toc

.openpublishing.redirection.json

@@ -1009,7 +1009,27 @@
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table",
 "redirect_document_id": true
-    },
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
+"redirect_document_id": true
+},
 {
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",
@@ -1332,6 +1352,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-siem",
+"redirect_document_id": false
+},
+{
 "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
@@ -15513,7 +15538,7 @@
 },
 {
 "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
 "redirect_document_id": false
 },
 {

devices/hololens/hololens-calibration.md

@@ -38,7 +38,7 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
 
 ![Calibration prompt](./images/07-et-adjust-for-your-eyes.png)
 
-During this process, you'll look at a set of targets (gems). It's fine if you blink or close your eyes during calibration but try not to stare at other objects in the room.  This allows HoloLens to learn about your eye position to render your holographic world.
+During this process, you'll look at a set of targets (gems). It's fine if you blink during calibration, but try to stay focused on the gems instead of other objects in the room.  This allows HoloLens to learn about your eye position to render your holographic world.
 
 ![Calibration prompt](./images/07-et-hold-head-still.png)
 
@@ -52,7 +52,7 @@ If calibration was successful, you'll see a success screen.  If not, read more a
 
 ### Calibration when sharing a device or session
 
-Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for th first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.  
+Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for the first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.  
 
 ### Manually starting the calibration process
 
@@ -84,7 +84,7 @@ If calibration is unsuccessful try:
 - Moving objects in your visor out of the way (such as hair)
 - Turning on a light in your room or moving out of direct sunlight
 
-If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
+If you followed all guidelines and calibration is still failing, you can disable the calibration prompt in Settings. Please also let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
 
 Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system. 
 
@@ -92,6 +92,8 @@ Note that setting IPD is not applicable for Hololens 2, since eye positions are
 
 Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
 
+The device can locally store up to 50 calibration profiles. After this number is reached, the device automatically deletes the oldest unused profile.
+
 Calibration information can always be deleted from the device in **Settings** > **Privacy** > **Eye tracker**.  
 
 ### Disable calibration

devices/hololens/hololens-connect-devices.md

@@ -45,10 +45,15 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
 ### HoloLens (1st gen): Pair the clicker
 
 1. Use the bloom gesture to go to **Start**, and then select **Settings**.
+
 1. Select **Devices**, and make sure that Bluetooth is on.
+
 1. Use the tip of a pen to press and hold the clicker pairing button until the clicker status light blinks white. Make sure to hold down the button until the light starts blinking.  
+
    The pairing button is on the underside of the clicker, next to the finger loop.
+   
    ![The pairing button is beside the finger loop](images/use-hololens-clicker-1.png)
+   
 1. On the pairing screen, select **Clicker** > **Pair**.
 
 ## HoloLens 2: Connect USB-C devices
@@ -77,3 +82,10 @@ To use Miracast, follow these steps:
 
 1. On the list of devices that appears, select an available device.
 1. Complete the pairing to begin projecting.
+
+## Disable Bluetooth
+
+This procedure turns off the RF components of the Bluetooth radio and disables all Bluetooth functionality on Microsoft HoloLens.
+
+1. Use the bloom gesture (HoloLens (1st gen)) or the start gesture (HoloLens 2) to go to **Start**, and then select **Settings** > **Devices**.
+1. Move the slider switch for **Bluetooth** to the **Off** position.

devices/hololens/hololens-feedback.md

@@ -4,7 +4,11 @@ description: Create actionable feedback for HoloLens and Windows Mixed Reality d
 ms.assetid: b9b24c72-ff86-44a9-b30d-dd76c49479a9
 author: mattzmsft
 ms.author: mazeller
-ms.date: 09/13/2019
+ms.date: 05/14/2020
+ms.custom: 
+- CI 116157
+- CSSTroubleshooting
+audience: ITPro
 ms.prod: hololens
 ms.topic: article
 keywords: feedback, bug, issue, error, troubleshoot, help
@@ -15,68 +19,66 @@ appliesto:
 - HoloLens 2
 ---
 
-# Give us feedback
+# Feedback for HoloLens
 
-Use the Feedback Hub to tell us which features you love, which features you could do without, or when something could be better.
+Use the Feedback Hub to tell us which features you love, which features you could do without, and how something could be better. The engineering team uses the same mechanism internally to track and fix bugs, so please use Feedback Hub to report any bugs that you see. We are listening!
 
-## Feedback for Windows Mixed Reality immersive headset on PC
+Feedback Hub is an excellent way to alert the engineering team to bugs and to make sure that future updates are healthier and more consistently free of bugs. However, Feedback Hub does not provide a response. If you need immediate help, please file feedback, take note of the summary that you provided for your feedback, and then follow up with [HoloLens support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
 
-> [!IMPORTANT]
+> [!NOTE]  
-> Before you report an issue, make sure that your environment meets the following requirements so that you can successfully upload logs and other information:
 >  
-> - Have a minimum of 3GB free disk space available on the main drive of the device.
+> - Make sure you that you have the current version of Feedback Hub. To do this, select **Start** > **Microsoft Store**, and then select the ellipses (**...**). Then, select **Downloads and updates** > **Get updates**.  
-> - To upload cabs or other large files, connect to a non-metered network.
+>  
+> - To provide the best possible data for fixing issues, we highly recommended that you set your device telemetry to **Full**. You can set this value during the Out-of-Box-Experience (OOBE), or by using the Settings app. To do this by using Settings, select **Start** > **Settings** > **Privacy** > **App Diagnostics** > **On**.
 
-1. Make sure that you have the immersive headset connected to your PC, and then on the desktop, select **Feedback Hub**.
+## Use the Feedback Hub
-1. In the left pane, select **Feedback**.
-    ![Feedback tab](images/feedback1-600px.png)
-1. To enter new feedback, select **Add new feedback**.
-  ![Add new feedback](images/feedback2-600px.png)
-1. To make feedback actionable, in **What kind of feedback is this?** select **Problem**.
-1. In **Summarize your issue**, enter a meaningful title for your feedback.
-1. In **Give us more detail**, provide details and repro steps.
-  ![Details and repro steps](images/feedback3-600px.png)
 
-    As the top category, select **Mixed Reality**. Then select an applicable subcategory, as explained in the following table:
+1. Use the **Start** gesture to open the **Start** menu, and then select **Feedback Hub**. The app opens in your environment.
 
-    |Subcategory  |Description |
+   ![Feedback app on HoloLens Start menu](./images/hololens2-feedbackhub-tile.png)
-    |----------|----------|
+   > [!NOTE]  
-    |  Apps  |  Issues about a specific application. |
+   > If you don't see **Feedback Hub**, select **All Apps** to see the complete list of apps on the device.
-    |  Developer  |  Issues about authoring or running an app for Mixed Reality. |
-    |  Device  |  Issues about the head-mounted device (HMD) itself. |
-    |  Home experience  |  Issues about your VR environment and your interactions with the your mixed reality home. |
-    |  Input  |  Issues about input methods, such as motion controllers, speech, gamepad, or mouse and keyboard. |
-    |  Set up  |  Anything that is preventing you from setting up the device. |
-    |  All other issues  |  Anything else. |
 
-1. If possible, add traces or video to your feedback to help us identify and fix the issue more quickly. To do this, follow these steps:
+1. To see whether someone else has given similar feedback, enter a few keywords about the topic in the **Feedback** search box.
-   1. To start collecting traces, select **Start capture**. The app starts collecting traces and a video capture of your mixed reality scenario.
+1. If you find similar feedback, select it, add any additional information that you have in the **Write a comment** box, and then select **Upvote**.
+1. If you don't find any similar feedback, select **Add new feedback**.
 
-    ![Start Capture](images/feedback4-600px.png)
+   ![Add new feedback](./images/hololens-feedback-1.png)
-   1. Do not close the Feedback Hub app, but switch to the scenario that produces the issue. Run through the scenario to produce the circumstances that you have described.
-   1. After you finish your scenario, go back to the Feedback Hub app and select **Stop capture**. The app stops collecting information, stores the information in a file, and attaches the file to your feedback.
-1. Select **Submit**.
-  ![Submit](images/feedback5-600px.png)
-   The Thank You page indicates that your feedback has been successfully submitted.
-  ![Thank You](images/feedback6-600px.png)
 
-To easily direct other people (such as co-workers, Microsoft staff, [forum](https://forums.hololens.com/) readers et al) to the issue, go to **Feedback** > **My Feedback**, select the issue, select **Share**. This action provides a shortened URL that you can give to others so that they can upvote or escalate your issue.
+1. In **Summarize your feedback**, enter a short summary of your feedback. Then add details in the **Explain in more detail** box. The more details that you provide, such as how to reproduce this problem and the effect that it has, the more useful your feedback is. When you're finished, select **Next**.
 
-## Feedback for HoloLens
+1. Select a topic from **Choose a category**, and then select a subcategory from **Select a subcategory**. The following table describes the categories that are available in the Windows Holographic category.
 
-1. Use the **bloom** gesture to open the **Start** menu, and then select **Feedback Hub**.
+   > [!NOTE]  
+   > **Commercial customers**: To report a bug that is related to MDM, provisioning, or any other device management aspect, select the **Enterprise Management** category, and the **Device** subcategory.
 
-   ![Start menu on Microsoft HoloLens](images/startmenu.jpg)
+   |Category |Description |
-1. Place the app in your environment and then select the app to launch it.
+   | --- | --- |
-1. To see if someone else has given similar feedback, in the Feedback search box, enter a few keywords about the topic.
+   |Eye tracking |Feedback about eye tracking, iris sign-in, or calibration. |
+   |Hologram accuracy, stability, and reliability |Feedback about how holograms appear in space. |
+   |Launching, placing, adjusting, and exiting apps |Feedback about starting or stopping 2D or 3D apps. |
+   |Miracast |Feedback about Miracast. |
+   |Spaces and persistence |Feedback about how HoloLens recognizes spaces and retains holograms in space. |
+   |Start menu and all apps list |Feedback about the **Start** menu and the all apps list. |
+   |Surface mapping |Feedback about surface mapping. |
+   |Taking pictures and videos |Feedback about mixed reality captures. |
+   |Video hologram playback |Feedback about video hologram playback. |
+   |All other issues |All other issues. |
 
-   ![Search Feedback](images/searchfeedback-500px.jpg)
+1. You may be prompted to search for similar feedback. If your problem resembles feedback from other users, select that feedback. Otherwise, select **New feedback** and then select **Next**.
-1. If you find similar feedback, select it, add any details, then select **Upvote**.
 
-   ![Upvote existing Feedback](images/upvotefeedback-500px.jpg)
+1. If you are prompted, select the best description of the problem.
-1. If you don’t find any similar feedback, select **Add new feedback**, select a topic from **Select a category**, and then select a subcategory from **Select a subcategory**.
 
-   ![Add new Feedback](images/addnewfeedback-500px.jpg)
+1. Attach any relevant data to your feedback, or reproduce the problem. You can select any of the following options:
-1. Enter your feedback.
+
-1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **I’m done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
+   - **Attach a screenshot**. Select this option to attach a screenshot that illustrates the situation that you're describing.
-1. Select **Post feedback**, and you’re done.
+   - **Attach a file**. Select this option to attach data files. If you have files that are relevant to your problem or that could help us to reproduce your problem, attach them.
+   - **Recreate my problem**. Select this option if you can reproduce the problem yourself. After you select **Recreate my problem**, follow these steps:  
+
+     1. Select **Include data about** and make sure that the most relevant types of data are listed. In most cases, the default selections are based on the category and subcategory that you selected for your feedback.  
+     1. Select **Start Recording**.
+
+     1. Reproduce your problem. Don’t worry if this means that you have to enter an immersive app. You will return to the feedback page when you're done.
+     1. Select **Stop recording**. After recording stops, you can see the data that is attached to your feedback for the engineering team.
+
+1. Make sure that you have an active internet connection so that we can receive your feedback. Select **Submit**, and you’re done.

devices/hololens/hololens2-autopilot.md

@@ -71,7 +71,7 @@ Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows
 Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
 
 - The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune.
-- Every device can connect to the internet. You can use a wired or wireless connection.
+- Every device can connect to the internet. You can "USB C to Ethernet" adapters for wired internet connectivity or "USB C to Wifi" adapters for wireless internet connectivity. 
 - Every device can connect to a computer by using a USB-C cable, and that computer has the following available:
   - Advanced Recovery Companion (ARC)
   - The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version)

devices/surface-hub/surface-hub-update-history.md

@@ -37,7 +37,7 @@ This update is specific to the Surface Hub 2S and provides the driver and firmwa
   * Improves system stability.
 * Surface System driver - 1.7.139.0
   * Improves system stability.
-* Surface SMC Firmware update - 1.173.139.0
+* Surface SMC Firmware update - 1.176.139.0
   * Improves system stability.
 </details>
 

devices/surface/TOC.md

@@ -29,6 +29,7 @@
 
 ### [Deploy Surface devices](deploy.md)
 ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+### [Windows Virtual Desktop on Surface](windows-virtual-desktop-surface.md)
 ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
 ### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
 ### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)

devices/surface/get-started.yml

@@ -52,8 +52,8 @@ landingContent:
             url: microsoft-surface-deployment-accelerator.md
           - text: Autopilot and Surface devices
             url: windows-autopilot-and-surface-devices.md
-          - text: Deploying, managing, and servicing Surface Pro X
+          - text: Windows Virtual Desktop on Surface
-            url: surface-pro-arm-app-management.md
+            url: windows-virtual-desktop-surface.md
   
