Merge pull request #2724 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -54,7 +54,6 @@ The following steps demonstrate required settings using the Intune service:
 
 > [!IMPORTANT]
 > For BYOD devices, the MAM user scope takes precedence if both MAM user scope and MDM user scope (automatic MDM enrollment) are enabled for all users (or the same groups of users). The device will use Windows Information Protection (WIP) Policies (if you configured them) rather than being MDM enrolled.
-
 > For corporate devices, the MDM user scope takes precedence if both scopes are enabled. The devices get MDM enrolled.
 
 3. Verify that the device OS version is Windows 10, version 1709 or later.
@@ -117,7 +116,7 @@ Requirements:
 5. Click **Enable**, then click **OK**.
 
 > [!NOTE]
-> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed. 
+> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
 The default behavior for older releases is to revert to **User Credential**.
 
 When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
@@ -166,7 +165,7 @@ Requirements:
 - Ensure that PCs belong to same computer group.
 
 > [!IMPORTANT]
-> If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809, or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):        
+> If you do not see the policy, it may be because you don’t have the ADMX for Windows 10, version 1803, version 1809, or version 1903 installed. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):        
 >   1. Download:  
 >   1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or  
 >   1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or

windows/configuration/kiosk-shelllauncher.md

@@ -20,10 +20,7 @@ ms.topic: article
 **Applies to**
 - Windows 10 Ent, Edu
 
->[!WARNING]
+Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell.
 
 >[!NOTE]
 >Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 

windows/deployment/planning/windows-10-removed-features.md

@@ -36,7 +36,7 @@ The following features and functionalities have been removed from the installed
 |limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 |
 |Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 |
 |Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
-|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC or to stream music from OneDrive. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
+|Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
 |People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 |
 |Language control in the Control Panel|	Use the Settings app to change your language settings.| 1803 |
 |HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.<br><br>When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.<br><br>Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10: <br>- [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10) <br>- [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | 1803 |

windows/deployment/s-mode.md

@@ -18,11 +18,13 @@ ms.topic: article
 ---
 
 # Windows 10 in S mode - What is it?
+
 S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS.
 
 ![Configuration and features of S mode](images/smodeconfig.png)
 
 ## S mode key features
+
 **Microsoft-verified security**
 
 With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
@@ -54,6 +56,6 @@ The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-managem
 ## Related links
 
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
-- [S mode devices](https://www.microsoft.com/windows/view-all-devices)
+- [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
 - [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)

windows/deployment/update/update-compliance-need-attention.md

@@ -35,7 +35,7 @@ The different issues are broken down by Device Issues and Update Issues:
 * **Cancelled**: This issue occurs when a user cancels the update process.
 * **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
 * **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. Note that this might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
-* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 10 days.
+* **Progress stalled:** This issue occurs when an update is in progress, but has not completed over a period of 7 days.
 
 Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
 

windows/privacy/windows-endpoints-1903-non-enterprise-editions.md

@@ -8,12 +8,13 @@ ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
 author: mikeedgar
-ms.author: v-medgar
+ms.author: sanashar
 manager: sanashar
 ms.collection: M365-security-compliance
 ms.topic: article
 ms.date: 5/9/2019
 ---
+
 # Windows 10, version 1903, connection endpoints for non-Enterprise editions
 
  **Applies to**
@@ -31,7 +32,7 @@ The following methodology was used to derive the network endpoints:
 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
 5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
-6.  All traffic was captured in our lab using a IPV4 network.  Therefore, no IPV6 traffic is reported here. 
+6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
 7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
 8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
 
@@ -41,111 +42,111 @@ The following methodology was used to derive the network endpoints:
 
