Merge branch 'master' into jamf

windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md

@@ -1,6 +1,6 @@
 ---
 title: Only Allow Admins to Enable Connection Groups (Windows 10)
-description: How to Allow Only Administrators to Enable Connection Groups
+description: Configure the App-V client so that only administrators, not users, can enable or disable connection groups.
 author: dansimp
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md

@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
-description: How to Deploy the App-V Databases by Using SQL Scripts
+description: These instructions can be used to deploy App-V databases by using SQL scripts.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

windows/application-management/app-v/appv-deploy-the-appv-server.md

@@ -1,6 +1,6 @@
 ---
 title: How to Deploy the App-V Server (Windows 10)
-description: How to Deploy the App-V Server in App-V for Windows 10
+description: Use these instructions to deploy the App-V Server in App-V for Windows 10.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md

@@ -1,6 +1,6 @@
 ---
 title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
-description: Deploying Microsoft Office 2010 by Using App-V
+description: See the methods for creating Microsoft Office 2010 packages by Using App-V.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

windows/application-management/app-v/appv-supported-configurations.md

@@ -1,6 +1,6 @@
 ---
 title: App-V Supported Configurations (Windows 10)
-description: App-V Supported Configurations
+description: Learn the requirements to install and run App-V supported configurations in your Windows 10 environment.
 author: lomayor
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy

windows/client-management/mdm/bootstrap-csp.md

@@ -1,6 +1,6 @@
 ---
 title: BOOTSTRAP CSP
-description: BOOTSTRAP CSP
+description: Use the BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device.
 ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/enterpriseappmanagement-csp.md

@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAppManagement CSP
-description: EnterpriseAppManagement CSP
+description: Handle enterprise application management tasks using EnterpriseAppManagement configuration service provider (CSP).
 ms.assetid: 698b8bf4-652e-474b-97e4-381031357623
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/enterpriseassignedaccess-csp.md

@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAssignedAccess CSP
-description: EnterpriseAssignedAccess CSP
+description: Use the EnterpriseAssignedAccess CSP to configure custom layouts on a device. 
 ms.assetid: 5F88E567-77AA-4822-A0BC-3B31100639AA
 ms.reviewer: 
 manager: dansimp
@@ -306,7 +306,7 @@ Starting in Windows 10, version 1511, you can specify the following quick acti
 <p>Dependencies - none</p></li>
 </ul>
 
-Starting in Windows 10, version 1703, Quick action settings no longer require any dependencis from related group or page. Here is the list:
+Starting in Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page. Here is the list:
 - QuickActions_Launcher_AllSettings
 - QuickActions_Launcher_DeviceDiscovery
 - SystemSettings_BatterySaver_LandingPage_OverrideControl
@@ -1600,7 +1600,7 @@ The following table lists the product ID and AUMID for each app that is included
 <td>Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x</td>
 </tr>
 <tr class="even">
-<td>Powerpoint</td>
+<td>PowerPoint</td>
 <td>B50483C4-8046-4E1B-81BA-590B24935798</td>
 <td>Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim</td>
 </tr>

windows/client-management/mdm/enterpriseassignedaccess-ddf.md

@@ -1,6 +1,6 @@
 ---
 title: EnterpriseAssignedAccess DDF
-description: EnterpriseAssignedAccess DDF
+description: Utilize the OMA DM device description framework (DDF) for the EnterpriseAssignedAccess configuration service provider.
 ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/mdm-enrollment-of-windows-devices.md

@@ -1,6 +1,6 @@
 ---
-title: MDM enrollment of Windows-based devices
+title: MDM enrollment of Windows 10-based devices
-description: MDM enrollment of Windows-based devices
+description: MDM enrollment of Windows 10-based devices
 MS-HAID:
 - 'p\_phdevicemgmt.enrollment\_ui'
 - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
@@ -15,35 +15,29 @@ author: manikadhiman
 ms.date: 11/15/2017
 ---
 
-# MDM enrollment of Windows-based devices
+# MDM enrollment of Windows 10-based devices
 
+In today’s cloud-first world, enterprise IT departments increasingly want to let employees use their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization’s resources, such as apps, the corporate network, and email.
 
-This topic describes the user experience of enrolling Windows 10-based PCs and devices.
+> [!NOTE]
+> When you connect your device using mobile device management (MDM) enrollment, your organization may enforce certain policies on your device.
 
-In today’s cloud-first world, enterprise IT departments increasingly want to let employees bring their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization’s resources (such as apps, the corporate network, and email).
+## Connect corporate-owned Windows 10-based devices
 
-> **Note**  When you connect your device using mobile device management (MDM) enrollment, your organization may enforce certain policies on your device.
+You can connect corporate-owned devices to work by either joining the device to an Active Directory domain, or to an Azure Active Directory (Azure AD) domain. Windows 10 does not require a personal Microsoft account on devices joined to Azure AD or an on-premises Active Directory domain.
-
- 
-
-## Connecting corporate-owned Windows 10-based devices
-
-
-Corporate owned devices can be connected to work either by joining the device to an Active Directory domain or an Azure Active Directory (Azure AD) domain. Windows 10 does not require a personal Microsoft account on devices joined to Azure AD or an on-premises Active Directory domain.
 
 ![active directory azure ad signin](images/unifiedenrollment-rs1-1.png)
 
-### Connecting your device to an Active Directory domain (Join a domain)
+### Connect your device to an Active Directory domain (join a domain)
 
-Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education can be connected to an Active Directory domain. These devices can be connected using the Settings app.
+Devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education can be connected to an Active Directory domain using the Settings app.
 
-> **Note**  Mobile devices cannot be connected to an Active Directory domain.
+> [!NOTE]
+> Mobile devices cannot be connected to an Active Directory domain.
 