     # Card
   - title: Manage Surface devices

devices/surface/windows-virtual-desktop-surface.md

@@ -0,0 +1,158 @@
+---
+title: Windows Virtual Desktop on Surface
+description: This article explains how Surface devices deliver an ideal end node for Windows Virtual Desktop solutions, providing customers with flexible form factors, Windows 10 modern device security and manageability, and support for persistent, on-demand & just-in-time work scenarios. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.localizationpriority: medium
+ms.sitesec: library
+author: coveminer
+ms.author: greglin
+ms.topic: article
+ms.date: 5/20/2020
+ms.reviewer: rohenr
+manager: laurawi
+audience: itpro
+---
+
+# Windows Virtual Desktop on Surface
+
+## Introduction
+
+Windows Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device blurring the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. Representing another milestone in the evolution of computing, Windows Virtual Desktop on Surface <a href="#1"><sup>1</sup></a> combines Microsoft 365 - virtualized in the Azure cloud - with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 10 on Surface.  This fusion of premium form factor and Virtual Desktop Infrastructure in Azure provides exceptional customer value across user experiences, portability, security, business continuity, and modern management.
+
+### Windows Virtual Desktop
+
+Windows Virtual Desktop (WVD) is a comprehensive desktop and app virtualization service running in the Azure cloud. It’s the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. With WVD you can quickly deploy and scale Windows desktops and apps on Azure and get built-in security and compliance features.
+
+### Windows Virtual Desktop partner integrations
+
+For a list of approved partner providers and independent software vendors for Windows Virtual Desktop, see [Windows Virtual Desktop partner integrations](https://docs.microsoft.com/azure/virtual-desktop/partners). Some partners also provide Virtual Desktop as a Service (DaaS). DaaS frees you from having to maintain your own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users anywhere in the world enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand - when and where they’re needed.
+ 
+## Microsoft Surface Devices
+
+Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 10 Pro, Surface delivers connected hardware, software, apps, and services the way they were intended. Although it’s possible to run WVD from Windows devices dating back to Windows 7, Microsoft Surface devices provide unique advantages including support for:
+
+- **Flexible form factors** - like 2-in-1 devices such as Surface Go 2, Surface Pro 7 and Surface Pro X with pen, touch and detachable keyboard.
+- **Persistent, on-demand and just-in-time work scenarios** - with offline and on-device access for more productive experiences.
+- **Windows 10 modern device security and manageability** - providing the flexibility to be productive anywhere.
+
+## Flexible form factors and premium user experience
+
+The Microsoft Surface for Business family comprises a diverse portfolio of form factors including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need in order to work on their terms.
+
+### The modern virtual desktop endpoint
+
+Surface 2-in-1 devices, including [Surface Go 2](https://www.microsoft.com/p/surface-go-2) (10.5”), [Surface Pro 7](https://www.microsoft.com/surface/devices/surface-pro-7/) (12”) and [Surface Pro X](https://www.microsoft.com/p/surface-pro-x/) (13”), provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and all-day battery. From site engineers relying on Surface Go 2 in tablet mode to financial advisors attaching Surface Pro 7 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace.
+
+ Unlike traditional, fixed VDI “terminals”, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events. Features designed to enhance productivity on Surface 2-in-1 devices include:
+
+- Vibrant, high resolution displays with 3:2 aspect ratio to get work done.
+- Natural inking and multi-touch for more immersive experiences.
+- With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done.
+- Far-field mics and high-performance speakers for improved virtual meetings.
+- Biometric security including built-in, Windows Hello camera that comes standard on every Surface device.
+- Long battery life <a href="#2"><sup>2</sup></a> and fast charging.
+- LTE options <a href="#3"><sup>3</sup></a> on modern devices like Surface Pro X and Surface Go 2 for hassle-free and secure connectivity.
+- Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories.
+- Broad range of Device Redirection support.
+
+### Device Redirection Support
+
+The Surface-centric productivity experiences listed above become even more compelling in Windows Virtual Desktop environments by taking advantage of device redirection capabilities with Windows 10. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and Web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most device redirection capabilities including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of device redirection support refer to the [device redirection documentation](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support).
+
+### Familiar Desktop Experience
+
+Not only does running the Windows Desktop Client on Surface devices provide users with a broad set of device redirection capabilities, it lets everyone launch apps in familiar ways — directly from the Start Menu or Search bar.
+
+### Persistent, on-demand and just-in-time work scenarios
+
+Windows Virtual Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include:
+
+- Multi-layered security of access to data and organizational resources.
+- Compliance with industry regulations.
+- Support for an increasingly elastic workforce.
+- Employee-specific needs across a variety of job functions.
+- Ability to support specialized, processor-intensive workloads.
+- Resilience for sustaining operations during disruptions.
+
+### Table 1. Windows Virtual Desktop business conversations
+
+| Security & regulation                                | Elastic workforce                                                            | Work Roles                                                        | Special workloads                                                            | Business continuity                                  |
+| ---------------------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- |
+| - Financial Services<br>- Healthcare<br>- Government | - Merger & acquisition<br>- Short term employees<br>- Contractors & partners | - BYOD & mobile<br>- Customer support/service<br>- Branch workers | - Design & engineering<br>- Support for legacy apps<br>- Software dev & test | - On demand<br>- Just-in-Time (JIT)<br>- Work @ Home |
+
+### Offline and on-device access for more productive experiences
+
+Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable for any reason (due to mobility, being on a plane, or power outages, and so on)?
+ 
+To support business continuity and keep employees productive, Surface devices can easily augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across .x86, x64, Universal Windows Platform, ARM platforms, enable users to stay productive in “offline mode”. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access as well. You can have the confidence that all locally “cached” information is up-to-date and secure.
+
+In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams “On-Device”. Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices’ ability to provide optimized Microsoft 365 experiences. The emergence of Surface artificial intelligence (AI) or “AI-on-device” brings new capabilities to life, such as eye gaze technology that adjusts the appearance of your eyes so the audience sees you looking directly at the camera when communicating via video.
+ 
+An alternative to locally installing traditional applications is to take advantage of the latest version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps by additional features, such as push notifications, background data refresh, offline support, and more.
+
+### Virtual GPUs
+
+GPUs are ideal for AI compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics.  However, this isn’t ideal for professionals who need to work remotely or while on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility.
+ 
+To solve for this Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines, or power demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface this means that no matter what device you’re using, from the highly portable Surface Go 2 to the slim and stylish Surface Laptop 3, your device has access to powerful server-class graphics performance.  Surface and vGPUs allow you to combine all the things you love about Surface, to include pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high performance computing environments. 
+ 
+Azure N-series brings these capabilities to life on your Surface device allowing you to work in any way you want, wherever you go.  [Learn more about Azure N-Series and GPU optimized virtual machine sizes.](https://docs.microsoft.com/azure/virtual-machines/sizes-gpu)
+
+## Microsoft 365 and Surface
+
+Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research: <a href="#4"><sup>4</sup></a>
+
+- Microsoft 365-powered Surface devices give users up to 5 hours in weekly productivity gains with up to 9 hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface
+- 75 percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention
+- agree that Microsoft 365- powered Surface devices have helped improve employee satisfaction and retention.
+
+### Security and management
+
+From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date.
+With both Surface hardware and software designed, built, and tested by Microsoft, users can be confident they’re productive and protected by leading technologies from chip to cloud.  With increased numbers of users working remotely, protecting corporate data and intellectual property becomes more paramount than ever. Windows Virtual Desktop on Surface is designed around a zero-trust security model in which every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access.
+ 
+By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location.
+ 
+Security and management features delivered with Windows Virtual Desktop on Surface include:
+
+- **Windows Update.** Keeping Windows up to date helps you stay ahead of new security threats. Windows 10 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI <a href="#5"><sup>5</sup></a> and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified.
+
+- **Hardware encryption.** Device encryption lets you protect the data on your Surface so it can only be accessed by authorized individuals. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity.
+- **Windows Defender.** Windows Defender Antivirus brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices.  The tool is built in and needs no extra agents to be deployed on-devices or in the VDI environment, simplifying management and optimizing device start up. Windows Defender is built in and needs no extra agents to be deployed on-device or in the VDI environment, simplifying management and optimizing device start up. The true out-of-the-box experience.
+- **Removable drives** - A subset of newer Surface devices feature removable SSD drives <a href="#6"><sup>6</sup></a> providing greater control over data retention.
+- **Modern authentication -** Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business providing biometric security that persists seamlessly from on-device to VDI-based experiences.
+- **Modern firmware management** -Using Device Firmware Configuration Interface (DFCI),<a href="#7"><sup>7</sup></a> IT administrators can remotely disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth which removes power to the peripheral. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them.
+- **Backward and forward compatibility** - Windows 10 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life.
+- **Bridge for legacy Windows 7 workloads** - For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates.  In addition to these “future proofing” benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 10 hardware is already deployed.
+- **Zero-Touch Deployment** - Autopilot is the recommended modern management deployment option for Surface devices. Windows Autopilot on Surface is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a hardware hash. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
+
+### Surface devices: Minimizing environmental impacts
+
+Surface performs life cycle assessments to calculate the environmental impact of devices across key stages of product life cycle enabling Microsoft to minimize these impacts. Each Surface product has an ECO profile that includes details on greenhouse gas emissions, primary energy consumption and material composition data, packaging, recycling, and related criteria. To download profiles for each Surface device, see [ECO Profiles](https://www.microsoft.com/download/details.aspx?id=55974) on the Microsoft Download Center.
+
+## Summary
+
+Windows Virtual Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running Windows Virtual Desktop solutions on Surface devices provides unique advantages over continued reliance on legacy devices.  Flexible form factors like Surface Go 2 and Surface Pro 7 connected to the cloud (or offline), enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Windows Virtual Desktop on Surface affords businesses with the versatility to sustain productivity throughout disruptions from public health emergencies or other unforeseen events. Using the built in, multi-layered security and modern manageability of Windows 10, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Windows Virtual Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes.
+
+## Learn more
+
+For more information, see the following resources:
+
+- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/)
+- [Surface for Business](https://www.microsoft.com/surface/business)
+- [Modernize your workforce with Microsoft Surface](https://boards.microsoft.com/public/prism/103849?token=754435c36d)
+- [A guide to Surface Technical Content and Solutions](https://boards.microsoft.com/public/prism/104362/category/90968?token=09e688ec4a)
+- [Microsoft zero-trust security](https://www.microsoft.com/security/business/zero-trust)
+
+
+----------
+
+<a id="1">1.</a> Windows Virtual Desktop on Surface refers to running Azure Virtual Desktop Infrastructure on a Surface device and is described here as an architectural solution, not a separately available product.<br>
+<a id="2">2.</a> Battery life varies significantly with settings, usage and other factors.<br>
+<a id="3">3.</a> Service availability and performance subject to service provider’s network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.<br>
+<a id="4">4.</a> Forrester Consulting, “A Forrester Total Economic Impact™ Study: Maximizing Your ROI from Microsoft 365 Enterprise with Microsoft Surface,” commissioned by Microsoft, 2018.<br>
+<a id="5">5.</a> Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. Find out more about managing Surface UEFI settings.<br>
+<a id="6">6.</a> Removable SSD is available on Surface Laptop 3 and Surface Pro X. Note that hard drive is not user removable. Hard drive is only removable a by skilled technician following Microsoft instructions.<br>
+<a id="7">7.</a>  DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. [Find out more](https://docs.microsoft.com/surface/manage-surface-uefi-settings) about managing Surface UEFI settings.
+

mdop/mbam-v1/evaluating-mbam-10.md

@@ -55,21 +55,21 @@ Even when you set up a non-production instance of MBAM to evaluate in a lab envi
 <td align="left"><p></p>
 <p>Prepare your computing environment for the MBAM installation. To do so, you must enable the Transparent Data Encryption (TDE) on the SQL Server instances that will host MBAM databases. To enable TDE in your lab environment, you can create a .sql file to run against the master database that is hosted on the instance of the SQL Server that MBAM will use.</p>
 <div class="alert">
-<strong>Note</strong><br/><p>You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of <em>C:\Backup&lt;/em&gt;. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.</p>
+<strong>Note</strong><br/><p>You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of <em>C:\Backup</em>. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.</p>
 </div>
 <div>
 
 </div>
 <pre class="syntax" space="preserve"><code>USE master;
 GO
-CREATE MASTER KEY ENCRYPTION BY PASSWORD = &amp;amp;#39;P@55w0rd&#39;;
+CREATE MASTER KEY ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;;
 GO
 CREATE CERTIFICATE tdeCert WITH SUBJECT = &#39;TDE Certificate&#39;;
 GO
 BACKUP CERTIFICATE tdeCert TO FILE = &#39;C:\Backup\TDECertificate.cer&#39;
    WITH PRIVATE KEY (
          FILE = &#39;C:\Backup\TDECertificateKey.pvk&#39;,
-         ENCRYPTION BY PASSWORD = &amp;amp;#39;P@55w0rd&#39;);
+         ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;);
 GO</code></pre></td>
 <td align="left"><p><a href="mbam-10-deployment-prerequisites.md" data-raw-source="[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)">MBAM 1.0 Deployment Prerequisites</a></p>
 <p><a href="https://go.microsoft.com/fwlink/?LinkId=269703" data-raw-source="[Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703)">Database Encryption in SQL Server 2008 Enterprise Edition</a></p></td>

windows/client-management/mdm/get-seat.md

@@ -1,6 +1,6 @@
 ---
 title: Get seat
-description: The Get seat operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business.
+description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
 ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6
 ms.reviewer: 
 manager: dansimp
@@ -14,7 +14,7 @@ ms.date: 09/18/2017
 
 # Get seat
 
-The **Get seat** operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business.
+The **Get seat** operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
 
 ## Request
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -710,6 +710,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li>
 <li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
 <li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
+<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</li>
 <li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
 <li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
 <li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -2390,6 +2390,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam" id="localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm">LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</a>
+  </dd>
   <dd>
     <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
   </dd>

windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md

@@ -102,6 +102,9 @@ manager: dansimp
   <dd>
     <a href="#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
   </dd>
+  <dd>
+    <a href="#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm">LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</a>
+  </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
   </dd>
@@ -2169,6 +2172,73 @@ GP Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Network security: Allow Local System to use computer identity for NTLM.
+
+When services connect to devices that are running versions of the Windows operating system earlier than Windows Vista or Windows Server 2008, services that run as Local System and use SPNEGO (Negotiate) that revert to NTLM will authenticate anonymously. In Windows Server 2008 R2 and Windows 7 and later, if a service connects to a computer running Windows Server 2008 or Windows Vista, the system service uses the computer identity.
+
+When a service connects with the device identity, signing and encryption are supported to provide data protection. (When a service connects anonymously, a system-generated session key is created, which provides no protection, but it allows applications to sign and encrypt data without errors. Anonymous authentication uses a NULL session, which is a session with a server in which no user authentication is performed; and therefore, anonymous access is allowed.)
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP English name: *Network security: Allow Local System to use computer identity for NTLM*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+Valid values:  
+- 0 - Disabled
+- 1 - Enabled (Allow Local System to use computer identity for NTLM.)
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
 

windows/configuration/TOC.md

@@ -1,21 +1,27 @@
 # [Configure Windows 10](index.md)
 ## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md)
 ## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md)
-## [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md)
+## [Configure Cortana in Windows 10](cortana-at-work/cortana-at-work-overview.md)
-### [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md)
+## [Set up and test Cortana in Windows 10, version 2004 and later](cortana-at-work/set-up-and-test-cortana-in-windows-10)
-#### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work/cortana-at-work-scenario-1.md)
+## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md)
-#### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/cortana-at-work-scenario-2.md)
+### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/cortana-at-work-scenario-1.md)
-#### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/cortana-at-work-scenario-3.md)
+### [Test scenario 2 - Perform a Bing search with Cortana](cortana-at-work/cortana-at-work-scenario-2.md)
-#### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/cortana-at-work-scenario-4.md)
+### [Test scenario 3 - Set a reminder](cortana-at-work/cortana-at-work-scenario-3.md)
-#### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/cortana-at-work-scenario-5.md)
+### [Test scenario 4 - Use Cortana to find free time on your calendar](cortana-at-work/cortana-at-work-scenario-4.md)
-#### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/cortana-at-work-scenario-6.md)
+### [Test scenario 5 - Find out about a person](cortana-at-work/cortana-at-work-scenario-5.md)
-#### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7.md)
+### [Test scenario 6 - Change your language and perform a quick search with Cortana](cortana-at-work/cortana-at-work-scenario-6.md)
-### [Set up and test Cortana with Office 365 in your organization](cortana-at-work/cortana-at-work-o365.md)
+## [Send feedback about Cortana back to Microsoft](cortana-at-work/cortana-at-work-feedback.md)
-### [Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization](cortana-at-work/cortana-at-work-crm.md)
+## [Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization](cortana-at-work/cortana-at-work-o365.md)
-### [Set up and test Cortana for Power BI in your organization](cortana-at-work/cortana-at-work-powerbi.md)
+## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md)
-### [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md)
+### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/test-scenario-1)
-### [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md)
+### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/test-scenario-2)
-### [Send feedback about Cortana at work back to Microsoft](cortana-at-work/cortana-at-work-feedback.md)
+### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/test-scenario-3)
+### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/test-scenario-4)
+### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/test-scenario-5)
+### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/test-scenario-6)
+### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7)
+## [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md)
+## [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md)
 ## [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
 ## [Configure kiosks and digital signs on Windows desktop editions](kiosk-methods.md)
 ### [Prepare a device for kiosk configuration](kiosk-prepare.md)

windows/configuration/cortana-at-work/cortana-at-work-crm.md

@@ -13,10 +13,6 @@ manager: dansimp
 ---
 
 # Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization
-**Applies to:**
-
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
 
 Cortana integration is a Preview feature that's available for your test or dev environment, starting with the CRM Online 2016 Update. If you decide to use this Preview feature, you'll need to turn in on and accept the license terms. After that, your salespeople will get proactive insights from Cortana on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant info at any given time. This can even include getting company-specific news that surfaces when the person is meeting with a representative from another company.
 

windows/configuration/cortana-at-work/cortana-at-work-feedback.md

@@ -1,5 +1,5 @@
 ---
-title: Send feedback about Cortana at work back to Microsoft (Windows 10)
+title: Send feedback about Cortana at work back to Microsoft
 description: How to send feedback to Microsoft about Cortana at work.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -12,15 +12,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Send feedback about Cortana at work back to Microsoft
+# Send feedback about Cortana back to Microsoft
-**Applies to:**
 
--   Windows 10, version 1703
+To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. This opens the Feedback Hub application where you can provide more information to help diagnose reported issues.
--   Windows 10 Mobile, version 1703
 
-We ask that you report bugs and issues. To provide feedback, you can click the **Feedback** icon in the Cortana window. When you send this form to Microsoft it also includes troubleshooting info, in case you run into problems.
+:::image type="content" source="../screenshot1.png" alt-text="Screenshot: Send feedback page":::
 
-![Cortana at work, showing how to provide feedback to Microsoft](../images/cortana-feedback.png)
+To provide feedback about the application in general, go to the **Settings** menu by selecting the three dots in the top left of the application, and select **Feedback**. This opens the Feedback Hub where more information on the issue can be provided.
 
-If you don't want to use the feedback tool in Cortana, you can add feedback through the general Windows Insider Program feedback app. For info about the feedback app, see [How to use Windows Insider Preview – Updates and feedback](https://windows.microsoft.com/en-us/windows/preview-updates-feedback-pc).
+:::image type="content" source="../screenshot12.png" alt-text="Screenshot: Select Feedback to go to the Feedback Hub":::
 
+In order for enterprise users to provide feedback, admins must unblock the Feedback Hub in the [Azure portal](https://portal.azure.com/). Go to the **Enterprise applications section** and enable **Users can allow apps to access their data**.

windows/configuration/cortana-at-work/cortana-at-work-o365.md

@@ -1,5 +1,5 @@
 ---
-title: Set up and test Cortana with Office 365 in your organization (Windows 10)
+title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
 description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -12,63 +12,45 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Set up and test Cortana with Office 365 in your organization
+# Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-**Applies to:**
 
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
 
-Cortana in Windows 10 is already great at letting your employees quickly see what the day is going to look like, do meeting prep work like researching people in LinkedIn or getting documents ready, see where and when their meetings are going to be, get a sense of travel times to and from work, and even get updates from a calendar for upcoming trips.
+## What can you do with in Windows 10, versions 1909 and earlier?
+Your employees can use Cortana to help manage their day and be more productive by getting quick answers to common questions, setting reminders, adding tasks to their To-Do lists, and find out where their next meeting is.
 
-But Cortana works even harder when she connects to Office 365, helping employees to be notified about unusual events, such as meetings over lunch or during a typical commute time, and about early meetings, even setting an alarm so the employee isn’t late.
+**See also:**
 
-![Cortana at work, showing the day's schedule pulled from Office 365](../images/cortana-o365-screen.png)
+[Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10).
 
-We’re continuing to add more and more capabilities to Cortana so she can become even more helpful with your productivity-related tasks, such as emailing, scheduling, and other tasks that are important to help you be successful.
+### Before you begin
+There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier.
 
->[!NOTE]
+- **Azure Active Directory (Azure AD) account.** Before your employees can use Cortana in your org, they must be logged in using their Azure AD account through Cortana's notebook. They must also authorize Cortana to access Microsoft 365 on their behalf.
->For a quick review of the frequently asked questions about Cortana and Office 365 integration, see the blog post, [An early look at Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717379).
 
-## Before you begin
+- **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn't a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
-There are a few things to be aware of before you start using Cortana with Office 365 in your organization.
 
-- **Software requirements.** O365 integration with Cortana is available in all countries/regions where Cortana is supported for consumers today. This includes the United States, United Kingdom, Canada, France, Italy, Germany, Spain, China, Japan, India, and Australia. As Cortana comes to more countries, it will also become available to organizations.
+- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Configuration Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.
-
-- **Azure Active Directory (Azure AD) account.** Before your employees can use Cortana in your org, they must be logged in using their Azure AD account through Cortana’s notebook. They must also authorize Cortana to access Office 365 on their behalf.
-
-- **Office 365 Trust Center.** Cortana isn't a service covered by the Office 365 Trust Center. [Learn more about how Cortana treats your data](https://go.microsoft.com/fwlink/p/?LinkId=536419).
 
