Merge branch 'master' into threat-simulator

windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md

@@ -72,7 +72,7 @@ On **CM01**:
 
 The backup-only task sequence (named Replace Task Sequence).
 
-## Associate the new machine with the old computer
+## Associate the new device with the old computer
 
 This section walks you through the process of associating a new, blank device (PC0006), with an existing computer (PC0004), for the purpose of replacing PC0004 with PC0006. PC0006 can be either a physical or virtual machine.
 
@@ -149,7 +149,7 @@ This section assumes that you have a computer named PC0004 with the Configuratio
 
 On **PC0004**:
 
-1.  If it is not alreayd started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
+1.  If it is not already started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
 2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
 
     >[!NOTE]

windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md

@@ -24,196 +24,119 @@ ms.topic: article
 The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Endpoint Configuration Manager task sequence to completely automate the process.
 
 >[!IMPORTANT]
->Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must removed from a device before performing an in-place upgrade to Windows 10.
+>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must be removed from a device before performing an in-place upgrade to Windows 10.
 
-## Proof-of-concept environment
+## Infrastructure
 
-For the purposes of this topic, we will use three computers: DC01, CM01, and PC0001. DC01 is a domain controller and CM01 is a domain member server. PC0001 is a computer running Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Prepare for deployment with MDT](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md).
+An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). 
 
-![computers](../images/dc01-cm01-pc0001.png)
+For the purposes of this article, we will use one server computer (CM01) and one client computers (PC0004).
+- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server.
+- PC0004 is a domain member client computer running Windows 7 SP1, or a later version of Windows, with the Configuration Manager client installed, that will be upgraded to Windows 10.
 
-The computers used in this topic.
+All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used. 
 
-## Upgrade to Windows 10 with Configuration Manager
+All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
 
+## Add an OS upgrade package
 
-System Center 2012 R2 Configuration Manager SP 1 adds support to manage and deploy Windows 10. Although it does not include built-in support to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 to Windows 10, you can build a custom task sequence to perform the necessary tasks.
+Configuration Manager Current Branch includes a native in-place upgrade task. This task sequence differs from the MDT in-place upgrade task sequence in that it does not use a default OS image, but rather uses an [OS upgrade package](https://docs.microsoft.com/configmgr/osd/get-started/manage-operating-system-upgrade-packages).
 
-## Create the task sequence
+On **CM01**:
 
+1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and click **Add Operating System Upgrade Package**.
+2. On the **Data Source** page, under **Path**, click **Browse** and enter the UNC path to your media source. In this example, we have extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
+3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we have chosen **Windows 10 Enterprise**.
+4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then click **Next**.
+5. Next to **Name**, enter **Windows 10 x64 RTM** and then complete the wizard by clicking **Next** and **Close**.
+6.  Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
+7.  In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
+8.  View the content status for the Windows 10 x64 RTM upgrade package. Do not continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
 
-To help with this process, the Configuration Manager team has published [a blog](https://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](https://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
+## Create an in-place upgrade task sequence
 
-1.  Download the [Windows10Upgrade1506.zip](https://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
-2.  Copy the Windows 10 Enterprise RTM x64 media into the extracted but empty **Windows vNext Upgrade Media** folder.
-3.  Using the Configuration Manager Console, right-click the **Task Sequences** node, and then choose **Import Task Sequence**. Select the **Windows-vNextUpgradeExport.zip** file that you extracted in Step 1.
-4.  Distribute the two created packages (one contains the Windows 10 Enterprise x64 media, the other contains the related scripts) to the Configuration Manager distribution point.
+On **CM01**:
 
-For full details and an explanation of the task sequence steps, review the full details of the two blogs that are referenced above.
+1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create Task Sequence**.
+2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and click **Next**.
+3. Use the following settings to complete the wizard:
+
+   * Task sequence name: Upgrade Task Sequence
+   * Description: In-place upgrade
+   * Upgrade package: Windows 10 x64 RTM
+   * Include software updates: Do not install any software updates
+   * Install applications: OSD \ Adobe Acrobat Reader DC
+
+4. Complete the wizard, and click **Close**.
+5. Review the Upgrade Task Sequence.
+
+![The upgrade task sequence](../images/cm-upgrade-ts.png)
+
+The Configuration Manager upgrade task sequence
 