+### Out-of-box-experience 
 
-
+Joining your device to an Active Directory domain during the out-of-box-experience (OOBE) is not supported. To join a domain:
-### Out-of-box-experience (OOBE)
-
-Because joining your device to an Active Directory domain during the OOBE is not supported, you’ll need to first create a local account and then connect the device using the Settings app.
 
 1.  On the **Who Owns this PC?** page, select **My work or school owns it**.
 
@@ -53,11 +47,13 @@ Because joining your device to an Active Directory domain during the OOBE is not
 
     ![select domain or azure ad](images/unifiedenrollment-rs1-3.png)
 
-3.  You will next see a prompt to set up a local account on the device. Enter your local account details and then click **Next** to continue.
+3.  You'll see a prompt to set up a local account on the device. Enter your local account details, and then select **Next** to continue.
 
     ![create pc account](images/unifiedenrollment-rs1-4.png)
 
-### Using the Settings app
+### Use the Settings app
+
+To create a local account and connect the device:
 
 1.  Launch the Settings app.
 
@@ -71,42 +67,44 @@ Because joining your device to an Active Directory domain during the OOBE is not
 
     ![select access work or school](images/unifiedenrollment-rs1-7.png)
 
-4.  Click **Connect**.
+4.  Select **Connect**.
 
     ![connect to work or school](images/unifiedenrollment-rs1-8.png)
 
-5.  Under **Alternate actions**, click **Join this device to a local Active Directory domain**.
+5.  Under **Alternate actions**, select **Join this device to a local Active Directory domain**.
 
     ![join account to active directory domain](images/unifiedenrollment-rs1-9.png)
 
-6.  Type in your domain name, follow the instructions, and then click **Next** to continue. After you complete the flow and reboot your device, it should be connected to your Active Directory domain. You can now log into the device using your domain credentials.
+6.  Type in your domain name, follow the instructions, and then select **Next** to continue. After you complete the flow and restart your device, it should be connected to your Active Directory domain. You can now sign in to the device using your domain credentials.
 
     ![type in domain name](images/unifiedenrollment-rs1-10.png)
 
 ### Help with connecting to an Active Directory domain
 
-There are a few instances where your device cannot be connected to an Active Directory domain:
+There are a few instances where your device cannot be connected to an Active Directory domain.
 
-| Connection issue                                                | Explanation                                                                                                                                                                                                               |
+| Connection issue                                                | Description                                                                                                                                                                                                               |
 |-----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Your device is already connected to an Active Directory domain. | Your device can be connected to only a single Active Directory domain at a time.                                                                                                                                          |
+| Your device is already connected to an Active Directory domain. | Your device can only be connected to a single Active Directory domain at a time.                                                                                                                                          |
 | Your device is connected to an Azure AD domain.                 | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously.                                                                                       |
 | You are logged in as a standard user.                           | Your device can only be connected to an Azure AD domain if you are logged in as an administrative user. You’ll need to switch to an administrator account to continue.                                                    |
 | Your device is running Windows 10 Home.                         | This feature is not available on Windows 10 Home, so you will be unable to connect to an Active Directory domain. You will need to upgrade to Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education to continue. |
 
  
 
-### Connecting your device to an Azure AD domain (Join Azure AD)
+### Connect your device to an Azure AD domain (join Azure AD)
 
 All Windows devices can be connected to an Azure AD domain. These devices can be connected during OOBE. Additionally, desktop devices can be connected to an Azure AD domain using the Settings app.
 
-### Out-of-box-experience (OOBE)
+### Out-of-box-experience
 
-1.  Select **My work or school owns it**, then click **Next.**
+To join a domain:
+
+1.  Select **My work or school owns it**, then select **Next.**
 
     ![oobe local account creation](images/unifiedenrollment-rs1-11.png)
 
-2.  Click **Join Azure AD**, then click **Next.**
+2.  Select **Join Azure AD**, and then select **Next.**
 
     ![select domain or azure ad](images/unifiedenrollment-rs1-12.png)
 
@@ -118,7 +116,9 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
     ![azure ad signin](images/unifiedenrollment-rs1-13.png)
 
-### Using the Settings app
+### Use the Settings app
+
+To create a local account and connect the device:
 
 1.  Launch the Settings app.
 
@@ -132,11 +132,11 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
     ![select access work or school](images/unifiedenrollment-rs1-16.png)
 
-4.  Click **Connect**.
+4.  Select **Connect**.
 
     ![connect to work or school](images/unifiedenrollment-rs1-17.png)
 
-5.  Under **Alternate Actions**, click **Join this device to Azure Active Directory**.
+5.  Under **Alternate Actions**, selct **Join this device to Azure Active Directory**.
 
     ![join work or school account to azure ad](images/unifiedenrollment-rs1-18.png)
 
@@ -144,7 +144,7 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
     ![azure ad sign in](images/unifiedenrollment-rs1-19.png)
 
-7.  If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly on this page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+7.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and you can enter your password directly on this page. If the tenant is part of a federated domain, you are redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
@@ -156,9 +156,9 @@ All Windows devices can be connected to an Azure AD domain. These devices can be
 
 ### Help with connecting to an Azure AD domain
 
-There are a few instances where your device cannot be connected to an Azure AD domain:
+There are a few instances where your device cannot be connected to an Azure AD domain.
 
-| Connection issue                                                | Explanation                                                                                                                                                                                                                |
+| Connection issue                                                | Description                                                                                                                                                                                                                |
 |-----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Your device is connected to an Azure AD domain.                 | Your device can only be connected to a single Azure AD domain at a time.                                                                                                                                                   |
 | Your device is already connected to an Active Directory domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You cannot connect to both simultaneously.                                                                                        |
@@ -169,18 +169,20 @@ There are a few instances where your device cannot be connected to an Azure AD d
 
  
 
-## Connecting personally-owned devices (Bring your own device)
+## Connect personally-owned devices 
 
 
-Personally owned devices, also known as bring your own device or BYOD, can be connected to a work or school account or to MDM. Windows 10 does not require a personal Microsoft account on devices to connect to work or school.
+Personally-owned devices, also known as bring your own device (BYOD), can be connected to a work or school account, or to MDM. Windows 10 does not require a personal Microsoft account on devices to connect to work or school.
 
