key features
+
 **Microsoft-verified security**
 
-With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware. 
+With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
 
 **Performance that lasts**
 
-Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you’ll enjoy a smooth, responsive experience, whether you’re streaming HD video, opening apps, or being productive on the go. 
+Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you’ll enjoy a smooth, responsive experience, whether you’re streaming HD video, opening apps, or being productive on the go.
 
 **Choice and flexibility**
 
-Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below. 
+Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/windows/deployment/windows-10-pro-in-s-mode) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
 
 ![Switching out of S mode flow chart](images/s-mode-flow-chart.png)
 
 
 ## Deployment
 
-Windows 10 in S mode is built for [modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired. 
+Windows 10 in S mode is built for [modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired.
 
 ## Keep line of business apps functioning with Desktop Bridge
 
-Worried about your line of business apps not working in S mode? [Desktop Bridge](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Microsoft Store, making it ideal for Windows 10 in S mode. 
+Worried about your line of business apps not working in S mode? [Desktop Bridge](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-root) enables you to convert your line of business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Microsoft Store, making it ideal for Windows 10 in S mode.
 
 ## Repackage Win32 apps into the MSIX format
 
@@ -54,6 +56,6 @@ The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-managem
 ## Related links
 
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
-- [S mode devices](https://www.microsoft.com/windows/view-all-devices)
+- [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
 - [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)

From 92b3f08a0737573d7d9c310601e2d24f3a07267c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 10 May 2020 13:50:44 +0300
Subject: [PATCH 05/18] Update configure-proxy-internet.md

Changes to list of common URLs required for certificate revocation checks to work correctly in restricted network environment
Reference: https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#-allowed-traffic-list-for-windows-restricted-traffic-limited-functionality-baseline
---
 .../microsoft-defender-atp/configure-proxy-internet.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 66efa55144..90ad7896eb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -111,7 +111,7 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
 
  Service location | Microsoft.com DNS record
 -|-
-Common URLs for all locations | ```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```<br>```notify.windows.com```<br> ```settings-win.data.microsoft.com```
+Common URLs for all locations | ```crl.microsoft.com/pki/crl/*```<br> ```ctldl.windowsupdate.com``` <br>```www.microsoft.com/pkiops/*```<br>```events.data.microsoft.com```<br>```notify.windows.com```<br> ```settings-win.data.microsoft.com```
 European Union | ```eu.vortex-win.data.microsoft.com``` <br> ```eu-v20.events.data.microsoft.com``` <br> ```usseu1northprod.blob.core.windows.net```  <br>```usseu1westprod.blob.core.windows.net``` <br> ```winatp-gw-neu.microsoft.com``` <br> ```winatp-gw-weu.microsoft.com``` <br>```wseu1northprod.blob.core.windows.net``` <br>```wseu1westprod.blob.core.windows.net``` <br>```automatedirstrprdweu.blob.core.windows.net``` <br>```automatedirstrprdneu.blob.core.windows.net```
 United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com``` <br>```ussuk1southprod.blob.core.windows.net``` <br>```ussuk1westprod.blob.core.windows.net``` <br>```winatp-gw-uks.microsoft.com``` <br>```winatp-gw-ukw.microsoft.com``` <br>```wsuk1southprod.blob.core.windows.net``` <br>```wsuk1westprod.blob.core.windows.net``` <br>```automatedirstrprduks.blob.core.windows.net``` <br>```automatedirstrprdukw.blob.core.windows.net```  
 United States | ```us.vortex-win.data.microsoft.com``` <br> ```ussus1eastprod.blob.core.windows.net``` <br> ```ussus1westprod.blob.core.windows.net``` <br> ```ussus2eastprod.blob.core.windows.net``` <br> ```ussus2westprod.blob.core.windows.net``` <br> ```ussus3eastprod.blob.core.windows.net``` <br> ```ussus3westprod.blob.core.windows.net``` <br> ```ussus4eastprod.blob.core.windows.net``` <br> ```ussus4westprod.blob.core.windows.net``` <br> ```us-v20.events.data.microsoft.com``` <br> ```winatp-gw-cus.microsoft.com``` <br> ```winatp-gw-eus.microsoft.com``` <br> ```wsus1eastprod.blob.core.windows.net``` <br> ```wsus1westprod.blob.core.windows.net``` <br> ```wsus2eastprod.blob.core.windows.net``` <br> ```wsus2westprod.blob.core.windows.net``` <br> ```automatedirstrprdcus.blob.core.windows.net``` <br> ```automatedirstrprdeus.blob.core.windows.net```