 ## Create a device collection
 
+After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
 
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the Configuration Manager client installed.
+On **CM01**:
 
-1.  On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-    -   General
+1.  Using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
+    - General
+        - Name: Windows 10 x64 in-place upgrade
+        - Limited Collection: All Systems
+    - Membership rules:
+        - Direct rule
+            - Resource Class: System Resource
+            - Attribute Name: Name
+            - Value: PC0004
+        - Select Resources
+          - Select PC0004
 
-        -   Name: Windows 10 Enterprise x64 Upgrade
-
-        -   Limited Collection: All Systems
-
-    -   Membership rules:
-
-        -   Direct rule
-
-            -   Resource Class: System Resource
-
-            -   Attribute Name: Name
-
-            -   Value: PC0001
-
-        -   Select Resources
-
-        -   Select PC0001
-
-2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0001 machine in the collection.
+2.  Review the Windows 10 x64 in-place upgrade collection. Do not continue until you see PC0004 in the collection.
 
 ## Deploy the Windows 10 upgrade
 
-
 In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
 
-1.  On CM01, using the Configuration Manager console, in the Software Library workspace, right-click the **Windows vNext Upgrade** task sequence, and then select **Deploy**.
-2.  On the **General** page, select the **Windows 10 Enterprise x64 Upgrade** collection, and then click **Next**.
+On **CM01**:
+
+1.  Using the Configuration Manager console, in the Software Library workspace, right-click the **Upgrade Task Sequence** task sequence, and then click **Deploy**.
+2.  On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then click **Next**.
 3.  On the **Content** page, click **Next**.
-4.  On the **Deployment Settings** page, select the following settings, and then click **Next**:
-    -   Action: Install
-
-    -   Purpose: Available
-
+4.  On the **Deployment Settings** page, click **Next**:
 5.  On the **Scheduling** page, accept the default settings, and then click **Next**.
 6.  On the **User Experience** page, accept the default settings, and then click **Next**.
 7.  On the **Alerts** page, accept the default settings, and then click **Next**.
+7.  On the **Distribution Points** page, accept the default settings, and then click **Next**.
 8.  On the **Summary** page, click **Next**, and then click **Close**.
 
 ## Start the Windows 10 upgrade
 
+Next, run the in-place upgrade task sequence on PC0004.
 
-In this section, you start the Windows 10 Upgrade task sequence on PC0001 (currently running Windows 7 SP1).
+On **PC0004**:
 
-1.  On PC0001, start the **Software Center**.
-2.  Select the **Windows vNext Upgrade** task sequence, and then click **Install**.
+1.  Open the Configuration Manager control panel (control smscfgrc).
+2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
 
-When the task sequence begins, it will automatically initiate the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
+    >[!NOTE]
+    >You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
-![figure 2](../images/upgradecfg-fig2-upgrading.png)
+3.  Open the Software Center, select the **Upgrade Task Sequence** deployment and then click **Install**.
+4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
+5.  Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
 
-Figure 2. Upgrade from Windows 7 to Windows 10 Enterprise x64 with a task sequence.
+![pc0004-a](../images/pc0004-a.png)<br>
+![pc0004-b](../images/pc0004-b.png)<br>
+![pc0004-c](../images/pc0004-c.png)<br>
+![pc0004-d](../images/pc0004-d.png)<br>
+![pc0004-e](../images/pc0004-e.png)<br>
+![pc0004-f](../images/pc0004-f.png)<br>
+![pc0004-g](../images/pc0004-g.png)
 