 - **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](https://go.microsoft.com/fwlink/p/?LinkId=620763).
 
-## Turn on Cortana with Office 365 on employees’ devices
+### Turn on Cortana enterprise services on employees devices
-You must tell your employees to turn on Cortana before they’ll be able to use it with Office 365.
+Your employees must connect Cortana to their Microsoft 365 account to be able to use skills like email and calendar.
 
-**To turn on local Cortana with Office 365**
+#### Turn on Cortana enterprise services
 
-1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
+1. Select the **Cortana** search box in the taskbar, and then select the **Notebook** icon.
 
-2. Click on **Connected Services**, click **Office 365**, and then click **Connect**.
+2. Select **Manage Skills** , select **Manage accounts** , and under **Microsoft 365** select **Link**. The employee will be directed to sign into their Microsoft 365 account.
-
-    ![Cotana at work, showing how to turn on the connected services for Office 365](../images/cortana-connect-o365.png)
-
-    The employee can also disconnect by clicking **Disconnect** from the **Office 365** screen.
-
-## Turn off Cortana with Office 365
-Cortana can only access data in your Office 365 org when it’s turned on. If you don’t want Cortana to access your corporate data, you can turn it off in the Microsoft 365 admin center.
-
-**To turn off Cortana with Office 365**
-1. [Sign in to Office 365](https://www.office.com/signin) using your Azure AD account.
-
-2. Go to the [admin center](https://support.office.com/article/Office-365-admin-center-58537702-d421-4d02-8141-e128e3703547).
-
-3. Expand **Service Settings**, and select **Cortana**.
-
-4. Click **Cortana** to toggle Cortana off.
-
-    All Office 365 functionality related to Cortana is turned off in your organization and your employees are unable to use her at work.
 
+3. The employee can also disconnect by selecting **Microsoft 365**, then **Unlink**.
 
+#### Turn off Cortana enterprise services
+Cortana in Windows 10, versions 1909 and earlier can only access data in your Microsoft 365 organization when it's turned on. If you don't want Cortana to access your corporate data, you can turn it off in the Microsoft 365 admin center.
 
+1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com/) using your admin account.
 
+2. Select the app launcher icon in the upper-left and choose  **Admin**.
 
+3. Expand **Settings** and select **Settings**.
 
+4. Select **Cortana** to toggle Cortana's access to Microsoft 365 data off.

windows/configuration/cortana-at-work/cortana-at-work-overview.md

@@ -1,5 +1,5 @@
 ---
-title: Cortana integration in your business or enterprise (Windows 10)
+title: Configure Cortana in Windows 10
 ms.reviewer: 
 manager: dansimp
 description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
@@ -11,53 +11,78 @@ ms.localizationpriority: medium
 ms.author: dansimp
 ---
 
-# Cortana integration in your business or enterprise
+# Configure Cortana in Windows 10
-**Applies to:**
-
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
 
 ## Who is Cortana?
-Cortana is Microsoft’s personal digital assistant, who helps busy people get things done, even while at work.
-Cortana has powerful configuration options, specifically optimized for your business. By signing in with an Azure Active Directory (Azure AD) account, your employees can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.
 
-Using Azure AD also means that you can remove an employee’s profile (for example, when an employee leaves your organization) while respecting Windows Information Protection (WIP) policies and ignoring enterprise content, such as emails, calendar items, and people lists that are marked as enterprise data.
+Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
 
-![Cortana at work, showing the About me screen](../images/cortana-about-me.png)
+:::image type="content" source="../screenshot1.png" alt-text="Screenshot: Cortana home page example":::
 
 ## Where is Cortana available for use in my organization?
-You can use Cortana at work in all countries/regions where Cortana is supported for consumers. This includes the United States, United Kingdom, Canada, France, Italy, Germany, Spain, China, Japan, India, and Australia. As Cortana comes to more countries, she will also become available to enterprise customers.
 
-Cortana is available on Windows 10, version 1703 and with limited functionality on Windows 10 Mobile, version 1703.
+Your employees can use Cortana in the languages listed [here](https://support.microsoft.com/help/4026948/cortanas-regions-and-languages). However, most productivity skills are currently only enabled for English (United States), for users with mailboxes in the United States.
+
+The Cortana app in Windows 10, version 2004 requires the latest Microsoft Store update to support languages other than English (United States).
 
 ## Required hardware and software
-Cortana requires the following hardware and software to successfully run the included scenario in your organization.
 
-|Hardware |Description |
+Cortana requires a PC running Windows 10, version 1703 or later, as well as the following software to successfully run the included scenario in your organization.
-|---------|------------|
-|Microphone |For speech interaction with Cortana. If you don't have a microphone, you can still interact with Cortana by typing in the Cortana Search Box in the taskbar. |
-|Windows Phone |For location-specific reminders. You can also use a desktop device to run through this scenario, but location accuracy is usually better on phones. |
-|Desktop devices |For non-phone-related scenarios. |
 
+>[!NOTE]
+>A microphone isn't required to use Cortana.
 
-|Software |Minimum version |
+|**Software**  |**Minimum version**  |
-|---------|------------|
+|---------|---------|
-|Client operating system |<ul><li>**Desktop:** Windows 10, version 1703</li><li>**Mobile:** Windows 10 Mobile, version 1703 (with limited functionality)</li> |
+|Client operating system     |     Desktop: <br> - Windows 10, version 2004 (recommended)  <br> <br> - Windows 10, version 1703 (legacy version of Cortana) <br> <br> Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana) <br> <br> For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see **How is my data processed by Cortana** below. |
-|Azure Active Directory (Azure AD) |While all employees signing into Cortana need an Azure AD account; an Azure AD premium tenant isn’t required. |
+|Azure Active Directory (Azure AD)    | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn’t required.        |
-|Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana, but won't turn Cortana off.<p>For example:<p>If you turn **Location** off, Cortana won't be able to provide location-based reminders, such as reminding you to visit the mail room when you get to work.<p>If you turn **Speech** off, your employees won't be able to use “Hello Cortana” for hands free usage or voice commands to easily ask for help. |
+|Additional policies (Group Policy and Mobile Device Management (MDM))     |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word (“Cortana”) for hands-free activation or voice commands to easily ask for help.  |
-|Windows Information Protection (WIP) (optional) |If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)<p>If you decide to use WIP, you must also have a management solution. This can be Microsoft Intune, Microsoft Endpoint Configuration Manager (version 1606 or later), or your current company-wide 3rd party mobile device management (MDM) solution.|
 
 ## Signing in using Azure AD
-Your organization must have an Azure AD tenant and your employees’ devices must all be Azure AD-joined for Cortana to work properly. For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [What is an Azure AD directory?](https://msdn.microsoft.com/library/azure/jj573650.aspx)
 
-## Cortana and privacy
+Your organization must have an Azure AD tenant and your employees&#39; devices must all be Azure AD-joined for the best Cortana experience. (Users may also sign into Cortana with a Microsoft account, but will not be able to use their enterprise email or calendar.) For info about what an Azure AD tenant is, how to get your devices joined, and other Azure AD maintenance info, see [Azure Active Directory documentation.](https://docs.microsoft.com/azure/active-directory/)
-We understand that there are some questions about Cortana and your organization’s privacy, including concerns about what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services. For more details about these concerns, see the [Cortana, Search, and privacy: FAQ](https://windows.microsoft.com/windows-10/cortana-privacy-faq) topic.
+
+## How is my data processed by Cortana?
+
+Cortana's approach to integration with Microsoft 365 has changed with Windows 10, version 2004 and later.
+
+### Cortana in Windows 10, version 2004 and later
+
+Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](https://docs.microsoft.com/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365).
+
+#### How does Microsoft store, retain, process, and use Customer Data in Cortana?
+
+The table below describes the data handling for Cortana enterprise services.
+
+
+|**Name**  |**Description**  |
+|---------|---------|
+|**Storage**     |Customer Data is stored on Microsoft servers inside the Office 365 cloud. Your data is part of your tenant. Speech audio is not retained.         |
+|**Stays in Geo**     |Customer Data is stored on Microsoft servers inside the Office 365 cloud in Geo. Your data is part of your tenant.         |
+|**Retention**     |Customer Data is deleted when the account is closed by the tenant administrator or when a GDPR Data Subject Rights deletion request is made. Speech audio is not retained.         |
+|**Processing and confidentiality**     |Personnel engaged in the processing of Customer Data and personal data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends.         |
+|**Usage**     |Microsoft uses Customer Data only to provide the services agreed upon, and for purposes that are compatible with those services. Machine learning to develop and improve models is one of those purposes. Machine learning is done inside the Office 365 cloud consistent with the Online Services Terms. Your data is not used to target advertising.  |
+
+#### How does the wake word (Cortana) work? If I enable it, is Cortana always listening?
+
+Cortana only begins listening for commands or queries when the wake word is detected, or the microphone button has been selected.
+
+First, the user must enable the wake word from within Cortana settings. Once it has been enabled, a component of Windows called the [Windows Multiple Voice Assistant platform](https://docs.microsoft.com/windows-hardware/drivers/audio/voice-activation-mva#voice-activation) will start listening for the wake word. No audio is processed by speech recognition unless two local wake word detectors and a server-side one agree with high confidence that the wake word was heard.
+
+The first decision is made by the Windows Multiple Voice Assistant platform leveraging hardware optionally included in the user&#39;s PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening.
+
+:::image type="content" source="../screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening":::
+
+At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service does not confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user&#39;s PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded.
+
+If all three wake word detectors agree, the Cortana canvas will show what speech has been recognized.
+
+### Cortana in Windows 10, versions 1909 and earlier
+
+Cortana in Windows 10, versions 1909 and earlier, isn't a service covered by the Office 365 Trust Center. [Learn more about how Cortana in Windows 10, version 1909 and earlier, treats your data](https://go.microsoft.com/fwlink/p/?LinkId=536419).
 
 Cortana is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
 
 ## See also
+
 - [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818)
-
-- [Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10)
-
-- [Cortana for developers](https://go.microsoft.com/fwlink/?LinkId=717385)

windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md

@@ -13,34 +13,40 @@ manager: dansimp
 ---
 
 # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
-**Applies to:**
-
--   Windows 10
--   Windows 10 Mobile
 
 >[!NOTE]
->For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=717381).
+>For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) topic, located in the configuration service provider reference topics.
-
-|Group policy |MDM policy |Description |
-|-------------|-----------|------------|
-|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock|AboveLock/AllowCortanaAboveLock|Specifies whether an employee can interact with Cortana using voice commands when the system is locked.<p>**Note**<br>This setting only applies to Windows 10 for desktop devices. |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services|Privacy/AllowInputPersonalization|Specifies whether an employee can use voice commands with Cortana in your organization.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
-|None|System/AllowLocation|Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled).|
-|None|Accounts/AllowMicrosoftAccountConnection|Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization.|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location|Search/AllowSearchToUseLocation|Specifies whether Cortana can use your current location during searches and for location reminders.|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search|Search/SafeSearchPermissions|Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results. |
-|User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box|None|Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference.|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results|None|Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**In Windows 10 Pro edition**<br>This setting can’t be managed.<p>**In Windows 10 Enterprise edition**<br>Cortana won't work if this setting is turned off (disabled).|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana|Experience/AllowCortana|Specifies whether employees can use Cortana.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). However, employees can still perform local searches even with Cortana turned off.|
-
-
-
-
-
-
-
-
-
-
 
 
+|**Group policy**  |**MDM policy**  |**Description**  |
+|---------|---------|---------|
+|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana     |Experience/AllowCortana         |Specifies whether employees can use Cortana. <br>
+> [!IMPORTANT]
+> Cortana won’t work if this setting is turned off (disabled). However, on Windows 10, version 1809 and below, employees can still perform local searches even with Cortana turned off.         |
+|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock     |AboveLock/AllowCortanaAboveLock         |Specifies whether an employee can interact with Cortana using voice commands when the system is locked. <br>
+> [!NOTE]
+> Cortana in Windows 10, versions 2004 and later do not currently support Above Lock.         |
+|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice     |[Privacy/LetAppsActivateWithVoice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice)         |Specifies whether apps (such as Cortana or other voice assistants) can activate using a wake word (e.g. “Hey Cortana”). <br>
+> [!NOTE]
+> This setting only applies to Windows 10 versions 2004 and later. To disable wake word activation on Windows 10 versions 1909 and earlier, you will need to disable voice commands using Privacy/AllowInputPersonalization.        |
+|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone     |[Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps)         |  Use this to disable Cortana’s access to the microphone. To do so, specify Cortana’s Package Family Name: Microsoft.549981C3F5F10_8wekyb3d8bbwe <br>
+Users will still be able to type queries to Cortana.      |
+|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services     |Privacy/AllowInputPersonalization         |Specifies whether an employee can use voice commands with Cortana in your organization. <br>
+**In Windows 10, version 1511** <br> Cortana won’t work if this setting is turned off (disabled). <br> **In Windows 10, version 1607 and later** <br> Non-speech aspects of Cortana will still work if this setting is turned off (disabled). <br> **In Windows 10, version 2004 and later** <br> Cortana will work, but voice input will be disabled.       |
+|None     |System/AllowLocation         |Specifies whether to allow app access to the Location service. <br>
+**In Windows 10, version 1511** <br> Cortana won’t work if this setting is turned off (disabled). <br>
+**In Windows 10, version 1607 and later** <br>
+Cortana still works if this setting is turned off (disabled). <br>
+**In Windows 10, version 2004 and later** <br>
+Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later do not currently use the Location service.       |
+|None     |Accounts/AllowMicrosoftAccountConnection         |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps. <br>
+Disable this setting if you only want to allow users to sign in with their Azure AD account.         |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location     |Search/AllowSearchToUseLocation         |Specifies whether Cortana can use your current location during searches and for location reminders. <br>
+**In Windows 10, version 2004 and later** <br> Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, do not currently use the Location service.         |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results     |Search/DoNotUseWebResults         |Specifies whether search can perform queries on the web and if the web results are displayed in search. <br>
+**In Windows 10 Pro edition** <br> This setting can’t be managed.
+**In Windows 10 Enterprise edition** <br> Cortana won't work if this setting is turned off (disabled).
+**In Windows 10, version 2004 and later** <br> This setting no longer affects Cortana.         |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search     |Search/SafeSearchPermissions         |Specifies what level of safe search (filtering adult content) is required. <br>
+> [!NOTE]
+> This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results.        |

windows/configuration/cortana-at-work/cortana-at-work-powerbi.md

@@ -13,10 +13,6 @@ manager: dansimp
 ---
 
 # Set up and test Cortana for Power BI in your organization
-**Applies to:**
-
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
 
 >[!IMPORTANT]
 >Cortana for Power BI is deprecated and will not be available in future releases. This topic is provided as a reference for previous versions only.

windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md

@@ -12,49 +12,21 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook
+# Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
 
--   Windows 10, version 1703
+1. Select the **Cortana** icon in the task bar and sign in using your Azure AD account.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+2. Select the "…" menu and select **Talking to Cortana**.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
 
-This scenario turns on Azure AD and let's your employee use Cortana to manage an entry in the notebook.
+3. Toggle **Wake word** to **On** and close Cortana.
 
-## Turn on Azure AD
+4. Say **Cortana, what can you do?**.
-This process helps you to sign out of a Microsoft Account and to sign into an Azure AD account.
 
-1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, and then click **About Me**.
+When you say **Cortana**, Cortana will open in listening mode to acknowledge the wake word.
 
-2. Click your email address.
+:::image type="content" source="../screenshot4.png" alt-text="Screenshot: Cortana listening mode":::
 
-   A dialog box appears, showing the associated account info.
+Once you finish saying your query, Cortana will open with the result.
 
-3. Click your email address again, and then click **Sign out**.
+>[!NOTE]
-
+>If you've disabled the wake word using MDM or Group Policy, you will need to manually activate the microphone by selecting Cortana, then the mic button.
-   This signs out the Microsoft account, letting you continue to add and use the Azure AD account.
-
-4. Click the **Search** box and then the **Notebook** icon in the left rail. This will start the sign-in request.
-
-5. Click **Sign-In** and follow the instructions.
-
-6. When you’re asked to sign in, you’ll need to choose an Azure AD account, which will look like kelliecarlson@contoso.com.
-
-   >[!IMPORTANT]
-   >If there’s no Azure AD account listed, you’ll need to go to **Windows Settings > Accounts > Email & app accounts**, and then click **Add a work or school account** to add it.
-
-## Use Cortana to manage the notebook content
-This process helps you to manage the content Cortana shows in your Notebook.
-
-1. Click on the **Cortana** icon in the taskbar, click the **Notebook**, scroll down and click **Weather**.
-
-2. In the **Weather** settings, scroll down to the **Cities your tracking** area, and then click **Add a city**.
-
-3. Add *Redmond, Washington*, double-click the search result, click **Add**, and then click **Save**.
-
-    ![Cortana at work, showing the multiple Weather screens](../images/cortana-weather-multipanel.png)
- 
-4. Click on the **Home** icon and scroll to the weather forecast for Redmond, Washington.
-
-    ![Cortana at work, showing Redmond, WA weather](../images/cortana-redmond-weather.png)

windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md

@@ -12,32 +12,15 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 2 - Perform a quick search with Cortana at work
+# Test scenario 2 – Perform a Bing search with Cortana
 
--   Windows 10, version 1703
+1. Select the  **Cortana**  icon in the taskbar.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+2. Type **What time is it in Hyderabad?**.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
 
-This scenario helps you perform a quick search using Cortana, both by typing and through voice commands.
+Cortana will respond with the information from Bing.
 