From 391295bee20c9525de77faacd7b1100deabae6cc Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 10 May 2020 14:08:41 +0300
Subject: [PATCH 06/18] Update machine-tags.md

Adding note about maximum number of allowed characters
---
 .../threat-protection/microsoft-defender-atp/machine-tags.md   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
index daf8b70f1e..a3fa8fc591 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@@ -71,6 +71,8 @@ You can also delete tags from this view.
 >- Windows 8.1
 >- Windows 7 SP1
 
+> Please note that the maximum number of allowed characters is hard-coded to 32.
+
 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
 
 Use the following registry key entry to add a tag on a machine:
@@ -82,3 +84,4 @@ Use the following registry key entry to add a tag on a machine:
 >[!NOTE]
 >The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report.
 
+

From 3a6b73d8f556b8f384abe6098113907793ca22a6 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 10 May 2020 14:10:35 +0300
Subject: [PATCH 07/18] Update machine-tags.md

Should be 30 and not 32
---
 .../threat-protection/microsoft-defender-atp/machine-tags.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
index a3fa8fc591..2a936b08fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@@ -71,7 +71,7 @@ You can also delete tags from this view.
 >- Windows 8.1
 >- Windows 7 SP1
 
-> Please note that the maximum number of allowed characters is hard-coded to 32.
+> Please note that the maximum number of allowed characters is hard-coded to 30.
 
 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
 

From e5e0aee249a26f77f7bb60416e9330fdd9af0ada Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Sun, 10 May 2020 18:00:45 +0300
Subject: [PATCH 08/18] Update configure-server-endpoints.md

Based on support cases the KB3080149 is needed for either Windows Server 2008 R2 AND windows server 2012 R2
---
 .../microsoft-defender-atp/configure-server-endpoints.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index c0c8157b48..a3ca7cc7cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -58,11 +58,12 @@ There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012
 ### Option 1: Onboard servers through Microsoft Defender Security Center
 You'll need to take the following steps if you choose to onboard servers through Microsoft Defender Security Center. 
 
-- For Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
+- For Windows Server 2008 R2 SP1 or Windows Server 2012 R2, ensure that you install the following hotfix:
+    - [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
+    
+- In addition, for Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
     - Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
-    - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
-    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
-
+    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518 (https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
 
 - For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
 

From 2f626823f13fb7f5fdd21d301e444c0dbb3b170c Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 11 May 2020 11:24:23 +0200
Subject: [PATCH 09/18] Grammar article correction (a/an), redundant space

- Whitespace removal
- a -> an

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../privacy/windows-endpoints-1903-non-enterprise-editions.md  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index ebf9ee6c89..fb0ff8bb98 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -32,7 +32,7 @@ The following methodology was used to derive the network endpoints:
 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
 5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6. All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here.
+6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
 7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
 8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
 
@@ -272,4 +272,3 @@ The following methodology was used to derive the network endpoints:
 | www.microsoft.com/pkiops/certs/* | HTTP | CRL and OCSP checks to the issuing certificate authorities
 | www.msftconnecttest.com | HTTP | Network Connection
 | www.office.com | HTTPS | Microsoft Office
-

From cea9e00472ed1c92c58b62a6f89bf0d39cd00209 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 11 May 2020 14:39:07 +0500
Subject: [PATCH 10/18] Update
 enroll-a-windows-10-device-automatically-using-group-policy.md

---
 ...l-a-windows-10-device-automatically-using-group-policy.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index dcc548afd6..c2df51c0ae 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -54,7 +54,6 @@ The following steps demonstrate required settings using the Intune service:
 
 > [!IMPORTANT]
 > For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
-
 > For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
 
 3. Verify that the device OS version is Windows 10, version 1709 or later.
@@ -117,7 +116,7 @@ Requirements:
 5. Click **Enable**, then click **OK**.
 