-### Connecting to a work or school account
+### Connect to a work or school account
 
-All Windows 10-based devices can be connected to a work or school account. You can connect to a work or school account either through the Settings app or through any of the numerous Universal Windows Platform (UWP) apps such as the universal Office apps.
+All Windows 10-based devices can be connected to a work or school account. You can connect to a work or school account either through the Settings app or through any of the numerous Universal Windows Platform (UWP) apps, such as the universal Office apps.
 
-### Using the Settings app
+### Use the Settings app
 
-1.  Launch the Settings app and then click **Accounts**. Click **Start**, then the Settings icon, and then select **Accounts**
+To create a local account and connect the device:
+
+1.  Launch the Settings app, and then select **Accounts** >**Start** > **Settings** > **Accounts**.
 
     ![windows settings page](images/unifiedenrollment-rs1-21-b.png)
 
@@ -188,7 +190,7 @@ All Windows 10-based devices can be connected to a work or school account. You
 
     ![select access work or school](images/unifiedenrollment-rs1-23-b.png)
 
-3.  Click **Connect**.
+3.  Select **Connect**.
 
     ![connect to work or school](images/unifiedenrollment-rs1-24-b.png)
 
@@ -196,7 +198,7 @@ All Windows 10-based devices can be connected to a work or school account. You
 
     ![join work or school account to azure ad](images/unifiedenrollment-rs1-25-b.png)
 
-5.  If the tenant is a cloud only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you will be able to enter your password directly into the page. If the tenant is part of a federated domain, you will be redirected to the organization's on-premises federation server, such as AD FS, for authentication.
+5.  If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and can enter your password directly into the page. If the tenant is part of a federated domain, you are redirected to the organization's on-premises federation server, such as AD FS, for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
@@ -210,11 +212,13 @@ All Windows 10-based devices can be connected to a work or school account. You
 
     ![account successfully added](images/unifiedenrollment-rs1-27.png)
 
-### Connecting to MDM on a desktop (Enrolling in device management)
+### Connect to MDM on a desktop (enrolling in device management)
 
-All Windows 10-based devices can be connected to an MDM. You can connect to an MDM through the Settings app.
+All Windows 10-based devices can be connected to MDM. You can connect to an MDM through the Settings app.
 
-### Using the Settings app
+### Use the Settings app
+
+To create a local account and connect the device:
 
 1. Launch the Settings app.
 
@@ -228,7 +232,7 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an
 
    ![access work or school](images/unifiedenrollment-rs1-30.png)
 
-4. Click the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
    ![connect to work or school](images/unifiedenrollment-rs1-31.png)
 
@@ -245,17 +249,17 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an
    After you complete the flow, your device will be connected to your organization’s MDM.
    
 
-### Connecting to MDM on a phone (Enrolling in device management)
+### Connect to MDM on a phone (enroll in device management)
 
-1.  Launch the **Settings** app and then click **Accounts**.
+1.  Launch the Settings app, and then select **Accounts**.
 
     ![phone settings](images/unifiedenrollment-rs1-38.png)
 
-2.  Click **Access work or school**.
+2.  Select **Access work or school**.
 
     ![phone settings](images/unifiedenrollment-rs1-39.png)
 
-3.  Click the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
     ![access work or school page](images/unifiedenrollment-rs1-40.png)
 
@@ -273,7 +277,7 @@ All Windows 10-based devices can be connected to an MDM. You can connect to an
 
 ### Help with connecting personally-owned devices
 
-There are a few instances where your device may not be able to connect to work, as described in the following table.
+There are a few instances where your device may not be able to connect to work.
 
 | Error Message                                                                                                                                                                              | Description                                                                                         |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -284,20 +288,20 @@ There are a few instances where your device may not be able to connect to work,
 | We couldn’t auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
 
  
-## Connecting your Windows 10-based device to work using a deep link
+## Connect your Windows 10-based device to work using a deep link
 
 
-Windows 10-based devices may be connected to work using a deep link. Users will be able to click or open a link in a particular format from anywhere in Windows 10 and be directed to the new enrollment experience.
+Windows 10-based devices may be connected to work using a deep link. Users will be able to select or open a link in a particular format from anywhere in Windows 10, and be directed to the new enrollment experience.
 
 In Windows 10, version 1607, deep linking will only be supported for connecting devices to MDM. It will not support adding a work or school account, joining a device to Azure AD, and joining a device to Active Directory.
 
-The deep link used for connecting your device to work will always use the following format:
+The deep link used for connecting your device to work will always use the following format.
 
 **ms-device-enrollment:?mode={mode\_name}**
 
 | Parameter | Description                                                  | Supported Value for Windows 10|
 |-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| MDM (Mobile Device Management), AWA (Adding Work Account), and AADJ (Azure Active Directory Joined).                                       |
+| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory Joined (AADJ).                                       |
 |username  | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
 | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |
@@ -305,47 +309,44 @@ The deep link used for connecting your device to work will always use the follow
 | tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to identify which tenant the device or user belongs to. Added in Windows 10, version 1703. | GUID or string |
 | ownership | Custom parameter for MDM servers to use as they see fit. Typically, this can be used to determine whether the device is BYOD or Corp Owned. Added in Windows 10, version 1703. | 1, 2, or 3 |
 
-> **Note**  "awa" and "aadj" values for mode are only supported on Windows 10, version 1709 and later. 
+> [!NOTE]
+> AWA and AADJ values for mode are only supported on Windows 10, version 1709 and later. 
 