-## Search using Cortana
+:::image type="content" source="../screenshot5.png" alt-text="Screenshot: Cortana showing current time in Hyderbad":::
-This process helps you use Cortana at work to perform a quick search.
 
-1. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+>[!NOTE]
-
+>This scenario requires Bing Answers to be enabled. To learn more, see [Set up and configure the Bing Answers feature](https://docs.microsoft.com/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10#set-up-and-configure-the-bing-answers-feature).
-2. Type *Weather in New York*.
-
-    You should see the weather in New York, New York at the top of the search results.
-
-    ![Cortana at work, showing the weather in New York, New York](../images/cortana-newyork-weather.png)    
- 
-## Search with Cortana, by using voice commands
-This process helps you to use Cortana at work and voice commands to perform a quick search.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
-
-2. Say *What's the weather in Chicago?* Cortana tells you and shows you the current weather in Chicago.
-
-    ![Cortana at work, showing the current weather in Chicago, IL](../images/cortana-chicago-weather.png)

windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md

@@ -12,77 +12,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 3 - Set a reminder for a specific location using Cortana at work
+# Test scenario 3 - Set a reminder
 
--   Windows 10, version 1703
+This scenario helps you set up, review, and edit a reminder. For example, you can remind yourself to send someone a link to a document after a meeting.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+1. Select the **Cortana** icon in the taskbar and type **Remind me to send a link to the deck at 3:05pm** and press **Enter**.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
 
-This scenario helps you set up, review, and edit a reminder based on a location. For example, reminding yourself to grab your expense report receipts before you leave the house.
+Cortana will create a reminder in Microsoft To Do and will remind you at the appropriate time.
 
->[!NOTE]
+:::image type="content" source="../screenshot6.png" alt-text="Screenshot: Cortana set a reminder":::
->You can set each reminder location individually as you create the reminders, or you can go into the **About me** screen and add both **Work** and **Home** addresses as favorites. Make sure that you use real addresses since you’ll need to go to these locations to complete your testing scenario.<p>Additionally, if you’ve turned on the **Meeting & reminder cards & notifications** option (in the **Meetings & reminders** option of your Notebook), you’ll also see your pending reminders on the Cortana **Home** page.
 
-## Create a reminder for a specific location
+:::image type="content" source="../screenshot7.png" alt-text="Screenshot: Cortana showing reminder on page":::
-This process helps you to create a reminder based on a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-2. Click the **+** sign, add a subject for your reminder, such as _Remember to file expense report receipts_, and then click **Place**.
-
-    ![Cortana at work, showing the add a reminder screens](../images/cortana-add-reminder.png)
- 
-3. Choose **Arrive** from the drop-down box, and then type a location to associate with your reminder. For example, you can use the physical address of where you work. Just make sure you can physically get to your location, so you can test the reminder.
-
-    ![Cortana at work, showing how to add a place to the reminder screens](../images/cortana-place-reminder.png)
- 
-4. Click **Done**.
-
-    >[!NOTE]
-    >If you’ve never used this location before, you’ll be asked to add a name for it so it can be added to the **Favorites list** in Windows Maps.
-
-5. Choose to be reminded the **Next time you arrive at the location** or on a specific day of the week from the drop-down box.
-
-6. Take a picture of your receipts and store them locally on your device.
-
-7. Click **Add Photo**, click **Library**, browse to your picture, and then click **OK**.
-
-    The photo is stored with the reminder.
-
-    ![Cortana at work, showing the stored image in the reminder screens](../images/cortana-final-reminder.png)
- 
-8. Review the reminder info, and then click **Remind**.
-
-    The reminder is saved and ready to be triggered.
-
-    ![Cortana at work, showing the final reminder](../images/cortana-reminder-pending.png)
-
-## Create a reminder for a specific location by using voice commands
-This process helps you to use Cortana at work and voice commands to create a reminder for a specific location.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
-
-2. Say _Remind me to grab my expense report receipts before I leave home_. 
-
-    Cortana opens a new reminder task and asks if it sounds good.
-
-    ![Cortana at work, showing the reminder created through voice commands](../images/cortana-reminder-mic.png)
-
-3. Say _Yes_ so Cortana can save the reminder.
-
-    ![Cortana at work, showing the final reminder created through voice commands](../images/cortana-reminder-pending-mic.png)
-
-## Edit or archive an existing reminder
-This process helps you to edit or archive and existing or completed reminder.
-
-1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
-
-    ![Cortana at work, showing the list of pending reminders](../images/cortana-reminder-list.png)
-
-2. Click the pending reminder you want to edit.
-
-    ![Cortana at work, showing the reminder editing screen](../images/cortana-reminder-edit.png)
-
-3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click **Save** to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.

windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md

@@ -12,42 +12,16 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 4 - Use Cortana at work to find your upcoming meetings
+# Test scenario 4 - Use Cortana to find free time on your calendar
 
--   Windows 10, version 1703
+This scenario helps you find out if a time slot is free on your calendar.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+1. Select the  **Cortana**  icon in the taskbar.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
-
-This scenario helps you search for both general upcoming meetings, and specific meetings, both manually and verbally.
-
->[!NOTE]
->If you’ve turned on the **Meeting & reminder cards & notifications** option (in the **Meetings & reminders** option of your Notebook), you’ll also see your pending reminders on the Cortana **Home** page.
-
-## Find out about upcoming meetings
-This process helps you find your upcoming meetings.
-
-1. Check to make sure your work calendar is connected and synchronized with your Azure AD account.
 
 2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
 
-3. Type _Show me my meetings for tomorrow_.
+3. Type **Am I free at 3 PM tomorrow?**
-
-    You’ll see all your meetings scheduled for the next day.
-
-    ![Cortana at work, showing all upcoming meetings](../images/cortana-meeting-tomorrow.png)
-
-## Find out about upcoming meetings by using voice commands
-This process helps you to use Cortana at work and voice commands to find your upcoming meetings.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
-
-2. Say _Show me what meeting I have at 3pm tomorrow_.
-
-    >[!IMPORTANT]
-    >Make sure that you have a meeting scheduled for the time you specify here.
-
-    ![Cortana at work, showing the meeting scheduled for 3pm](../images/cortana-meeting-specific-time.png)
 
+Cortana will respond with your availability for that time, as well as nearby meetings.
 
+:::image type="content" source="../screenshot8.png" alt-text="Screenshot: Cortana showing free time on a calendar":::

windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md

@@ -12,48 +12,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 5 - Use Cortana to send email to a co-worker
+# Test scenario 5 - Test scenario 5 – Find out about a person
 
--   Windows 10, version 1703
+Cortana can help you quickly look up information about someone or the org chart.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+1. Select the  **Cortana**  icon in the taskbar.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
 
-This scenario helps you to send an email to a co-worker listed in your work address book, both manually and verbally.
+2. Type or select the mic and say, **Who is name of person in your organization's?**
 
-## Send an email to a co-worker
+:::image type="content" source="../screenshot9.png" alt-text="Screenshot: Cortana showing name of person in your organization":::
-This process helps you to send a quick message to a co-worker from the work address book.
 
-1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Azure AD account.
+Cortana will respond with information about the person. You can select the person to see more information about them in Microsoft Search.
-
-2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
-
-3. Type _Send an email to <contact_name>_.
-
- 	Where _<contact_name>_ is the name of someone in your work address book.
-
-4. Type your email message subject into the **Quick message** (255 characters or less) box and your message into the **Message** (unlimited characters) box, and then click **Send**.
-
-    ![Cortana at work, showing the email text](../images/cortana-send-email-coworker.png)    
- 	 
-## Send an email to a co-worker by using voice commands
-This process helps you to use Cortana at work and voice commands to send a quick message to a co-worker from the work address book.
-
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box.
-
-2. Say _Send an email to <contact_name>_.
-
- 	Where _<contact_name>_ is the name of someone in your work address book.
-
-3. Add your email message by saying, _Hello this is a test email using Cortana at work._
-
- 	The message is added and you’re asked if you want to **Send it**, **Add more**, or **Make changes**.
-
-    ![Cortana at work, showing the email text created from verbal commands](../images/cortana-send-email-coworker-mic.png)    
- 	 
-4. Say _Send it_.
-
- 	The email is sent.
-
-    ![Cortana at work, showing the sent email text](../images/cortana-complete-send-email-coworker-mic.png)

windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md

@@ -12,38 +12,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
+# Test scenario 6 – Change your language and perform a quick search with Cortana
 
--   Windows 10, version 1703
+Cortana can help employees in regions outside the US search for quick answers like currency conversions, time zone conversions, or weather in their location.
--   Windows 10 Mobile, version 1703
 
->[!IMPORTANT]
+1. Select the  **Cortana**  icon in the taskbar.
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
 
-Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, _I’ll get this to you by the end of the week_ in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
+2. Select the **…** menu, then select **Settings**, **Language**, then select **Español (España)**. You will be prompted to restart the app.
 
->[!NOTE]
+3. Once the app has restarted, type or say **Convierte 100 Euros a Dólares**.
->The Suggested reminders feature is currently only available in English (en-us). 
-
-**To use Cortana to create Suggested reminders for you**
-
-1. Make sure that you've connected Cortana to Office 365. For the steps to connect, see [Set up and test Cortana with Office 365 in your organization](cortana-at-work-o365.md).
-
-2. Click on the **Cortana** search box in the taskbar, click the **Notebook** icon, and then click **Permissions**.
-
-3. Make sure the **Contacts, email, calendar, and communication history** option is turned on.
-
-    ![Permissions options for Cortana at work](../images/cortana-communication-history-permissions.png)
-
-4. Click the **Notebook** icon again, click the **Suggested reminders** option, click to turn on the **All reminder suggestions cards** option, click the **Notify me when something I mentioned doing is coming up** box, and then click **Save**.
-
-    ![Suggested reminders options for Cortana at work](../images/cortana-suggested-reminder-settings.png)
-
-5. Create and send an email to yourself (so you can see the Suggested reminder), including the text, _I’ll finish this project by end of day today_.
-
-6. After you get the email, click on the Cortana **Home** icon, and scroll to today’s events. 
-
-    If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
-
-    ![Cortana Home screen with your suggested reminder showing](../images/cortana-suggested-reminder.png)    
 
+:::image type="content" source="../screenshot10.png" alt-text="Screenshot: Cortana showing a change your language and showing search results in Spanish":::

windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md

@@ -14,9 +14,6 @@ manager: dansimp
 
 # Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
 
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
-
 >[!IMPORTANT]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
 

windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md

@@ -13,26 +13,19 @@ manager: dansimp
 ---
 
 # Testing scenarios using Cortana in your business or organization
-**Applies to:**
-
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
 
 We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
 
-- [Sign-in to Cortana using Azure AD, manage entries in the notebook, and search for content across your device, Bing, and the cloud, using Cortana](cortana-at-work-scenario-1.md)
+- [Sign into Azure AD, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
 
-- [Perform a quick search with Cortana at work](cortana-at-work-scenario-2.md)
+- [Perform a Bing search with Cortana](cortana-at-work-scenario-2.md)
 
-- [Set a reminder and have it remind you when you’ve reached a specific location](cortana-at-work-scenario-3.md)
+- [Set a reminder](cortana-at-work-scenario-3.md)
 
-- [Search for your upcoming meetings on your work calendar](cortana-at-work-scenario-4.md)
+- [Use Cortana to find free time on your calendar](cortana-at-work-scenario-4.md)
 
-- [Send an email to a co-worker from your work email app](cortana-at-work-scenario-5.md)
+- [Find out about a person](cortana-at-work-scenario-5.md)
 
-- [Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work-scenario-6.md)
+- [Change your language and perform a quick search with Cortana](cortana-at-work-scenario-6.md)
 
 - [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organization’s entries in the notebook](cortana-at-work-scenario-7.md)
-
->[!IMPORTANT]
->The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md

@@ -13,15 +13,11 @@ manager: dansimp
 ---
 
 # Set up and test custom voice commands in Cortana for your organization
-**Applies to:**
-
--   Windows 10, version 1703
--   Windows 10 Mobile, version 1703
-
-Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
 
 >[!NOTE]
->For more info about how your developer can extend your current apps to work directly with Cortana, see [The Cortana Skills Kit](https://docs.microsoft.com/cortana/getstarted).
+>This content applies to Cortana in versions 1909 and earlier, but will not be available in future releases.
+
+Working with a developer, you can create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps. These voice-enabled actions can reduce the time necessary to access your apps and to complete simple actions.
 
 ## High-level process
 Cortana uses a Voice Command Definition (VCD) file, aimed at an installed app, to define the actions that are to happen during certain vocal commands. A VCD file can be very simple to very complex, supporting anything from a single sound to a collection of more flexible, natural language sounds, all with the same intent.

windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md

@@ -0,0 +1,49 @@
+---
+title: Set up and test Cortana in Windows 10, version 2004 and later
+ms.reviewer: 
+manager: dansimp
+description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: kwekua
+ms.localizationpriority: medium
+ms.author: dansimp
+---
+
+# Set up and test Cortana in Windows 10, version 2004 and later
+
+## Before you begin
+
+- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you will need to re-enable it at least for Windows 10, version 2004 and later.
+- **Cortana is regularly updated through the Microsoft Store.** Beginning with Windows 10, version 2004, Cortana is an appx preinstalled with Windows and is regularly updated through the Microsoft Store. To receive the latest updates to Cortana, you will need to [enable updates through the Microsoft Store](https://docs.microsoft.com/windows/configuration/stop-employees-from-using-microsoft-store).
+
+## Set up and configure the Bing Answers feature
+Bing Answers provides fast, authoritative results to search queries based on search terms. When the Bing Answers feature is enabled, users will be able to ask Cortana web-related questions in the Cortana in Windows app, such as "What's the current weather?" or "Who is the president of the U.S.?," and get a response, based on public results from Bing.com.
+
+The above experience is powered by Microsoft Bing, and Cortana sends the user queries to Bing. The use of Microsoft Bing is governed by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) and [Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement).
+
+## Configure the Bing Answers feature
+
+Admins can configure the Cortana in Windows Bing Answers feature for their organizations. As the admin, use the following steps to change the setting for Bing Answers at the tenant/security group level. This setting is enabled by default, so that all users who have Cortana enabled will be able to receive Bing Answers. By default, the Bing Answer feature will be available to your users.
+
+Users cannot enable or disable the Bing Answer feature individually. So, if you disable this feature at the tenant/security group level, no users in your organization or specific security group will be able to use Bing Answers in Cortana in Windows.
+
+Sign in to the [Office Configuration Admin tool](https://config.office.com/).
+
+Follow the steps [here](https://docs.microsoft.com/deployoffice/overview-office-cloud-policy-service#steps-for-creating-a-policy-configuration) to create this policy configuration. Once completed, the policy will look as shown below:
+
+:::image type="content" source="../screenshot3.png" alt-text="Screenshot: Bing policy example":::
+
+## How does Microsoft handle customer data for Bing Answers?
+
+When a user enters a search query (by speech or text), Cortana evaluates if the request is for any of our first-party compliant skills if enabled in a specific market, and does the following:
+
+1. If it is for any of the first-party compliant skills, the query is sent to that skill, and results/action are returned.
+
+2. If it is not for any of the first-party compliant skills, the query is sent to Bing for a search of public results from Bing.com. Because enterprise searches might be sensitive, similar to [Microsoft Search in Bing](https://docs.microsoft.com/MicrosoftSearch/security-for-search#microsoft-search-in-bing-protects-workplace-searches), Bing Answers in Cortana has implemented a set of trust measures, described below, that govern how the separate search of public results from Bing.com is handled. The Bing Answers in Cortana trust measures are consistent with the enhanced privacy and security measures described in [Microsoft Search in Bing](https://docs.microsoft.com/MicrosoftSearch/security-for-search). All Bing.com search logs that pertain to Cortana traffic are disassociated from users' workplace identity. All Cortana queries issued via a work or school account are stored separately from public, non-Cortana traffic.
+
+Bing Answers is enabled by default for all users. However, admins can configure and change this for specific users and user groups in their organization.
+
+## How the Bing Answer policy configuration is applied
+Before a query is sent to Bing for a search of public results from Bing.com, the Bing Answers service checks with the Office Cloud Policy Service to see if there are any policy configurations that pertain to the user for allowing Bing Answers to respond to questions users ask Cortana. If the user is a member of an AAD group that is assigned that policy configuration, then the appropriate policy settings are applied and a check is made again in 10 minutes.

