Merged PR 13073: from master

devices/hololens/hololens-encryption.md

@@ -21,40 +21,21 @@ You can enable [Bitlocker device encryption](https://docs.microsoft.com/windows/
 
 You can use your mobile device management (MDM) provider to apply a policy that requires device encryption. The policy used is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP.
 
-In the following steps, Microsoft Intune is used as the example. For other MDM tools, see your MDM provider's documentation for instructions.
+[See instructions for enabling device encryption using Microsoft Intune.](https://docs.microsoft.com/intune/compliance-policy-create-windows#windows-holographic-for-business)
 
-1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
+For other MDM tools, see your MDM provider's documentation for instructions. If your MDM provider requires custom URI for device encryption, use the following configuration:
 
-2. Use **Search** or go to **More services** to open the Intune blade.
+- **Name**: a name of your choice
-
+- **Description**: optional
-3. Go to **Device configuration > Profiles**, and select **Create profile**.
+- **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption`
-
+- **Data type**: integer
-    ![Intune create profile option](images/encrypt-create-profile.png)
+- **Value**: `1`
-
-4. Enter a name of your choice, select **Windows 10 and later** for the platform,  select **Custom** for the profile type, and then select **Add**.
-
-    ![Intune custom setting screen](images/encrypt-custom.png)
-
-5. In **Add Row OMA-URI Settings**, enter or select the following information:
-    - **Name**: a name of your choice
-    - **Description**: optional
-    - **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption`
-    - **Data type**: integer
-    - **Value**: `1`
-
-    ![Intune OMA-URI settings for encryption](images/encrypt-oma-uri.png)
-
-6. Select **OK**, select **OK**, and then select **Create**. The blade for the profile opens automatically.
-
-7. Select **Assignments** to assign the profile to a group. After you configure the assignment, select **Save**.
-
-![Intune profile assignment screen](images/encrypt-assign.png)
 
 ## Enable device encryption using a provisioning package
 
 Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. 
 
-### Create a provisioning package that upgrades the Windows Holographic edition
+### Create a provisioning package that upgrades the Windows Holographic edition and enables encryption
 
 1.	[Create a provisioning package for HoloLens.](hololens-provisioning.md)
 

devices/hololens/hololens-whats-new.md

@@ -91,6 +91,6 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
 ## Additional resources
 
 - [Reset or recover your HoloLens](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens)
-- [Restart, rest, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
+- [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
 - [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business)
 

devices/surface/TOC.md

@@ -25,6 +25,9 @@
 ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
 ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
 ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
+## [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
+### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
 ## [Surface Data Eraser](microsoft-surface-data-eraser.md)
 ## [Top support solutions for Surface devices](support-solutions-surface.md)
 ## [Change history for Surface documentation](change-history-for-surface.md)

devices/surface/change-history-for-surface.md

@@ -19,6 +19,9 @@ This topic lists new and updated topics in the Surface documentation library.
 New or changed topic | Description
 --- | ---
 |[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6  |
+[Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New
+[Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New
+[Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New
 
 ## October 2018
 

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -38,6 +38,16 @@ Recent additions to the downloads for Surface devices provide you with options t
 >[!NOTE]
 >A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
 
+## Surface Laptop 2
+
+Download the following updates for [Surface Laptop 2 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57515).
+* SurfaceLaptop2_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10
+
+## Surface Pro 6
+
+Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57514).
+
+* SurfacePro6_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface GO
 
@@ -46,26 +56,22 @@ Download the following updates for [Surface GO from the Microsoft Download Cente
 
 ## Surface Book 2
 
-
 Download the following updates for [Surface Book 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56261).
 * SurfaceBook2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Laptop
 
-
 Download the following updates for [Surface Laptop from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55489).
 * SurfaceLaptop_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro
 
-
 Download the following updates for [Surface Pro (Model 1796) from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55484).
 
 * SurfacePro_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro with LTE Advanced
 
-
 Download the following updates for [Surface Pro with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56278).
 
 * SurfacePro_LTE_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10

devices/surface/surface-diagnostic-toolkit-business.md

@@ -0,0 +1,165 @@
+---
+title: Surface Diagnostic Toolkit for Business
+description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Surface Diagnostic Toolkit for Business
+
+The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues. 
+
+Specifically, SDT for Business enables you to:
+
+- [Customize the package.](#create-custom-sdt)
+- [Run the app using commands.](surface-diagnostic-toolkit-command-line.md)
+- [Run multiple hardware tests to troubleshoot issues.](surface-diagnostic-toolkit-desktop-mode.md#multiple)
+- [Generate logs for analyzing issues.](surface-diagnostic-toolkit-desktop-mode.md#logs)
+- [Obtain detailed report comparing device vs optimal configuration.](surface-diagnostic-toolkit-desktop-mode.md#detailed-report)
+
+
+## Primary scenarios and download resources 
+
+To run SDT for Business, download the components listed in the following table.
+
+>[!NOTE]
+>In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (MSI.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md).  
+
+Mode |	Primary scenarios | Download | Learn more
+--- | --- | --- | ---
+Desktop mode |	Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package<br>Microsoft Surface Diagnostic Toolkit for Business Installer.MSI<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+Command line |	Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the  command `-warranty`	| SDT console app<br>Microsoft Surface Diagnostics App Console.exe<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
+
+## Supported devices 
+
+SDT for Business is supported on Surface 3 and later devices, including:
+
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+
+## Installing Surface Diagnostic Toolkit for Business
+
+To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
+
+- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry.
+- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for Business client mode or `1` for Business Administrator mode. The default value is `0`.
+
+**To install SDT in ADMINMODE:**
+
+1.	Sign in to your Surface device using the Administrator account.
+2.	Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
+3.	Open a command prompt and enter:
+
+    ```
+    msiexec.exe /i <the path of installer> ADMINMODE=1. 
+    ```
+    **Example:**
+
+    ```
+    C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1
+    ```
+
+4.	The SDT setup wizard appears, as shown in figure 1. Click **Next**. 
+
+    >[!NOTE]
+    >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. 
+
+    ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
+
+    *Figure 1. Surface Diagnostic Toolkit setup wizard*
+
+5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package. 
+
+6.	Click **Next** and then click **Install**. 
+
+## Locating SDT on your Surface device
+
+Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`.
+
+In addition to the .exe file, SDT installs a JSON file and an admin.dll file (modules\admin.dll), as shown in figure 2.
+
+![list of SDT installed files in File Explorer](images/sdt-2.png)
+
+*Figure 2. Files installed by SDT*
+
+<span id="create-custom-sdt" />
+## Preparing the SDT package for distribution
+
+Creating a custom package allows you to target the tool to specific known issues.
+
+1.	Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**. 
+2.	When the tool opens, click **Create Custom Package**, as shown in figure 3.
+
+    ![Create custom package option](images/sdt-3.png)
+
+    *Figure 3. Create custom package*
+
+### Language and telemetry page
+
+  
+When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline.
+
+>[!NOTE]
+>This setting is limited to only sharing data generated while running packages. 
+
+![Select language and telemetry settings](images/sdt-4.png)
+
+*Figure 4. Select language and telemetry settings*
+
+### Windows Update page
+
+Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate. 
+
+![Select Windows Update option](images/sdt-5.png)
+
+*Figure 5. Windows Update option*
+
+### Software repair page
+
+This allows you to select or remove the option to run software repair updates. 
+
+![Select software repair option](images/sdt-6.png)
+
+*Figure 6. Software repair option*
+
+### Collecting logs and saving package page
+
+You can select to run a wide range of logs across applications, drivers, hardware, and the operating system. Click the appropriate area and select from the menu of available logs. You can then save the package to a software distribution point or equivalent location that users can access. 
+
+![Select log options](images/sdt-7.png)
+
+*Figure 7. Log option and save package*
+
+## Next steps
+
+- [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+
+
+
+
+
+
+
+
+
+
+