 ## Windows 10 Family
 
-| **Destination** | **Protocol** | **Description** |
+| Destination | Protocol | Description |
-| --- | --- | --- |
+| ----------- | -------- | ----------- |
-|\*.aria.microsoft.com*|HTTPS|Microsoft Office Telemetry
+| \*.aria.microsoft.com\* | HTTPS | Microsoft Office Telemetry
-|\*.b.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+| \*.b.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
 | \*.c-msedge.net | HTTP | Microsoft Office
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
-|\*.download.windowsupdate.com*|HTTP|Used to download operating system patches and updates
+| \*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates
-|\*.g.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+| \*.g.akamai\*.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
-|\*.login.msa.*.net|HTTPS|Microsoft Account related
+| \*.login.msa.\*.net | HTTPS | Microsoft Account related
-|\*.msn.com*|TLSv1.2/HTTPS|Windows Spotlight 
+| \*.msn.com\* | TLSv1.2/HTTPS | Windows Spotlight
 | \*.skype.com | HTTP/HTTPS | Skype
-|\*.smartscreen.microsoft.com*|HTTPS|Windows Defender Smartscreen 
+| \*.smartscreen.microsoft.com\* | HTTPS | Windows Defender Smartscreen
-|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
-|*cdn.onenote.net*|HTTP|OneNote 
+| \*cdn.onenote.net\* | HTTP | OneNote
-|*displaycatalog.*mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store 
+| \*displaycatalog.\*mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-|*emdl.ws.microsoft.com*|HTTP|Windows Update 
+| \*emdl.ws.microsoft.com\* | HTTP | Windows Update
-|*geo-prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update 
+| \*geo-prod.do.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-|*hwcdn.net*|HTTP|Highwinds Content Delivery Network / Windows updates 
+| \*hwcdn.net\* | HTTP | Highwinds Content Delivery Network / Windows updates
-|*img-prod-cms-rt-microsoft-com*|HTTPS|Microsoft Store or Inbox MSN Apps image download 
+| \*img-prod-cms-rt-microsoft-com\* | HTTPS | Microsoft Store or Inbox MSN Apps image download
-|*licensing.*mp.microsoft.com*|HTTPS|Licensing 
+| \*licensing.\*mp.microsoft.com\* | HTTPS | Licensing
-|*maps.windows.com*|HTTPS|Related to Maps application 
+| \*maps.windows.com\* | HTTPS | Related to Maps application
-|*msedge.net*|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps 
+| \*msedge.net\* | HTTPS | Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps
-|*nexusrules.officeapps.live.com*|HTTPS|Microsoft Office Telemetry
+| \*nexusrules.officeapps.live.com\* | HTTPS | Microsoft Office Telemetry
-|*photos.microsoft.com*|HTTPS|Photos App 
+| \*photos.microsoft.com\* | HTTPS | Photos App
-|*prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for Windows Update downloads of apps and OS updates 
+| \*prod.do.dsp.mp.microsoft.com* | TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates
-|*purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store 
+| \*purchase.md.mp.microsoft.com.akadns.net | HTTPS | Used to communicate with Microsoft Store
-|*settings.data.microsoft.com.akadns.net|HTTPS|Used for Windows apps to dynamically update their configuration
+| \*settings.data.microsoft.com.akadns.net | HTTPS | Used for Windows apps to dynamically update their configuration
-|*wac.phicdn.net*|HTTP|Windows Update 
+| \*wac.phicdn.net\* | HTTP | Windows Update
-|*windowsupdate.com*|HTTP|Windows Update 
+| \*windowsupdate.com\* | HTTP | Windows Update
-|*wns.*windows.com*|TLSv1.2/HTTPS|Used for the Windows Push Notification Services (WNS)
+| \*wns.\*windows.com\* | TLSv1.2/HTTPS | Used for the Windows Push Notification Services (WNS)
-|*wpc.v0cdn.net*|HTTP|Windows Telemetry 
+| \*wpc.v0cdn.net\* | HTTP | Windows Telemetry
 | arc.msn.com | HTTPS | Spotlight
-|auth.gfx.ms*|HTTPS|MSA related
+| auth.gfx.ms\* | HTTPS | MSA related
 | cdn.onenote.net | HTTPS | OneNote Live Tile
-|dmd.metaservices.microsoft.com*|HTTP|Device Authentication 
+| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
 | e-0009.e-msedge.net | HTTPS | Microsoft Office