 
-### Connecting to MDM using a deep link
+### Connect to MDM using a deep link
 
-> **Note** Deep links only work with Internet Explorer or Edge browsers.
+> [!NOTE]
-When connecting to MDM using a deep link, the URI you should use is
+> Deep links only work with Internet Explorer or Microsoft Edge browsers. When connecting to MDM using a deep link, the URI you should use is:
+> **ms-device-enrollment:?mode=mdm** 
+> **ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=<https://example.server.com>**
 
-**ms-device-enrollment:?mode=mdm** 
+To connect your devices to MDM using deep links:
-**ms-device-enrollment:?mode=mdm&username=someone@example.com&servername=<https://example.server.com>**
 
-The following procedure describes how users can connect their devices to MDM using deep links.
+1.  Starting with Windows 10, version 1607, create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm**, and user-friendly display text, such as **Click here to connect Windows to work**:
 
-1.  Starting with Windows 10, version 1607, you can create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm** and user-friendly display text, such as **Click here to connect Windows to work**:
+    > (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
 
-    > **Note**  This will launch the flow equivalent to the Enroll into device management option in Windows 10, version 1511.
+    - IT admins can add this link to a welcome email that users can select to enroll into MDM.
-
-    - IT admins can add this link to a welcome email that users can click on to enroll into MDM.
 
       ![using enrollment deeplink in email](images/deeplinkenrollment1.png)
 
     - IT admins can also add this link to an internal web page that users refer to enrollment instructions.
 
-2.  After clicking the link or running it, Windows 10 will launch the enrollment app in a special mode that only allows MDM enrollments (similar to the Enroll into device management option in Windows 10, version 1511).
+2.  After you select the link or run it, Windows 10 launches the enrollment app in a special mode that only allows MDM enrollments (similar to the Enroll into device management option in Windows 10, version 1511).
 
     Type in your work email address.
 
     ![set up work or school account](images/deeplinkenrollment3.png)
 
-3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information.
+3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
-
-    > **Note**  Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
-
-    After you complete the flow, your device will be connected to your organization’s MDM.
 
+After you complete the flow, your device will be connected to your organization’s MDM.
     ![corporate sign in](images/deeplinkenrollment4.png)
 
-## Managing connections
+## Manage connections
 
 
-Your work or school connections can be managed on the **Settings** &gt; **Accounts** &gt; **Access work or school** page. Your connections will show on this page and clicking on one will expand options for that connection.
+To manage your work or school connections, select **Settings** > **Accounts** > **Access work or school**. Your connections will show on this page and selecting one will expand options for that connection.
 
 ![managing work or school account](images/unifiedenrollment-rs1-34-b.png)
 
@@ -357,30 +358,31 @@ The **Info** button can be found on work or school connections involving MDM. Th
 -   Connecting your device to a work or school account that has auto-enroll into MDM configured.
 -   Connecting your device to MDM.
 
-Clicking the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You’ll be able to view your organization’s support information (if configured) on this page. You’ll also be able to start a sync session which will force your device to communicate to the MDM server and fetch any updates to policies if needed.
+Selecting the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You’ll be able to view your organization’s support information (if configured) on this page. You’ll also be able to start a sync session which forces your device to communicate to the MDM server and fetch any updates to policies if needed.
 
-Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
+Starting in Windows 10, version 1709, selecting the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
 
 ![work or school info](images/unifiedenrollment-rs1-35-b.png)
 
-> [NOTE]
+> [!NOTE]
 > Starting in Windows 10, version 1709, the **Manage** button is no longer available. 
 
 ### Disconnect
 
-The **Disconnect** button can be found on all work connections. Generally, clicking the **Disconnect** button will remove the connection from the device. There are a few exceptions to this:
+The **Disconnect** button can be found on all work connections. Generally, selecting the **Disconnect** button will remove the connection from the device. There are a few exceptions to this:
 
 -   Devices that enforce the AllowManualMDMUnenrollment policy will not allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
 -   On mobile devices, you cannot disconnect from Azure AD. These connections can only be removed by wiping the device.
 
-> **Warning**  Disconnecting might result in the loss of data on the device.
+> [!WARNING]  
+> Disconnecting might result in the loss of data on the device.
 
 ## Collecting diagnostic logs
 
 
-You can collect diagnostic logs around your work connections by going to **Settings** &gt; **Accounts** &gt; **Access work or school**, and clicking the **Export your management logs** link under **Related Settings**. After you click the link, click **Export** and follow the path displayed to retrieve your management log files.
+You can collect diagnostic logs around your work connections by going to **Settings** > **Accounts** > **Access work or school**, and then selecting the **Export your management logs** link under **Related Settings**. Next, select **Export**, and follow the path displayed to retrieve your management log files.
 
-Starting in Windows 10, version 1709, you can get the advanced diagnostic report by going to **Settings** &gt; **Accounts** &gt; **Access work or school**, and clicking the **Info** button. At the bottom of the Settings page you will see the button to create a report. Here is an example screenshot.
+Starting in Windows 10, version 1709, you can get the advanced diagnostic report by going to **Settings** > **Accounts** > **Access work or school**, and selecting the **Info** button. At the bottom of the Settings page, you will see the button to create a report, as shown here.
 