devices/surface/surface-diagnostic-toolkit-command-line.md

@@ -0,0 +1,143 @@
+---
+title: Run Surface Diagnostic Toolkit for Business using commands
+description: How to run Surface Diagnostic Toolkit in a command console
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Run Surface Diagnostic Toolkit for Business using commands
+
+Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. 
+
+>[!NOTE]
+>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. 
+
+## Running SDT app console
+
+Download and install SDT app console from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703). You can use the Windows command prompt (cmd.exe) or Windows PowerShell to: 
+
+- Collect all log files.
+- Run health diagnostics using Best Practice Analyzer.
+- Check update for missing firmware or driver updates.
+
+By default, output files are saved to C:\Administrator\user. Refer to the following table for a complete list of commands.
+
+Command | Notes
+--- | ---
+-DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip`
+-bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html`
+-windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.<br><br>**Example**:<br>Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate
+
+>[!NOTE]
+>To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes. 
+
+## Running Best Practice Analyzer 
+
+You can run BPA tests across key components such as BitLocker, Secure Boot, and Trusted Platform Module (TPM) and then output the results to a shareable file. The tool generates a series of tables with color-coded headings and condition descriptors along with guidance about how to approach resolving the issue. 
+
+- Green indicates the component is running in an optimal condition (optimal).
+- Orange indicates the component is not running in an optimal condition (not optimal).
+- Red indicates the component is in an abnormal state. 
+
+### Sample BPA results output
+
+<table>
+<tr><th colspan="2"><font color="00ff00">BitLocker</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if BitLocker is enabled on the system drive.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Protection On</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to enable BitLocker to protect your data.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Secure Boot</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Secure Boot is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to enable Secure Boot to protect your PC.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Trusted Platform Module</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Ensures that the TPM is functional.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Without a functional TPM, security-based functions such as BitLocker may not work properly.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Connected Standby</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Connected Standby is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Connected Standby allows a Surface device to receive updates and notifications while not being used. For best experience, Connected Standby should be enabled.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Bluetooth</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Bluetooth is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Enabled</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td></td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Debug Mode</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if the operating system is in Debug mode.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Normal</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>The debug boot option enables or disables kernel debugging of the Windows operating system. Enabling this option can cause system instability and can prevent DRM (digital rights managemend) protected media from playing.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Test Signing</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Test Signing is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Normal</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Test Signing is a Windows startup setting that should only be used to test pre-release drivers.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Active Power Plan</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks that the correct power plan is active.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Balanced</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to use the "Balanced" power plan to maximize productivity and battery life.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="ff9500">Windows Update</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if the device is up to date with Windows updates.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Microsoft Silverlight (KB4023307), Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.279.1433.0)</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="ff9500">Not Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Updating to the latest windows makes sure you are on the latest firmware and drivers. It is recommended to always keep your device up to date</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Free Hard Drive Space</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks for low free hard drive space.</td></tr>
+<tr><td><strong>Value:</strong></td><td>66%</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>For best performance, your hard drive should have at least 10% of its capacity as free space.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Non-Functioning Devices</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>List of non-functioning devices in Device Manager.</td></tr>
+<tr><td><strong>Value:</strong></td><td></td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Non-functioning devices in Device Manager may cause unpredictable problems with Surface devices such as, but not limited to, no power savings for the respective hardware component.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">External Monitor</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks for an external monitor that may have compatibility issues.</td></tr>
+<tr><td><strong>Value:</strong></td><td></td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Check with the original equipment manufacturer for compatibility with your Surface device.</td></tr>
+</table>

devices/surface/surface-diagnostic-toolkit-desktop-mode.md

@@ -0,0 +1,99 @@
+---
+title: Use Surface Diagnostic Toolkit for Business in desktop mode
+description: How to use SDT to help users in your organization run the tool to identify and diagnose issues with the Surface device. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Use Surface Diagnostic Toolkit for Business in desktop mode
+
+This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
+
+1.	Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests. 
+
+2.	Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
+
+    ![Start SDT in desktop mode](images/sdt-desk-1.png)
+
+    *Figure 1. SDT in desktop mode*
+
+3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2.
+
+    ![Select from SDT options](images/sdt-desk-2.png)
+
+    *Figure 2. Select from SDT options*
+
+4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test. 
+
+    ![Select hardware tests](images/sdt-desk-3.png)
+
+    *Figure 3. Select hardware tests*
+
+    Hardware test | Description
+    --- | ---
+    Power Supply and Battery |	Checks Power supply is functioning optimally
+    Display and Sound	| Checks brightness, stuck or dead pixels, speaker and microphone functioning
+    Ports and Accessories	| Checks accessories, screen attach and USB functioning
+    Connectivity |	Checks Bluetooth, wireless and LTE connectivity
+    Security	| Checks security related issues
+    Touch	| Checks touch related issues
+    Keyboard and touch |	Checks integrated keyboard connection and type cover
+    Sensors	| Checks functioning of different sensors in the device
+    Hardware |	Checks issues with different hardware components such as graphics card and camera
+
+
+
+
+
+<span id="multiple" />
+## Running multiple hardware tests to troubleshoot issues
+
+SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing  the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4. 
+
+For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it. 
+
+![Running hardware diagnostics](images/sdt-desk-4.png)
+
+*Figure 4. Running hardware diagnostics*
+
+1.	If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**. 
+2.	If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**. 
+3.	Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
+
+
+### Repairing applications
+
+SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5.
+
+![Running repairs](images/sdt-desk-5.png)
+
+*Figure 5. Running repairs*
+
+
+
+
+<span id="logs" />
+### Generating logs for analyzing issues 
+
+SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6.
+
+![Generating logs](images/sdt-desk-6.png)
+
+*Figure 6. Generating logs*
+
+
+
+<span id="detailed-report" />
+### Generating detailed report comparing device vs. optimal configuration
+
+Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location.
+
+## Related topics
+
+- [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+

mdop/dart-v10/getting-started-with-dart-10.md

@@ -14,13 +14,12 @@ ms.date: 08/30/2016
 # Getting Started with DaRT 10
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
+Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. 
-
-**Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
-
-Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
 
+>[!NOTE]  
+>A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
+>
+>Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)
  
 
 ## Getting started with DaRT 10

mdop/index.md

@@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**
-Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
+Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business.
 
  
 

store-for-business/prerequisites-microsoft-store-for-business.md

@@ -56,6 +56,7 @@ If your organization restricts computers on your network from connecting to the
 -   windowsphone.com
 -   \*.wns.windows.com
 -   \*.microsoft.com
+-   \*.s-microsoft.com
 -   www.msftncsi.com (prior to Windows 10, version 1607)
 -   www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
 starting with Windows 10, version 1607)

store-for-business/release-history-microsoft-store-business-education.md

@@ -13,7 +13,7 @@ ms.date: 10/31/2018
 
 # Microsoft Store for Business and Education release history
 
-Microsoft Store for Business and Education regularly releases new and improved feaures. Here's a summary of new or updated features in previous releases. 
+Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. 
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
@@ -24,7 +24,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#allow-app-requests)
 
 ## July 2018
-- Bug fixes and permformance improvements.
+- Bug fixes and performance improvements.
 
 ## June 2018
 - **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. 
@@ -39,7 +39,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Office 365 subscription management** -  We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
 
 ## March 2018
-- **Performance improvements in private store** - We've made it significantly faster for you to udpate the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
+- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
 - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. 
  [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections) 
 - **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
@@ -53,20 +53,20 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. 
 
 ## December 2017
-- Bug fixes and permformance improvements.
+- Bug fixes and performance improvements.
 
 ## November 2017
 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
 
 ## October 2017
-- Bug fixes and permformance improvements.  
+- Bug fixes and performance improvements.  
 
 ## September 2017
 
 - **Manage Windows device deployment with Windows Autopilot Deployment** - In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device. [Get more info](add-profile-to-devices.md)
-- **Request an app** - People in your organization can reqest additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)
+- **Request an app** - People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)
 - **My organization** - **My organization** shows you all Agreements that apply to your organization. You can also update profile info for you org, such as mailing address and email associated with your account.
-- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redemming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
+- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
 - **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions.
 - **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app.
-- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
+- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.

store-for-business/whats-new-microsoft-store-business-education.md

@@ -28,7 +28,7 @@ We’ve been working on bug fixes and performance improvements to provide you a
 |-----------------------|---------------------------------|
 | ![Private store performance icon](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 | <iframe width="288" height="232" src="https://www.youtube-nocookie.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>| **Manage Windows device deployment with Windows Autopilot Deployment** <br /><br /> In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device.<br /><br />[Get more info](add-profile-to-devices.md)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education  |
-| ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can reqest additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+| ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 ||  ![Image showing Add a Collection.](images/msfb-add-collection.png) |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.docs.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 -->
 
@@ -69,7 +69,7 @@ We’ve been working on bug fixes and performance improvements to provide you a
 - Microsoft Product and Services Agreement customers can invite people to take roles
 
 [December 2017](release-history-microsoft-store-business-education.md#december-2017)
-- Bug fixes and permformance improvements
+- Bug fixes and performance improvements
 
 [November 2017](release-history-microsoft-store-business-education.md#november-2017)
 - Export list of Minecraft: Education Edition users

store-for-business/work-with-partner-microsoft-store-business.md

@@ -20,7 +20,7 @@ The process goes like this:
 - Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business. 
 - Solution providers send a request from Partner center to customers to become their solution provider.
 - Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
-- Customers can manage setting for the relationship with Partner in Microsoft Store for Business. 
+- Customers can manage settings for the relationship with Partner in Microsoft Store for Business. 
 
 ## What can a solution provider do for my organization or school?
 
@@ -59,9 +59,11 @@ The solution provider will get in touch with you. You'll have a chance to learn
 Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
 
 **To accept a solution provider invitation**
-1. **Follow email link** - You'll receive an email with a link accept the solution provider invitation. The link will take you to Microsoft Store for Business or Education.
+1. **Follow email link** - You'll receive an email with a link to accept the solution provider invitation from your solution provider. The link will take you to Microsoft Store for Business or Education.
 2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider. 
-  
+
+![Image shows accepting an invitation from a solution provider in Microsoft Store for Business.](images/msft-accept-partner.png)
+ 
 ## Delegate admin privileges
 
 Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad). 
@@ -76,4 +78,4 @@ If you delegate admin privileges to a solution provider, you can remove that lat
 3. Choose the Partner you want to manage.
 4. Select **Remove Delegated Permissions**. 
 