 | e10198.b.akamaiedge.net | HTTPS | Maps application
-|evoke-windowsservices-tas.msedge*|HTTPS|Photos app 
+| evoke-windowsservices-tas.msedge\* | HTTPS | Photos app
-|fe2.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
+| fe2.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
-|fe3.*.mp.microsoft.com.*|TLSv1.2/HTTPS|Windows Update, Microsoft Update, and Microsoft Store services 
+| fe3.\*.mp.microsoft.com.\* | TLSv1.2/HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
-|g.live.com*|HTTPS|OneDrive 
+| g.live.com\* | HTTPS | OneDrive
 | go.microsoft.com | HTTP | Windows Defender
 | iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
 | login.live.com | HTTPS | Device Authentication
 | msagfx.live.com | HTTP | OneDrive
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
 | officeclient.microsoft.com | HTTPS | Microsoft Office
-|oneclient.sfx.ms*|HTTPS|Used by OneDrive for Business to download and verify app updates
+| oneclient.sfx.ms\* | HTTPS | Used by OneDrive for Business to download and verify app updates
 | onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
 | ow1.res.office365.com | HTTP | Microsoft Office
 | pti.store.microsoft.com | HTTPS | Microsoft Store
-|purchase.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+| purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
-|query.prod.cms.rt.microsoft.com*|HTTPS|Used to retrieve Windows Spotlight metadata
+| query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata
-|ris.api.iris.microsoft.com*|TLSv1.2/HTTPS|Used to retrieve Windows Spotlight metadata
+| ris.api.iris.microsoft.com\* | TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata
 | ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
 | s-0001.s-msedge.net | HTTPS | Microsoft Office
 | self.events.data.microsoft.com | HTTPS | Microsoft Office
-|settings.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+| settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
-|settings-win.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+| settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration
 | share.microsoft.com | HTTPS | Microsoft Store
 | skypeecs-prod-usw-0.cloudapp.net | HTTPS | Microsoft Store
-|sls.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update
+| sls.update.microsoft.com\* | TLSv1.2/HTTPS | Enables connections to Windows Update
-|slscr.update.microsoft.com*|HTTPS|Enables connections to Windows Update
+| slscr.update.microsoft.com\* | HTTPS | Enables connections to Windows Update
-|store*.dsx.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+| store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store
 | storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
-|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-|store-images.*microsoft.com*|HTTP|Used to get images that are used for Microsoft Store suggestions
+| store-images.\*microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions
 | storesdk.dsx.mp.microsoft.com | HTTP | Microsoft Store
-|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
 | time.windows.com | HTTP | Microsoft Windows Time related
-|tsfe.trafficshaping.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for content regulation
+| tsfe.trafficshaping.dsp.mp.microsoft.com\* | TLSv1.2/HTTPS | Used for content regulation
 | v10.events.data.microsoft.com | HTTPS | Diagnostic Data
 | watson.telemetry.microsoft.com | HTTPS | Diagnostic Data
-|wdcp.microsoft.*|TLSv1.2, HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
+| wdcp.microsoft.\* | TLSv1.2, HTTPS | Used for Windows Defender when Cloud-based Protection is enabled
 | wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-|www.bing.com*|HTTP|Used for updates for Cortana, apps, and Live Tiles
+| `www.bing.com`* | HTTP | Used for updates for Cortana, apps, and Live Tiles
-|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
+| `www.msftconnecttest.com` | HTTP | Network Connection (NCSI)
-|www.office.com|HTTPS|Microsoft Office
+| `www.office.com` | HTTPS | Microsoft Office
 