 > [!NOTE]
-> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed. 
+> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
 The default behavior for older releases is to revert to **User Credential**.
 
 When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
@@ -166,7 +165,7 @@ Requirements:
 - Ensure that PCs belong to same computer group.
 
 > [!IMPORTANT]
-> If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809, or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):        
+> If you do not see the policy, it may be because you don’t have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):        
 >   1. Download:  
 >   1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or  
 >   1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or

From edb0f5bba063b1e00c2130a4e75009a609983cff Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 11 May 2020 14:50:07 +0500
Subject: [PATCH 11/18] Update windows-10-removed-features.md

---
 windows/deployment/planning/windows-10-removed-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index 1c93c41731..508cc788a8 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -36,7 +36,7 @@ The following features and functionalities have been removed from the installed
 |limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 |
 |Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 |
 |Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
-|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
+|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
 |People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 |
 |Language control in the Control Panel|	Use the Settings app to change your language settings.| 1803 |
 |HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.<br><br>When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.<br><br>Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10: <br>- [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10) <br>- [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | 1803 |

From 10ea33636180efe0ddf74401ad739631f90129a9 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 11 May 2020 11:50:59 +0200
Subject: [PATCH 12/18] Typo correction in description

- Winddows -> Windows

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../privacy/windows-endpoints-1903-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index fb0ff8bb98..bfb957cab3 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -146,7 +146,7 @@ The following methodology was used to derive the network endpoints:
 | candycrush.king.com | HTTPS | Candy Crush application
 | cdn.onenote.net | HTTP | Microsoft OneNote
 | cds.p9u4n2q3.hwcdn.net | HTTP | Highwinds Content Delivery Network traffic for Windows updates
-| client.wns.windows.com | HTTPS | Winddows Notification System
+| client.wns.windows.com | HTTPS | Windows Notification System
 | co4.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Windows Error Reporting
 | config.edge.skype.com | HTTPS | Microsoft Skype
 | cs11.wpc.v0cdn.net | HTTP | Windows Telemetry

From 40f87518f0efbd3ac31294b7485356dd8ddafcd7 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 11 May 2020 12:11:25 +0200
Subject: [PATCH 13/18] Whitespace

- remove redundant blank space

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../privacy/windows-endpoints-1903-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index bfb957cab3..539eb81bd2 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -33,7 +33,7 @@ The following methodology was used to derive the network endpoints:
 4. Compile reports on traffic going to public IP addresses.
 5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
 6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
-7. These tests were conducted in an approved Microsoft lab.  It's possible your results may be different.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
 8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
 
 

From 782e95671f19e1898016bc3fa15dca52ba905f13 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 11 May 2020 07:00:00 -0700
Subject: [PATCH 14/18] Update machine-tags.md

---
 .../microsoft-defender-atp/machine-tags.md                 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
index 2a936b08fc..3db537114e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
@@ -26,8 +26,8 @@ You can add tags on machines using the following ways:
 - Using the portal
 - Setting a registry key value
 
->[!NOTE]
->There may be some latency between the time a tag is added to a machine and its availability in the machines list and machine page.  
+> [!NOTE]
+> There may be some latency between the time a tag is added to a machine and its availability in the machines list and machine page.  
 
 To add machine tags using API, see [Add or remove machine tags API](add-or-remove-machine-tags.md).
 
@@ -71,7 +71,8 @@ You can also delete tags from this view.
 >- Windows 8.1
 >- Windows 7 SP1
 
-> Please note that the maximum number of allowed characters is hard-coded to 30.
+> [!NOTE] 
+> The maximum number of characters in a tag is 30.
 