-The solution provider will still be able to work with you, for example, as a Reseller. 
+The solution provider will still be able to work with you, for example, as a Reseller. 

windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md

@@ -16,7 +16,7 @@ To install the management server on a standalone computer and connect it to the
 
 1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
 2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
 4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
 5. On the **Installation Location** page, accept the default location, then select **Next**.
 6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.

windows/client-management/TOC.md

@@ -14,6 +14,8 @@
 ## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
 ### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
 ### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
+### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
 ### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
 ## [Mobile device management for solution providers](mdm/index.md)
 ## [Change history for Client management](change-history-for-client-management.md)

windows/client-management/advanced-troubleshooting-boot-problems.md

@@ -1,31 +1,29 @@
 ---
-title: Advanced Troubleshooting Windows boot problems
+title: Advanced troubleshooting for Windows boot problems
-description: Learn how troubleshooting unable to boot Windows
+description: Learn how to troubleshoot when Windows is unable to boot 
 ms.prod: w10
-ms.mktglfcycl:
 ms.sitesec: library
 author: kaushika-msft
 ms.localizationpriority: medium
 ms.author: elizapo
-ms.date:
+ms.date: 11/16/2018
 ---
 
-## Advanced Troubleshooting Windows boot problems
+# Advanced troubleshooting for Windows boot problems
 
-!>**Notice to home users**
+>[!NOTE]
->This article is intended for use by support agents and IT professionals. If
+>This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
-you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://internal.support.services.microsoft.com/en-us/help/12415).
 
-### Summary
+## Summary
 
-There are several reasons why a Windows-based computer may hang during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
+There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
 
-| **No** | **Boot Process**     | **BIOS**                             | **UEFI**                             |
+| **Phase** | **Boot Process**     | **BIOS**       | **UEFI**              |
-|--------|----------------------|-----------------------------------------------------------------------------|
+|--------|----------------------|------------------------------|  |
 | 1      | PreBoot              | MBR/PBR (Bootstrap Code)             | UEFI Firmware                        |
 | 2      | Windows Boot Manager | %SystemDrive%\bootmgr                | \EFI\Microsoft\Boot\bootmgfw.efi     |
 | 3      | Windows OS Loader    | %SystemRoot%\system32\winload.exe    | %SystemRoot%\system32\winload.efi    |
-| 4      | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe                                          |
+| 4      | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe     |                                     |
 
 
 **1. PreBoot**
@@ -43,30 +41,31 @@ Essential drivers required to start the Windows kernel are loaded and the kernel
 
 **4. Windows NT OS Kernel**
 
-The kernel load into memory the system registry hive and additional drivers that are marked as BOOT_START.
+The kernel loads into memory the system registry hive and additional drivers that are marked as BOOT_START.
 
 The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that are not marked BOOT_START.
 
-Here is a summary of Boot Sequence vs Display and Typical NoBoot. Before starting troubleshooting, you have to understand the outline of boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
+Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
+
+![thumbnail of boot sequence flowchart](images/boot-sequence-thumb.png)<br>
+[Click to enlarge](img-boot-sequence.md)<br>
+
 
-![](media/6ed145ee3760b545fcbe277ea7d5c88d.png)
 
 
 Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
 
-**Note**If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
+>[!NOTE]
+>If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
+>
+>`Bcdedit /set {default} recoveryenabled no`
+>
+>If the F8 options don't work, run the following command:
+>
+>`Bcdedit /set {default} bootmenupolicy legacy`
 
-```dos
-Bcdedit /set {default} recoveryenabled no
-```
 
-If the F8 options don't work, run the following command:
+## BIOS phase
-
-```dos
-Bcdedit /set {default} bootmenupolicy legacy
-```
-
-#### BIOS phase
 
 To determine whether the system has passed the BIOS phase, follow these steps:
 
@@ -76,7 +75,7 @@ To determine whether the system has passed the BIOS phase, follow these steps:
 
 If the system is stuck at the BIOS phase, there may be a hardware problem.
 
-#### Boot loader phase
+## Boot loader phase
 
 If the screen is completely black except for a blinking cursor, or if you receive one of the following error codes, this indicates that the boot process is stuck in the Boot Loader phase:
 
@@ -90,14 +89,14 @@ If the screen is completely black except for a blinking cursor, or if you receiv
 To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
 
 
-##### Method 1: Startup Repair tool
+### Method 1: Startup Repair tool
 
 The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
 
 To do this, follow these steps.
 
-**Note** For additional methods to start WinRE, see [Entry points into
+>[!NOTE]
-WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+>For additional methods to start WinRE, see [Entry points into WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
 
 1. Start the system to the installation media for the installed version of Windows.  
     **Note** For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
@@ -106,19 +105,17 @@ WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-r
 
 3. On the **System Recovery Options** screen, select **Next** > **Command Prompt**.
 
-4. After Startup Repair, select Shutdown, then turn on your PC to see if OS can boot properly.
+4. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly.
 
 The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
 
-> %windir%\System32\LogFiles\Srt\Srttrail.txt
+**%windir%\System32\LogFiles\Srt\Srttrail.txt**
 
 
-For more information see, [A Stop error occurs, or the computer stops responding when you try to start
+For more information see, [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
-Windows Vista or Windows 7
-](https://support.microsoft.com/en-us/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
 
 
-##### Method 2: Repair Boot Codes
+### Method 2: Repair Boot Codes
 
 To repair boot codes, run the following command:
 
@@ -132,9 +129,10 @@ To repair the boot sector, run the following command:
 BOOTREC /FIXBOOT
 ```
 
-**Note** Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+>[!NOTE]
+>Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
 
-##### Method 3: Fix BCD errors
+### Method 3: Fix BCD errors
 
 If you receive BCD-related errors, follow these steps:
 
@@ -152,12 +150,12 @@ If you receive BCD-related errors, follow these steps:
 
 4. You might receive one of the following outputs:
 
->   Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
+    - Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
-The operation completed successfully.
+    The operation completed successfully.
 
->   Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
+    - Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
-D:\Windows  
+    D:\Windows  
-Add installation to boot list? Yes/No/All:
+    Add installation to boot list? Yes/No/All:
 
 If the output shows **windows installation: 0**, run the following commands:
 
@@ -173,12 +171,12 @@ bootrec /rebuildbcd
 
 After you run the command, you receive the following output:
 
->   Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows  
+    Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows  
 Add installation to boot list? Yes/No/All: Y
 
 5.  Try again to start the system.
 
-##### Method 4: Replace Bootmgr
+### Method 4: Replace Bootmgr
 
 If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
 
@@ -207,13 +205,14 @@ If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C
 
 8.  Restart the computer.
 
-##### Method 5: Restore System Hive
+### Method 5: Restore System Hive
-If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the
+
-C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+
 If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
 
 
-#### Kernel Phase
+## Kernel Phase
 
 If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
 
@@ -221,14 +220,15 @@ If the system gets stuck during the kernel phase, you experience multiple sympto
 
 -   Specific error code is displayed.
     For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
-    (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP    0x7B)](https://internal.support.services.microsoft.com/en-us/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
+    (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP    0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
 
 -   The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
 
 -   A black screen appears after the splash screen.
 
 To troubleshoot these problems, try the following recovery boot options one at a time.
-Scenario 1: [Try to start the computer in Safe mode or Last Known Good Configuration]()
+
+**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
 
 On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
 
@@ -252,30 +252,28 @@ On the **Advanced Boot Options** screen, try to start the computer in **Safe Mod
     or next event.
 
 
-#### Clean boot
+### Clean boot
 
 To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
 Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you cannot find the cause, try including system services. However, in most cases, the problematic service is third-party.
 
 Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
 
-For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows).
+For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
 
 If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
-[Troubleshooting boot problem caused by missing driver signature
+[Troubleshooting boot problem caused by missing driver signature (x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
-(x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
 
-**Note**
+>[!NOTE]
-
+>If the computer is a domain controller, try Directory Services Restore mode (DSRM).
--   If the computer is a domain controller, try Directory Services Restore mode (DSRM).
+>
-
+>This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
--   This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
 
 
 **Examples**
 
-> Warning
+>[!WARNING]
-> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
+>Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
 problems can be solved. Modify the registry at your own risk.
 
 *Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
@@ -300,11 +298,9 @@ To troubleshoot this Stop error, follow these steps to filter the drivers:
 
 For additional troubleshooting steps, see the following articles:
 
-- [Troubleshooting a Stop 0x7B in
+- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)  
-Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)  
   
-- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows
+- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103).
-XP](https://internal.support.services.microsoft.com/en-us/help/324103).
 
 To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
 

windows/client-management/change-history-for-client-management.md

@@ -16,6 +16,12 @@ ms.date: 09/12/2017
 
 This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## November 2018
+
+New or changed topic | Description
+--- | ---
+ [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md) | New
+
 ## RELEASE: Windows 10, version 1709
 
 The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).

windows/client-management/img-boot-sequence.md

@@ -0,0 +1,11 @@
+---
+description: A full-sized view of the boot sequence flowchart.
+title: Boot sequence flowchart
+ms.date: 11/16/2018
+---
+
+Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
+
+
+![Full-sized boot sequence flowchart](images/boot-sequence.png)
+

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -400,7 +400,7 @@ Location:
 
 Example:
 HTTP/1.1 302
-Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=Acess%20is%20denied%2E
+Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=Access%20is%20denied%2E
 ```
 
 The following table shows the error codes.

windows/client-management/mdm/diagnosticlog-ddf.md

@@ -25,7 +25,7 @@ The content below are the latest versions of the DDF files:
 ## <a href="" id="version-1-2"></a>DiagnosticLog CSP version 1.2
 