-After the task sequence finishes, the computer will be fully upgraded to Windows 10.
-
-## Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager
-
-
-With Configuration Manager, new built-in functionality makes it easier to upgrade to Windows 10.
-
-**Note**  
-For more details about Configuration Manager, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
-
- 
-
-### Create the OS upgrade package
-
-First, you need to create an operating system upgrade package that contains the full Windows 10 Enterprise x64 installation media.
-
-1.  On CM01, using the Configuration Manager console, in the Software Library workspace, right-click the **Operating System Upgrade Packages** node, then select **Add Operating System Upgrade Package**.
-2.  On the **Data Source** page, specify the UNC path to the Windows 10 Enterprise x64 media, and then click **Next**.
-3.  On the **General** page, specify Windows 10 Enterprise x64 Upgrade, and then click **Next**.
-4.  On the **Summary** page, click **Next**, and then click **Close**.
-5.  Right-click the created **Windows 10 Enterprise x64 Update** package, and then select **Distribute Content**. Choose the CM01 distribution point.
-
-### Create the task sequence
-
-To create an upgrade task sequence, perform the following steps:
-
-1.  On CM01, using the Configuration Manager console, in the Software Library workspace, right-click the **Task Sequences** node, and then select **Create Task Sequence**.
-2.  On the **Create a new task sequence** page, select **Upgrade an operating system from upgrade package**, and then click **Next**.
-3.  On the **Task Sequence Information** page, specify **Windows 10 Enterprise x64 Upgrade**, and then click **Next**.
-4.  On the **Upgrade the Windows operating system** page, select the **Windows 10 Enterprise x64 Upgrade operating system upgrade** package, and then click **Next**.
-5.  Click **Next** through the remaining wizard pages, and then click **Close**.
-
-![figure 3](../images/upgradecfg-fig3-upgrade.png)
-
-Figure 3. The Configuration Manager upgrade task sequence.
-
-### Create a device collection
-
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of Configuration Manager client installed.
-
-1.  On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
-    -   General
-
-        -   Name: Windows 10 Enterprise x64 Upgrade
-
-        -   Limited Collection: All Systems
-
-    -   Membership rules:
-
-        -   Direct rule
-
-            -   Resource Class: System Resource
-
-            -   Attribute Name: Name
-
-            -   Value: PC0001
-
-        -   Select Resources
-
-        -   Select PC0001
-
-2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0001 machine in the collection.
-
-### Deploy the Windows 10 upgrade
-
-In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
-
-1.  On CM01, using the Configuration Manager console, in the Software Library workspace, right-click the **Windows vNext Upgrade** task sequence, and then select **Deploy**.
-2.  On the **General** page, select the **Windows 10 Enterprise x64 Upgrade** collection, and then click **Next**.
-3.  On the **Content** page, click **Next**.
-4.  On the **Deployment Settings** page, select the following settings and click **Next**:
-    -   Action: Install
-
-    -   Purpose: Available
-
-5.  On the **Scheduling** page, accept the default settings, and then click **Next**.
-6.  On the **User Experience** page, accept the default settings, and then click **Next**.
-7.  On the **Alerts** page, accept the default settings, and then click **Next**.
-8.  On the **Summary** page, click **Next**, and then click **Close**.
-
-### Start the Windows 10 upgrade
-
-In this section, you start the Windows 10 Upgrade task sequence on PC0001 (currently running Windows 7 SP1).
-
-1.  On PC0001, start the **Software Center**.
-2.  Select the **Windows 10 Enterprise x64 Upgrade** task sequence, and then click **Install.**
-
-When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
-
-After the task sequence completes, the computer will be fully upgraded to Windows 10.
+In-place upgrade with Configuration Manager
 
 ## Related topics
 
-
-[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
-
+[Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
 [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620109)
-
- 
-
- 
-
-
-
-
-

windows/deployment/windows-10-deployment-scenarios.md

@@ -54,7 +54,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
       Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
     </td>
     <td align="center" style="width:16%; border:1;"> 
-<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
+<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
     </td>
   </tr>
   <tr>
@@ -108,7 +108,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
       Deploy a new device, or wipe an existing device and deploy with a fresh image. 
     </td>
     <td align="center" style="width:16%; border:1;"> 
- <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/configmgr/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with Microsoft Endpoint Configuration Manager</a>
+ <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager">Deploy Windows 10 using PXE and Configuration Manager</a>
     </td>
   </tr>
   <tr>
@@ -120,7 +120,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
       Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. 
     </td>
     <td align="center" style="width:16%; border:1;"> 
- <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-configmgr/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
+ <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
     </td>
   </tr>
   <tr>
@@ -132,7 +132,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
       Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
     </td>
     <td align="center" style="width:16%; border:1;"> 
- <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-configmgr/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
+ <a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
     </td>
   </tr>
 </table>

windows/security/threat-protection/TOC.md

@@ -459,7 +459,7 @@
 ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
 ####### [Get installed software](microsoft-defender-atp/get-installed-software.md)
 ####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md)
-####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md)
+####### [Get security recommendations](microsoft-defender-atp/get-security-recommendations.md)
 ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
 ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
 

