Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into WUFB1

.openpublishing.redirection.json

@@ -1353,7 +1353,7 @@
 },
 {
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-siem",
 "redirect_document_id": false
 },
 {

windows/deployment/windows-autopilot/TOC.md

@@ -22,6 +22,7 @@
 ## [DFCI management](dfci-management.md)
 ## [Windows Autopilot update](autopilot-update.md)
 ## [Troubleshooting](troubleshooting.md)
+## [Policy conflicts](policy-conflicts.md)
 ## [Known issues](known-issues.md)
 
 # Support

windows/deployment/windows-autopilot/policy-conflicts.md

@@ -0,0 +1,37 @@
+---
+title: Windows Autopilot policy conflicts
+ms.reviewer: 
+manager: laurawi
+description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: mtniehaus
+ms.author: mniehaus
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - Policy Conflicts
+
+**Applies to**
+
+- Windows 10
+
+There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+
+<table>
+<th>Policy<th>More information
+
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+</table>
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)

windows/security/threat-protection/TOC.md

@@ -573,7 +573,6 @@
 ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
 ##### [Configure Micro Focus ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md)
 ##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
 ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)

windows/security/threat-protection/microsoft-defender-atp/configure-siem.md

@@ -27,10 +27,10 @@ ms.topic: article
 
 ## Pull detections using security information and events management (SIEM) tools
 
->[!Note]
+>[!NOTE]
 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
 

windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md

@@ -30,20 +30,20 @@ ms.topic: article
 
 Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Microsoft Defender ATP service.
 
-1. Create a folder:  'C:\test-WDATP-test'.
+1. Create a folder:  'C:\test-MDATP-test'.
 2. Open an elevated command-line prompt on the machine and run the script:
 
-    a.  Go to **Start** and type **cmd**.
+   1. Go to **Start** and type **cmd**.
 
-    b.  Right-click **Command Prompt** and select **Run as administrator**.
+   1. Right-click **Command Prompt** and select **Run as administrator**.
 
-    ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
+      ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
 3. At the prompt, copy and run the following command:
 
-    ```
-    powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
-    ```
+   ```powershell
+   powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'
+   ```
 
 The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.