 ![collecting enrollment management log files](images/unifiedenrollment-rs1-37-c.png)
 

windows/client-management/mdm/messaging-csp.md

@@ -1,6 +1,6 @@
 ---
 title: Messaging CSP
-description: Messaging CSP
+description: Use the Messaging CSP to configure the ability to get text messages audited on a mobile device.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/messaging-ddf.md

@@ -1,6 +1,6 @@
 ---
 title: Messaging DDF file
-description: Messaging DDF file
+description: Utilize the OMA DM device description framework (DDF) for the Messaging configuration service provider.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -727,7 +727,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>
@@ -1226,7 +1226,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 </ul>
 </td></tr>
 <tr class="even">
-<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link)">Connecting your Windows 10-based device to work using a deep link</a></td>
+<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link)">Connect your Windows 10-based device to work using a deep link</a></td>
 <td style="vertical-align:top"><p>Added following deep link parameters to the table:</p>
 <ul>
 <li>Username</li>
@@ -2899,7 +2899,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connections](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connections](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 </tbody>
 </table>

windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - LocalPoliciesSecurityOptions
-description: Policy CSP - LocalPoliciesSecurityOptions
+description: These settings prevents users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/policy-csp-printers.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Printers
-description: Policy CSP - Printers
+description: Use this policy setting to control the client Point and Print behavior, including  security prompts for Windows Vista computers. 
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/client-management/mdm/policy-csp-start.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Start
-description: Policy CSP - Start
+description: Use this policy CSP to control the visibility of the Documents shortcut on the Start menu.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
@@ -1374,7 +1374,7 @@ To validate on Desktop, do the following:
 > [!NOTE]
 > This policy requires reboot to take effect.
 
-Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing.
+Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jump lists from appearing.
 
 <!--/Description-->
 <!--SupportedValues-->
@@ -1389,13 +1389,13 @@ To validate on Desktop, do the following:
 
 1.   Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings.
 2.   Pin Photos to the taskbar, and open some images in the photos app.
-3.   Right click the pinned photos app and verify that a jumplist of recently opened items pops up.
+3.   Right click the pinned photos app and verify that a jump list of recently opened items pops up.
 4.   Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists.
 5.   Enable policy.
 6.   Restart explorer.exe
 7.   Check that Settings toggle is grayed out.
 8.   Repeat Step 2.
-9.   Right Click pinned photos app and verify that there is no jumplist of recent items.
+9.   Right Click pinned photos app and verify that there is no jump list of recent items.
 
 <!--/Validation-->
 <!--/Policy-->

windows/client-management/mdm/policy-csp-update.md

@@ -1,6 +1,6 @@
 ---
 title: Policy CSP - Update
-description: Policy CSP - Update
+description: Manage a range of active hours for when update reboots are not scheduled.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10

windows/deployment/update/update-compliance-monitor.md

@@ -30,7 +30,7 @@ Update Compliance enables organizations to:
 * View a report of device and update issues related to compliance that need attention.
 * Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](waas-delivery-optimization.md).
 
-Update Compliance is offered through the Azure portal, and is included as part of Windows 10 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
+Update Compliance is offered through the Azure portal, and is included as part of Windows 10 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites). Azure Log Analytics ingestion and retention charges are not incurred on your Azure subscription for Update Compliance data.
 
 Update Compliance uses Windows 10 diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, and Delivery Optimization usage data, and then sends this data to a customer-owned [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace to power the experience.
 

windows/deployment/usmt/usmt-common-migration-scenarios.md

@@ -1,6 +1,6 @@
 ---
 title: Common Migration Scenarios (Windows 10)
-description: Common Migration Scenarios
+description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades.
 ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
 ms.reviewer: 
 manager: laurawi

windows/deployment/windows-10-deployment-tools.md

@@ -1,6 +1,6 @@
 ---
 title: Windows 10 deployment tools
-description: Browse through documentation describing Windows 10 deployment tools. Learn how to use these these tools to successfully deploy Windows 10 to your organization.
+description: Learn how to use Windows 10 deployment tools to successfully deploy Windows 10 to your organization.
 ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
 ms.reviewer: 
 manager: laurawi

windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md

@@ -1,6 +1,6 @@
 ---
 title: Hybrid Windows Hello for Business Prerequisites
-description: Prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
+description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md

@@ -199,6 +199,279 @@ The following table describes how the wildcards can be used and provides some ex
 