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -256,7 +256,7 @@ Download the onboarding package from Microsoft Defender Security Center:
     - Open a Terminal window. Copy and execute the following command:
 
         ``` bash
-        curl -o ~/Downloads/eicar.com.txt http://www.eicar.org/download/eicar.com.txt
+        curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
         ```
 
     - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats:

windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md

@@ -67,7 +67,7 @@ You can validate that your exclusion lists are working by using `curl` to downlo
 In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path.
 
 ```bash
-$ curl -o test.txt http://www.eicar.org/download/eicar.com.txt
+$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
 ```
 
 If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).

windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md

@@ -362,9 +362,9 @@ Specifies the value of tag
 
 ## Recommended configuration profile
 
-To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
+To get started, we recommend the following configuration for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
 
-The following configuration profile will:
+The following configuration profile (or, in case of JAMF, a property list that could be uploaded into the custom settings configuration profile) will:
 - Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
@@ -372,7 +372,7 @@ The following configuration profile will:
 - Enable cloud-delivered protection
 - Enable automatic sample submission
 
-### JAMF profile
+### Property list for JAMF configuration profile
 
 ```XML
 <?xml version="1.0" encoding="UTF-8"?>
@@ -491,9 +491,9 @@ The following configuration profile will:
 
 ## Full configuration profile example
 
-The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender ATP for Mac.
+The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender ATP for Mac.
 
-### JAMF profile
+### Property list for JAMF configuration profile
 
 ```XML
 <?xml version="1.0" encoding="UTF-8"?>
@@ -734,16 +734,16 @@ The following configuration profile contains entries for all settings described
         </array>
 ```
 
-## Configuration profile validation
+## Property list validation
 
-The configuration profile must be a valid *.plist* file. This can be checked by executing:
+The property list must be a valid *.plist* file. This can be checked by executing:
 
