Merge remote-tracking branch 'refs/remotes/origin/master' into vs-7781347

windows/keep-secure/TOC.md

@@ -701,6 +701,7 @@
 ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
 #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
 #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
+#### [Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
 #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
 ### [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
 #### [Isolating Windows Store Apps on Your Network](isolating-apps-on-your-network.md)

windows/keep-secure/create-edp-policy-using-sccm.md

@@ -64,9 +64,7 @@ During the policy-creation process in System Center Configuration Manager, you c
 The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed desktop app (also known as a Classic Windows app), or an AppLocker policy file.
 
 >**Important**<br>
-EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary, and EDP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.
-
-Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
+EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary, and EDP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process. <p>Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
 
 #### Add a store app rule to your policy
 For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
@@ -540,13 +538,4 @@ After you’ve created your EDP policy, you'll need to deploy it to your organiz
 ## Related topics
 - [System Center Configuration Manager and Endpoint Protection (Version 1606)](http://go.microsoft.com/fwlink/p/?LinkId=717372)
 - [TechNet documentation for Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=691623)
-- [Manage mobile devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=691624)
-
- 
-
- 
-
-
-
-
-
+- [Manage mobile devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=691624)

windows/keep-secure/get-started-with-windows-defender-for-windows-10.md

@@ -110,8 +110,8 @@ You can also enable email scanning using the following PowerShell parameter:
 2.  Type **Set-MpPreference -DisableEmailScanning $false**.
 
 Read more about this in:
--   • [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx)
--   • [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
+-   [Scripting with Windows PowerShell](https://technet.microsoft.com/library/bb978526.aspx)
+-   [Defender Cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
 
 ## Manage archive scans in Windows Defender
 

windows/keep-secure/microsoft-accounts.md

@@ -14,7 +14,7 @@ ms.pagetype: security
 
 This topic for the IT professional explains how a Microsoft account works to enhance security and privacy for users, and how you can manage this consumer account type in your organization.
 
-Microsoft sites, services, and properties such as Windows Live, MSN, Xbox LIVE, Zune, Windows Phone, and computers running Windows 8.1, Windows 8, and Windows RT use a Microsoft account as a mean of identifying users. Microsoft account is the name for what was previously called Windows Live ID. It has user-defined secrets associated with it, and it consists of a unique email address and a password.
+Microsoft sites, services, and properties such as Windows Live, MSN, Xbox LIVE, Zune, Windows Phone, and computers running Windows 10, Windows 8.1, Windows 8, and Windows RT use a Microsoft account as a mean of identifying users. Microsoft account is the name for what was previously called Windows Live ID. It has user-defined secrets associated with it, and it consists of a unique email address and a password.
 
 There are some benefits and considerations when using Microsoft accounts in the enterprise. For more information, see [Microsoft account in the enterprise](#bkmk-msaccountintheenterprise) later in this topic.
 
@@ -82,11 +82,11 @@ Although the Microsoft account was designed to serve consumers, you might find s
 
 -   **Download Windows Store apps**:
 
-    If your enterprise chooses to distribute software through the Windows Store, your users can use their Microsoft accounts to download and use them on up to five devices running any version of Windows 8.1, Windows 8, or Windows RT.
+    If your enterprise chooses to distribute software through the Windows Store, your users can use their Microsoft accounts to download and use them on up to five devices running any version of Windows 10, Windows 8.1, Windows 8, or Windows RT.
 
 -   **Single sign-on**:
 
-    Your users can use Microsoft account credentials to sign in to devices running Windows 8.1, Windows 8 or Windows RT. When they do this, Windows works with your Windows Store app to provide authenticated experiences for them. Users can associate a Microsoft account with their sign-in credentials for Windows Store apps or websites, so that these credentials roam across any devices running these supported versions.
+    Your users can use Microsoft account credentials to sign in to devices running Windows 10, Windows 8.1, Windows 8 or Windows RT. When they do this, Windows works with your Windows Store app to provide authenticated experiences for them. Users can associate a Microsoft account with their sign-in credentials for Windows Store apps or websites, so that these credentials roam across any devices running these supported versions.
 
 -   **Personalized settings synchronization**:
 

windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md

@@ -0,0 +1,43 @@
+---
+title: Use PowerShell cmdlets to configure and run Windows Defender in Windows 10
+description: In Windows 10, you can use PowerShell cmdlets to run scans, update definitions, and change settings in Windows Defender.
+keywords: scan, command line, mpcmdrun, defender
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+author: iaanw
+---
+
+# Use PowerShell cmdlets to configure and run Windows Defender
+
+**Applies to:**
+
+- Windows 10
+
+You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the [PowerShell hub on MSDN](https://msdn.microsoft.com/en-us/powershell/mt173057.aspx).
+
+For a list of the cmdlets and their functions and available parameters, see the [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) topic.
+
+PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software. 
+
+> **Note:**  PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [System Center Configuration Manager](https://technet.microsoft.com/en-us/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), or [Windows Defender Group Policy ADMX templates](https://support.microsoft.com/en-us/kb/927367).
+
+PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
+
+
+**Use Windows Defender PowerShell cmdlets**
+
+1. Click **Start**, type **powershell**, and press **Enter**.
+2. Click **Windows PowerShell** to open the interface. 
+    > **Note:**  You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+3. Enter the command and parameters.
+
+To open online help for any of the cmdlets type the following:
+
+```text
+Get-Help <cmdlet> -Online
+```
+Omit the `-online` parameter to get locally cached help.

windows/keep-secure/windows-defender-in-windows-10.md

@@ -19,7 +19,7 @@ This topic provides an overview of Windows Defender, including a list of system
 
 For more important information about running Windows Defender on a server platform, see [Windows Defender Overview for Windows Server Technical Preview](https://technet.microsoft.com/library/dn765478.aspx).
 
-Take advantage of Windows Defender by configuring the settings and definitions using the following tools:
+Take advantage of Windows Defender by configuring settings and definitions using the following tools:
 -   Microsoft Active Directory *Group Policy* for settings
 -   Windows Server Update Services (WSUS) for definitions
 

windows/keep-secure/windows-security-baselines.md

@@ -12,7 +12,7 @@ author: brianlic-msft
 
 Microsoft is dedicated to provide our customers with a secure operating system, such as Windows 10 and Windows Server, as well as secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control of your environments by providing various configuration capabilities. Even though Windows and Windows Server are designed to be secure out-of-the-box, a large number of organizations still want more granular control of their security configurations. To navigate these large number of controls, organizations need guidance for configuring various security features. Microsoft provides this guidance in the form of security baselines.
 
-We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Mirosoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs.  
+We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs.  
 
 ## What are security baselines?
 
@@ -54,7 +54,9 @@ To help faster deployments and increase the ease of managing Windows, Microsoft
 
  -  [Windows Server 2012 R2 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799382)
 
-## How can I monitor the security baseline deployment on my servers?
+## How can I monitor security baseline deployments?
 
- Microsoft’s Operation Management Services (OMS) helps you monitor security baseline deployments across your servers. To find out more, check out [Operations Management Suite](https://aka.ms/omssecscm).
+Microsoft’s Operation Management Services (OMS) helps you monitor security baseline deployments across your servers. To find out more, check out [Operations Management Suite](https://aka.ms/omssecscm).
+
+You can use [System Center Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) to monitor security baseline deployments on client devices within your organization.