Merge branch 'atp-fixes' of https://github.com/Microsoft/win-cpub-itpro-docs into atp-fixes

.openpublishing.publish.config.json

@@ -2,6 +2,11 @@
   "build_entry_point": "",
   "need_generate_pdf": false,
   "need_generate_intellisense": false,
+  "enable_incremental_build": true,
+  "branch_target_mapping": {
+    "live": ["Publish","Pdf"],
+    "master": ["Publish", "Pdf"]
+  },  
   "docsets_to_publish": [
     {
       "docset_name": "education",
@@ -376,17 +381,26 @@
       "version": 0
     }
   ],
+  "Targets": {
+		"Pdf": {
+			"template_folder": "_themes.pdf"
+		}
+	},
   "notification_subscribers": [
     "brianlic@microsoft.com"
   ],
-  "branches_to_filter": [
+  "branches_to_filter": [""],
-    ""
-  ],
   "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs",
   "git_repository_branch_open_to_public_contributors": "master",
   "skip_source_output_uploading": false,
   "need_preview_pull_request": true,
   "dependent_repositories": [
+  {
+      "path_to_root": "_themes.pdf",
+      "url": "https://github.com/Microsoft/templates.docs.msft.pdf",
+      "branch": "master",
+      "branch_mapping": {}
+  },
   {
       "path_to_root": "_themes",
       "url": "https://github.com/Microsoft/templates.docs.msft",
@@ -394,5 +408,5 @@
       "branch_mapping": {}
     }
   ],
-  "need_generate_pdf_url_template": false
+  "need_generate_pdf_url_template": true
 }

CONTRIBUTING.md

@@ -18,7 +18,7 @@ We've tried to make editing an existing, public file as simple as possible.
 
 **To edit a topic**
 
-1.	Go to the page on TechNet that you want to update, and then click **Edit**.
+1.	Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
 
     ![GitHub Web, showing the Edit link](images/contribute-link.png)
 
@@ -62,14 +62,23 @@ We've tried to make editing an existing, public file as simple as possible.
     The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
 
     - [Windows 10](https://docs.microsoft.com/windows/windows-10)
+    
     - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
+    
     - [Surface](https://docs.microsoft.com/surface)
+    
     - [Surface Hub](https://docs.microsoft.com/surface-hub)
+    
     - [HoloLens](https://docs.microsoft.com/hololens)
+    
     - [Microsoft Store](https://docs.microsoft.com/microsoft-store)
+    
     - [Windows 10 for Education](https://docs.microsoft.com/education/windows)
+    
     - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
+    
     - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
+    
     - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)
 
 

browsers/edge/available-policies.md

@@ -357,7 +357,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
     
             https://fabrikam.com/opensearch.xml
     
-    - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.<p>If you don't configure this setting, the default search engine is set to the one specified in App settings.
+    - If you disable this setting, the policy-set default search engine is removed. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market.
 
     - If you don't configure this setting (default), the default search engine is set to the one specified in App settings.
 

windows/access-protection/credential-guard/credential-guard-manage.md

@@ -143,7 +143,7 @@ For client machines that are running Windows 10 1703, LSAIso is running whenever
     -   **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard.
     -   **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\]
     -   **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
-    You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
+    You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
         -   **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.
       
 ## Disable Credential Guard

windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md

@@ -49,7 +49,7 @@ The Windows Hello for Business PIN is subject to the same set of IT management p
 ## What if someone steals the laptop or phone?
 
 To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
-You can provide additional protection for laptops that don't have TPM by enablng BitLocker and setting a policy to limit failed sign-ins.
+You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins.
 
 **Configure BitLocker without TPM**
 1.  Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:

windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -25,7 +25,7 @@ If you want to minimize connections from Windows to Microsoft services, or confi
 
 You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
 
-To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
+To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
 
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
 

windows/deployment/windows-10-poc-sc-config-mgr.md

@@ -4,8 +4,7 @@ description: Deploy Windows 10 in a test lab using System Center Configuration M
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: deploy
+ms.pagetype: deploykeywords: deployment, automate, tools, configure, sccm, configuration manager
-keywords: deployment, automate, tools, configure, sccm, configuration manager
 localizationpriority: high
 author: greg-lindsay
 ---
@@ -15,7 +14,6 @@ author: greg-lindsay
 **Applies to**
 
 -   Windows 10
-
 **Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides:
 - [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md)
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
@@ -26,7 +24,6 @@ The PoC environment is a virtual network running on Hyper-V with three virtual m
 - **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
 - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
 - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes.
-
 This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
 
 >Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**.
@@ -38,7 +35,6 @@ This guide provides end-to-end instructions to install and configure System Cent
 Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
 
 <div style='font-size:9.0pt'>
-
 <TABLE border=1 cellspacing=0 cellpadding=0>
 <TR><TD BGCOLOR="#a0e4fa"><B>Topic</B><TD BGCOLOR="#a0e4fa"><B>Description</B><TD BGCOLOR="#a0e4fa"><B>Time</B>
 
@@ -48,8 +44,7 @@ Topics and procedures in this guide are summarized in the following table. An es
 <TR><TD>[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)<TD>Prerequisite procedures to support Zero Touch installation.<TD>60 minutes
 <TR><TD>[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)<TD>Use the MDT wizard to create the boot image in Configuration Manager.<TD>20 minutes
 <TR><TD>[Create a Windows 10 reference image](#create-a-windows-10-reference-image)<TD>This procedure can be skipped if it was done previously, otherwise instructions are provided to create a reference image.<TD>0-60 minutes
-<TR><TD>[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)<TD>Add a Windows 10 operating system image and distribute it.<TD>10 minutes
+<TR><TD>[Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image)<TD>Add a Windows 10 operating system image and distribute it.<TD>10 minutes<TR><TD>[Create a task sequence](#create-a-task-sequence)<TD>Create a Configuration Manager task sequence with MDT integration using the MDT wizard<TD>15 minutes
-<TR><TD>[Create a task sequence](#create-a-task-sequence)<TD>Create a Configuration Manager task sequence with MDT integration using the MDT wizard<TD>15 minutes
 <TR><TD>[Finalize the operating system configuration](#finalize-the-operating-system-configuration)<TD>Enable monitoring, configure rules, and distribute content.<TD>30 minutes
 <TR><TD>[Deploy Windows 10 using PXE and Configuration Manager](#deploy-windows-10-using-pxe-and-configuration-manager)<TD>Deploy Windows 10 using Configuration Manager deployment packages and task sequences.<TD>60 minutes
 <TR><TD>[Replace a client with Windows 10 using Configuration Manager](#replace-a-client-with-windows-10-using-configuration-manager)<TD>Replace a client computer with Windows 10 using Configuration Manager.<TD>90 minutes
@@ -60,7 +55,6 @@ Topics and procedures in this guide are summarized in the following table. An es
 </div>
 
 ## Install prerequisites
-
 1. Before installing System Center Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1: 
 
     ```
@@ -78,7 +72,7 @@ Topics and procedures in this guide are summarized in the following table. An es
 
     This command mounts the .ISO file to drive D on SRV1.
 
-4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server 2012 SP2:
+4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server:
 
     ```
     D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms

windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md

@@ -27,7 +27,7 @@ You can define custom alert definitions and indicators of compromise (IOC) using
 Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
 
 ### Use the threat intelligence REST API to create custom threat intelligence alerts
-You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource, you call and specify the resource URLs using one of the following operations:
+You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource:
 
 -	GET
 -	POST