 
-``` syntax
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
     "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
@@ -502,7 +502,7 @@ The content below are the latest versions of the DDF files:
                                 <Replace />
                             </AccessType>
                             <DefaultValue>4</DefaultValue>
-                            <Description>This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.</Description>
+                            <Description>This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.</Description>
                             <DFFormat>
                                 <int />
                             </DFFormat>
@@ -634,7 +634,7 @@ The content below are the latest versions of the DDF files:
 ## <a href="" id="version-1-3"></a>DiagnosticLog CSP version 1.3
 
 
-``` syntax
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
     "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
@@ -1153,7 +1153,7 @@ The content below are the latest versions of the DDF files:
                                 <Replace />
                             </AccessType>
                             <DefaultValue>4</DefaultValue>
-                            <Description>This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.</Description>
+                            <Description>This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.</Description>
                             <DFFormat>
                                 <int />
                             </DFFormat>

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -1255,7 +1255,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>WindowsDefenderSecurityCenter/HideSecureBoot</li>
 <li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting</li>
 </ul>
-<p>Security/RequireDeviceEncrption - updated to show it is supported in desktop.</p>
+<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
 </tr>
 <tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
@@ -2335,7 +2335,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Settings/AllowOnlineTips</li>
 <li>System/DisableEnterpriseAuthProxy </li>
 </ul>
-<p>Security/RequireDeviceEncrption - updated to show it is supported in desktop.</p>
+<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
 </tr>
 <tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>

windows/client-management/mdm/policy-csp-deviceinstallation.md

@@ -86,6 +86,7 @@ If you enable this policy setting, Windows is allowed to install or update any d
 
 If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
 
+
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).

windows/client-management/mdm/policy-csp-power.md

@@ -664,7 +664,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
 
 If you disable or do not configure this policy setting, users control this setting.
 
-If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
+If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring.  The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
 
 <!--/Description-->
 > [!TIP]

windows/client-management/troubleshoot-windows-freeze.md

@@ -0,0 +1,287 @@
+--- 
+title: Advanced troubleshooting for Windows-based computer freeze issues 
+description: Learn how to troubleshoot computer freeze issues. 
+ms.prod: w10 
+ms.mktglfcycl: 
+ms.sitesec: library 
+ms.topic: troubleshooting 
+author: kaushika-msft 
+ms.localizationpriority: medium 
+ms.author: elizapo 
+ms.date: 11/26/2018 
+--- 
+
+# Advanced troubleshooting for Windows-based computer freeze issues 
+
+This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues. 
+
+> [!Note] 
+> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. 
+
+## Identify the problem  
+
+*   Which computer is freezing? (Example: The impacted computer is a physical server, virtual server, and so on.) 
+*   What operation was being performed when the freezes occurred? (Example: This issue occurs when you shut down GUI, perform one or more operations, and so on.) 
+*   How often do the errors occur? (Example: This issue occurs every night at 7 PM, every day around 7 AM, and so on.) 
+*   On how many computers does this occur? (Example: All computers, only one computer, 10 computers, and so on.) 
+
+## Troubleshoot the freeze issues  
+
+To troubleshoot the freeze issues, check the current status of your computer, and follow one of the following methods. 
+
+### For the computer that's still running in a frozen state 
+
+If the physical computer or the virtual machine is still freezing, use one or more of the following methods for troubleshooting: 
+
+*   Try to access the computer through Remote Desktop, Citrix, and so on. 
+*   Use the domain account or local administrator account to log on the computer by using one of the Remote Physical Console Access features, such as Dell Remote Access Card (DRAC), HP Integrated Lights-Out (iLo), or IBM Remote supervisor adapter (RSA). 
+*   Test ping to the computer. Packet dropping and high network latency may be observed. 
+*   Access administrative shares (\\\\**ServerName**\\c$). 
+*   Press Ctrl + Alt + Delete command and check response. 
+*   Try to use Remote Admin tools such as Computer Management, remote Server Manager, and Wmimgmt.msc.   
+
+### For the computer that is no longer frozen 
+
+If the physical computer or virtual machine froze but is now running in a good state, use one or more of the following methods for troubleshooting.  
+
+#### For a physical computer 
+
+*   Review the System and Application logs from the computer that is having the issue. Check the event logs for the relevant Event ID:
+
+    - Application event log : Application Error (suggesting Crash or relevant System Process)
+    - System Event logs, Service Control Manager Error event IDs for Critical System Services
+    - Error Event IDs 2019/2020 with source Srv/Server
+
+*   Generate a System Diagnostics report by running the perfmon /report command. 
+
+#### For a virtual machine 
+
+*   Review the System and Application logs from the computer that is having the issue.  
+*   Generate a System Diagnostics report by running the perfmon /report command. 
+*   Check history in virtual management monitoring tools. 
+
+## More Information 
+
+### Collect data for the freeze issues 
+
+To collect data for a server freeze, check the following table, and use one or more of the suggested methods. 
+
+|Computer type and state    |Data collection method | 
+|-------------------------|--------------------| 
+|A physical computer that's running in a frozen state|[Use a memory dump file to collect data](#use-memory-dump-to-collect-data-for-the-physical-computer-thats-running-in-a-frozen-state). Or use method 2, 3, or 4. These methods are listed later in this section.| 
+|A physical computer that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section. And [use Pool Monitor to collect data](#use-pool-monitor-to-collect-data-for-the-physical-computer-that-is-no-longer-frozen).| 
+|A virtual machine that's running in a frozen state|Hyper-V or VMware: [Use a memory dump file to collect data for the virtual machine that's running in a frozen state](#use-memory-dump-to-collect-data-for-the-virtual-machine-thats-running-in-a-frozen-state). <br /> XenServer: Use method 1, 2, 3, or 4. These methods are listed later in this section.| 
+|A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.| 
+
+
+#### Method 1: Memory dump 
+
+> [!Note] 
+> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
+
+A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.   
+
+If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.   
+
+> [!Note] 
+> If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.   
+
+
+1.  Make sure that the computer is set up to get a complete memory dump file. To do this, follow these steps: 
+
+    1.  Go to **Run** and enter `Sysdm.cpl`, and then press enter.
+    
+    2. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**, and then check or change the virtual memory by clicking **Change**. 
+
+    2.  Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**. 
+
+    3.  In the **Write Debugging Information** section, select **Complete Memory Dump**. 
+
+        > [!Note]     
+        > For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD):
+        >**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled**   
+
+    4.  Select **Overwrite any existing file**. 
+
+    5.  Make sure that there's a paging file (pagefile.sys) on the system drive and that it’s at least 100 megabytes (MB) over the installed RAM (Initial and Maximum Size). 
+
+        Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008). 
+
+    6.  Make sure that there's more freed-up space on the hard disk drives than there is physical RAM. 
+
+2.  Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: 
+
+    1.  Go to Registry Editor, and then locate the following registry keys: 
+
+      *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` 
+
+      *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` 
+
+    2.  Create the following CrashOnCtrlScroll registry entry in the two registry keys: 
+
+        - **Value Name**: `CrashOnCtrlScroll`    
+        - **Data Type**: `REG_DWORD`      
+        - **Value**: `1`  
+ 
+    3.  Exit Registry Editor. 
+
+    4.  Restart the computer. 
+
+3.  On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump.   
+
+    To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.   
+
+    > [!Note] 
+    > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146).   
+
+4.  When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.   
+
+    > [!Note] 
+    > By default, the dump file is located in the following path:<br /> 
+    > %SystemRoot%\MEMORY.DMP 
+
+
+#### Method 2: Data sanity check 
+
+Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. 
+
+-	[Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
+-	[Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
+
+Learn how to use Dumpchk.exe to check your dump files: 
+
+> [!video https://www.youtube-nocookie.com/embed/xN7tOfgNKag] 
+
+
+#### Method 3: Performance Monitor 
+
+You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator: 
+
+```cmd 
+Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00  
+``` 
+
+```cmd 
+Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10  
+``` 
+
+Then, you can start or stop the log by running the following commands: 
+
+```cmd 
+logman start LOGNAME_Long / LOGNAME_Short   
+logman stop LOGNAME_Long / LOGNAME_Short  
+``` 
+
+The Performance Monitor log is located in the path: C:\PERFLOGS   
+
+#### Method 4: Microsoft Support Diagnostics 
+
+1.  In the search box of the [Microsoft Support Diagnostics Self-Help Portal](https://home.diagnostics.support.microsoft.com/selfhelp), type Windows Performance Diagnostic. 
+
+2.  In the search results, select **Windows Performance Diagnostic**, and then click **Create**. 
+
+3.  Follow the steps of the diagnostic. 
+
+
+### Additional methods to collect data 
+
+#### Use memory dump to collect data for the physical computer that's running in a frozen state 
+
+> [!Warning] 
+> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
+
+If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump: 
+
+
+1.  Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:   
+  > [!Note] 
+  > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.   
+
+    1.  Try to access the desktop of the computer by any means.   
+
+        > [!Note] 
+        > In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.   
+
+    2.  From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: 
+
+        *  ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`   
+
+            Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.            
+
+        *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump`   
+
+            On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management capabilities (such as DRAC, iLo, and RSA). 
+
+        *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles`   
+
+            If the value of the **Pagefile** registry entry is system managed, the size won't be reflected in the registry (Example value: ?:\pagefile.sys).   
+
+            If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size.   
+
+            > [!Note] 
+            > If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$). 
+
+    3.  Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM. 
+
+    4.  Make sure that there's more free space on the hard disk drives of the computer than there is physical RAM. 
+
+2.  Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: 
+
+    1.  From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the concerned computer and locate the following registry keys: 
+
+        *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters` 
+
+        *   `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters` 
+
+    2.  Create the following CrashOnCtrlScroll registry entry in the two registry keys: 
+
+        **Value Name**: `CrashOnCtrlScroll`     
+        **Data Type**: `REG_DWORD`     
+        **Value**: `1`  
+
+    3.  Exit Registry Editor. 
+
+    4.  Restart the computer. 
+
+3.  When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.  
+    > [!Note] 
+    > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP 
+
+#### Use Pool Monitor to collect data for the physical computer that is no longer frozen 
+
+Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.   
+
+Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). 
+
+#### Use memory dump to collect data for the virtual machine that's running in a frozen state 
+
+Use the one of the following methods for the application on which the virtual machine is running.   
+
+##### Microsoft Hyper-V 
+
+If the virtual machine is running Windows 8, Windows Server 2012, or a later version of Windows on Microsoft Hyper-V Server 2012, you can use the built-in NMI feature through a [Debug-VM](https://docs.microsoft.com/previous-versions/windows/powershell-scripting/dn464280(v=wps.630)) cmdlet to debug and get a memory dump.   
+
+To debug the virtual machines on Hyper-V, run the following cmdlet in Windows PowerShell: 
+
+```powershell 
+Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname  
+``` 
+
+> [!Note] 
+> This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.  
+
+##### VMware 
+
+You can use VMware Snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. By using [Checkpoint To Core Tool (vmss2core)](https://labs.vmware.com/flings/vmss2core), you can convert both suspend (.vmss) and snapshot (.vmsn) state files to a dump file and then analyze the file by using the standard Windows debugging tools.   
+
+##### Citrix XenServer 
+
+The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination that's described in Method 1 and on [the Citrix site](http://support.citrix.com/article/ctx123177).   
+
+## Space limitations on the system drive in Windows Server 2008 
+
+On Windows Server 2008, you may not have enough free disk space to generate a complete memory dump file on the system volume. There's a [hotfix](https://support.microsoft.com/help/957517) that allows for the data collection even though there isn't sufficient space on the system drive to store the memory dump file.   
+
+Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028).   
+
+For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx).