 ```bash
 $ plutil -lint com.microsoft.wdav.plist
 com.microsoft.wdav.plist: OK
 ```
 
-If the configuration profile is well-formed, the above command outputs `OK` and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
+If the file is well-formed, the above command outputs `OK` and returns an exit code of `0`. Otherwise, an error that describes the issue is displayed and the command returns an exit code of `1`.
 
 ## Configuration profile deployment
 

windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md

@@ -25,6 +25,18 @@ ms.topic: article
 
 To onboard machines without Internet access, you'll need to take the following general steps:
 
+> [!IMPORTANT] 
+> The steps below are applicable only to machines running previous versions of Windows such as:
+Windows Server 2016 and earlier or Windows 8.1 and earlier.
+
+> [!NOTE]
+> An OMS gateway server can still be used as proxy for disconnected Windows 10 machines when configured via 'TelemetryProxyServer' registry or GPO.
+
+For more information, see the following articles:
+- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel)
+- [Onboard servers to the Microsoft Defender ATP service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
+- [Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#configure-the-proxy-server-manually-using-a-registry-based-static-proxy)
+
 ## On-premise machines
 
 - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -24,14 +24,15 @@ ms.topic: conceptual
 
 The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.
 
-> [!TIP] 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink) 
+> [!TIP]
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-abovefoldlink)
 
 Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
 
 For more information on new capabilities that are generally available, see [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md).
 
 ## Turn on preview features
+
 You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 
 Turn on the preview experience setting to be among the first to try upcoming features.
@@ -41,12 +42,13 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 
 ## Preview features
+
 The following features are included in the preview release:
 - [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) <br> Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux.
 
 - [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list) <BR>Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information.
- 
- - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os) <BR>Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019.
+
+ - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os) <BR> Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. <BR> <BR> Secure Configuration Assessment (SCA) supports Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, and Windows Server 2019. See [Secure Configuration Assessment (SCA) for Windows Server now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/secure-configuration-assessment-sca-for-windows-server-now-in/ba-p/1243885) and [Reducing risk with new Threat & Vulnerability Management capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/reducing-risk-with-new-threat-amp-vulnerability-management/ba-p/978145) blogs for more information.
 
 - [Threat & Vulnerability Management granular exploit details](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) <BR> You can now see a comprehensive set of details on the vulnerabilities found in your machine to give you informed decision on your next steps. The threat insights icon now shows more granular details, such as if the exploit is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has associated zero-day exploitation news, disclosures, or related security advisories.
  

windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md

@@ -8,121 +8,131 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
+ms.author: ellevin
+author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 04/11/2019
 ---
-# Remediation and exception
+# Remediation activities and exceptions
+
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
 >[!NOTE]
 >To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
 
-After your organization's cybersecurity weaknesses are identified and mapped to actionable security recommendations, you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
+After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
 
-You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
+Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
 
-## Navigate through your remediation options 
-You can access the remediation page in a few places in the portal:
-- Security recommendation flyout panel
-- Remediation in the navigation menu
-- Top remediation activities widget in the dashboard
+## Remediation
 
-*Security recommendation flyout page*
-<br>You'll see your remediation options when you select one of the security recommendation blocks from your **Top security recommendations** widget in the dashboard. 
-1. From the flyout panel, you'll see the security recommendation details including your next steps. Click **Remediation options**.
-2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**. 
+## How remediation requests work
+
+When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
+
+The dashboard will show the status of your top remediation activities. Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
+
+## Accessing the Remediation page
+
+You can access the Remediation page in a few places in the portal:
+
+- Security recommendations flyout panel
+- Navigation menu
+- Top remediation activities in the dashboard
+
+### Security recommendation flyout page
+
+You'll see remediation options when you select one of the security recommendations in the [Security recommendations page](tvm-security-recommendation.md).
+
+1. From the flyout panel, you'll see the security recommendation details including next steps. Select **Remediation options**.
+2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**.
+3. Select a remediation due date.
+4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance.
 
 >[!NOTE]
 >If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.
 
-3. Select a remediation due date.
-4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance. 
-
 If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
 
-*Remediation in the navigation menu*
-1. Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. You can filter your view based on remediation type, machine remediation progress, and exception justification. If you want to see the remediation activities of software which have reached their end-of-life, select **Software uninstall** from the **Remediation type** filter. If you want to see the remediation activities of software and software versions which have reached their end-of-life, select **Software update** from the **Remediation type** filter. Select **In progress** then click **Apply**.
+### Navigation menu
+
+1. Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization.
+      
+      To see software which has reached end-of-support, select **Software uninstall** from the **Remediation type** filter. For specific software versions which have reached end-of-support, select **Software update** from the **Remediation type** filter. Select **In progress** then **Apply**.
 ![Screenshot of the remediation page filters for software update and uninstall](images/remediation_swupdatefilter.png)
 
-2. Select the remediation activity that you need to see or process. 
-![Screenshot of the remediation page flyout for a software which reached its end-of-life](images/remediation_flyouteolsw.png)
+2. Select the remediation activity that you want to view.
+![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png)
 
-*Top remediation activities widget in the dashboard*
-1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** widget. The list is sorted and prioritized based on what is listed in the **Top security recommendations**. 
-2. Select the remediation activity that you need to see or process.
+### Top remediation activities card the dashboard
 
-## How it works
+1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** card. The list is sorted and prioritized based on what is listed in the **Top security recommendations**.
