Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into WUFB1

.openpublishing.redirection.json

@@ -1353,7 +1353,7 @@
 },
 {
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-siem",
 "redirect_document_id": false
 },
 {

windows/deployment/windows-autopilot/TOC.md

@@ -22,6 +22,7 @@
 ## [DFCI management](dfci-management.md)
 ## [Windows Autopilot update](autopilot-update.md)
 ## [Troubleshooting](troubleshooting.md)
+## [Policy conflicts](policy-conflicts.md)
 ## [Known issues](known-issues.md)
 
 # Support

windows/deployment/windows-autopilot/policy-conflicts.md

@@ -0,0 +1,37 @@
+---
+title: Windows Autopilot policy conflicts
+ms.reviewer: 
+manager: laurawi
+description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: mtniehaus
+ms.author: mniehaus
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - Policy Conflicts
+
+**Applies to**
+
+- Windows 10
+
+There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+
+<table>
+<th>Policy<th>More information
+
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+</table>
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)

windows/security/threat-protection/TOC.md

@@ -573,7 +573,6 @@
 ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
 ##### [Configure Micro Focus ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md)
 ##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
 ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)

windows/security/threat-protection/microsoft-defender-atp/configure-siem.md

@@ -27,7 +27,7 @@ ms.topic: article
 
 ## Pull detections using security information and events management (SIEM) tools
 
->[!Note]
+>[!NOTE]
 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
 >- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).

windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md

@@ -30,19 +30,19 @@ ms.topic: article
 
 Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Microsoft Defender ATP service.
 
-1. Create a folder:  'C:\test-WDATP-test'.
+1. Create a folder:  'C:\test-MDATP-test'.
 2. Open an elevated command-line prompt on the machine and run the script:
 
-    a.  Go to **Start** and type **cmd**.
+   1. Go to **Start** and type **cmd**.
 
-    b.  Right-click **Command Prompt** and select **Run as administrator**.
+   1. Right-click **Command Prompt** and select **Run as administrator**.
 
       ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
 
 3. At the prompt, copy and run the following command:
 
-    ```
+   ```powershell
-    powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
+   powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'
    ```
 
 The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded machine in approximately 10 minutes.