 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
 

From e9f33624efe782e5891d28c5f4a17914f42c59b9 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 11 May 2020 07:03:42 -0700
Subject: [PATCH 15/18] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-server-endpoints.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index a3ca7cc7cb..b7e90ca3be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -63,7 +63,7 @@ You'll need to take the following steps if you choose to onboard servers through
     
 - In addition, for Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
     - Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
-    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518 (https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
+    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
 
 - For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
 

From 096e8392ae1fea2c6b5aeb71bd3526a855f294d3 Mon Sep 17 00:00:00 2001
From: Lily Hou <20214566+lilyhou@users.noreply.github.com>
Date: Mon, 11 May 2020 10:32:53 -0700
Subject: [PATCH 16/18] Update kiosk-shelllauncher.md

Updated shell launcher v2 supported OS versions to include version 1809 and linked to the KB update
---
 windows/configuration/kiosk-shelllauncher.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 327042ee5c..9b5bcb8a34 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -20,10 +20,7 @@ ms.topic: article
 **Applies to**
 - Windows 10 Ent, Edu
 
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell.
+Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/en-us/help/4551853) update. 
 
 >[!NOTE]
 >Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 

From 10fe8858be44eaf70119368510ccea021fb09a7a Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 11 May 2020 11:18:13 -0700
Subject: [PATCH 17/18] Update kiosk-shelllauncher.md

---
 windows/configuration/kiosk-shelllauncher.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 9b5bcb8a34..43317581df 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -20,7 +20,7 @@ ms.topic: article
 **Applies to**
 - Windows 10 Ent, Edu
 
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/en-us/help/4551853) update. 
+Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
 
 >[!NOTE]
 >Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 

From 09751e84a9f903f422e8c35bcd678af87b5df5fd Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Mon, 11 May 2020 11:36:27 -0700
Subject: [PATCH 18/18] pencil edits

---
 ...-endpoints-1903-non-enterprise-editions.md | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index 539eb81bd2..43a5191c6b 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
 author: mikeedgar
-ms.author: v-medgar
+ms.author: sanashar
 manager: sanashar
 ms.collection: M365-security-compliance
 ms.topic: article
@@ -118,9 +118,9 @@ The following methodology was used to derive the network endpoints:
 | wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
 | wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| www.bing.com* | HTTP | Used for updates for Cortana, apps, and Live Tiles
-| www.msftconnecttest.com | HTTP | Network Connection (NCSI)
-| www.office.com | HTTPS | Microsoft Office
+| `www.bing.com`* | HTTP | Used for updates for Cortana, apps, and Live Tiles
+| `www.msftconnecttest.com` | HTTP | Network Connection (NCSI)
+| `www.office.com` | HTTPS | Microsoft Office
 
 
 ## Windows 10 Pro
@@ -192,10 +192,10 @@ The following methodology was used to derive the network endpoints:
 | watson.telemetry.microsoft.com | HTTPS | Telemetry
 | wdcp.microsoft.com | HTTPS | Windows Defender
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| www.bing.com | HTTPS | Cortana and Search
-| www.microsoft.com | HTTP | Diagnostic
-| www.msftconnecttest.com | HTTP | Network connection
-| www.office.com | HTTPS | Microsoft Office
+| `www.bing.com` | HTTPS | Cortana and Search
+| `www.microsoft.com` | HTTP | Diagnostic
+| `www.msftconnecttest.com` | HTTP | Network connection
+| `www.office.com` | HTTPS | Microsoft Office
 
 
 
@@ -267,8 +267,8 @@ The following methodology was used to derive the network endpoints:
 | wdcp.microsoft.com | HTTPS | Windows Defender
 | wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com | HTTPS | Azure
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-| www.bing.com | HTTPS | Cortana and Search
-| www.microsoft.com | HTTP | Diagnostic Data
-| www.microsoft.com/pkiops/certs/* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-| www.msftconnecttest.com | HTTP | Network Connection
-| www.office.com | HTTPS | Microsoft Office
+| `www.bing.com` | HTTPS | Cortana and Search
+| `www.microsoft.com` | HTTP | Diagnostic Data
+| `www.microsoft.com/pkiops/certs/`* | HTTP | CRL and OCSP checks to the issuing certificate authorities
+| `www.msftconnecttest.com` | HTTP | Network Connection
+| `www.office.com` | HTTPS | Microsoft Office