+2. Select the remediation activity that you want to view.
 
-When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. 
 
-It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation** page, and it also creates a remediation ticket in Microsoft Intune.
+## Exception options
 
-The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
+You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
 
-## When to file for exception instead of remediating issues 
-You can file exceptions to exclude certain recommendation from showing up in reports and affecting your configuration score.
-
-When you select a security recommendation, it opens up a flyout screen with details and options for your next step. You can either **Open software page**, choose from **Remediation options**, go through **Exception options** to file for exceptions, or **Report inaccuracy**.
-
-Select **Exception options** and a flyout screen opens.
+When you select a [security recommendation](tvm-security-recommendation.md), it opens a flyout screen with details and options for your next steps. Select **Exception options** to fill out the justification and context.
 
 ![Screenshot of exception flyout screen](images/tvm-exception-flyout.png)
 
 ### Exception justification
+
 If the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The following list details the justifications behind the exception options:
 
--   **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall -   -   prevents access to a machine, third party antivirus
--   **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow 
--   **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive
--   **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
--   **Other** - False positive
-   
-   
-   ![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
+- **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall -   -   prevents access to a machine, third party antivirus
+- **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow
+- **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive
+- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
+- **Other** - False positive
 
-### Exception visibility
-The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab.
-However, you also have the option to filter your view based on exception justification, type, and status.  
+![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
+
+### Where to find exceptions
+
+The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status.  
 
 ![Screenshot of exception tab and filters](images/tvm-exception-filters.png)
 
-Aside from that, there's also an option to **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. 
+You can also select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. Selecting the link opens a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
 
 ![Screenshot of Show exceptions link in the  Top security recommendations card in the dashboard](images/tvm-exception-dashboard.png)
 
-Clicking the link opens up to the **Security recommendations** page, where you can select the item exempted item with details.
+### Exception actions and statuses
 
-![Screenshot of exception details in the Security recommendation page](images/tvm-exception-details.png)
+You can take the following actions on an exception:
 
-### Actions on exceptions
--  Cancel - You can cancel the exceptions you've filed any time
--  Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
+- Cancel - You can cancel the exceptions you've filed any time
+- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
 
-### Exception status
--   **Canceled** - The exception has been canceled and is no longer in effect  
--   **Expired** - The exception that you've filed is no longer in effect
--   **In effect** - The exception that you've filed is in progress
+The following statuses will be a part of an exception:
+
+- **Canceled** - The exception has been canceled and is no longer in effect  
+- **Expired** - The exception that you've filed is no longer in effect
+- **In effect** - The exception that you've filed is in progress
 
 ### Exception impact on scores
+
 Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Configuration Score (for configurations) of your organization in the following manner:
--   **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
--   **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
--   **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
+
+- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
+- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
+- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
 
 The exception impact shows on both the Security recommendations page column and in the flyout pane.
 
 ![Screenshot of where to find the exception impact](images/tvm-exception-impact.png)
 
 ## Related topics
+
 - [Supported operating systems and platforms](tvm-supported-os.md)
 - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) 
 - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
@@ -132,11 +142,9 @@ The exception impact shows on both the Security recommendations page column and
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
-- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
-- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
-- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
-- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
-
-
+- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
+- [Recommendation APIs](vulnerability.md)
+- [Machine APIs](machine.md)
+- [Score APIs](score.md)
+- [Software APIs](software.md)
+- [Vulnerability APIs](vulnerability.md)

windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md

@@ -22,7 +22,7 @@ ms.topic: article
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
@@ -33,11 +33,11 @@ Operating system | Security assessment support
 Windows 7 | Operating System (OS) vulnerabilities
 Windows 8.1 | Not supported
 Windows 10 1607-1703 | Operating System (OS) vulnerabilities
-Windows 10 1709+ |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
-Windows Server 2008R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities
-Windows Server 2012R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities
-Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities
-Windows Server 2019 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities
+Windows 10 1709+ |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment 
+Windows Server 2008R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows Server 2012R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
+Windows Server 2019 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
 MacOS | Not supported (planned)
 Linux | Not supported (planned)
 

windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md

@@ -22,6 +22,9 @@ manager: dansimp
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+> [!IMPORTANT]
+> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
+
 You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the [Microsoft Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see [Windows 10 product licensing options](https://www.microsoft.com/licensing/product-licensing/windows10.aspx).
 
 When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of devices or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you might encounter problems or issues.

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -65,10 +65,10 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
 | **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.| 
-| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
-| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
-| **18 Disabled:Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
-| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically-loaded libraries. |
+| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.|
+| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above. |
+| **18 Disabled:Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. NOTE: This option is only supported on Windows 10, version 1903, and above. |
+| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically-loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. |
 
 ## Windows Defender Application Control file rule levels