 
 ## Windows 10 Pro
 
-| **Destination** | **Protocol** | **Description** |
+| Destination | Protocol | Description |
-| --- | --- | --- |
+| ----------- | -------- | ----------- |
 | \*.cloudapp.azure.com | HTTPS | Azure
 | \*.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, and Microsoft Store services
 | \*.displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update
 | \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
 | \*.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
 | \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-|\*.windowsupdate.com*|HTTP|Enables connections to Windows Update
+| \*.windowsupdate.com\* | HTTP | Enables connections to Windows Update
 | \*.wns.notify.windows.com.akadns.net | HTTPS | Used for the Windows Push Notification Services (WNS)
 | \*dsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update
 | \*c-msedge.net | HTTP | Office
 | a1158.g.akamai.net | HTTP | Maps application
-|arc.msn.com*|HTTP / HTTPS|Used to retrieve Windows Spotlight metadata
+| arc.msn.com\* | HTTP / HTTPS | Used to retrieve Windows Spotlight metadata
 | blob.mwh01prdstr06a.store.core.windows.net | HTTPS | Microsoft Store
 | browser.pipe.aria.microsoft.com | HTTPS | Microsoft Office
 | bubblewitch3mobile.king.com | HTTPS | Bubble Witch application
 | candycrush.king.com | HTTPS | Candy Crush application
 | cdn.onenote.net | HTTP | Microsoft OneNote
 | cds.p9u4n2q3.hwcdn.net | HTTP | Highwinds Content Delivery Network traffic for Windows updates
-|client.wns.windows.com|HTTPS|Winddows Notification System 
+| client.wns.windows.com | HTTPS | Windows Notification System
 | co4.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Windows Error Reporting
 | config.edge.skype.com | HTTPS | Microsoft Skype
 | cs11.wpc.v0cdn.net | HTTP | Windows Telemetry
@@ -171,7 +172,7 @@ The following methodology was used to derive the network endpoints:
 | modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
 | msagfx.live.com | HTTP | OneDrive
 | nav.smartscreen.microsoft.com | HTTPS | Windows Defender
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
 | oneclient.sfx.ms | HTTP | OneDrive
 | pti.store.microsoft.com | HTTPS | Microsoft Store
 | ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata
@@ -183,92 +184,91 @@ The following methodology was used to derive the network endpoints:
 | slscr.update.microsoft.com | HTTPS | Windows Update
 | storecatalogrevocation.storequality.microsoft.com | HTTPS | Microsoft Store
 | store-images.microsoft.com | HTTPS | Microsoft Store
-|tile-service.weather.microsoft.com/*|HTTP|Used to download updates to the Weather app Live Tile
+| tile-service.weather.microsoft.com/\* | HTTP | Used to download updates to the Weather app Live Tile
 | time.windows.com | HTTP | Windows time
 | tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation
-|v10.events.data.microsoft.com*|HTTPS|Microsoft Office 
+| v10.events.data.microsoft.com\* | HTTPS | Microsoft Office
 | vip5.afdorigin-prod-am02.afdogw.com | HTTPS | Used to serve office 365 experimentation traffic
 | watson.telemetry.microsoft.com | HTTPS | Telemetry
 | wdcp.microsoft.com | HTTPS | Windows Defender
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-|www.bing.com|HTTPS|Cortana and Search 
+| `www.bing.com` | HTTPS | Cortana and Search
-|www.microsoft.com|HTTP|Diagnostic 
+| `www.microsoft.com` | HTTP | Diagnostic
-|www.msftconnecttest.com|HTTP|Network connection 
+| `www.msftconnecttest.com` | HTTP | Network connection
-|www.office.com|HTTPS|Microsoft Office
+| `www.office.com` | HTTPS | Microsoft Office
 
 
 