windows/client-management/windows-version-search.md

@@ -15,7 +15,7 @@ ms.date: 04/30/2018
 To determine if your device is enrolled in the [Long-Term Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them. 
 
 ## System Properties
-Click **Start** > **Settings** > **Settings** > click **About** from the bottom of the left-hand menu
+Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
 
 You'll now see **Edition**, **Version**, and **OS Build** information. Something like this:
 

windows/configuration/kiosk-policies.md

@@ -61,7 +61,7 @@ Remove All Programs list from the Start Menu	 |	Enabled – Remove and disable s
 Prevent access to drives from My Computer	 |	Enabled - Restrict all drivers
 
 >[!NOTE]
->When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears expalining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
 
 
 

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -315,7 +315,7 @@ The following example hides the taskbar:
 ```
 
 >[!IMPORTANT]
->The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Direcotry account could potentially compromise confidential information.  
+>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.  
 
 
 #### Configs
@@ -619,7 +619,7 @@ Remove All Programs list from the Start Menu	 |	Enabled – Remove and disable s
 Prevent access to drives from My Computer	 |	Enabled - Restrict all drivers
 
 >[!NOTE]
->When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears expalining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
 
 
 

windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md

@@ -35,10 +35,10 @@ When replacing a user’s device, UE-V automatically restores settings if the us
 You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
 
