diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index f9bbb31cba..7e06abfeb3 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -94,7 +94,7 @@ The steps for creating the deployment share for production are the same as when
### Configure permissions for the production deployment share
-To read files in the deployment share, you need to assign NTSF and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder
+To read files in the deployment share, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder
On **MDT01**:
@@ -727,6 +727,9 @@ On **MDT01**:
The ISO that you got when updating the offline media item can be burned to a DVD and used directly (it will be bootable), but it is often more efficient to use USB sticks instead since they are faster and can hold more data. (A dual-layer DVD is limited to 8.5 GB.)
+>[!TIP]
+>In this example, the .wim file is 5.5 GB in size. However, bootable USB sticks are formatted with the FAT32 file system which limits file size to 4.0 GB. This means you must split the .wim file, which can be done using DISM:
Dism /Split-Image /ImageFile:D:\MDTOfflinemedia\Content\Deploy\Operating Systems\W10EX64RTM\REFW10X64-001.wim /SWMFile:E:\sources\install.swm /FileSize:3800.
Windows Setup automatically installs from this file, provided you name it install.swm. The file names for the next files include numbers, for example: install2.swm, install3.swm.
To enable split image in MDT, the Settings.xml file in your deployment share (ex: D:\MDTProduction\Control\Settings.xml) must have the **SkipWimSplit** value set to **False**. By default this value is set to True (\True\), so this must be changed and the offline media content updated.
+
Follow these steps to create a bootable USB stick from the offline media content:
1. On a physical machine running Windows 7 or later, insert the USB stick you want to use.
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index df08dd3caa..41edd21e70 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -16,15 +16,15 @@ ms.topic: article
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
-The compliance options have changed with the release of Windows 10, version 1903:
+The compliance options have changed for devices on Windows 10, version 1709 and above:
-- [Starting with Windows 10, version 1903](#starting-with-windows-10-version-1903)
-- [Prior to Windows 10, version 1903](#prior-to-windows-10-version-1903)
+- [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above)
+- [For prior to Windows 10, version 1709](#prior-to-windows-10-version-1709)
-## Starting with Windows 10, version 1903
+## For Windows 10, version 1709 and above
-With a current version of Windows 10, it's best to use the new policy introduced in Windows 10, version 1903: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
+With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
- Update/ConfigureDeadlineForFeatureUpdates
- Update/ConfigureDeadlineForQualityUpdates
@@ -43,7 +43,7 @@ Further, the policy includes the option to opt out of automatic restarts until t
|Policy|Description |
|-|-|
-| (starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. |
+| (For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | Similar to the older "Specify deadline before auto-restart for update installation," but starts the deadline countdown from when the update was published. Also introduces a configurable grace period and the option to opt out of automatic restarts until the deadline is reached. |
@@ -51,31 +51,34 @@ Further, the policy includes the option to opt out of automatic restarts until t
|Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days|
|-|-|-|-|-|
-|(starting in Windows 10, version 1903) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 |
+|(For Windows 10, version 1709 and above) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 7 | 7 | 2 |
-When **Specify deadlines for automatic updates and restarts** is set (starting in Windows 10, version 1903):
+When **Specify deadlines for automatic updates and restarts** is set (For Windows 10, version 1709 and above):
-**While restart is pending, before the deadline occurs:**
-- For the first few days, the user receives a toast notification
-- After this period, the user receives this dialog:
+ - **While restart is pending, before the deadline occurs:**
-
-- If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
+ - For the first few days, the user receives a toast notification
-
+ - After this period, the user receives this dialog:
-**If the restart is still pending after the deadline passes:**
-- Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
+ 
-
-- Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
+ - If the user scheduled a restart, or if an auto restart is scheduled, 15 minutes before the scheduled time the user is receives this notification that the restart is about to occur:
-
+ 
+
+ - **If the restart is still pending after the deadline passes:**
+
+ - Within 12 hours before the deadline passes, the user receives this notification that the deadline is approaching:
+
+ 
+
+ - Once the deadline has passed, the user is forced to restart to keep their devices in compliance and receives this notification:
+
+ 
-
-
-## Prior to Windows 10, version 1903
+## Prior to Windows 10, version 1709
Two compliance flows are available:
@@ -119,9 +122,11 @@ Once the device is in the pending restart state, it will attempt to restart the
#### Notification experience for deadline
Notification users get for a quality update deadline:
+
Notification users get for a feature update deadline:
+
### Deadline with user engagement
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
index d78e94da0e..7353351968 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md
@@ -37,11 +37,11 @@ Before you get started, see [Microsoft Defender ATP for Linux](microsoft-defende
## Configure the Linux software repository
-Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below.
+Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. Instructions for configuring your device to use one of these repositories are provided below.
-The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*.
+The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*.
-In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel.
+In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*.
### RHEL and variants (CentOS and Oracle EL)
@@ -56,7 +56,7 @@ In order to preview new features and provide early feedback, it is recommended t
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
```
- For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insider-fast* channel:
+ For example, if you are running CentOS 7 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
```bash
sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/centos/7/insiders-fast.repo
@@ -94,7 +94,7 @@ In order to preview new features and provide early feedback, it is recommended t
sudo zypper addrepo -c -f -n microsoft-[channel] https://packages.microsoft.com/config/[distro]/[version]/[channel].repo
```
- For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insider-fast* channel:
+ For example, if you are running SLES 12 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
```bash
sudo zypper addrepo -c -f -n microsoft-insiders-fast https://packages.microsoft.com/config/sles/12/insiders-fast.repo
@@ -132,7 +132,7 @@ In order to preview new features and provide early feedback, it is recommended t
curl -o microsoft.list https://packages.microsoft.com/config/[distro]/[version]/[channel].list
```
- For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insider-fast* channel:
+ For example, if you are running Ubuntu 18.04 and wish to deploy MDATP for Linux from the *insiders-fast* channel:
```bash
curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/insiders-fast.list
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
index 6dca87169e..bdba284676 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@@ -129,11 +129,11 @@ Create subtask or role files that contribute to an actual task. Create the follo
- Add the Microsoft Defender ATP repository and key.
- Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository.
+ Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository.
- The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*.
+ The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*.
- In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel.
+ In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*.
Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
index 2e2db11bae..177ef802de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md
@@ -78,11 +78,11 @@ install_mdatp
### Contents of `install_mdatp/manifests/init.pp`
-Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insider-fast* or *prod*. Each of these channels corresponds to a Linux software repository.
+Microsoft Defender ATP for Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository.
-The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insider-fast* can try out new features before devices in *prod*.
+The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*.
-In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use the *insider-fast* channel.
+In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*.
Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
index 17897257a2..b42e1c8729 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
-ms.reviewer:
+ms.reviewer: ksarens
manager: dansimp
---
@@ -22,14 +22,12 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*.
-
-This utility can be useful when you want to automate Windows Defender Antivirus use.
-
-You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt.
+You can perform various Windows Defender Antivirus functions with the dedicated command-line tool *mpcmdrun.exe*. This utility is useful when you want to automate Windows Defender Antivirus use. You can find the utility in `%ProgramFiles%\Windows Defender\MpCmdRun.exe`. You must run it from a command prompt.
> [!NOTE]
> You might need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+>
+> If you're running an updated Windows Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\`.
The utility has the following commands:
@@ -44,11 +42,11 @@ MpCmdRun.exe -scan -2
| Command | Description |
|:----|:----|
| `-?` **or** `-h` | Displays all available options for this tool |
-| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
+| `-Scan [-ScanType [0\|1\|2\|3]] [-File [-DisableRemediation] [-BootSectorScan] [-CpuThrottling]] [-Timeout ] [-Cancel]` | Scans for malicious software. Values for **ScanType** are: **0** Default, according to your configuration, **-1** Quick scan, **-2** Full scan, **-3** File and directory custom scan. |
| `-Trace [-Grouping #] [-Level #]` | Starts diagnostic tracing |
| `-GetFiles` | Collects support information |
| `-GetFilesDiagTrack` | Same as `-GetFiles`, but outputs to temporary DiagTrack folder |
-| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
+| `-RemoveDefinitions [-All]` | Restores the installed Security intelligence to a previous backup copy or to the original default set |
| `-RemoveDefinitions [-DynamicSignatures]` | Removes only the dynamically downloaded Security intelligence |
| `-RemoveDefinitions [-Engine]` | Restores the previous installed engine |
| `-SignatureUpdate [-UNC \| -MMPC]` | Checks for new Security intelligence updates |