 ## Windows 10 Education
 
-| **Destination** | **Protocol** | **Description** |
+| Destination | Protocol | Description |
-| --- | --- | --- |
+| ----------- | -------- | ----------- |
 | \*.b.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use
 | \*.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps
-|\*.dl.delivery.mp.microsoft.com*|HTTP|Windows Update
+| \*.dl.delivery.mp.microsoft.com\* | HTTP | Windows Update
 | \*.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
 | \*.g.akamaiedge.net | HTTPS | Used to check for updates to Maps that have been downloaded for offline use
 | \*.licensing.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
 | \*.settings.data.microsoft.com.akadns.net | HTTPS | Microsoft Store
-|\*.skype.com*|HTTPS|Used to retrieve Skype configuration values 
+| \*.skype.com\* | HTTPS | Used to retrieve Skype configuration values
-|\*.smartscreen*.microsoft.com|HTTPS|Windows Defender 
+| \*.smartscreen\*.microsoft.com | HTTPS | Windows Defender
 | \*.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps
-|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+| \*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
 | \*.wac.phicdn.net | HTTP | Windows Update
-|\*.windowsupdate.com*|HTTP|Windows Update
+| \*.windowsupdate.com\* | HTTP | Windows Update
 | \*.wns.windows.com | HTTPS | Windows Notifications Service
-|\*.wpc.*.net|HTTP|Diagnostic Data
+| \*.wpc.\*.net | HTTP | Diagnostic Data
 | \*displaycatalog.md.mp.microsoft.com.akadns.net | HTTPS | Microsoft Store
 | \*dsp.mp.microsoft.com | HTTPS | Windows Update
 | a1158.g.akamai.net | HTTP | Maps
 | a122.dscg3.akamai.net | HTTP | Maps
 | a767.dscg3.akamai.net | HTTP | Maps
-|au.download.windowsupdate.com*|HTTP|Windows Update
+| au.download.windowsupdate.com\* | HTTP | Windows Update
-|bing.com/*|HTTPS|Used for updates for Cortana, apps, and Live Tiles
+| bing.com/\* | HTTPS | Used for updates for Cortana, apps, and Live Tiles
 | blob.dz5prdstr01a.store.core.windows.net | HTTPS | Microsoft Store
 | browser.pipe.aria.microsoft.com | HTTP | Used by OfficeHub to get the metadata of Office apps
-|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
+| cdn.onenote.net/livetile/\* | HTTPS | Used for OneNote Live Tile
 | cds.p9u4n2q3.hwcdn.net | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates
-|client-office365-tas.msedge.net/*|HTTPS|Microsoft 365 admin center and Office in a browser
+| client-office365-tas.msedge.net/\* | HTTPS | Microsoft 365 admin center and Office in a browser
-|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
+| ctldl.windowsupdate.com\* | HTTP | Used to download certificates that are publicly known to be fraudulent
-|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
+| displaycatalog.mp.microsoft.com/\* | HTTPS | Microsoft Store
-|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
+| dmd.metaservices.microsoft.com\* | HTTP | Device Authentication
-|download.windowsupdate.com*|HTTPS|Windows Update
+| download.windowsupdate.com\* | HTTPS | Windows Update
-|emdl.ws.microsoft.com/*|HTTP|Used to download apps from the Microsoft Store
+| emdl.ws.microsoft.com/\* | HTTP | Used to download apps from the Microsoft Store
 | evoke-windowsservices-tas.msedge.net | HTTPS | Photo app
-|fe2.update.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
+| fe2.update.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-|fe3.delivery.mp.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services 
+| fe3.delivery.mp.microsoft.com\* | HTTPS | Windows Update, Microsoft Update, Microsoft Store services
-|g.live.com*|HTTPS|Used by OneDrive for Business to download and verify app updates
+| g.live.com\* | HTTPS | Used by OneDrive for Business to download and verify app updates
 | g.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata
 | go.microsoft.com | HTTP | Windows Defender
 | iecvlist.microsoft.com | HTTPS | Microsoft Edge browser
 | ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in
-|licensing.mp.microsoft.com*|HTTPS|Used for online activation and some app licensing
+| licensing.mp.microsoft.com\* | HTTPS | Used for online activation and some app licensing
 | login.live.com | HTTPS | Device Authentication
 | maps.windows.com/windows-app-web-link | HTTPS | Maps application
 | modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting
 | msagfx.live.com | HTTPS | OneDrive
-|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Microsoft 365 admin center's shared infrastructure
+| ocos-office365-s2s.msedge.net/\* | HTTPS | Used to connect to the Microsoft 365 admin center's shared infrastructure
-|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-|oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates
+| oneclient.sfx.ms/\* | HTTPS | Used by OneDrive for Business to download and verify app updates
 | onecollector.cloudapp.aria.akadns.net | HTTPS | Microsoft Office
 | pti.store.microsoft.com | HTTPS | Microsoft Store
-|settings-win.data.microsoft.com/settings/*|HTTPS|Used as a way for apps to dynamically update their configuration 
+| settings-win.data.microsoft.com/settings/\* | HTTPS | Used as a way for apps to dynamically update their configuration
 | share.microsoft.com | HTTPS | Microsoft Store
 | skypeecs-prod-usw-0.cloudapp.net | HTTPS | Skype
-|sls.update.microsoft.com*|HTTPS|Windows Update
+| sls.update.microsoft.com\* | HTTPS | Windows Update
-|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+| storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store
-|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+| tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile
 | tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Windows Update
-|v10.events.data.microsoft.com*|HTTPS|Diagnostic Data
+| v10.events.data.microsoft.com\* | HTTPS | Diagnostic Data
 | vip5.afdorigin-prod-ch02.afdogw.com | HTTPS | Used to serve Office 365 experimentation traffic
-|watson.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+| watson.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting
 | wdcp.microsoft.com | HTTPS | Windows Defender
 | wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com | HTTPS | Azure
 | wusofficehome.msocdn.com | HTTPS | Microsoft Office
-|www.bing.com|HTTPS|Cortana and Search 
+| `www.bing.com` | HTTPS | Cortana and Search
-|www.microsoft.com|HTTP|Diagnostic Data
+| `www.microsoft.com` | HTTP | Diagnostic Data
-|www.microsoft.com/pkiops/certs/*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+| `www.microsoft.com/pkiops/certs/`* | HTTP | CRL and OCSP checks to the issuing certificate authorities
-|www.msftconnecttest.com|HTTP|Network Connection 
+| `www.msftconnecttest.com` | HTTP | Network Connection
-|www.office.com|HTTPS|Microsoft Office
+| `www.office.com` | HTTPS | Microsoft Office
-

windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md

@@ -111,7 +111,7 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
 
  Service location | Microsoft.com DNS record
 -|-
-Common URLs for all locations | ```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```<br>```notify.windows.com```<br> ```settings-win.data.microsoft.com```
+Common URLs for all locations | ```crl.microsoft.com/pki/crl/*```<br> ```ctldl.windowsupdate.com``` <br>```www.microsoft.com/pkiops/*```<br>```events.data.microsoft.com```<br>```notify.windows.com```<br> ```settings-win.data.microsoft.com```
 European Union | ```eu.vortex-win.data.microsoft.com``` <br> ```eu-v20.events.data.microsoft.com``` <br> ```usseu1northprod.blob.core.windows.net```  <br>```usseu1westprod.blob.core.windows.net``` <br> ```winatp-gw-neu.microsoft.com``` <br> ```winatp-gw-weu.microsoft.com``` <br>```wseu1northprod.blob.core.windows.net``` <br>```wseu1westprod.blob.core.windows.net``` <br>```automatedirstrprdweu.blob.core.windows.net``` <br>```automatedirstrprdneu.blob.core.windows.net```
 United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com``` <br>```ussuk1southprod.blob.core.windows.net``` <br>```ussuk1westprod.blob.core.windows.net``` <br>```winatp-gw-uks.microsoft.com``` <br>```winatp-gw-ukw.microsoft.com``` <br>```wsuk1southprod.blob.core.windows.net``` <br>```wsuk1westprod.blob.core.windows.net``` <br>```automatedirstrprduks.blob.core.windows.net``` <br>```automatedirstrprdukw.blob.core.windows.net```  
 United States | ```us.vortex-win.data.microsoft.com``` <br> ```ussus1eastprod.blob.core.windows.net``` <br> ```ussus1westprod.blob.core.windows.net``` <br> ```ussus2eastprod.blob.core.windows.net``` <br> ```ussus2westprod.blob.core.windows.net``` <br> ```ussus3eastprod.blob.core.windows.net``` <br> ```ussus3westprod.blob.core.windows.net``` <br> ```ussus4eastprod.blob.core.windows.net``` <br> ```ussus4westprod.blob.core.windows.net``` <br> ```us-v20.events.data.microsoft.com``` <br> ```winatp-gw-cus.microsoft.com``` <br> ```winatp-gw-eus.microsoft.com``` <br> ```wsus1eastprod.blob.core.windows.net``` <br> ```wsus1westprod.blob.core.windows.net``` <br> ```wsus2eastprod.blob.core.windows.net``` <br> ```wsus2westprod.blob.core.windows.net``` <br> ```automatedirstrprdcus.blob.core.windows.net``` <br> ```automatedirstrprdeus.blob.core.windows.net```

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -58,11 +58,12 @@ There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012
 ### Option 1: Onboard servers through Microsoft Defender Security Center
 You'll need to take the following steps if you choose to onboard servers through Microsoft Defender Security Center. 
 
-- For Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
+- For Windows Server 2008 R2 SP1 or Windows Server 2012 R2, ensure that you install the following hotfix:
-    - Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
+    - [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
-    - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
-    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
     
+- In addition, for Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
+    - Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
+    - Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
 
 - For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
 

windows/security/threat-protection/microsoft-defender-atp/machine-tags.md

@@ -71,6 +71,9 @@ You can also delete tags from this view.
 >- Windows 8.1
 >- Windows 7 SP1
 
+> [!NOTE] 
+> The maximum number of characters in a tag is 30.
+
 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
 
 Use the following registry key entry to add a tag on a machine:
@@ -82,3 +85,4 @@ Use the following registry key entry to add a tag on a machine:
 >[!NOTE]
 >The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report.
 
+