 ``` syntax
-Restore-UevBackup -Machine <MachineName>
+Restore-UevBackup -ComputerName <Computer name>
 ```
 
-where &lt;MachineName&gt; is the computer name of the device.
+where &lt;ComputerName&gt; is the computer name of the device.
 
 Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile.
 

windows/deployment/deploy-whats-new.md

@@ -26,7 +26,7 @@ This topic provides an overview of new solutions and online content related to d
 
 ## The Modern Desktop Deployment Center
 
-The [Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
+The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
 
 ## Windows 10 servicing and support
 

windows/deployment/planning/windows-10-1809-removed-features.md

@@ -7,7 +7,7 @@ ms.localizationpriority: medium
 ms.sitesec: library
 author: lizap
 ms.author: elizapo
-ms.date: 08/31/2018
+ms.date: 11/16/2018
 ---
 # Features removed or planned for replacement starting with Windows 10, version 1809
 
@@ -32,7 +32,7 @@ We're removing the following features and functionalities from the installed pro
 |Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or Hololens with the Mixed Reality Viewer.|
 |limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.|
 |Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.|
-|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 8 and Windows Embedded 8 Standard|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/Home.aspx).|
+|Future updates through [Windows Embedded Developer Update](https://docs.microsoft.com/previous-versions/windows/embedded/ff770079\(v=winembedded.60\)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.|
 
 ## Features we’re no longer developing
 

windows/deployment/planning/windows-10-enterprise-faq-itpro.md

@@ -1,7 +1,7 @@
 ---
 title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
 description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
-keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage udpates, Windows as a service, servicing channels, deployment tools
+keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

windows/deployment/update/servicing-stack-updates.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 author: Jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.date: 11/13/2018
+ms.date: 11/29/2018
 ---
 
 # Servicing stack updates
@@ -15,38 +15,38 @@ ms.date: 11/13/2018
 
 **Applies to**
 
-- Windows 10
+- Windows 10, Windows 8.1, Windows 8, Windows 7
 
 ## What is a servicing stack update?
-The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
+Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
 
 ## Why should servicing stack updates be installed and kept up to date?
   
-Having the latest servicing stack update is a prerequisite to reliably installing the latest quality updates and feature updates. Servicing stack updates improve the reliability and performance of the update process.
+Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
 
 ## When are they released?
 
-Currently, the servicing stack update releases are aligned with the monthly quality update release date, though sometimes they are released on a separate date if required.
+Servicing stack update are scheduled to release simultaneously with the monthly quality updates. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
 
 >[!NOTE]
 >You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
 
 ## What's the difference between a servicing stack update and a cumulative update?
 
-Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
+Both Windows 10 and Windows Server use the cumulative update mechanism, in which many fixes to improve the quality and security of Windows are packaged into a single update. Each cumulative update includes the changes and fixes from all previous updates.
 
-However, there are some operating system fixes that aren’t included in a cumulative update but are still pre-requisites for the cumulative update. That is, the component that performs the actual updates sometimes itself requires an update. Those fixes are available in a servicing stack update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
+Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update.
 
-If a given cumulative update required a servicing stack update, you'll see that information in the release notes for the update. **If you try to install the cumulative update without installing the servicing stack update, you'll get an error.**
 
 ## Is there any special guidance?
 
-Typically, the improvements are reliability, security, and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes.
+Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
+
+Typically, the improvements are reliability and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes.
 
 ## Installation notes
 
 * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
 * Installing servicing stack update does not require restarting the device, so installation should not be disruptive. 
 * Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
-* Search to install latest available [Servicing stack update for Windows 10](https://support.microsoft.com/search?query=servicing%20stack%20update%20Windows%2010).
+* Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
-

windows/deployment/update/waas-configure-wufb.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.date: 06/01/2018
+ms.date: 11/16/2018
 ---
 
 # Configure Windows Update for Business
@@ -20,10 +20,6 @@ ms.date: 06/01/2018
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
->[!IMPORTANT]
->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB, and LTSB might still appear in some of our products.
->
->In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel.
 
 You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).  
 
@@ -40,83 +36,77 @@ By grouping devices with similar deferral periods, administrators are able to cl
 >In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/). 
 
 <span id="configure-devices-for-current-branch-or-current-branch-for-business"/>
-## Configure devices for Current Branch (CB) or Current Branch for Business (CBB)
 
-With Windows Update for Business, you can set a device to be on either the Current Branch (CB) (now called Semi-Annual Channel (Targeted)) or the Current Branch for Business (CBB) (now called Semi-Annual Channel) servicing branch. For more information on this servicing model, see [Windows 10 servicing options](waas-overview.md#servicing-channels). 
+
+## Configure devices for the appropriate service channel
+
+With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the Semi-Annual Channel servicing branch. For more information on this servicing model, see [Windows 10 servicing options](waas-overview.md#servicing-channels). 
 
 **Release branch policies**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
+| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
-| GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
+| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
+| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
-| MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
+| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
 
-Starting with version 1703, users are able to configure their device's branch readiness level, by going to **Settings > Update & security > Windows Update > Advanced options**.
+Starting with Windows 10, version 1703, users can configure the branch readiness level for their device by using **Settings > Update & security > Windows Update > Advanced options**.
 
 ![Branch readiness level setting](images/waas-wufb-settings-branch.jpg)
 
 >[!NOTE]
 >Users will not be able to change this setting if it was configured by policy.
 
->[!IMPORTANT]
->Devices on the Semi-Annual Channel (formerly called Current Branch for Business) must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. If diagnostic data is set to **0**, the device will be treated as if it were in the Semi-Annual Channel (Targeted)(formerly called Current Branch or CB) branch. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
 
-## Configure when devices receive Feature Updates
+## Configure when devices receive feature updates
 
-After you configure the servicing branch (CB or CBB), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update.  You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.  
+After you configure the servicing branch (Windows Insider Preview or Semi-Annual Channel), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update. You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.  
 
 >[!IMPORTANT]
->This policy does not apply to Windows 10 Mobile Enterprise.
 >
->You can only defer up to 180 days prior to version 1703.
+>You can only defer up to 180 days on devices running Windows 10, version 1703.
 
-**Examples**
+For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
 
-| Settings | Scenario and behavior |
-| --- | --- |
-| Device is on CB</br>DeferFeatureUpdatesPeriodinDays=30 | Feature Update X is first publically available on Windows Update as a CB in January. Device will not receive update until February, 30 days later. |
-| Device is on CBB</br>DeferFeatureUpdatesPeriodinDays=30 | Feature Update X is first publically available on Windows Update as a CB in January. Four months later, in April, Feature Update X is released to CBB. Device will receive the Feature Update 30 days following this CBB release and will update in May. |
 
 </br></br>
-**Defer Feature Updates policies**
+**Policy settings for deferring feature updates**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
+| GPO for Windows 10, version 1607 later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
-| GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
+| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
-| MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
+| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
 
 >[!NOTE]
->If not configured by policy, users can defer feature updates, by going to **Settings > Update & security > Windows Update > Advanced options**.
+>If not configured by policy, individual users can defer feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
 
-## Pause Feature Updates
+## Pause feature updates
 
-You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, pause functionality will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, Feature Updates for the device can then be paused again.
+You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, you can then pause Feature Updates for the device again.
 
-Starting with version 1703, when configuring pause through policy, a start date has to be set from which the pause begins. The pause period will be calculated by adding 35 days to the start date. 
+Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. 
 
-In cases where the pause policy is first applied after the configured start date has passed, administrators will be able to extend the pause period up to a total of 35 days by configuring a later start date.
+In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date.
 
 >[!IMPORTANT]
->This policy does not apply to Windows 10 Mobile Enterprise.
 >
->Prior to Windows 10, version 1703, feature updates could be paused by up to 60 days. This number has been changed to 35, similar to the number of days for quality updates.
+>In Windows 10, version 1703 and later versions, you can pause feature updates to 35 days, similar to the number of days for quality updates.
 
-**Pause Feature Updates policies**
+**Policy settings for pausing feature updates**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate |
+| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate |
-| GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
+| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartDate |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartDate |
-| MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
+| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
 
-You can check the date Feature Updates were paused at by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
+You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
 
-The local group policy editor (GPEdit.msc) will not reflect if your Feature Update Pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain checked in the policy editor.  To see if a device has auto-resumed taking Feature Updates, you can check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+The local group policy editor (GPEdit.msc) will not reflect whether the Feature Update pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking Feature Updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
 
 | Value | Status|
 | --- | --- |
@@ -125,58 +115,58 @@ The local group policy editor (GPEdit.msc) will not reflect if your Feature Upda
 | 2 | Feature Updates have auto-resumed after being paused |
 
 >[!NOTE]
->If not configured by policy, users can pause feature updates, by going to **Settings > Update & security > Windows Update > Advanced options**.
+>If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
 
-With version 1703, pausing through the settings app will provide a more consistent experience:
+Starting with Windows 10, version 1703, using Settings to control the pause behavior provides a more consistent experience, specifically:
-- Any active restart notification are cleared or closed
+- Any active restart notification are cleared or closed.
-- Any pending restarts are canceled
+- Any pending restarts are canceled.
-- Any pending update installations are canceled
+- Any pending update installations are canceled.
-- Any update installation running when pause is activated will attempt to rollback
+- Any update installation running when pause is activated will attempt to roll back.
 
 ## Configure when devices receive Quality Updates
 
-Quality Updates are typically published the first Tuesday of every month, though can be released at any time by Microsoft. You can define if, and for how long, you would like to defer receiving Quality Updates following their availability. You can defer receiving these Quality Updates for a period of up to 35 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
+Quality Updates are typically published on the first Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality Updates following their availability. You can defer receiving these Quality Updates for a period of up to 35 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.  
 
