Merge pull request #3511 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md

@@ -7,7 +7,6 @@ ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
@@ -23,13 +22,11 @@ manager: dansimp
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-**Use Microsoft Intune to configure scanning options**
+## Use Microsoft Intune to configure scanning options
 
 See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#microsoft-defender-antivirus) for more details.
 
-<a id="ref1"></a>
-
-## Use Microsoft Endpoint Configuration Manager to configure scanning options:
+## Use Microsoft Endpoint Configuration Manager to configure scanning options
 
 See [How to create and deploy antimalware policies: Scan settings](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring Microsoft Endpoint Configuration Manager (current branch).
 
@@ -70,6 +67,8 @@ See [Manage Microsoft Defender Antivirus with PowerShell cmdlets](use-powershell
 
 For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
 
+<a id="ref1"></a>
+
 ## Email scanning limitations
 
 Email scanning enables scanning of  email files used by Outlook and other mail clients during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated:

windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md

@@ -7,7 +7,6 @@ ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
@@ -20,7 +19,8 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- Windows Server 2016
+- Windows Server 2019
 
 Microsoft Defender Antivirus is available on Windows Server 2016 and Windows Server 2019. In some instances, Microsoft Defender Antivirus is referred to as Endpoint Protection; however, the protection engine is the same.
 

windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md

@@ -7,11 +7,10 @@ ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 09/03/2018
+ms.date: 08/12/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
@@ -62,7 +61,8 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
 5.  Expand the tree to **Windows components > Microsoft Defender Antivirus > MpEngine**.
 
 6.  Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
-    - **Default Microsoft Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files.
+    - **Default blocking level** provides strong detection without increasing the risk of detecting legitimate files.
+    - **Moderate blocking level** provides moderate only for high confidence detections
     - **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
     - **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
     - **Zero tolerance blocking level** blocks all unknown executables.

windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 06/02/2020
+ms.date: 08/12/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -45,9 +45,9 @@ Depending on your organization's settings, employees can copy and paste images (
 
 To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. 
 
-### Why aren’t employees able to see their Extensions in the Application Guard Edge session?
+### Are extensions supported in the Application Guard?
 
-Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. 
+Extension installs in the container are supported from Microsoft Edge version 81. For more details, see [Extension support inside the container](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard#extension-support-inside-the-container).
 
 ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? 
 
@@ -119,8 +119,8 @@ For guidance on how to create a firewall rule by using group policy, see:
 - [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security)
 
 First rule (DHCP Server):
-1. Program path: %SystemRoot%\System32\svchost.exe
-2. Local Service: Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))
+1. Program path: `%SystemRoot%\System32\svchost.exe`
+2. Local Service: Sid:  `S-1-5-80-2009329905-444645132-2728249442-922493431-93864177`  (Internet Connection Service (SharedAccess))
 3. Protocol UDP
 4. Port 67
 
@@ -148,14 +148,14 @@ This is a two step process.
 
 Step 1:
 
-Enable Internet Connection sharing by changing the Group Policy setting “Prohibit use of Internet Connection Sharing on your DNS domain network” which is part of the MS Security baseline from Enabled to Disabled.
+Enable Internet Connection sharing by changing the Group Policy setting **Prohibit use of Internet Connection Sharing on your DNS domain network.** This setting is part of the Microsoft security baseline. Change it from Enabled to Disabled.
  
 Step 2:
  
-1. Disable IpNat.sys from ICS load
-System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
-2. Configure ICS (SharedAccess) to enabled
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
-3. Disabling IPNAT (Optional)
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
-4. Reboot.
+1. Disable IpNat.sys from ICS load: 
+`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`.
+2. Configure ICS (SharedAccess) to enabled: 
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3`.
+3. Disable IPNAT (Optional): 
+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`.
+4. Restart the device.