windows/configuration/cortana-at-work/test-scenario-1.md

@@ -0,0 +1,46 @@
+---
+title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
+description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
+
+This scenario turns on Azure AD and lets your employee use Cortana to manage an entry in the notebook.
+
+## Sign in with your work or school account
+
+This process helps you to sign out of a Microsoft Account and to sign into an Azure AD account.
+
+1. Click on the  **Cortana**  icon in the taskbar, then click the profile picture in the navigation to open Cortana settings.
+
+2. Click your email address.
+
+A dialog box appears, showing the associated account info.
+
+3. Click **Sign out** under your email address.
+
+This signs out the Microsoft account, letting you continue to add your work or school account.
+
+4. Open Cortana again and select the  **Sign in** glyph in the left rail and follow the instructions to sign in with your work or school account.
+
+## Use Cortana to manage the notebook content
+
+This process helps you to manage the content Cortana shows in your Notebook.
+
+1. Select the  **Cortana**  icon in the taskbar, click **Notebook**, select **Manage Skills.** Scroll down and click  **Weather**.
+
+2. In the  **Weather**  settings, scroll down to the  **Cities you're tracking** area, and then click **Add a city**.
+
+3. Add **Redmond, Washington**.
+
+> [!IMPORTANT]
+> The data created as part of these scenarios will be uploaded to Microsoft's Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

windows/configuration/cortana-at-work/test-scenario-2.md

@@ -0,0 +1,38 @@
+---
+title: Test scenario 2 - Perform a quick search with Cortana at work
+description: A test scenario about how to perform a quick search with Cortana at work.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 2 – Perform a quick search with Cortana at work
+
+>[!Important]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+
+This scenario helps you perform a quick search using Cortana, both by typing and through voice commands.
+
+## Search using Cortana
+
+1. Click on the Cortana icon in the taskbar, and then click in the Search bar.
+
+2. Type **Type Weather in New York**.
+
+You should see the weather in New York, New York at the top of the search results. 
+Insert screenshot
+
+## Search with Cortana, by using voice commands
+
+This process helps you to use Cortana at work and voice commands to perform a quick search.
+
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box).
+
+2. Say **What's the weather in Chicago?** Cortana tells you and shows you the current weather in Chicago.
+Insert screenshot

windows/configuration/cortana-at-work/test-scenario-3.md

@@ -0,0 +1,79 @@
+---
+title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
+description: A test scenario about how to set up, review, and edit a reminder based on a location.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 3 - Set a reminder for a specific location using Cortana at work
+
+>[!Important]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+
+This scenario helps you set up, review, and edit a reminder based on a location. For example, reminding yourself to grab your expense report receipts before you leave the house.
+
+>[!Note]
+>You can set each reminder location individually as you create the reminders, or you can go into the About me screen and add both Work and Home addresses as favorites. Make sure that you use real addresses since you’ll need to go to these locations to complete your testing scenario.
+
+Additionally, if you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
+
+## Create a reminder for a specific location
+
+This process helps you to create a reminder based on a specific location.
+
+1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
+
+2. Click the **+** sign, add a subject for your reminder, such as **Remember to file expense report receipts**, and then click **Place**.
+
+3. Choose **Arrive** from the drop-down box, and then type a location to associate with your reminder. For example, you can use the physical address of where you work. Just make sure you can physically get to your location, so you can test the reminder.
+
+4. Click **Done**.
+
+>[!Note]
+>If you’ve never used this location before, you’ll be asked to add a name for it so it can be added to the Favorites list in Windows Maps.
+
+5. Choose to be reminded the Next time you arrive at the location or on a specific day of the week from the drop-down box.
+
+6. Take a picture of your receipts and store them locally on your device.
+
+7. Click **Add Photo**, click **Library**, browse to your picture, and then click **OK**.
+
+The photo is stored with the reminder.
+
+Insert screenshot 6
+
+8. Review the reminder info, and then click **Remind**.
+
+The reminder is saved and ready to be triggered.
+Insert screenshot
+
+## Create a reminder for a specific location by using voice commands
+
+This process helps you to use Cortana at work and voice commands to create a reminder for a specific location.
+
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone* icon (to the right of the Search box).
+
+2. Say **Remind me to grab my expense report receipts before I leave home**.
+
+Cortana opens a new reminder task and asks if it sounds good.
+insert screenshot
+
+3. Say **Yes** so Cortana can save the reminder.
+insert screenshot
+
+## Edit or archive an existing reminder
+
+This process helps you to edit or archive and existing or completed reminder.
+
+1. Click on the **Cortana** icon in the taskbar, click on the **Notebook** icon, and then click **Reminders**.
+
+2. Click the pending reminder you want to edit.
+
+3. Change any text that you want to change, click **Add photo** if you want to add or replace an image, click **Delete** if you want to delete the entire reminder, click Save to save your changes, and click **Complete and move to History** if you want to save a completed reminder in your **Reminder History**.

windows/configuration/cortana-at-work/test-scenario-4.md

@@ -0,0 +1,52 @@
+---
+title: Use Cortana at work to find your upcoming meetings (Windows 10)
+description: A test scenario about how to use Cortana at work to find your upcoming meetings.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 4 - Use Cortana at work to find your upcoming meetings
+
+>[!Important]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+
+This scenario helps you search for both general upcoming meetings, and specific meetings, both manually and verbally.
+
+>[!Note]
+>If you’ve turned on the Meeting & reminder cards & notifications option (in the Meetings & reminders option of your Notebook), you’ll also see your pending reminders on the Cortana Home page.
+
+## Find out about upcoming meetings
+
+This process helps you find your upcoming meetings.
+
+1. Check to make sure your work calendar is connected and synchronized with your Azure AD account.
+
+2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+
+3. Type **Show me my meetings for tomorrow**.
+
+You’ll see all your meetings scheduled for the next day.
+
+Cortana at work, showing all upcoming meetings
+screenshot
+
+## Find out about upcoming meetings by using voice commands
+
+This process helps you to use Cortana at work and voice commands to find your upcoming meetings.
+
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box.
+
+2. Say **Show me what meeting I have at 3pm tomorrow**.
+
+>[!Important]
+>Make sure that you have a meeting scheduled for the time you specify here.
+
+Cortana at work, showing the meeting scheduled for 3pm
+screenshot

windows/configuration/cortana-at-work/test-scenario-5.md

@@ -0,0 +1,61 @@
+---
+title: Use Cortana to send email to a co-worker (Windows 10)
+description: A test scenario about how to use Cortana at work to send email to a co-worker.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 5 - Use Cortana to send email to a co-worker
+
+>[!Important]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
+
+This scenario helps you to send an email to a co-worker listed in your work address book, both manually and verbally.
+
+## Send email to a co-worker
+
+This process helps you to send a quick message to a co-worker from the work address book.
+
+1. Check to make sure your Microsoft Outlook or mail app is connected and synchronized with your Azure AD account.
+
+2. Click on the **Cortana** icon in the taskbar, and then click in the **Search** bar.
+
+3. Type **Send an email to <contact_name>**.
+
+Where <contact_name> is the name of someone in your work address book.
+
+4. Type your email message subject into the **Quick message** (255 characters or less) box and your message into the **Message** (unlimited characters) box, and then click **Send**.
+
+Cortana at work, showing the email text
+screenshot
+
+## Send an email to a co-worker by using voice commands
+
+This process helps you to use Cortana at work and voice commands to send a quick message to a co-worker from the work address book.
+
+1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the Search box.
+
+2. Say **Send an email** to <contact_name>.
+
+Where <contact_name> is the name of someone in your work address book.
+
+3. Add your email message by saying, **Hello this is a test email using Cortana at work**.
+
+The message is added and you’re asked if you want to **Send it**, **Add more**, or **Make changes**.
+
+Cortana at work, showing the email text created from verbal commands
+screenshot
+
+4. Say **Send it**.
+
+The email is sent.
+
+Cortana at work, showing the sent email text
+screenshot

windows/configuration/cortana-at-work/test-scenario-6.md

@@ -0,0 +1,48 @@
+---
+title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
+description: A test scenario about how to use Cortana with the Suggested reminders feature.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
+
+>[!Important]
+>The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
+
+Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you don’t forget about them. For example, Cortana recognizes that if you include the text, I’ll get this to you by the end of the week in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
+
+>[!Important]
+>The Suggested reminders feature is currently only available in English (en-us).
+
+## Use Cortana to create suggested reminders for you
+
+1. Make sure that you've connected Cortana to Office 365. For the steps to connect, see [Set up and test Cortana with Office 365 in your organization](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-o365).
+
+2. Click on the **Cortana** search box in the taskbar, click the **Notebook** icon, and then click **Permissions**.
+
+3. Make sure the **Contacts**, **email**, **calendar**, and **communication history** option is turned on.
+
+Permissions options for Cortana at work
+screenshot
+
+4. Click the **Notebook** icon again, click the **Suggested reminders** option, click to turn on the **All reminder suggestions cards** option, click the **Notify me when something I mentioned doing is coming up** box, and then click **Save**.
+
+Suggested reminders options for Cortana at work
+screenshot
+
+5. Create and send an email to yourself (so you can see the Suggested reminder), including the text, **I’ll finish this project by end of day today**.
+
+6. After you get the email, click on the Cortana **Home** icon, and scroll to today’s events.
+
+If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
+
+Cortana Home screen with your suggested reminder showing
+screenshot

windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md

@@ -0,0 +1,25 @@
+---
+title: Testing scenarios using Cortana in your business or organization
+description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.date: 10/05/2017
+ms.reviewer: 
+manager: dansimp
+---
+
+# Testing scenarios using Cortana in your business or organization
+
+We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
+
+- [Sign in with your work or school account and use Cortana to manage the notebook](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-1)
+- [Perform a quick search with Cortana at work](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-2)
+- [Set a reminder for a specific location using Cortana at work](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-3)
+- [Use Cortana at work to find your upcoming meetings](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-4)
+- [Use Cortana to send email to a co-worker](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-5)
+- [Review a reminder suggested by Cortana based on what you've promised in email](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-6)
+- [Use Cortana and Windows Information Protection (WIP) to help protect your organization's data on a device](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-scenario-7)

windows/configuration/set-up-shared-or-guest-pc.md

@@ -58,7 +58,7 @@ Apps can take advantage of shared PC mode with the following three APIs:
  
 
 ### Customization
-Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring shared PC mode on Windows](#configuring-shared-pc-mode-on-windows). The options are listed in the following table.
+Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring Shared PC mode for Windows](#configuring-shared-pc-mode-for-windows). The options are listed in the following table.
 
 | Setting | Value |
 |:---|:---|
@@ -80,16 +80,33 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 | Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.     |
 [Policies: Authentication](wcd/wcd-policies.md#authentication) (optional related setting) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts.
 
+## Configuring Shared PC mode for Windows
 
-## Configuring shared PC mode on Windows
 You can configure Windows to be in shared PC mode in a couple different ways:
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune)
 
-![custom OMA-URI policy in Intune](images/oma-uri-shared-pc.png) 
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows 10 in Intune, complete the following steps:
 
-- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx), exposed in Windows Configuration Designer as **SharedPC**.
+  1. Go to the [Microsoft Endpoint Manager portal](https://endpoint.microsoft.com/#home).
+  2. Select **Devices** from the navigation. 
+  3. Under **Policy**, select **Configuration profiles**.
+  4. Select **Create profile**.
+  5. From the **Platform** menu, select **Windows 10 and later**.
+  6. From the **Profile** menu, select **Shared multi-user device**.
 
-![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
+     ![custom OMA-URI policy in Intune](images/Shared_PC_1.png) 
+
+  7. Select **Create**.
+  8. Enter a name for the policy (e.g. My Win10 Shared devices policy). You can optionally add a description should you wish to do so.
+  9. Select **Next**.
+  10. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**.
+
+     ![Shared PC settings in ICD](images/Shared_PC_3.png) 
+
+  11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
+
+- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
+
+     ![Shared PC settings in ICD](images/icd-adv-shared-pc.PNG)
 
 - WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:
 

windows/deployment/update/define-update-strategy.md

@@ -0,0 +1,59 @@
+---
+title: Define update strategy
+ms.reviewer: 
+manager: laurawi
+description: 
+keywords: updates, calendar, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Define update strategy
+
+Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
+
+Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--withouth interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
+
+Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly.
+
+
+
+## Calendar approaches
+
+You can use a calendar approach for either a faster 18-month or twice-per-year cadence or a 30-month or annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+
+
+### Annual
+
+Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
+
+![annual calendar](images/annual-calendar.png)
+
+This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version 20H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.  
+
+This cadence might be most suitable for you if any of these conditions apply:
+
+- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
+- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.  
+- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the *second* half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
+
+
+### Rapid
+
+This calendar shows an example schedule that installs each feature update as it is released, twice per year:
+
+![rapid calendar](images/rapid-calendar.png)
+
+This cadence might be best for you if these conditions apply:
+
+- You have a strong appetite for change.
+- You want to continuously update supporting infrastructure and unlock new scenarios.
+- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
+- You have experience with feature updates for Windows 10.

windows/deployment/update/plan-define-readiness.md

@@ -0,0 +1,115 @@
+---
+title: Define readiness criteria
+ms.reviewer: 
+manager: laurawi
+description: Identify important roles and figure out how to classify apps
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+audience: itpro
+author: jaimeo
+ms.localizationpriority: medium
+ms.audience: itpro
+author: jaimeo
+ms.topic: article
+ms.collection: M365-modern-desktop
+---
+
+# Define readiness criteria
+
+## Figure out roles and personnel
+
+Planning and managing a deployment involves a variety of distinct activies and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
+
+### Process manager
+
+The process manager leads the update deployment process and has the authority to push the process forward--or halt it if necessary. They also have responsibilities in organizing these activities:
+
+
+|Compatibility workstream  |Deployment  |Capability and modernization  |
+|---------|---------|---------|
+|[Assigning application priority](#set-criteria-for-rating-apps)     |  Reviewing infrastructure requirements       | Determining infrastructure changes        |
+|Application assessment     | Validating infrastructure against requirements        | Determining configuration changes        |
+|Device assessment     |  Creating infrastructure update plan       | Create capability proposal        |
+
+It's the process manager's role to collect reports on remediation efforts, escalate failures, and to decide whether your environment is ready for pilot deployment and then broad deployment.
+
+
+This table sketches out one view of the other roles, with their responsibilities, relevant skills, and the deployment phases where they are needed:
+
+
+|Role  |Responsibilities  |Skills  |Active phases  |
+|---------|---------|---------|---------|
+|Process manager     | Manages the process end to end; ensures inputs and outputs are captures; ensures that activities progress        | IT service management        | Plan, prepare, pilot deployment, broad deployment        |
+|Application owner     | Define application test plan; assign user acceptance testers; certify the application         | Knowledge of critical and important applications        | Plan, prepare, pilot deployment        |
+|Application developer     | Ensure apps are developed to stay compatible with current Windows versions        | Application development; application remediation        | Plan, prepare        |
+|End-user computing     | Typically a group including infrastructure engineers or deployment engineers who ensure upgrade tools are compatible with Windows        | Bare-metal deployment; infrastructure management; application delivery; update management        | Plan, prepare, pilot deployment, broad deployment        |
+|Operations     | Ensure that support is available for current Windows version. Provide post-deployment support, including user communication and rollbacks.        | Platform security        | Prepare, pilot deployment, broad deployment        |
+|Security     | Review and approve the security baseline and tools        | Platform security        | Prepare, pilot deployment        |
+|Stakeholders     | Represent groups affected by updates, for example, heads of finance, end-user services, or change management        | Key decision maker for a business unit or department        | Plan, pilot deployment, broad deployment        |
+
+
+
+
+
+
+## Set criteria for rating apps
+
+Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but aren’t critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This will help you understand how best to deploy updates and how to resolve any issues that could arise.
+
+In the Prepare phase, you'll apply the criteria you define now to every app in your organization.
+
+Here's a suggested classification scheme:
+
+
+|Classification  |Definition|
+|---------|---------|
+|Critical     | The most vital applications that handle core business activities and processes. If these applications were not available, the business, or a business unit, couldn't function at all. |
+|Important     | Applications that individual staff members need to support their productivity. Downtime here would affect individual users, but would only have a minimal impact on the business.       |
+|Not important   | There is no impact on the business if these apps are not available for a while.        |
+
+Once you have classified your applications, you should agree what each classification means to the organization in terms of priority and severity. This will help ensure that you can triage problems with the right level of urgency. You should assign each app a time-based priority.
+
+Here's an example priority rating system; of course the specifics could vary for your organization:
+
+
+|Priority  |Definition  |
+|---------|---------|
+|1        | Any issues or risks identified must be investigated and resolved as soon as possible.        |
+|2     | Start investigating risks and issues within two business days and fix them *during* the current deployment cycle.    |
+|3     | Start investigating risks and issues within 10 business days. You don’t have to fix them all within the current deployment cycle. However, all issues must be fixed by the end of the next deployment cycle.        |
+|4     | Start investigating risks and issues within 20 business days. You can fix them in the current or any future development cycle.        |
+
+Related to priority, but distinct, is the concept of severity. You should define a severity ranking as well, based on how you feel a problem with an app should affect the deployment cycle.
+
+Here's an example:
+
+
+|Severity  |Effect  |
+|---------|---------|
+|1     | Work stoppage or loss of revenue        |
+|2     | Productivity loss for a business unit        |
+|3     | Productivity loss for individual users         |
+|4     | Minimal impact on users        |
+
+## Example: a large financial corporation
+
+Using the suggested scheme, a financial corporation might classify their apps like this:
+
+
+|App  |Classification  |
+|---------|---------|
+|Credit processing app     | Critical        |
+|Frontline customer service app     |  Critical       |
+|PDF viewer     | Important        |
+|Image processing app     | Not important        |
+
+Further, they might combine this classification with severity and priority rankings like this:
+
+
+|Classification  |Severity  |Priority  |Response  |
+|---------|---------|---------|---------|
+|Critical     |  1 or 2       |  1 or 2       | For 1, stop deployment until resolved; for 2, stop deployment for affected devices or users only.       |
+|Important     | 3 or 4        |  3 or 4       | For 3, continue deployment, even for affected devices, as long as there is workaround guidance.        |
+|Not important     |   4      | 4        |  Continue deployment for all devices.       |
+

