Merge pull request #3907 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

windows/deployment/update/update-compliance-configuration-manual.md

@@ -48,6 +48,9 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e
 |**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | 1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether end-users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
 |**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
 
+> [!NOTE]
+> If you use Microsoft Intune, set the **ProviderID** to *MS DM Server*. If you use another MDM product, check with its vendor. See also [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).
+
 ### Group Policies
 
 All Group Policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  

windows/security/identity-protection/access-control/special-identities.md

@@ -186,7 +186,7 @@ This group includes all domain controllers in an Active Directory forest. Domain
 
 All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to system resources. Whenever a user logs on to the network, the user is automatically added to the Everyone group.
 
-On computers running Windows 2000 and earlier, the Everyone group included the Anonymous Logon group as a default member, but as of Windows Server 2003, the Everyone group contains only Authenticated Users and Guest; and it no longer includes Anonymous Logon by default (although this can be changed).
+On computers running Windows 2000 and earlier, the Everyone group included the Anonymous Logon group as a default member, but as of Windows Server 2003, the Everyone group contains only Authenticated Users and Guest; and it no longer includes Anonymous Logon by default (although this can be changed, using Registry Editor, by going to the **Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa** key and setting the value of **everyoneincludesanonymous** DWORD to 1).
 
 Membership is controlled by the operating system.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -458,7 +458,7 @@ contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,conto
 Value format without proxy:
 
 ```console
-contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
+contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com,
 ```
 
 ### Protected domains

windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md

@@ -11,7 +11,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 09/28/2020
+ms.date: 09/30/2020
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -87,22 +87,7 @@ You can configure the following levels of automation:
 
 
 > [!IMPORTANT]
-> Regarding automation levels and default settings:
-> - If your tenant already has device groups defined, then the automation level settings are not changed for those device groups.
-> - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**.
-> - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. 
-> - If your tenant was onboarded to Microsoft Defender for Endpoint *on or after* August 16, 2020, and you have not defined a device group, your orgnaization's default setting is **Full - remediate threats automatically**.
-> - If your tenant was onboarded to Microsoft Defender for Endpoint *on or after* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Full - remediate threats automatically**.
-> - To change an automation level, **[edit your device groups](configure-automated-investigations-remediation.md#set-up-device-groups)**.
-
-
-### A few points to keep in mind
-
-- Your level of automation is determined by your device group settings. To learn more, see [Set up device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).
-
-- If your Microsoft Defender for Endpoint tenant was created before August 16, 2020, then you have a default device group that is configured for semi-automatic remediation. In this case, some or all remediation actions for malicious entities require approval. Such actions are listed on the **Pending actions** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center). You can set your [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups) to use full automation so that no user approval is needed. 
-
-- If your Microsoft Defender for Endpoint tenant was created on or after August 16, 2020, then you have a default device group that is configured for full automation. In this case, remediation actions are taken automatically for entities that are considered to be malicious. Such actions are listed on the **History** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center).
+> If your tenant already has device groups defined, then the automation level settings are not changed for those device groups.
 
 ## Next steps