-You can set your system to receive updates for other Microsoft products—known as Microsoft Updates (such as Microsoft Office, Visual Studio)—along with Windows Updates by setting the **AllowMUUpdateService** policy. When this is done, these Microsoft Updates will follow the same deferral and pause rules as all other Quality Updates.
+You can set your system to receive updates for other Microsoft products—known as Microsoft Updates (such as Microsoft Office, Visual Studio)—along with Windows Updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft Updates will follow the same deferral and pause rules as all other Quality Updates.
 
 >[!IMPORTANT]
 >This policy defers both Feature and Quality Updates on Windows 10 Mobile Enterprise.
 
-**Defer Quality Updates policies**
+**Policy settings for deferring quality updates**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
+| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
-| GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
+| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
-| MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpdate  |
+| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpdate  |
 
 >[!NOTE]
->If not configured by policy, users can defer quality updates, by going to **Settings > Update & security > Windows Update > Advanced options**.
+>If not configured by policy, individual users can defer quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
 
-## Pause Quality Updates
+## Pause quality updates
 
-You can also pause a system from receiving Quality Updates for a period of up to 35 days from when the value is set.  After 35 days has passed, pause functionality will automatically expire and the system will scan Windows Updates for applicable Quality Updates. Following this scan, Quality Updates for the device can then be paused again.
+You can also pause a system from receiving Quality Updates for a period of up to 35 days from when the value is set.   After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable quality Updates. Following this scan, you can then pause quality Updates for the device again.
 
-Starting with version 1703, when configuring pause through policy, a start date has to be set from which the pause begins. The pause period will be calculated by adding 35 days to the start date. 
+Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date. 
 
-In cases where the pause policy is first applied after the configured start date has passed, administrators will be able to extend the pause period up to a total of 35 days by configuring a later start date.
+In cases where the pause policy is first applied after the configured start date has passed, you can extend the pause period up to a total of 35 days by configuring a later start date.
 
->[!IMPORTANT]
+>[!NOTE]
->This policy pauses both Feature and Quality Updates on Windows 10 Mobile Enterprise.
+>Starting with Windows 10, version 1809, IT administrators can prevent individual users from pausing updates.
 
-**Pause Quality Updates policies**
+**Policy settings for pausing quality updates**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime  |
+| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime  |
-| GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
+| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
-| MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
+| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
 
-You can check the date that Quality Updates were paused at by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
+You can check the date that quality Updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
 
-The local group policy editor (GPEdit.msc) will not reflect if your Quality Update Pause period has expired. Although the device will resume Quality Updates after 35 days automatically, the pause checkbox will remain checked in the policy editor.  To see if a device has auto-resumed taking Quality Updates, you can check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+The local group policy editor (GPEdit.msc) will not reflect whether the quality Update pause period has expired. Although the device will resume quality Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
 
 | Value | Status|
 | --- | --- |
@@ -185,21 +175,22 @@ The local group policy editor (GPEdit.msc) will not reflect if your Quality Upda
 | 2 | Quality Updates have auto-resumed after being paused |
 
 >[!NOTE]
->If not configured by policy, users can pause quality updates, by going to **Settings > Update & security > Windows Update > Advanced options**.
+>If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
 
-With version 1703, pausing through the settings app will provide a more consistent experience:
+Starting with Windows 10, version 1703, using Settings to control the pause behavior provides a more consistent experience, specifically:
 - Any active restart notification are cleared or closed
 - Any pending restarts are canceled
 - Any pending update installations are canceled
 - Any update installation running when pause is activated will attempt to rollback
 
-## Configure when devices receive Windows Insider preview builds
+## Configure when devices receive Windows Insider Preview builds
 
 Starting with Windows 10, version 1709, you can set policies to manage preview builds and their delivery:
 
 The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
 * MDM: **Update/ManagePreviewBuilds**
+* System Center Configuration Manager: **Enable dual scan, manage through Windows Update for Business policy**
 
 >[!IMPORTANT]
 >This policy replaces the "Toggle user control over Insider builds" policy under that is only supported up to Windows 10, version 1703. You can find the older policy here:
@@ -212,18 +203,18 @@ The policy settings to **Select when Feature Updates are received** allows you t
 
 ## Exclude drivers from Quality Updates
 
-In Windows 10, starting with version 1607, you can selectively option out of receiving driver update packages as part of your normal quality update cycle.  This policy will not pertain to updates to inbox drivers (which will be packaged within a security or critical update) or to Feature Updates, where drivers may be dynamically installed to ensure the Feature Update process can complete.
+Starting with Windows 10, version 1607, you can selectively opt out of receiving driver update packages as part of your normal quality update cycle. This policy will not apply to updates to drivers provided with the operating system (which will be packaged within a security or critical update) or to Feature Updates, where drivers might be dynamically installed to ensure the Feature Update process can complete.
 
-**Exclude driver policies**
+**Policy settings to exclude drivers**
 
 | Policy | Sets registry key under **HKLM\Software** |
 | --- | --- |
-| GPO for version 1607 and above: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
+| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
-| MDM for version 1607 and above: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
+| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
 
-## Summary: MDM and Group Policy for version 1703
+## Summary: MDM and Group Policy settings for Windows 10, version 1703 and later
 
-Below are quick-reference tables of the supported Windows Update for Business policy values for Windows 10, version 1607 and above.
+The following are quick-reference tables of the supported policy values for Windows Update for Business in Windows 10, version 1607 and later.
 
 **GPO: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate**
 
@@ -252,25 +243,14 @@ Below are quick-reference tables of the supported Windows Update for Business po
 
 ## Update devices to newer versions
 
-Due to the changes in the Windows Update for Business feature set, Windows 10, version 1607, uses different GPO and MDM keys than those available in version 1511. Windows 10, version 1703, also uses a few GPO and MDM keys that are different to what's available in version 1607. However, Windows Update for Business clients running version older versions will still see their policies honored after they update to a newer version; the old policy keys will continue to exist with their values ported forward during the update. Following the update to a newer version, it should be noted that only the old keys will be populated and not the new version keys, until the newer keys are explicitly defined on the device by the administrator.
+Due to the changes in Windows Update for Business, Windows 10, version 1607 uses different GPO and MDM keys than those available in version 1511. Windows 10, version 1703 also uses a few GPO and MDM keys that are different from those available in version 1607. However, Windows Update for Business devices running older versions will still see their policies honored after they update to a newer version; the old policy keys will continue to exist with their values ported forward during the update. Following the update to a newer version, only the old keys will be populated and not the new version keys, until the newer keys are explicitly defined on the device by the administrator.
 
 ### How older version policies are respected on newer versions
 
-When a client running a newer version sees an update available on Windows Update, the client will first evaluate and execute against the Windows Updates for Business policy keys for it's version.  If these are not present, it will then check to see if any of the older version keys are set and defer accordingly.  Update keys for newer versions will always supersede the older equivalent.
+When a device running a newer version sees an update available on Windows Update, the device first evaluates and executes the Windows Updates for Business policy keys for its current (newer) version. If these are not present, it then checks whether any of the older version keys are set and defer accordingly. Update keys for newer versions will always supersede the older equivalent.
 
-### Comparing the version 1511 keys to the version 1607 keys
 
-In the Windows Update for Business policies in version 1511, all the deferral rules were grouped under a single policy where pausing affected both upgrades and updates.  In Windows 10, version 1607, this functionality has been broken out into separate polices: deferral of Feature and Quality Updates can be enabled and paused independently of one other.   
+### Comparing keys in Windows 10, version 1607 to Windows 10, version 1703
-
-<table><caption>Group Policy keys</caption><thead><th>Version 1511 GPO keys</th><th>Version 1607 GPO keys</th></thead>
-<tbody><tr><td valign="top">**DeferUpgrade**: *enable/disable*</br>Enabling allows user to set deferral periods for upgrades and updates.  It also puts the device on CBB (no ability to defer updates while on the CB branch).</br></br>**DeferUpgradePeriod**: *0 - 8 months*</br></br>**DeferUpdatePeriod**: *1 – 4 weeks*</br></br>**Pause**: *enable/disable*</br>Enabling will pause both upgrades and updates for a max of 35 days</br></td><td>**DeferFeatureUpdates**: *enable/disable*</br></br>**BranchReadinessLevel**</br>Set device on CB or CBB</br></br>**DeferFeatureUpdatesPeriodinDays**: *1 - 180 days*</br></br>**PauseFeatureUpdates**: *enable/disable*</br>Enabling will pause Feature updates for a max of 60 days</br></br>**DeferQualityUpdates**: *Enable/disable*</br></br>**DeferQualityUpdatesPeriodinDays**: *0 - 35 days*</br></br>**PauseQualityUpdates**: *enable/disable*</br>Enabling will pause Quality updates for a max of 35 days</br></br>**ExcludeWUDrivers**: *enable/disable*</br></td></tr>
-</table>
-
-<table><caption>MDM keys</caption><thead><th>Version 1511 MDM keys</th><th>Version 1607 MDM keys</th></thead>
-<tbody><tr><td valign="top">**RequireDeferUpgade**: *bool*</br>Puts the device on CBB (no ability to defer updates while on the CB branch).</br></br>**DeferUpgradePeriod**: *0 - 8 months*</br></br>**DeferUpdatePeriod**: *1 – 4 weeks*</br></br>**PauseDeferrals**: *bool*</br>Enabling will pause both upgrades and updates for a max of 35 days</br></td><td>**BranchReadinessLevel**</br>Set system on CB or CBB</br></br>**DeferFeatureUpdatesPeriodinDays**: *1 - 180 days*</br></br>**PauseFeatureUpdates**: *enable/disable*</br>Enabling will pause Feature updates for a max of 60 days</br></br>**DeferQualityUpdatesPeriodinDays**: *0 - 35 days*</br></br>**PauseQualityUpdates**: *enable/disable*</br>Enabling will pause Quality updates for a max of 35 days</br></br>**ExcludeWUDriversInQualityUpdate**: *enable/disable*</br></td></tr>
-</tbody></table>
-
-### Comparing the version 1607 keys to the version 1703 keys
 
 | Version 1607 key | Version 1703 key |
 | --- | --- |

windows/deployment/update/waas-manage-updates-wufb.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.date: 06/01/2018
+ms.date: 11/16/2018
 ---
 
 # Deploy updates using Windows Update for Business
@@ -20,12 +20,9 @@ ms.date: 06/01/2018
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
->[!IMPORTANT]
->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB, and LTSB might still apear in some of our products.
->
->In the following settings, CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel. 
 
-Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. Windows Update for Business leverages diagnostic data to provide reporting and insights into an organization's Windows 10 devices. 
+
+Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined devices. Windows Update for Business leverages diagnostic data to provide reporting and insights into an organization's Windows 10 devices. 
 
 Specifically, Windows Update for Business allows for: 
 
@@ -35,7 +32,7 @@ Specifically, Windows Update for Business allows for:
 - Peer-to-peer delivery for Microsoft updates, which optimizes bandwidth efficiency and reduces the need for an on-site server caching solution.
 - Control over diagnostic data level to provide reporting and insights in Windows Analytics.
 
-Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education.
+Windows Update for Business is a free service that is available for Windows Pro, Enterprise, Pro Education, and Education editions.
 
 >[!NOTE]
 >See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
@@ -48,79 +45,70 @@ Windows Update for Business provides three types of updates to Windows 10 device
 - **Quality Updates**: these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as Quality Updates. These non-Windows Updates are known as *Microsoft Updates* and devices can be optionally configured to receive such updates along with their Windows Updates.