windows/deployment/windows-autopilot/TOC.md

@@ -0,0 +1,33 @@
+# [Windows Autopilot deployment](index.md)
+# [What's new](windows-autopilot-whats-new.md)
+# Understanding Windows Autopilot
+## [Overview](windows-autopilot.md)
+## [Requirements](windows-autopilot-requirements.md)
+## [Scenarios and capabilities](windows-autopilot-scenarios.md)
+## [Get started](demonstrate-deployment-on-vm.md)
+
+# Deployment scenarios
+## [Deployment processes](deployment-process.md)
+## [User-driven mode](user-driven.md)
+## [Self-deploying mode](self-deploying.md)
+## [Windows Autopilot Reset](windows-autopilot-reset.md)
+## [White glove](white-glove.md)
+## [Support for existing devices](existing-devices.md)
+
+# Administering Windows Autopilot
+## [Registering devices](add-devices.md)
+## [Configuring device profiles](profiles.md)
+## [Enrollment Status Page](enrollment-status.md)
+## [BitLocker encryption](bitlocker.md)
+## [DFCI management](dfci-management.md)
+## [Windows Autopilot update](autopilot-update.md)
+## [Troubleshooting](troubleshooting.md)
+## [Policy conflicts](policy-conflicts.md)
+## [Known issues](known-issues.md)
+
+# Support
+## [FAQ](autopilot-faq.md)
+## [Contacts](autopilot-support.md)
+## [Registration authorization](registration-auth.md)
+## [Device guidelines](autopilot-device-guidelines.md)
+## [Motherboard replacement](autopilot-mbr.md)

windows/deployment/windows-autopilot/TOC.yml

@@ -1,58 +0,0 @@
-  - name: Windows Autopilot deployment
-    href: file1.md
-  - name: What's new in Windows Autopilot
-    href: file1.md
-  - name: Understand Windows Autopilot
-    items:
-      - name: Overview
-        href: file1.md
-      - name: Requirements
-        href: file1.md  
-      - name: Scenarios and capabilities
-        href: file1.md
-      - name: Get started
-        href: file1.md     
-  - name: Deployment scenarios
-    items:
-      - name: Deployment processes
-        href: file1.md
-      - name: User-driven mode
-        href: file1.md  
-      - name: Self-deploying mode
-        href: file1.md
-      - name: Windows Autopilot Reset
-        href: file1.md
-      - name: White glove
-        href: file1.md
-      - name: Support for existing devices
-        href: file1.md
-  - name: Administer Windows Autopilot
-    items:
-      - name: Register devices
-        href: file1.md
-      - name: Configure device profiles
-        href: file1.md  
-      - name: Enrollment Status Page
-        href: file1.md
-      - name: BitLocker encryption
-        href: file1.md
-      - name: DFCI management
-        href: file1.md
-      - name: Windows Autopilot update
-        href: file1.md
-      - name: Troubleshooting
-        href: file1.md
-      - name: Known issues
-        href: file1.md
-  - name: Support
-    items:
-      - name: FAQ
-        href: file1.md
-      - name: Contacts
-        href: file1.md
-      - name: Registration authorization
-        href: file1.md
-      - name: Device guidelines
-        href: file1.md
-      - name: Motherboard replacement
-        href: file1.md

windows/deployment/windows-autopilot/bitlocker.md

@@ -39,7 +39,7 @@ An example of Microsoft Intune Windows Encryption settings is shown below.
 
    ![BitLocker encryption settings](images/bitlocker-encryption.png)
 
-Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
+Note that a device which is encrypted automatically will need to be decrypted prior to changing the encryption algorithm.
 
 The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
 

windows/deployment/windows-autopilot/file1.md

@@ -1,54 +0,0 @@
----
-title: Setting the BitLocker encryption algorithm for Autopilot devices
-ms.reviewer: 
-manager: laurawi
-description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices. 
-keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-ms.localizationpriority: medium
-audience: itpro
-author: greg-lindsay
-ms.author: greglin
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-
-# Setting the BitLocker encryption algorithm for Autopilot devices
-
-**Applies to**
-
--   Windows 10
-
-With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins. 
-
-The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
-
-To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
-
-1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
-2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. 
-    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
-3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. 
-    - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
-
-An example of Microsoft Intune Windows Encryption settings is shown below.
-
-   ![BitLocker encryption settings](images/bitlocker-encryption.png)
-
-Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
-
-The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
-
-Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
-
-## Requirements
-
-Windows 10, version 1809 or later.
-
-## See also
-
-[Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

windows/deployment/windows-autopilot/policy-conflicts.md

@@ -0,0 +1,37 @@
+---
+title: Windows Autopilot policy conflicts
+ms.reviewer: 
+manager: laurawi
+description: Inform yourself about known issues that may occur during Windows Autopilot deployment.
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: deploy
+audience: itpro
+author: mtniehaus
+ms.author: mniehaus
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+
+# Windows Autopilot - Policy Conflicts
+
+**Applies to**
+
+- Windows 10
+
+There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+
+<table>
+<th>Policy<th>More information
+
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+</table>
+
+## Related topics
+
+[Troubleshooting Windows Autopilot](troubleshooting.md)

windows/deployment/windows-autopilot/registration-auth.md

@@ -80,6 +80,10 @@ Each OEM has a unique link to provide to their respective customers, which the O
     ![Not global admin](images/csp7.png)
 3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done.  Authorization happens instantaneously.
 
+    > [!NOTE]
+    > Once this process has completed, it is not currently possible for an administrator to remove an OEM. To remove an OEM or revoke
+      their permissions, send a request to msoemops@microsoft.com
+
 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
 
     > [!NOTE]

windows/deployment/windows-autopilot/white-glove.md

@@ -109,7 +109,7 @@ If the pre-provisioning process completed successfully and the device was reseal
 
 - Power on the device.
 - Select the appropriate language, locale, and keyboard layout.
-- Connect to a network (if using Wi-Fi).  If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required.
+- Connect to a network (if using Wi-Fi).  Internet access is always required.  If using Hybrid Azure AD Join, there must also be connectivity to a domain controller.
 - On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
 - If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
 - Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP).  Once complete, the user will be able to access the desktop.

windows/deployment/windows-autopilot/windows-autopilot-requirements.md

@@ -94,7 +94,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
 Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
 
 To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
-- [Microsoft 365 Business subscriptions](https://www.microsoft.com/microsoft-365/business)
+- [Microsoft 365 Business Premium subscriptions](https://www.microsoft.com/microsoft-365/business)
 - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/microsoft-365/enterprise/firstline)
 - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx)
 - [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).

windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md

@@ -21,14 +21,14 @@ ms.reviewer:
 **Applies to**
 -   Windows 10, version 1703 or later
 -   Hybrid deployment
--   Certificate trust
+-   Key trust
 
 
 ## Directory Synchronization
 
 In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure.  Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.  
 
-The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
+The key-trust model needs Windows Server 2016 domain controllers, which configure the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
 
 > [!IMPORTANT]
 > If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. In this case, you should use the pre-created group KeyAdmins in step 3 of the "Group Memberships for the Azure AD Connect Service Account" section of this article.
@@ -61,6 +61,9 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account.  Click **OK**.
 6. Click **OK** to return to **Active Directory Users and Computers**.
 
+> [!NOTE]
+> If your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (that is, MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest.
+
 ### Section Review
 
 > [!div class="checklist"]

windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md

@@ -74,7 +74,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
 - Microsoft Remote Desktop 
 
 > [!NOTE]
-> Microsoft Visio, Microsoft Office Access and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
+> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
 
 ## List of WIP-work only apps from Microsoft
 Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions.

windows/security/threat-protection/TOC.md

@@ -238,6 +238,7 @@
 ##### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md)
 ##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
+##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
 
 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
@@ -245,6 +246,7 @@
 ##### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)
 
 
+#### [Privacy](microsoft-defender-atp/linux-privacy.md)
 #### [Resources](microsoft-defender-atp/linux-resources.md)
 
 ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
@@ -325,6 +327,8 @@
 
 ### [Behavioral blocking and containment]()
 #### [Behavioral blocking and containment](microsoft-defender-atp/behavioral-blocking-containment.md)
+#### [Client behavioral blocking](microsoft-defender-atp/client-behavioral-blocking.md)
+#### [Feedback-loop blocking](microsoft-defender-atp/feedback-loop-blocking.md)
 #### [EDR in block mode](microsoft-defender-atp/edr-in-block-mode.md)
 
 ### [Automated investigation and response (AIR)]()
@@ -349,10 +353,10 @@
 ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
 ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
 ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
-##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
+##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)
-##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
+##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)
-##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
+##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md)
-##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
+##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)
 #### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
 
 ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
@@ -415,8 +419,6 @@
 ###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
 ###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
 
-#### [APIs]()
-##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
 
 #### [Rules]()
 ##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
@@ -439,7 +441,6 @@
 ## Reference
 ### [Management and APIs]()
 #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
-
 #### [Microsoft Defender ATP API]()
 ##### [Get started]()
 ###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
@@ -572,7 +573,6 @@
 ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
 ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-##### [Configure Splunk to pull detections](microsoft-defender-atp/configure-splunk.md)
 ##### [Configure Micro Focus ArcSight to pull detections](microsoft-defender-atp/configure-arcsight.md)
 ##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
 ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)

windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md

@@ -22,17 +22,19 @@ ms.topic: article
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-
 ## API description
+
 Adds or remove tag to a specific [Machine](machine.md).
 
-
 ## Limitations
+
 1. You can post on machines last seen in the past 30 days.
+
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
 ## Permissions
+
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
 Permission type |    Permission    |    Permission display name
@@ -42,10 +44,12 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Manage security setting' (See [Create and manage roles](user-roles.md) for more information)
+>
+>- The user needs to have at least the following role permission: 'Manage security setting'. For more  (See [Create and manage roles](user-roles.md) for more information)
 >- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
+
 ```
 POST https://api.securitycenter.windows.com/api/machines/{id}/tags
 ```
@@ -58,6 +62,7 @@ Authorization | String | Bearer {token}. **Required**.
 Content-Type | string | application/json. **Required**.
 
 ## Request body
+
 In the request body, supply a JSON object with the following parameters:
 
 Parameter |    Type    | Description
@@ -67,8 +72,8 @@ Action	| Enum |	Add or Remove. Allowed values are: 'Add' or 'Remove'. **Required
 
 
 ## Response
-If successful, this method returns 200 - Ok response code and the updated Machine in the response body.
 
+If successful, this method returns 200 - Ok response code and the updated Machine in the response body.
 
 ## Example
 

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md

@@ -48,10 +48,10 @@ Table and column names are also listed within the Microsoft Defender Security Ce
 | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
 | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
 | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
-| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
+| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
-| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
+| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
-| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
+| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
-| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-tvm-secureconfigkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
+| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
 
 ## Related topics
 - [Advanced hunting overview](advanced-hunting-overview.md)

windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md

@@ -28,8 +28,9 @@ ms.topic: article
 Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Machine and its related **Alert** details.
+>-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Detections API fields and portal mapping
 The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
@@ -91,7 +92,6 @@ Field numbers match the numbers in the images below.
 
 ## Related topics
 - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
 - [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
 - [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md

@@ -23,25 +23,27 @@ ms.custom: asr
 
 * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-**Is attack surface reduction (ASR) part of Windows?**
+## Is attack surface reduction (ASR) part of Windows?
 
-ASR was originally a feature of the suite of exploit guard features introduced as a major update to Windows Defender Antivirus, in Windows 10 version 1709. Windows Defender Antivirus is the native antimalware component of Windows. However, please note that the full ASR feature-set is only available with a Windows enterprise license. Also note that ASR rule exclusions are managed separately from Windows Defender Antivirus exclusions.
+ASR was originally a feature of the suite of exploit guard features introduced as a major update to Microsoft Defender Antivirus, in Windows 10 version 1709. Microsoft Defender Antivirus is the native antimalware component of Windows. However, the full ASR feature-set is only available with a Windows enterprise license. Also note that ASR rule exclusions are managed separately from Microsoft Defender Antivirus exclusions.
 
-**Do I need to have an enterprise license to run ASR rules?**
+## Do I need to have an enterprise license to run ASR rules?
 
-The full set of ASR rules and features are only supported if you have an enterprise license for Windows 10. A limited number of rules may work without an enterprise license, if you have Microsoft 365 Business, set Windows Defender Antivirus as your primary security solution, and enable the rules through PowerShell. However, ASR usage without an enterprise license is not officially supported and the full feature-set of ASR will not be available.
+The full set of ASR rules and features is only supported if you have an enterprise license for Windows 10. A limited number of rules may work without an enterprise license. If you have Microsoft 365 Business, set Microsoft Defender Antivirus as your primary security solution, and enable the rules through PowerShell. However, ASR usage without an enterprise license is not officially supported and the full capabilities of ASR will not be available.
 
-**Is ASR supported if I have an E3 license?**
+To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf).
 
-Yes. ASR is supported for Windows Enterprise E3 and above. See [Use attack surface reduction rules in Windows 10 Enterprise E3](attack-surface-reduction-rules-in-windows-10-enterprise-e3.md) for more details.
+## Is ASR supported if I have an E3 license?
 
-**Which features are supported with an E5 license?**
+Yes. ASR is supported for Windows Enterprise E3 and above. 
+
+## Which features are supported with an E5 license?
 
 All of the rules supported with E3 are also supported with E5.
 
 E5 also added greater integration with Microsoft Defender ATP. With E5, you can [use Microsoft Defender ATP to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports.
 
-**What are the the currently supported ASR rules??**
+## What are the currently supported ASR rules?
 
 ASR currently supports all of the rules below:
 
@@ -52,8 +54,8 @@ ASR currently supports all of the rules below:
 * [Block JavaScript or VBScript from launching downloaded executable content](attack-surface-reduction.md##block-javascript-or-vbscript-from-launching-downloaded-executable-content)
 * [Block execution of potentially obfuscated scripts](attack-surface-reduction.md#block-execution-of-potentially-obfuscated-scripts)
 * [Block Win32 API calls from Office macro](attack-surface-reduction.md#block-win32-api-calls-from-office-macros)
-* [Use advanced protection against ransomware](attack-surface-reduction.md#use-advanced-protection-against-ransomware)<!-- Note: Because the following link contains characters the validator is not expecting, it throws a warning that the bookmark does not exist. This is a false positive; the link correctly targets the heading, Block credential stealing from the Windows local security authority subsystem (lsass.exe), when selected -->
+* [Use advanced protection against ransomware](attack-surface-reduction.md#use-advanced-protection-against-ransomware)
-* [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](attack-surface-reduction.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem)
+* [Block credential stealing from the Windows local security authority subsystem](attack-surface-reduction.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem) (lsass.exe)
 * [Block process creations originating from PSExec and WMI commands](attack-surface-reduction.md#block-process-creations-originating-from-psexec-and-wmi-commands)
 * [Block untrusted and unsigned processes that run from USB](attack-surface-reduction.md#block-untrusted-and-unsigned-processes-that-run-from-usb)
 * [Block executable files from running unless they meet a prevalence, age, or trusted list criteria](attack-surface-reduction.md#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion)
@@ -61,39 +63,41 @@ ASR currently supports all of the rules below:
 * [Block Adobe Reader from creating child processes](attack-surface-reduction.md#block-adobe-reader-from-creating-child-processes)
 * [Block persistence through WMI event subscription](attack-surface-reduction.md#block-persistence-through-wmi-event-subscription)
 
-**What are some good recommendations for getting started with ASR?**
+## What are some good recommendations for getting started with ASR?
 
-It is generally best to first test how ASR rules will impact your organization before enabling them, by running them in audit mode for a brief period of time. While you are running the rules in audit mode, you can identify any line-of-business applications that might get blocked erroneously, and exclude them from ASR.
+Test how ASR rules will impact your organization before enabling them by running ASR rules in audit mode for a brief period of time. While you are running the rules in audit mode, you can identify any line-of-business applications that might get blocked erroneously, and exclude them from ASR.
 
-Larger organizations should consider rolling out ASR rules in "rings," by auditing and enabling rules in increasingly-broader subsets of devices. You can arrange your organization's devices into rings by using Intune or a Group Policy management tool.
+Larger organizations should consider rolling out ASR rules in "rings," by auditing and enabling rules in increasingly broader subsets of devices. You can arrange your organization's devices into rings by using Intune or a Group Policy management tool.
 
-**How long should I test an ASR rule in audit mode before enabling it?**
+## How long should I test an ASR rule in audit mode before enabling it?
 
-You should keep the rule in audit mode for about 30 days. This amount of time gives you a good baseline for how the rule will operate once it goes live throughout your organization. During the audit period, you can identify any line-of-business applications that might get blocked by the rule, and configure the rule to exclude them.
+Keep the rule in audit mode for about 30 days to get a good baseline for how the rule will operate once it goes live throughout your organization. During the audit period, you can identify any line-of-business applications that might get blocked by the rule, and configure the rule to exclude them.
 
-**I'm making the switch from a third-party security solution to Microsoft Defender ATP. Is there an "easy" way to export rules from another security solution to ASR?**
+## I'm making the switch from a third-party security solution to Microsoft Defender ATP. Is there an "easy" way to export rules from another security solution to ASR?
 
-Rather than attempting to import sets of rules from another security solution, it is, in most cases, easier and safer to start with the baseline recommendations suggested for your organization by Microsoft Defender ATP, then use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. The default configuration for most ASR rules, combined with Defender's real-time protection, will protect against a large number of exploits and vulnerabilities.
+In most cases, it's easier and better to start with the baseline recommendations suggested by [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP) than to attempt to import rules from another security solution. Then, use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. 
+
+The default configuration for most ASR rules, combined with Microsoft Defender ATP's real-time protection, will protect against a large number of exploits and vulnerabilities.
 
 From within Microsoft Defender ATP, you can update your defenses with custom indicators, to allow and block certain software behaviors. ASR also allows for some customization of rules, in the form of file and folder exclusions. As a general rule, it is best to audit a rule for a period of time, and configure exclusions for any line-of-business applications that might get blocked.
 
-**Does ASR support file or folder exclusions that include system variables and wildcards in the path?**
+## Does ASR support file or folder exclusions that include system variables and wildcards in the path?
 
 Yes. See [Excluding files and folders from ASR rules](enable-attack-surface-reduction.md#exclude-files-and-folders-from-asr-rules) for more details on excluding files or folders from ASR rules, and [Configure and validate exclusions based on file extension and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) for more on using system variables and wildcards in excluded file paths.
 