 <a id="review"></a>
 
+### System environmental variables
+
+The following table lists and describes the system account environmental variables. 
+
+<table border="0" cellspacing="0" cellpadding="20">
+<thead>
+<tr>
+<th valign="top">System environment variables</th>
+<th valign="top">Will redirect to:</th>
+</tr>
+</thead><tbody>
+<tr>
+<td valign="top">%APPDATA%</td>
+<td valign="top">C:\Users\UserName.DomainName\AppData\Roaming</td>
+</tr>
+<tr>
+<td valign="top">%APPDATA%\Microsoft\Internet Explorer\Quick Launch</td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch</td>
+</tr>
+<tr>
+<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu</td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu</td>
+</tr>
+<tr>
+<td valign="top">%APPDATA%\Microsoft\Windows\Start Menu\Programs</td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs</td>
+</tr>
+<tr>
+<td valign="top">%LOCALAPPDATA% </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
+</tr>
+<tr>
+<td valign="top">%ProgramData%</td>
+<td valign="top">C:\ProgramData</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles%</td>
+<td valign="top">C:\Program Files</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles%\Common Files </td>
+<td valign="top">C:\Program Files\Common Files</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles%\Windows Sidebar\Gadgets </td>
+<td valign="top">C:\Program Files\Windows Sidebar\Gadgets</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles%\Common Files</td>
+<td valign="top">C:\Program Files\Common Files</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles(x86)% </td>
+<td valign="top">C:\Program Files (x86)</td>
+</tr>
+<tr>
+<td valign="top">%ProgramFiles(x86)%\Common Files </td>
+<td valign="top">C:\Program Files (x86)\Common Files</td>
+</tr>
+<tr>
+<td valign="top">%SystemDrive%</td>
+<td valign="top">C:</td>
+</tr>
+<tr>
+<td valign="top">%SystemDrive%\Program Files</td>
+<td valign="top">C:\Program Files</td>
+</tr>
+<tr>
+<td valign="top">%SystemDrive%\Program Files (x86) </td>
+<td valign="top">C:\Program Files (x86)</td>
+</tr>
+<tr>
+<td valign="top">%SystemDrive%\Users </td>
+<td valign="top">C:\Users</td>
+</tr>
+<tr>
+<td valign="top">%SystemDrive%\Users\Public</td>
+<td valign="top">C:\Users\Public</td>
+</tr>
+<tr>
+<td valign="top">%SystemRoot%</td>
+<td valign="top"> C:\Windows</td>
+</tr>
+<tr>
+<td valign="top">%windir%</td>
+<td valign="top">C:\Windows</td>
+</tr>
+<tr>
+<td valign="top">%windir%\Fonts</td>
+<td valign="top">C:\Windows\Fonts</td>
+</tr>
+<tr>
+<td valign="top">%windir%\Resources </td>
+<td valign="top">C:\Windows\Resources</td>
+</tr>
+<tr>
+<td valign="top">%windir%\resources\0409</td>
+<td valign="top">C:\Windows\resources\0409</td>
+</tr>
+<tr>
+<td valign="top">%windir%\system32</td>
+<td valign="top">C:\Windows\System32</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%</td>
+<td valign="top">C:\ProgramData</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Application Data</td>
+<td valign="top">C:\ProgramData\Application Data</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents</td>
+<td valign="top">C:\ProgramData\Documents</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents\My Music\Sample Music</td>
+<td valign="top">
+<p>C:\ProgramData\Documents\My Music\Sample Music</p>
+<p>.</p>
+</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents\My Music </td>
+<td valign="top">C:\ProgramData\Documents\My Music</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures </td>
+<td valign="top">
+<p>C:\ProgramData\Documents\My Pictures
+</p>
+</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures </td>
+<td valign="top">C:\ProgramData\Documents\My Pictures\Sample Pictures</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Documents\My Videos </td>
+<td valign="top">C:\ProgramData\Documents\My Videos</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\DeviceMetadataStore</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\GameExplorer</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Ringtones</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs </td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Microsoft\Windows\Templates </td>
+<td valign="top">C:\ProgramData\Microsoft\Windows\Templates</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Start Menu </td>
+<td valign="top">C:\ProgramData\Start Menu</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs </td>
+<td valign="top">C:\ProgramData\Start Menu\Programs</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools </td>
+<td valign="top">C:\ProgramData\Start Menu\Programs\Administrative Tools</td>
+</tr>
+<tr>
+<td valign="top">%ALLUSERSPROFILE%\Templates </td>
+<td valign="top">C:\ProgramData\Templates</td>
+</tr>
+<tr>
+<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates</td>
+</tr>
+<tr>
+<td valign="top">%LOCALAPPDATA%\Microsoft\Windows\History </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History</td>
+</tr>
+<tr>
+<td valign="top">
+<p>
+%PUBLIC% </p>
+</td>
+<td valign="top">C:\Users\Public</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\AccountPictures </td>
+<td valign="top">C:\Users\Public\AccountPictures</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Desktop </td>
+<td valign="top">C:\Users\Public\Desktop</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Documents </td>
+<td valign="top">C:\Users\Public\Documents</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Downloads </td>
+<td valign="top">C:\Users\Public\Downloads</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Music\Sample Music </td>
+<td valign="top">
+<p>C:\Users\Public\Music\Sample Music</p>
+<p>.</p>
+</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Music\Sample Playlists </td>
+<td valign="top">
+<p>C:\Users\Public\Music\Sample Playlists</p>
+<p>.</p>
+</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Pictures\Sample Pictures </td>
+<td valign="top">C:\Users\Public\Pictures\Sample Pictures</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\RecordedTV.library-ms</td>
+<td valign="top">C:\Users\Public\RecordedTV.library-ms</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Videos</td>
+<td valign="top">C:\Users\Public\Videos</td>
+</tr>
+<tr>
+<td valign="top">%PUBLIC%\Videos\Sample Videos</td>
+<td valign="top">
+<p>C:\Users\Public\Videos\Sample Videos</p>
+<p>.</p>
+</td>
+</tr>
+<tr>
+<td valign="top">%USERPROFILE% </td>
+<td valign="top">C:\Windows\System32\config\systemprofile</td>
+</tr>
+<tr>
+<td valign="top">%USERPROFILE%\AppData\Local </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Local</td>
+</tr>
+<tr>
+<td valign="top">%USERPROFILE%\AppData\LocalLow </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\LocalLow</td>
+</tr>
+<tr>
+<td valign="top">%USERPROFILE%\AppData\Roaming </td>
+<td valign="top">C:\Windows\System32\config\systemprofile\AppData\Roaming</td>
+</tr>
+</tbody>
+</table>
+
+
 ## Review the list of exclusions
 
 You can retrieve the items in the exclusion list using one of the following methods:
@@ -223,6 +496,9 @@ If you use PowerShell, you can retrieve the list in two ways:
 To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command:
 
 ```DOS
+Start, CMD (Run as admin)
+cd "%programdata%\microsoft\windows defender\platform"
+cd 4.18.1812.3 (Where 4.18.1812.3 is this month's MDAV "Platform Update".)
 MpCmdRun.exe -CheckExclusion -path <path>
 ```
 

windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md

@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 10/08/2018
+ms.date: 06/25/2020
 ms.reviewer: 
 manager: dansimp
 ---

windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

@@ -13,7 +13,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date: 02/12/2020
+ms.date:
 ms.reviewer: 
 manager: dansimp
 ---
@@ -25,6 +25,9 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
 
+> [!NOTE]
+> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might not be be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
+
 Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
 
 For example:

windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md

@@ -52,7 +52,7 @@ There are five locations where you can specify where an endpoint should obtain u
 - [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq)
 - [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus)
 - [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates)
-- [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview)
+- [Network file share](#unc-share)
 - [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.)
 
 To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. 
@@ -151,6 +151,105 @@ For example, suppose that Contoso has hired Fabrikam to manage their security so
 > [!NOTE]
 > Microsoft does not test third-party solutions for managing Microsoft Defender Antivirus.
 
