From 48bdf6633d8f62f0cfdfb38fa4cea45519c522a4 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Wed, 17 Apr 2019 10:40:41 +0300
Subject: [PATCH 1/8] added info

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3012
---
 .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index eacf850aab..6835ee1323 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -50,6 +50,22 @@ As a result, if the currently used PCR bank is switched all keys that have been
 
 Before switching PCR banks you should suspend or disable BitLocker – or have your recovery key ready. For steps on how to switch PCR banks on your PC, you should contact your OEM or UEFI vendor.
 
+## How can I identify which PCR bank is being used?
+
+You can identify which PCR bank is currently used by Windows by looking at the registry.
+
+Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices
+
+DWORD: TPMActivePCRBanks
+
+Defines which PCR banks are currently active.
+
+Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices
+
+DWORD: TPMDigestAlgID
+
+Algorithm ID of the PCR bank that Windows is currently using.
+
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)

From dd1d7eeb0cf90538090bcede1fd7bbadca4d8553 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Thu, 25 Apr 2019 21:48:52 +0200
Subject: [PATCH 2/8] Update mdm-enrollment-of-windows-devices.md

Added acronym descriptions.
---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index c841ddef41..e873b96afb 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -296,7 +296,7 @@ The deep link used for connecting your device to work will always use the follow
 
 | Parameter | Description                                                  | Supported Value for Windows 10|
 |-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| “mdm”, "awa", "aadj"                                        |
+| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| “mdm” (Mobile Device Management), "awa" (Adding Work Account), "aadj" (Azure Active Directory Joined).                                       |
 |username  | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
 | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |

From 4be2bf64b391459b2447d070111b3d362b52259a Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Fri, 26 Apr 2019 08:52:07 +0200
Subject: [PATCH 3/8] Update
 windows/client-management/mdm/mdm-enrollment-of-windows-devices.md

Capitalise acronyms.

Co-Authored-By: lindspea <45809756+lindspea@users.noreply.github.com>
---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index e873b96afb..7c84c08b31 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -296,7 +296,7 @@ The deep link used for connecting your device to work will always use the follow
 
 | Parameter | Description                                                  | Supported Value for Windows 10|
 |-----------|--------------------------------------------------------------|----------------------------------------------|
-| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| “mdm” (Mobile Device Management), "awa" (Adding Work Account), "aadj" (Azure Active Directory Joined).                                       |
+| mode      | Describes which mode will be executed in the enrollment app. Added in Windows 10, version 1607| MDM (Mobile Device Management), AWA (Adding Work Account), and AADJ (Azure Active Directory Joined).                                       |
 |username  | Specifies the email address or UPN of the user who should be enrolled into MDM. Added in Windows 10, version 1703. | string |
 | servername | Specifies the MDM server URL that will be used to enroll the device. Added in Windows 10, version 1703. | string|
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this can be used as a token to validate the enrollment request. Added in Windows 10, version 1703. | string |

From 74fff4d95470672c014059af53f5033b9490fa37 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Fri, 26 Apr 2019 18:37:51 +0200
Subject: [PATCH 4/8] Defender Exploit guard: update troubleshoot-np.md

The section "Collect diagnostic data for file submissions"
contains 2 command lines with MarkDown code block fences,
but before this change, they were presumptuously tagged
as ```console instead of only the 3 back ticks.

This MarkDown code works fine on Github, but does not translate
correctly to the HTML pages on docs.microsoft.com - hence this removal.

 - Closes #3282
---
 .../windows-defender-exploit-guard/troubleshoot-np.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
index 708142ccf5..aac22be513 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
@@ -72,11 +72,11 @@ If you've tested the feature with the demo site and with audit mode, and network
 When you report a problem with network protection, you are asked to collect and submit diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues. 
 
 1. Open an elevated command prompt and change to the Windows Defender directory:
-   ```console
+   ```
    cd c:\program files\windows defender
    ```
 2. Run this command to generate the diagnostic logs:
-   ```console
+   ```
    mpcmdrun -getfiles
    ```
 3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form. 