-**Do ASR rules cover all applications by default?**
+## Do ASR rules cover all applications by default?
 
 It depends on the rule. Most ASR rules cover the behavior of Microsoft Office products and services, such as Word, Excel, PowerPoint, and OneNote, or Outlook. Certain ASR rules, such as *Block execution of potentially obfuscated scripts*, are more general in scope.
 
-**Does ASR support third-party security solutions?**
+## Does ASR support third-party security solutions?
 
 ASR uses Microsoft Defender Antivirus to block applications. It is not possible to configure ASR to use another security solution for blocking at this time.
 
-**I have an E5 license and enabled some ASR rules in conjunction with Microsoft Defender ATP. Is it possible for an ASR event to not show up at all in Microsoft Defender ATP's event timeline?**
+## I have an E5 license and enabled some ASR rules in conjunction with Microsoft Defender ATP. Is it possible for an ASR event to not show up at all in Microsoft Defender ATP's event timeline?
 
 Whenever a notification is triggered locally by an ASR rule, a report on the event is also sent to the Microsoft Defender ATP portal. If you're having trouble finding the event, you can filter the events timeline using the search box. You can also view ASR events by visiting **Go to attack surface management**, from the **Configuration management** icon in the Security Center taskbar. The attack surface management page includes a tab for report detections, which includes a full list of ASR rule events reported to Microsoft Defender ATP.
 
-**I applied a rule using GPO. Now when I try to check the indexing options for the rule in Microsoft Outlook, I get a message stating, 'Access denied'.**
+## I applied a rule using GPO. Now when I try to check the indexing options for the rule in Microsoft Outlook, I get a message stating, 'Access denied'.
 
 Try opening the indexing options directly from Windows 10.
 
@@ -101,23 +105,23 @@ Try opening the indexing options directly from Windows 10.
 
 1. Enter **Indexing options** into the search box.
 
-**Are the criteria used by the rule, *Block executable files from running unless they meet a prevalence, age, or trusted list criterion*, configurable by an admin?**
+## Are the criteria used by the rule, "Block executable files from running unless they meet a prevalence, age, or trusted list criterion," configurable by an admin?
 
-No. The criteria used by this rule are maintained by Microsoft cloud protection, to keep the trusted list constantly up-to-date with data gathered from around the world. Local admins do not have write access to alter this data. If you are looking to configure this rule to tailor it for your enterprise, you can add certain applications to the exclusions list to prevent the rule from being triggered.
+No. The criteria used by this rule are maintained by Microsoft cloud protection, to keep the trusted list constantly up to date with data gathered from around the world. Local admins do not have write access to alter this data. If you are looking to configure this rule to tailor it for your enterprise, you can add certain applications to the exclusions list to prevent the rule from being triggered.
 
-**I enabled the ASR rule, *Block executable files from running unless they meet a prevalence, age, or trusted list criterion*. After some time, I updated a piece of software, and the rule is now blocking it, even though it didn't before. Did something go wrong?**
+## I enabled the ASR rule, *Block executable files from running unless they meet a prevalence, age, or trusted list criterion*. After some time, I updated a piece of software, and the rule is now blocking it, even though it didn't before. Did something go wrong?
 
 This rule relies upon each application having a known reputation, as measured by prevalence, age, or inclusion on a list of trusted apps. The rule's decision to block or allow an application is ultimately determined by Microsoft cloud protection's assessment of these criteria.
 
-Usually, cloud protection can determine that a new version of an application is similar enough to previous versions that it does not need to be re-assessed at length. However, it might take some time for the app to build reputation after switching versions, particularly after a major update. In the meantime, you can add the application to the exclusions list, to prevent this rule from blocking important applications. If you are frequently updating and working with very new versions of applications, you may opt instead to run this rule in audit mode.
+Usually, cloud protection can determine that a new version of an application is similar enough to previous versions that it does not need to be reassessed at length. However, it might take some time for the app to build reputation after switching versions, particularly after a major update. In the meantime, you can add the application to the exclusions list, to prevent this rule from blocking important applications. If you are frequently updating and working with new versions of applications, you may opt instead to run this rule in audit mode.
 
-**I recently enabled the ASR rule, *Block credential stealing from the Windows local security authority subsystem (lsass.exe)*, and I am getting a large number of notifications. What is going on?**
+## I recently enabled the ASR rule, *Block credential stealing from the Windows local security authority subsystem (lsass.exe)*, and I am getting a large number of notifications. What is going on?
 
-A notification generated by this rule does not necessarily indicate malicious activity; however, this rule is still useful for blocking malicious activity, since malware often target lsass.exe to gain illicit access to accounts. The lsass.exe process stores user credentials in memory after a user has logged in. Windows uses these credentials to validate users and apply local security policies.
+A notification generated by this rule does not necessarily indicate malicious activity; however, this rule is still useful for blocking malicious activity, since malware often targets lsass.exe to gain illicit access to accounts. The lsass.exe process stores user credentials in memory after a user has logged in. Windows uses these credentials to validate users and apply local security policies.
 
-Because many legitimate processes throughout a typical day will be calling on lsass.exe for credentials, this rule can be especially noisy. If a known legitimate application causes this rule to generate an excessive amount of notifications, you can add it to the exclusion list. Most other ASR rules will generate a relatively smaller number of notifications, in comparison to this one, since calling on lsass.exe is typical of many applications' normal functioning.
+Because many legitimate processes throughout a typical day will be calling on lsass.exe for credentials, this rule can be especially noisy. If a known legitimate application causes this rule to generate an excessive number of notifications, you can add it to the exclusion list. Most other ASR rules will generate a relatively smaller number of notifications, in comparison to this one, since calling on lsass.exe is typical of many applications' normal functioning.
 
-**Is it a good idea to enable the rule, *Block credential stealing from the Windows local security authority subsystem (lsass.exe)*, alongside LSA protection?**
+## Is it a good idea to enable the rule, *Block credential stealing from the Windows local security authority subsystem (lsass.exe)*, alongside LSA protection?
 
 Enabling this rule will not provide additional protection if you have [LSA protection](https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#BKMK_HowToConfigure) enabled as well. Both the rule and LSA protection work in much the same way, so having both running at the same time would be redundant. However, sometimes you may not be able to enable LSA protection. In those cases, you can enable this rule to provide equivalent protection against malware that target lsass.exe.
 

windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md

@@ -23,9 +23,6 @@ ms.custom: asr
 
 * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 Your attack surface is the total number of places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means offering attackers fewer ways to perform attacks.
 
 Attack surface reduction rules target software behaviors that are often abused by attackers, such as:
@@ -44,9 +41,11 @@ For more information about configuring attack surface reduction rules, see [Enab
 
 ## Attack surface reduction features across Windows versions
 
-You can set attack surface reduction rules for computers running the following versions of Windows:
+You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
-- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
-- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) (Semi-Annual Channel) or later
+- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
+- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
 To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events.
 

windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md

@@ -24,26 +24,96 @@ ms.collection:
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-## Behavioral blocking and containment overview
+## Overview
 
-Not all cyberattacks involve a simple piece of malware that's found and removed. Some attacks, such as fileless attacks, are much more difficult to identify, let alone contain. Microsoft Defender ATP includes behavioral blocking and containment capabilities that can help identify and stop threats with machine learning, pre- and post-breach. In almost real time, when a suspicious behavior or artifact is detected and determined to be malicious, the threat is blocked. Pre-execution models learn about that threat, and prevent it from running on other endpoints. 
+Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised machines. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and machine learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security). 
 
-## Behavioral blocking and containment capabilities
+Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Microsoft Defender ATP components and features work together in behavioral blocking and containment capabilities. 
 
-Behavioral blocking and containment capabilities include the following:
+:::image type="content" source="images/mdatp-next-gen-EDR-behavblockcontain.png" alt-text="Behavioral blocking and containment":::
 
-- **On-client, policy-driven [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)**. Predefined common attack behaviors are prevented from executing, according to your attack surface reduction rules. When such behaviors attempt to execute, they can be seen in the Microsoft Defender Security Center (https://securitycenter.windows.com) as informational alerts. (Attack surface reduction rules are not enabled by default; you configure your policies in the Microsoft Defender Security Center.)
+Behavioral blocking and containment capabilities work with multiple components and features of Microsoft Defender ATP to stop attacks immediately and prevent attacks from progressing.
 
-- **Client behavioral blocking**. Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (Client behavioral blocking is enabled by default.)
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running.
 
-- **Feedback-loop blocking** (also referred to as rapid protection). Threat detections that are assumed to be false negatives are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.)
+- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) receives security signals across your network, devices, and kernel behavior. As threats are detected, alerts are created. Multiple alerts of the same type are aggregated into incidents, which makes it easier for your security operations team to investigate and respond.
 
-- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)**. Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Windows Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.)
+- [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Microsoft Defender ATP processes and correlates these signals, raises detection alerts, and connects related alerts in incidents. 
 
-As Microsoft continues to improve threat protection features and capabilities, you can expect more to come in the area of behavioral blocking and containment. Visit the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap) to see what's rolling out now and what's in development.
+With these capabilities, more threats can be prevented or blocked, even if they start running. Whenever suspicious behavior is detected, the threat is contained, alerts are created, and threats are stopped in their tracks. 
+
+The following image shows an example of an alert that was triggered by behavioral blocking and containment capabilities:
+
+:::image type="content" source="images/blocked-behav-alert.png" alt-text="Example of an alert through behavioral blocking and containment":::
+
+## Components of behavioral blocking and containment
+
+- **On-client, policy-driven [attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)** Predefined common attack behaviors are prevented from executing, according to your attack surface reduction rules. When such behaviors attempt to execute, they can be seen in the Microsoft Defender Security Center [https://securitycenter.windows.com](https://securitycenter.windows.com) as informational alerts. (Attack surface reduction rules are not enabled by default; you configure your policies in the Microsoft Defender Security Center.)
+
+- **[Client behavioral blocking](client-behavioral-blocking.md)** Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (Client behavioral blocking is enabled by default.) 
+
+- **[Feedback-loop blocking](feedback-loop-blocking.md)** (also referred to as rapid protection) Threat detections are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.) 
+
+- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Windows Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.) 
+
+Expect more to come in the area of behavioral blocking and containment, as Microsoft continues to improve threat protection features and capabilities. To see what's planned and rolling out now, visit the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap).
+
+## Examples of behavioral blocking and containment in action
+
+Behavioral blocking and containment capabilities have blocked attacker techniques such as the following:
+
+- Credential dumping from LSASS
+- Cross-process injection
+- Process hollowing
+- User Account Control bypass
+- Tampering with antivirus (such as disabling it or adding the malware as exclusion)
+- Contacting Command and Control (C&C) to download payloads
+- Coin mining
+- Boot record modification
+- Pass-the-hash attacks
+- Installation of root certificate
+- Exploitation attempt for various vulnerabilities
+
+Below are two real-life examples of behavioral blocking and containment in action.
+
+### Example 1: Credential theft attack against 100 organizations
+
+As described in [In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks](https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks), a credential theft attack against 100 organizations around the world was stopped by behavioral blocking and containment capabilities. Spear-phishing email messages that contained a lure document were sent to the targeted organizations. If a recipient opened the attachment, a related remote document was able to execute code on the user’s device and load Lokibot malware, which stole credentials, exfiltrated stolen data, and waited for further instructions from a command-and-control server. 
+
+Behavior-based machine learning models in Microsoft Defender ATP caught and stopped the attacker’s techniques at two points in the attack chain:
+- The first protection layer detected the exploit behavior. Machine learning classifiers in the cloud correctly identified the threat as and immediately instructed the client device to block the attack.
+- The second protection layer, which helped stop cases where the attack got past the first layer, detected process hollowing, stopped that process, and removed the corresponding files (such as Lokibot). 
+
+While the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)):
+
+:::image type="content" source="images/behavblockcontain-initialaccessalert.png" alt-text="Initial access alert in the Microsoft Defender Security Center":::
+
+This example shows how behavior-based machine learning models in the cloud add new layers of protection against attacks, even after they have started running.
+
+### Example 2: NTML relay - Juicy Potato malware variant
+
+As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
+
+:::image type="content" source="images/NTLMalertjuicypotato.png" alt-text="NTLM alert for Juicy Potato malware":::
+
+The threat turned out to be malware; it was a new, not-seen-before variant of a notorious hacking tool called Juicy Potato, which is used by attackers to get privilege escalation on a device. 
+
+Minutes after the alert was triggered, the file was analyzed, and confirmed to be malicious. Its process was stopped and blocked, as shown in the following image:
+
+:::image type="content" source="images/Artifactblockedjuicypotato.png" alt-text="Artifact blocked":::
+
+A few minutes after the artifact was blocked, multiple instances of the same file were blocked on the same device, preventing additional attackers or other malware from deploying on the device. 
+
+This example shows that with behavioral blocking and containment capabilities, threats are detected, contained, and blocked automatically. 
 
 ## Next steps
 
+- [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+
 - [Configure your attack surface reduction rules](attack-surface-reduction.md)
 
 - [Enable EDR in block mode](edr-in-block-mode.md)
+
+- [See recent global threat activity](https://www.microsoft.com/wdsi/threats)
+
+- [Get an overview of Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)

windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md

@@ -0,0 +1,90 @@
+---
+title: Client behavioral blocking
+description: Client behavioral blocking is part of behavioral blocking and containment capabilities in Microsoft Defender ATP
+keywords: behavioral blocking, rapid protection, client behavior, Microsoft Defender ATP
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp
+ms.reviewer: shwetaj
+audience: ITPro 
+ms.topic: article 
+ms.prod: w10 
+ms.localizationpriority: medium
+ms.custom: 
+- next-gen
+- edr
+ms.collection: 
+---
+
+# Client behavioral blocking
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Overview
+
+Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Microsoft Defender ATP. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically. 
+
+:::image type="content" source="images/pre-execution-and-post-execution-detection-engines.png" alt-text="Cloud and client protection":::
+
+Antivirus protection works best when paired with cloud protection.
+
+## How client behavioral blocking works
+
+[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device. 
+
+Whenever a suspicious behavior is detected, an [alert](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/alerts-queue) is generated, and is visible in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+
+Client behavioral blocking is effective because it not only helps prevent an attack from starting, it can help stop an attack that has begun executing. And, with [feedback-loop blocking](feedback-loop-blocking.md) (another capability of behavioral blocking and containment), attacks are prevented on other devices in your organization.
+
+## Behavior-based detections
+
+Behavior-based detections are named according to the [MITRE ATT&CK Matrix for Enterprise](https://attack.mitre.org/matrices/enterprise). The naming convention helps identify the attack stage where the malicious behavior was observed:
+
+
+|Tactic |	Detection threat name |
+|----|----|
+|Initial Access	| Behavior:Win32/InitialAccess.*!ml |
+|Execution	| Behavior:Win32/Execution.*!ml |
+|Persistence	| Behavior:Win32/Persistence.*!ml |
+|Privilege Escalation	| Behavior:Win32/PrivilegeEscalation.*!ml |
+|Defense Evasion	| Behavior:Win32/DefenseEvasion.*!ml |
+|Credential Access	| Behavior:Win32/CredentialAccess.*!ml |
+|Discovery	| Behavior:Win32/Discovery.*!ml |
+|Lateral Movement |	Behavior:Win32/LateralMovement.*!ml |
+|Collection |	Behavior:Win32/Collection.*!ml |
+|Command and Control | Behavior:Win32/CommandAndControl.*!ml |
+|Exfiltration	| Behavior:Win32/Exfiltration.*!ml |
+|Impact	| Behavior:Win32/Impact.*!ml |
+|Uncategorized	| Behavior:Win32/Generic.*!ml |
+
+> [!TIP]
+> To learn more about specific threats, see **[recent global threat activity](https://www.microsoft.com/wdsi/threats)**.
+
+
+## Configuring client behavioral blocking
+
+If your organization is using Microsoft Defender ATP, client behavioral blocking is enabled by default. However, to benefit from all Microsoft Defender ATP capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
+
+- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+
+- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+
+- [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
+
+- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
+
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) (antivirus)
+
+## Related articles
+
+- [Behavioral blocking and containment](behavioral-blocking-containment.md)
+
+- [Feedback-loop blocking](feedback-loop-blocking.md)
+
+- [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
+
+- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)

windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md

@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 07/01/2018
 ---
 
 # Configure attack surface reduction
@@ -27,11 +26,7 @@ You can configure attack surface reduction with a number of tools, including:
 * Group Policy
 * PowerShell cmdlets
 
-The topics in this section describe how to configure attack surface reduction. Each topic includes instructions for the applicable configuration tool (or tools).
+Article | Description
-
-## In this section
-
-Topic | Description
 -|-
 [Enable hardware-based isolation for Microsoft Edge](../windows-defender-application-guard/install-wd-app-guard.md) | How to prepare for and install Application Guard, including hardware and software requirements
 [Enable application control](../windows-defender-application-control/windows-defender-application-control.md)|How to control applications run by users and protect kernel mode processes

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -170,7 +170,7 @@ Support for Windows Server, provide deeper insight into activities happening on
 
 3. Run the following command to check if Windows Defender AV is installed:
 
-   ```sc query Windefend```
+   ```sc.exe query Windefend```
 
     If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).
 