+<a id="unc-share"></a>
+## Create a UNC share for security intelligence updates
+
+Set up a network file share (UNC/mapped drive) to download security intelligence updates from the MMPC site by using a scheduled task.
+
+1. On the system on which you want to provision the share and download the updates, create a folder to which you will save the script.
+    ```DOS
+    Start, CMD (Run as admin)
+    MD C:\Tool\PS-Scripts\
+    ```
+
+2. Create the folder to which you will save the signature updates.
+    ```DOS
+    MD C:\Temp\TempSigs\x64
+    MD C:\Temp\TempSigs\x86
+    ```
+
+3. Download the Powershell script from [www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4).
+
+4. Click **Manual Download**.
+
+5. Click **Download the raw nupkg file**.
+
+6. Extract the file.
+
+7. Copy the file SignatureDownloadCustomTask.ps1 to the folder you previously created, C:\Tool\PS-Scripts\ .
+
+8. Use the command line to set up the scheduled task.
+    > [!NOTE]
+    > There are two types of updates: full and delta.
+   - For x64 delta:
+
+       ```DOS
+       Powershell (Run as admin)
+    
+       C:\Tool\PS-Scripts\
+    
+       “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $true -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1”
+       ```
+
+   - For x64 full:
+
+       ```DOS
+       Powershell (Run as admin)
+    
+       C:\Tool\PS-Scripts\
+    
+       “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $false -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1”
+       ```
+
+   - For x86 delta:
+
+       ```DOS
+       Powershell (Run as admin)
+    
+       C:\Tool\PS-Scripts\
+    
+       “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $true -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1”
+       ```
+
+   - For x86 full:
+
+       ```DOS
+       Powershell (Run as admin)
+    
+       C:\Tool\PS-Scripts\
+    
+       “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1”
+       ```
+
+    > [!NOTE]
+    > When the scheduled tasks are created, you can find these in the Task Scheduler under Microsoft\Windows\Windows Defender
+9. Run each task manually and verify that you have data (mpam-d.exe, mpam-fe.exe, and nis_full.exe) in the following folders (you might have chosen different locations):
+
+   - C:\Temp\TempSigs\x86
+   - C:\Temp\TempSigs\x64
+
+   If the scheduled task fails, run the following commands:
+
+    ```DOS
+    C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64″
+    
+    C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64″
+    
+    C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $False -destDir C:\Temp\TempSigs\x86″
+    
+    C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $True -destDir C:\Temp\TempSigs\x86″
+    ```
+    > [!NOTE]
+    > Issues could also be due to execution policy.
+    
+10. Create a share pointing to C:\Temp\TempSigs (e.g. \\server\updates).
+    > [!NOTE]
+    > At a minimum, authenticated users must have “Read” access.
+11. Set the share location in the policy to the share.
+
+    > [!NOTE]
+    > Do not add the x64 (or x86) folder in the path. The mpcmdrun.exe process adds it automatically.
+
 ## Related articles
 
 - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: Advanced Hunting with Powershell API Guide
 ms.reviewer: 
-description: Walk through a practice scenario, complete with code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
+description: Use these code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
 keywords: apis, supported apis, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/linux-resources.md

@@ -69,18 +69,31 @@ There are several ways to uninstall Microsoft Defender ATP for Linux. If you are
 
 ## Configure from the command line
 
-Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
+Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line.
+
+### Global options
+
+By default, the command-line tool outputs the result in human-readable format. In addition to this, the tool also supports outputting the result as JSON, which is useful for automation scenarios. To change the output to JSON, pass `--output json` to any of the below commands.
+
+### Supported commands
+
+The following table lists commands for some of the most common scenarios. Run `mdatp help` from the Terminal to view the full list of supported commands.
 
 |Group                 |Scenario                                                |Command                                                                |
-|-------------|-------------------------------------------|-----------------------------------------------------------------------|
+|----------------------|--------------------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp config real_time_protection --value [enabled|disabled]`         |
+|Configuration         |Turn on/off real-time protection                        |`mdatp config real-time-protection --value [enabled|disabled]`         |
-|Configuration|Turn on/off cloud protection               |`mdatp config cloud --value [enabled|disabled]`                        |
+|Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled|disabled]`                        |
-|Configuration|Turn on/off product diagnostics            |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
+|Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
-|Configuration|Turn on/off automatic sample submission    |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
+|Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration|Turn on/off AV passive mode                |`mdatp config passive-mode [enabled|disabled]`                         |
+|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode [enabled|disabled]`                         |
-|Configuration|Turn on PUA protection                     |`mdatp threat policy set --type potentially_unwanted_application --action block` |
+|Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add|remove] --name <extension>`            |
-|Configuration|Turn off PUA protection                    |`mdatp threat policy set --type potentially_unwanted_application --action off` |
+|Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add|remove] --path <path-to-file>`              |
-|Configuration|Turn on audit mode for PUA protection      |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
+|Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add|remove] --path <path-to-directory>`       |
+|Configuration         |Add/remove an antivirus exclusion for a process         |`mdatp exclusion process [add|remove] --path <path-to-process>`<br/>`mdatp exclusion process [add|remove] --name <process-name>`   |
+|Configuration         |List all antivirus exclusions                           |`mdatp exclusion list`                                                 |
+|Configuration         |Turn on PUA protection                                  |`mdatp threat policy set --type potentially_unwanted_application --action block` |
+|Configuration         |Turn off PUA protection                                 |`mdatp threat policy set --type potentially_unwanted_application --action off` |
+|Configuration         |Turn on audit mode for PUA protection                   |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
 |Diagnostics           |Change the log level                                    |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
 |Diagnostics           |Generate diagnostic logs                                |`mdatp diagnostic create`                                              |
 |Health                |Check the product's health                              |`mdatp health`                                                         |
@@ -89,6 +102,13 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |Protection            |Do a full scan                                          |`mdatp scan full`                                                      |
 |Protection            |Cancel an ongoing on-demand scan                        |`mdatp scan cancel`                                                    |
 |Protection            |Request a security intelligence update                  |`mdatp definitions update`                                             |
+|Protection history    |Print the full protection history                       |`mdatp threat list`                                                    |
+|Protection history    |Get threat details                                      |`mdatp threat get --id <threat-id>`                                    |
+|Quarantine management |List all quarantined files                              |`mdatp threat quarantine list`                                         |
+|Quarantine management |Remove all files from the quarantine                    |`mdatp threat quarantine remove-all`                                   |
+|Quarantine management |Add a file detected as a threat to the quarantine       |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Remove a file detected as a threat from the quarantine  |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Restore a file from the quarantine                      |`mdatp threat quarantine add --id <threat-id>`                         |
 