From 116dcd29979860dbd1a1015648cc09f6ad8a07c1 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 26 Apr 2019 11:47:57 -0700
Subject: [PATCH 5/8] Update switch-pcr-banks-on-tpm-2-0-devices.md

Adding revisions from our engineering partner
---
 .../switch-pcr-banks-on-tpm-2-0-devices.md    | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 6835ee1323..a8241027c8 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -52,19 +52,19 @@ Before switching PCR banks you should suspend or disable BitLocker – or have y
 
 ## How can I identify which PCR bank is being used?
 
+A TPM can be configured to have multiple PCR banks active. When BIOS is performing measurements it will do so into all active PCR banks, depending on its capability to make these measurements. BIOS may chose to deactivate PCR banks that it does not support or "cap" PCR banks that it does not support by extending a separator. The following registry value identifies which PCR banks are active.
+
+Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
+DWORD: TPMActivePCRBanks<br>
+Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
+Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
+
 You can identify which PCR bank is currently used by Windows by looking at the registry.
 
-Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices
-
-DWORD: TPMActivePCRBanks
-
-Defines which PCR banks are currently active.
-
-Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices
-
-DWORD: TPMDigestAlgID
-
-Algorithm ID of the PCR bank that Windows is currently using.
+Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
+DWORD: TPMDigestAlgID<br>
+Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
+Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.
 
 ## Related topics
 

From cd65e01ecc2823796e0c64990b626225499a12a7 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 26 Apr 2019 11:49:52 -0700
Subject: [PATCH 6/8] Update switch-pcr-banks-on-tpm-2-0-devices.md

---
 .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md       | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index a8241027c8..25e1754f08 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -54,16 +54,16 @@ Before switching PCR banks you should suspend or disable BitLocker – or have y
 
 A TPM can be configured to have multiple PCR banks active. When BIOS is performing measurements it will do so into all active PCR banks, depending on its capability to make these measurements. BIOS may chose to deactivate PCR banks that it does not support or "cap" PCR banks that it does not support by extending a separator. The following registry value identifies which PCR banks are active.
 
-Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
-DWORD: TPMActivePCRBanks<br>
-Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
+- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
+- DWORD: TPMActivePCRBanks<br>
+- Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
 Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
 
 You can identify which PCR bank is currently used by Windows by looking at the registry.
 
-Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
-DWORD: TPMDigestAlgID<br>
-Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
+- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
+- DWORD: TPMDigestAlgID<br>
+- Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
 Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.
 
 ## Related topics

From 70ccde012bbfe18d8e851d1781b545128fb04403 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Fri, 26 Apr 2019 12:01:24 -0700
Subject: [PATCH 7/8] Update switch-pcr-banks-on-tpm-2-0-devices.md

edits
---
 .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md                  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 25e1754f08..5493d4428d 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -57,6 +57,7 @@ A TPM can be configured to have multiple PCR banks active. When BIOS is performi
 - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
 - DWORD: TPMActivePCRBanks<br>
 - Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
+
 Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
 
 You can identify which PCR bank is currently used by Windows by looking at the registry.
@@ -64,6 +65,7 @@ You can identify which PCR bank is currently used by Windows by looking at the r
 - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
 - DWORD: TPMDigestAlgID<br>
 - Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
+
 Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.
 
 ## Related topics

From 0971a741318ee553d9493cb432a3b208200c2e44 Mon Sep 17 00:00:00 2001
From: Yimanh <50034647+Yimanh@users.noreply.github.com>
Date: Fri, 26 Apr 2019 16:55:53 -0700
Subject: [PATCH 8/8] Update IE site discovery troubleshooting

---
 .../update/windows-analytics-FAQ-troubleshooting.md          | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index c1f447026d..ea9214c57b 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -195,6 +195,11 @@ Upgrade Readiness only collects app inventory on devices that are not yet upgrad
 Double-check that IE site discovery opt-in has been configured in the deployment script. (See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.)
 
 Also, on Windows 10 devices remember that IE site discovery requires data diagnostics set to the Enhanced level.
+
+There are two additional configurations to check:
+1. Make sure Flip Ahead with Page Prediction is enabled. It can be configured at Internet Options -> Advanced -> Browsing -> Enable flip ahead with page prediction.
+2. Make sure IE is not running in InPrivate mode. 
+
 Finally, Upgrade Readiness only collects IE site discovery data on devices that are not yet upgraded to the target operating system version specified in the Upgrade Readiness Overview blade. This is because Upgrade Readiness targets upgrade planning (for devices not yet upgraded).
 
 >[!NOTE]