@@ -190,7 +190,7 @@ The following capabilities are included in this integration:
 > [!IMPORTANT]
 > - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
 > - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
-
+> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created and the Microsoft Defender ATP data is stored in Europe by default. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
 
 
 ## Offboard servers

windows/security/threat-protection/microsoft-defender-atp/configure-siem.md

@@ -27,31 +27,29 @@ ms.topic: article
 
 ## Pull detections using security information and events management (SIEM) tools
 
->[!Note]
+>[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
+>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
 
 
-Microsoft Defender ATP currently supports the following SIEM tools:
+Microsoft Defender ATP currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
 
-- Splunk
+- IBM QRadar
-- HP ArcSight
+- Micro Focus ArcSight
+
+Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a different integration model based on the new Alert API. For more information, view the [Partner application](https://df.securitycenter.microsoft.com/interoperability/partners) page and select the Security Information and Analytics section for full details.
 
 To use either of these supported SIEM tools you'll need to:
 
 - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
 - Configure the supported SIEM tool:
-    - [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
      - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
+     - Configure IBM QRadar to pull Microsoft Defender ATP detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
 For more information on the list of fields exposed in the Detection API see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
 
 
-## Pull Microsoft Defender ATP detections using REST API
-Microsoft Defender ATP supports the OAuth 2.0 protocol to pull detections using REST API.
-
-For more information, see [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md).
-
 

windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md

@@ -1,131 +0,0 @@
----
-title: Configure Splunk to pull Microsoft Defender ATP detections
-description: Configure Splunk to receive and pull detections from Microsoft Defender Security Center.
-keywords: configure splunk, security information and events management tools, splunk
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Configure Splunk to pull Microsoft Defender ATP detections
-
-**Applies to:**
-
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
-
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresplunk-abovefoldlink) 
-
-You'll need to configure Splunk so that it can pull Microsoft Defender ATP detections.
-
->[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
-
-## Before you begin
-
-- Install the open source [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/) in Splunk.
-- Make sure you have enabled the **SIEM integration** feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-
-- Have the details file you saved from enabling the **SIEM integration** feature ready. You'll need to get the following values:
-   - Tenant ID
-   - Client ID
-   - Client Secret
-   - Resource URL
-
-
-## Configure Splunk
-
-1. Login in to Splunk.
-
-2. Go to **Settings** > **Data inputs**.
-
-3. Select **Windows Defender ATP alerts** under **Local inputs**.
-
-   NOTE:
-   This input will only appear after you install the [Windows Defender ATP Modular Inputs TA](https://splunkbase.splunk.com/app/4128/).
-
-4. Click **New**.
-
-5. Type the following values in the required fields, then click **Save**:
-
-   NOTE:
-   All other values in the form are optional and can be left blank.
-
-   <table>
-   <tbody style="vertical-align:top;">
-   <tr>
-   <th>Field</th>
-   <th>Value</th>
-   </tr>
-   <tr>
-   <td>Name</td>
-   <td>Name for the Data Input</td>
-   </tr>
-    <td>Login URL</td>
-   <td>URL to authenticate the azure app (Default : https://login.microsoftonline.com)</td>
-   </tr>
-   <td>Endpoint</td>
-   <td>Depending on the location of your datacenter, select any of the following URL: </br></br> <strong>For EU</strong>:  <code>https://wdatp-alertexporter-eu.securitycenter.windows.com</code><br></br><strong>For US:</strong><code>https://wdatp-alertexporter-us.securitycenter.windows.com</code> <br><br> <strong>For UK:</strong><code>https://wdatp-alertexporter-uk.securitycenter.windows.com</code>
-   </tr>
-   <tr>
-   <td>Tenant ID</td>
-   <td>Azure Tenant ID</td>
-   </tr>
-   <td>Resource</td>
-   <td>Value from the SIEM integration feature page</td>
-   <tr>
-   <td>Client ID</td>
-   <td>Value from the SIEM integration feature page</td>
-   </tr>
-   <tr>
-   <td>Client Secret</td>
-   <td>Value from the SIEM integration feature page</td>
-   </tr>
-   
-   </tr>
-   </table>
-
-After completing these configuration steps, you can go to the Splunk dashboard and run queries.
-
-## View detections using Splunk solution explorer
-Use the solution explorer to view detections in Splunk.
-
-1. In Splunk, go to **Settings** > **Searchers, reports, and alerts**.
-
-2. Select **New**.
-
-3. Enter the following details:
-   - Search: Enter a query, for example:</br>
-     `sourcetype="wdatp:alerts" |spath|table*`
-   - App: Add-on for Windows Defender (TA_Windows-defender)
-
-     Other values are optional and can be left with the default values.
-
-4. Click **Save**. The query is saved in the list of searches.
-
-5. Find the query you saved in the list and click **Run**. The results are displayed based on your query.
-
-
->[!TIP]
-> To minimize Detection duplications, you can use the following query:
->```source="rest://wdatp:alerts" | spath | dedup _raw | table *``` 
-
-## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
-- [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)

windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md

@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 audience: ITPro
 author: levinec
 ms.author: ellevin
-ms.date: 05/13/2019
+ms.date: 05/20/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -26,11 +26,16 @@ manager: dansimp
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-Attack surface reduction rules help prevent software behaviors that are often abused to compromise your device or network. For example, an attacker might try to run an unsigned script off of a USB drive, or have a macro in an Office document make calls directly to the Win32 API. Attack surface reduction rules can constrain these kinds of risky behaviors and improve your organization's defensive posture.
+[Attack surface reduction rules](enable-attack-surface-reduction.md) help prevent software behaviors that are often abused to compromise your device or network. For example, an attacker might try to run an unsigned script off of a USB drive, or have a macro in an Office document make calls directly to the Win32 API. Attack surface reduction rules can constrain these kinds of risky behaviors and improve your organization's defensive posture.
 
 Learn how to customize attack surface reduction rules by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer.
 
-Attack surface reduction rules are supported on Windows 10, versions 1709 and 1803 or later, Windows Server, version 1803 (Semi-Annual Channel) or later, and Windows Server 2019. You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
+You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
+- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
+You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
 
 ## Exclude files and folders
 
@@ -72,7 +77,7 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail
 
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
-3. Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**.
+3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Windows Defender Exploit Guard** > **Attack surface reduction**.
 
 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
 

windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md

@@ -12,22 +12,29 @@ ms.localizationpriority: medium
 audience: ITPro
 author: levinec
 ms.author: ellevin
-ms.date: 05/05/2020
+ms.date: 05/20/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Enable attack surface reduction rules
 
-[Attack surface reduction rules](attack-surface-reduction.md) help prevent actions that malware often abuse to compromise devices and networks. You can set attack surface reduction rules for computers running Windows 10, versions 1709 and 1803 or later, Windows Server, version 1803 (Semi-Annual Channel) or later, and Windows Server 2019.
+[Attack surface reduction rules](attack-surface-reduction.md) help prevent actions that malware often abuses to compromise devices and networks. You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
+- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
-Each ASR rule contains three settings:
+Each ASR rule contains one of three settings:
 
 * Not configured: Disable the ASR rule
 * Block: Enable the ASR rule
 * Audit: Evaluate how the ASR rule would impact your organization if enabled
 
-To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
+To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
+
+> [!TIP]
+> To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf).
 
 You can enable attack surface reduction rules by using any of these methods:
 

windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md

@@ -27,9 +27,10 @@ ms.topic: article
 
 Enable security information and event management (SIEM) integration so you can pull detections from Microsoft Defender Security Center using your SIEM solution or by connecting directly to the detections REST API.
 
->[!Note]
+>[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
+>- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
+>- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Prerequisites
 - The user who activates the setting must have permissions to create an app in Azure Active Directory (AAD). This is typically someone with a **Global administrator** role.
@@ -75,7 +76,6 @@ You can now proceed with configuring your SIEM solution or connecting to the det
 You can configure IBM QRadar to collect detections from Microsoft Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
 ## Related topics
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
 - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
 - [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
 - [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)

windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md

@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 audience: ITPro
 author: levinec
 ms.author: ellevin
-ms.date: 04/02/2019
+ms.date: 05/20/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -23,7 +23,11 @@ manager: dansimp
 
 * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Attack surface reduction rules help prevent actions that are typically used by malware to compromise devices or networks. Attack surface reduction rules are supported on Windows 10, versions 1709 and 1803 or later, Windows Server, version 1803 (Semi-Annual Channel) or later, and Windows Server 2019.
+Attack surface reduction rules help prevent actions that are typically used by malware to compromise devices or networks. You can set attack surface reduction rules for devices running any of the following editions and versions of Windows:
+- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows 10 Enterprise, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
+- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
+- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
 Learn how to evaluate attack surface reduction rules, by enabling audit mode to test the feature directly in your organization.
 

windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md

@@ -25,34 +25,45 @@ Conducting a comprehensive security product evaluation can be a complex process
 
 The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
 
-When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs.
+>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
-
-After the lab setup process is complete, you can add Windows 10 or Windows Server 2019 machines. These test machines come pre-configured to have the latest and greatest OS versions with the right security components in place and Office 2019 Standard installed.
 
 With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs. 
 
-You'll have full access to all the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
+You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
+
+You can add Windows 10 or Windows Server 2019 machines that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
+
+You can also install threat simulators. Microsoft Defender ATP has partnered with industry leading threat simulation platforms to help you test out the Microsoft Defender ATP capabilities without having to leave the portal.
+
+ Install your preferred simulator, run scenarios within the evaluation lab, and instantly see how the platform performs - all conveniently available at no extra cost to you. You'll also have convenient access to wide array of simulations which you can access and run from the simulations catalog.
+    
 
 ## Before you begin
 You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab.
 
+You must have **Manage security settings** permissions to:
+- Create the lab
+- Create machines
+- Reset password
+- Create simulations 
+ 
+For more information, see [Create and manage roles](user-roles.md).
+
 Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
 
+
 ## Get started with the lab
 You can access the lab from the menu. In the navigation menu, select **Evaluation and tutorials > Evaluation lab**.
 
 ![Image of the evaluation lab on the menu](images/evaluation-lab-menu.png)
 
-When you access the evaluation lab for the first time, you'll find an introduction page with a link to the evaluation guide. The guide contains tips and recommendations to keep in mind when evaluating an advanced threat protection product. 
-
-It's a good idea to read the guide before starting the evaluation process so that you can conduct a thorough assessment of the platform.
-
 >[!NOTE]
 >- Each environment is provisioned with a limited set of test machines.
 >- Depending the type of environment structure you select, machines will be available for the specified number of hours from the day of activation.
 >- When you've used up the provisioned machines, no new machines are provided. A deleted machine does not refresh the available test machine count.
 >- Given the limited resources, it’s advisable to use the machines carefully.
 
+Already have a lab? Make sure to enable the new threat simulators and have active machines.
 
 ## Setup the evaluation lab
 
@@ -60,17 +71,37 @@ It's a good idea to read the guide before starting the evaluation process so tha
 
     ![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png)
 
-2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Create lab**.
+2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Next**.
 
     ![Image of lab configuration options](images/lab-creation-page.png) 
 
-When the environment completes the setup process, you're ready to add machines.
+
+3. (Optional) You can choose to install threat simulators in the lab. 
+
+    ![Image of install simulators agent](images/install-agent.png)
+
+    >[!IMPORTANT]
+    >You'll first need to accept and provide consent to the terms and information sharing statements. 
+
+4. Select the threat simulation agent you'd like to use and enter your details. You can also choose to install threat simulators at a later time. If you choose to install threat simulation agents during the lab setup, you'll enjoy the benefit of having them conveniently installed on the machines you add.  
+    
+    ![Image of summary page](images/lab-setup-summary.png)
+
+5.  Review the summary and select **Setup lab**.  
+
+After the lab setup process is complete, you can add machines and run simulations. 
+
 
 ## Add machines
 When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. You can add Windows 10 or Windows Server 2019 machines.
 
 The machine will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. 
 
+   >[!TIP]
+   > Need more machines in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team. 
+
+If you chose to add a threat simulator during the lab setup, all machines will have the threat simulator agent installed in the machines that you add.
+
 The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. 
 
   The following security components are pre-configured in the test machines:
@@ -94,9 +125,6 @@ Automated investigation settings will be dependent on tenant settings. It will b
 
 1. From the dashboard, select **Add machine**. 
 
-    ![Image of lab setup page](images/lab-setup-page.png)
-
-
 2. Choose the type of machine to add. You can choose to add Windows 10 or Windows Server 2019.
 
     ![Image of lab setup with machine options](images/add-machine-options.png)
@@ -114,20 +142,31 @@ Automated investigation settings will be dependent on tenant settings. It will b
 
 4. Machine set up begins. This can take up to approximately 30 minutes. 
 
-The environment will reflect your test machine status through the evaluation - including risk score, exposure score, and alerts created through the simulation.
+5. See the status of test machines, the risk and exposure levels, and the status of simulator installations by selecting the **Machines** tab. 
+
+    ![Image of machines tab](images/machines-tab.png)
+    
+
+    >[!TIP]
+    >In the **Simulator status** column, you can hover over the information icon to know the installation status of an agent.
 
 
-![Image of test machines](images/eval-lab-dashboard.png)
 
 ## Simulate attack scenarios
-Use the test machines to run attack simulations by connecting to them. 
+Use the test machines to run your own attack simulations by connecting to them. 
 
-If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
+You can simulate attack scenarios using:
+- The ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials)
+- Threat simulators
 
 You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
 
-> [!NOTE]
+### Do-it-yourself attack scenarios
-> The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
+If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
+
+
+>[!NOTE]
+>The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
 
 1. Connect to your machine and run an attack simulation by selecting **Connect**. 
 
@@ -146,20 +185,70 @@ You can also use [Advanced hunting](advanced-hunting-query-language.md) to query
 
    ![Image of window to enter credentials](images/enter-password.png)
 
-4. Run simulations on the machine. 
+4. Run Do-it-yourself attack simulations on the machine. 
+
+
+### Threat simulator scenarios
+If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab machines. 
+
+
+Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender ATP capabilities within the confines of a lab environment.
+
+>[!NOTE]
+>Before you can run simulations, ensure the following requirements are met:
+>- Machines must be added  to the evaluation lab
+>- Threat simulators must be installed in the evaluation lab
+
+1. From the portal select **Create simulation**.
+
+2. Select a threat simulator.
+
+    ![Image of threat simulator selection](images/select-simulator.png)
+
+3. Choose a simulation or look through the simulation gallery to browse through the available simulations. 
+
+    You can get to the simulation gallery from:
+    - The main evaluation dashboard in the **Simulations overview** tile or
+    - By navigating from the navigation pane **Evaluation and tutorials** > **Simulation & tutorials**, then select **Simulations catalog**.
+
+4. Select the devices where you'd like to run the simulation on.
+
+5. Select **Create simulation**.
+
+6. View the progress of a simulation by selecting the **Simulations** tab. View the simulation state, active alerts, and other details. 
+
+    ![Image of simulations tab](images/simulations-tab.png)
+    
+After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if the attack simulations you ran triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
 
-After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if your attacks triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
 
 
 Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics.
 
 
-## Simulation results
+## Simulation gallery
-Get a full overview of the simulation results, all in one place, allowing you to drill down to the relevant pages with every detail you need.
+Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
 
-View the machine details page by selecting the machine from the table. You'll be able to drill down on relevant alerts and investigations by exploring the rich context provided on the attack simulation. 
+View all the available simulations by going to  **Simulations and tutorials** > **Simulations catalog**  from the menu. 
 
-### Evaluation report
+
+A list of supported third-party threat simulation agents are listed, and specific types of simulations along with detailed descriptions are provided on the catalog. 
+
+You can conveniently run any available simulation right from the catalog.  
+
+
+![Image of simulations catalog](images/simulations-catalog.png)
+
+Each simulation comes with an in-depth description of the attack scenario and references such as the MITRE attack techniques used and sample Advanced hunting queries you run.
+
+**Examples:**
+![Image of simulation description details](images/simulation-details-aiq.png)
+
+
+![Image of simulation description details](images/simulation-details-sb.png)
+
+
+## Evaluation report
 The lab reports summarize the results of the simulations conducted on the machines. 
 
 ![Image of the evaluation report](images/eval-report.png)
@@ -172,6 +261,7 @@ At a glance, you'll quickly be able to see:
 - Detection sources
 - Automated investigations
 
+
 ## Provide feedback
 Your feedback helps us get better in protecting your environment from advanced attacks. Share your experience and impressions from product capabilities and evaluation results.
 

windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md

@@ -0,0 +1,58 @@
+---
+title: Feedback-loop blocking
+description: Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender ATP
+keywords: behavioral blocking, rapid protection, feedback blocking, Microsoft Defender ATP
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp
+ms.reviewer: shwetaj
+audience: ITPro 
+ms.topic: article 
+ms.prod: w10 
+ms.localizationpriority: medium
+ms.custom: 
+- next-gen
+- edr
+ms.collection: 
+---
+
+# Feedback-loop blocking
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Overview
+
+Feedback-loop blocking, also referred to as rapid protection, is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/). With feedback-loop blocking, devices across your organization are better protected from attacks. 
+
+## How feedback-loop blocking works
+
+When a suspicious behavior or file is detected, such as by [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10), information about that artifact is sent to multiple classifiers. The rapid protection loop engine inspects and correlates the information with other signals to arrive at a decision as to whether to block a file. Checking and classifying artifacts happens quickly. It results in rapid blocking of confirmed malware, and drives protection across the entire ecosystem. 
+
+With rapid protection in place, an attack can be stopped on a device, other devices in the organization, and devices in other organizations, as an attack attempts to broaden its foothold.
+
+
+## Configuring feedback-loop blocking
+
+If your organization is using Microsoft Defender ATP, feedback-loop blocking is enabled by default. However, rapid protection occurs through a combination of Microsoft Defender ATP capabilities, machine learning protection features, and signal-sharing across Microsoft security services. Make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
+
+- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+
+- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+
+- [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
+
+- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
+
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features) (antivirus)
+
+## Related articles
+
+- [Behavioral blocking and containment](behavioral-blocking-containment.md)
+
+- [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
+
+- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)