 ## Microsoft Defender ATP portal information
 
@@ -113,6 +133,7 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
 
 ### Known issues
 
+- You might see "No sensor data, impaired communications" in the machine information page of the Microsoft Defender Security Center portal, even though the product is working as expected. We are working on addressing this issue.
 - Logged on users do not appear in the Microsoft Defender Security Center portal.
 - In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
 

windows/security/threat-protection/microsoft-defender-atp/live-response.md

@@ -63,6 +63,10 @@ You'll need to enable the live response capability in the [Advanced features set
 - **Ensure that the device has an Automation Remediation level assigned to it**.<br>
 You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.
 
+    You'll receive the following error:
+
+    ![Image of error message](images/live-response-error.png)
+
 - **Enable live response unsigned script execution** (optional). <br>
 
     >[!WARNING]

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md

@@ -51,7 +51,7 @@ The following table summarizes the steps you would need to take to deploy and ma
 | [Grant full disk access to Microsoft Defender ATP](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
 | [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)<br/><br/> **Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdavtray |
+| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
 
 ## Download installation and onboarding packages
 
@@ -245,7 +245,7 @@ You may now enroll more devices. You can also enroll them later, after you have
                <key>BadgesEnabled</key>
                <true/>
                <key>BundleIdentifier</key>
-               <string>com.microsoft.wdavtray</string>
+               <string>com.microsoft.wdav.tray</string>
                <key>CriticalAlertEnabled</key>
                <false/>
                <key>GroupingType</key>

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md

@@ -46,7 +46,7 @@ The following table summarizes the steps you would need to take to deploy and ma
 |-|-|-|
 | [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
 | [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)<br/><br/> **Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdavtray |
+| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdav.tray |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 |
 | [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc |
 | [Approve Kernel Extension for Microsoft Defender ATP](#approved-kernel-extension) | Note: If there was one, MDATP_KExt.plist | N/A |
@@ -142,7 +142,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
    ```xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-   <plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdavtray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
+   <plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdav.tray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
    ```
 
 ### Package

windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md

@@ -25,9 +25,9 @@ ms.topic: conceptual
 
 ## Installation failed
 
-For manual installation, it is Summary page of the installation wizard that says "An error occurred during installation. The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance". For MDM deployments it would be exposed as a generic installation failure as well.
+For manual installation, the Summary page of the installation wizard says, "An error occurred during installation. The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance." For MDM deployments, it displays as a generic installation failure as well.
 
-While we do not expose exact error to the end user, we keep a log file with installation progress in `/Library/Logs/Microsoft/mdatp/install.log`. Each installation session appends to this log file, you can use `sed` to output the last installation session only:
+While we do not display an exact error to the end user, we keep a log file with installation progress in `/Library/Logs/Microsoft/mdatp/install.log`. Each installation session appends to this log file. You can use `sed` to output the last installation session only:
 
 ```bash
 $ sed -n 'H; /^preinstall com.microsoft.wdav begin/h; ${g;p;}' /Library/Logs/Microsoft/mdatp/install.log
@@ -39,13 +39,13 @@ correlation id=CB509765-70FC-4679-866D-8A14AD3F13CC
 preinstall com.microsoft.wdav end [2020-03-11 13:08:49 -0700] 804 => 1
 ```
 
-In the example above the actual reason is prefixed with `[ERROR]`.
+In this example, the actual reason is prefixed with `[ERROR]`.
 The installation failed because a downgrade between these versions is not supported.
 
-## No MDATP's install log
+## MDATP install log missing or not updated
 
-In rare cases installation leaves no trace in MDATP's /Library/Logs/Microsoft/mdatp/install.log file.
+In rare cases, installation leaves no trace in MDATP's /Library/Logs/Microsoft/mdatp/install.log file.
-You can verify that installation happened and analyze possible errors by querying macOS logs (this can be helpful in case of MDM deployment, when there is no client UI). It is recommended to have a narrow time window to query and filter by the logging process name, as there will be huge amount of information;
+You can verify that an installation happened and analyze possible errors by querying macOS logs (this is helpful in case of MDM deployment, when there is no client UI). We recommend that you use a narrow time window to run a query, and that you filter by the logging process name, as there will be a huge amount of information.
 
 ```bash
 grep '^2020-03-11 13:08' /var/log/install.log

windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md

@@ -1,6 +1,6 @@
 ---
 title: Enable Predefined Inbound Rules (Windows 10)
-description: Enable Predefined Inbound Rules
+description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions.
 ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
 ms.reviewer: 
 ms.author: dansimp

windows/whats-new/index.md

@@ -28,8 +28,11 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 ## Learn more
 
 - [Windows 10 release information](https://technet.microsoft.com/windows/release-info)
-- [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history)
+- [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004)
-- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
+- [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history)
+- [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new)
+- [Windows 10 features we’re no longer developing](https://docs.microsoft.com/windows/deployment/planning/windows-10-deprecated-features)
+- [Features and functionality removed in Windows 10](https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features)
 - [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485)
 
 ## See also