 - **Non-deferrable updates**: Currently, antimalware and antispyware Definition Updates from Windows Update cannot be deferred.
  
-Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded range of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business.
+Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded range of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device (if you set a deferral period of 365 days, the update will not be offered until 365 days after that update was released).
 
-| Category | Maximum deferral | Deferral increments | Example | Classification GUID |
+| Category | Maximum deferral | Deferral increments | Example | WSUS classification GUID |
 | --- | --- | --- | --- | --- |
-| Feature Updates | 365 days | Days | From Windows 10, version 1511 to version 1607 maximum was 180 days</br>In Windows 10, version 1703 maximum is 365 | 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 |
+| Feature Updates | 365 days | Days | From Windows 10, version 1511 to version 1607 maximum was 180 days.</br>From Windows 10, version 1703 to version 1809, the maximum is 365 days. | 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 |
-| Quality Updates | 30 days | Days | Security updates</br>Drivers (optional)</br>Non-security updates</br>Microsoft updates (Office,Visual Studio, etc.) | 0FA1201D-4330-4FA8-8AE9-B877473B6441</br>EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0</br>CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83</br>varies |
+| Quality Updates | 30 days | Days | Security updates</br>Drivers (optional)</br>Non-security updates</br>Microsoft updates (Office,Visual Studio, etc.) | 0FA1201D-4330-4FA8-8AE9-B877473B6441</br></br>EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0</br></br>CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83</br></br>varies |
 | Non-deferrable | No deferral | No deferral | Definition updates | E0789628-CE08-4437-BE74-2495B842F43B |
 
 >[!NOTE]
 >For information about classification GUIDs, see [WSUS Classification GUIDs](https://msdn.microsoft.com/library/ff357803.aspx).
 
-## Changes to Windows Update for Business in Windows 10, version 1709
+## Windows Update for Business in various Windows 10 versions
 
-The group policy path for Windows Update for Business was changed to correctly reflect its association to Windows Update for Business.
+Windows Update for Business was first available in Windows 10, version 1511. This diagram lists new or changed capabilities and updated behavior in subsequent versions.
 
-| Prior to Windows 10, version 1709 | Windows 10, version 1709 |
-| --- | --- |
-| Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Update | Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business | 
 
-We have added the ability to manage Windows Insider preview builds and their delivery:
+| Windows 10, version 1511 | 1607 | 1703 | 1709 | 1803 | 1809 |
+| --- | --- | --- | --- | --- | --- |
+| Defer quality updates</br>Defer feature updates</br>Pause updates | All 1511 features, plus: **WSUS integration** | All 1607 features, plus **Settings controls** | All 1703 features, plus **Ability to set slow vs. fast Insider Preview branch** | All 1709 features, plus **Uninstall updates remotely** | All 1803 features, plus **Option to use default automatic updates**</br>**Ability to set separate deadlines for feature vs. quality updates**</br>**Admins can prevent users from pausing updates**
+## Managing Windows Update for Business with Group Policy
 
-The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
+The group policy path for Windows Update for Business has changed to correctly reflect its association to Windows Update for Business and provide the ability to easily manage pre-release Windows Insider Preview builds in Windows 10, version 1709. 
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
-* MDM: **Update/ManagePreviewBuilds**
 
->[!IMPORTANT]
+| Action | Windows 10 versions prior to 1709 | Windows 10 versions after 1709 |
->This policy replaces the "Toggle user control over Insider builds" policy under that is only supported up to Windows 10, version 1703. You can find the older policy here:
+| --- | --- | --- |
->* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds**
+| Set Windows Update for Business Policies | Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Update | Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business |
->* MDM: **System/AllowBuildPreview**
+| Manage Windows Insider Preview builds | Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds |	Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business - *Manage preview builds* |
+| Manage when updates are received | Select when Feature Updates are received | Select when Preview Builds and Feature Updates are received </br> (Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business - **Select when Preview Builds and Feature Updates are received**) |
 
-The policy settings to **Select when Feature Updates are received** is now called **Select when Preview Builds and Feature Updates are received**. In addition to previous functionality, it now allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
+## Managing Windows Update for Business with MDM
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
-* MDM: **Update/BranchReadinessLevel**
 
-## Changes to Windows Update for Business in Windows 10, version 1703
+Starting with Windows 10, version 1709, Windows Update for Business was changed to correctly reflect its association to Windows Update for Business and provide the ability to easily manage Windows Insider Preview builds in 1709.
 
-### Options added to Settings
+| Action | Windows 10 versions prior to 1709 | Windows 10 versions after 1709 |
+| --- | --- | --- |
+| Manage Windows Insider Preview builds | System/AllowBuildPreview | Update/ManagePreviewBuilds |
+| Manage when updates are received | Select when Feature Updates are received |	Select when Preview Builds and Feature Updates are received (Update/BranchReadinessLevel) |
 
-We have added a few controls into settings to allow users to control Windows Update for Business through an interface. 
+## Managing Windows Update for Business with Software Center Configuration Manager
-- [Configuring the device's branch readiness level](waas-configure-wufb.md#configure-devices-for-current-branch-or-current-branch-for-business), through **Settings > Update & security > Windows Update > Advanced options**
-- [Pausing feature updates](waas-configure-wufb.md#pause-feature-updates), through **Settings > Update & security > Window Update > Advanced options**
 
-### Adjusted time periods
+Starting with Windows 10, version 1709, you can assign a collection of devices to have dual scan enabled and manage that collection with Windows Update for Business policies. Starting with Windows 10, version 1809, you can set a collection of devices to receive the Windows Insider Preview Feature Updates from Windows Update from within Software Center Configuration Manager.
 
-We have adjusted the maximum pause period for both quality and feature updates to be 35 days, as opposed to 30 and 60 days previously, respectively.
+| Action | Windows 10 versions between 1709 and 1809 | Windows 10 versions after 1809 |
+| --- | --- | --- |
+| Manage Windows Update for Business in Configuration Manager | Manage Feature or Quality Updates with Windows Update for Business via Dual Scan | Manage Insider pre-release builds with Windows Update for Business within Software Center Configuration Manager |
 
-We have also adjusted the maximum feature update deferral period to be 365 days, as opposed to 180 days previously.
+## Managing Windows Update for Business with Windows Settings options
+Windows Settings includes options to control certain Windows Update for Business features:
 
-### Additional changes
+- [Configure the readiness level](waas-configure-wufb.md#configure-devices-for-the-appropriate-service-channel) for a branch by using **Settings > Update & security > Windows Update > Advanced options**
+- [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) by using Settings > Update & security > Window Update > Advanced options
 
-The pause period is now calculated starting from the set start date. For additional details, see [Pause Feature Updates](waas-configure-wufb.md#pause-feature-updates) and [Pause Quality Updates](waas-configure-wufb.md#pause-quality-updates). Due to that, some policy keys are now named differently. For more information, see [Comparing the version 1607 keys to the version 1703 keys](waas-configure-wufb.md#comparing-the-version-1607-keys-to-the-version-1703-keys).
+## Other changes in Windows Update for Business in Windows 10, version 1703 and later releases
 
-## Comparing Windows Update for Business in Windows 10, version 1511 and version 1607
 
-Windows Update for Business was first made available in Windows 10, version 1511. In Windows 10, version 1607 (also known as the Anniversary Update), there are several new or changed capabilities provided as well as updated behavior.  
+### Pause and deferral periods
 
->[!NOTE]
+The maximum pause time period is 35 days for both quality and feature updates. The maximum deferral period for feature updates is 365 days.
->For more information on Current Branch (Semi-Annual Channel (Targeted)) and Current Branch for Business (Semi-Annual Channel), see [Windows 10 servicing options](waas-overview.md#servicing-channels).
 
-<table>
+Also, the pause period is calculated from the set start date. For more details, see [Pause Feature Updates](waas-configure-wufb.md#pause-feature-updates) and [Pause Quality Updates](waas-configure-wufb.md#pause-quality-updates). As a result, certain policy keys have different names; see the "Comparing keys in Windows 10, version 1607 to Windows 10, version 1703" section in [Configure Windows Update for Business](waas-configure-wufb.md) for details.
-    <thead>
-        <tr><th>Capability</th><th>Windows 10, version 1511</th><th>Windows 10, version 1607</th>           
-        </tr>
-    </thead>
-    <tbody>
-        <tr><td><p>Select servicing options: CB or CBB</p></td><td><p>Not available. To defer updates, all systems must be on the Current Branch for Business (CBB)</p></td><td><p>Ability to set systems on the Current Branch (CB) or Current Branch for Business (CBB).</p></td></tr>
-<tr><td><p>Quality Updates</p></td><td><p>Able to defer receiving Quality Updates:</p><ul><li>Up to 4 weeks</li><li>In weekly increments</li></ul></td><td><p>Able to defer receiving Quality Updates:</p><ul><li>Up to 30 days</li><li>In daily increments</li></ul></td></tr>
-<tr><td><p>Feature Updates</p></td><td><p>Able to defer receiving Feature Updates:</p><ul><li>Up to 8 months</li><li>In monthly increments</li></ul></td><td><p>Able to defer receiving Feature Updates:</p><ul><li>Up to 180 days</li><li>In daily increments</li></ul></td></tr>
-<tr><td><p>Pause updates</p></td><td><ul><li>Feature Updates and Quality Updates paused together</li><li>Maximum of 35 days</li></ul></td><td><p>Features and Quality Updates can be paused separately.</p><ul><li>Feature Updates: maximum 60 days</li><li>Quality Updates: maximum 35 days</li></ul></td></tr>
-<tr><td><p>Drivers</p></td><td><p>No driver-specific controls</p></td><td><p>Drivers can be selectively excluded from Windows Update for Business.</p></td></tr>
-</tbody></table>
 
-## Monitor Windows Updates using Update Compliance
+
+
+## Monitor Windows Updates by using Update Compliance
 
 Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
 

windows/deployment/update/waas-optimize-windows-10-updates.md

@@ -54,7 +54,7 @@ Windows 10 quality update downloads can be large because every package contains
 >Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business.
 
 ### How Microsoft supports Express
-- **Express on System Center Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or 1607 with the April 2017 cumulative update.
+- **Express on System Center Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
 - **Express on WSUS Standalone**
 
   Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).

windows/deployment/update/waas-servicing-differences.md

@@ -51,7 +51,7 @@ This cumulative update model for Windows 10 has helped provide the Windows ecosy
 - Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section).
 
 ## Windows 7 and legacy OS versions
-While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in aa fragmented environment, we moved Windows 7 to a cumulative update model in October 2016.  
+While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016.  
 
 Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered two cumulative package types for all legacy operating systems: Monthly Rollups and Security-only updates.
 
@@ -103,4 +103,4 @@ In closing, I hope this overview of the update model across current and legacy W
 - [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798)  
 - [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/) 
 - [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376) 
-- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)
+- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)

windows/deployment/upgrade/upgrade-readiness-data-sharing.md

@@ -42,7 +42,7 @@ In order to set the WinHTTP proxy system-wide on your computers, you need to
 
 The WinHTTP scenario is most appropriate for customers who use a single proxy or f. If you have more advanced proxy requirements, refer to Scenario 3.
 
-If you want to learn more about Proxy considerations on Windows, please take a look at this post in the ieinternals blog
+If you want to learn more about proxy considerations on Windows, see [Understanding Web Proxy Configuration](https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/).
 
 ### Logged-in user’s Internet connection
 

windows/deployment/volume-activation/activate-using-key-management-service-vamt.md

@@ -52,7 +52,7 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
 For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
 
 ## Key Management Service in Windows Server 2012 R2
-Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Sever 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
+Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
 
 **Note**  
 You cannot install a client KMS key into the KMS in Windows Server.

windows/deployment/windows-autopilot/intune-connector.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 11/13/2018
+ms.date: 11/26/2018
 ---
 
 
@@ -23,44 +23,30 @@ In this preview version of the Intune Connector, you might receive an error mess
 
 **0x80070658 - Error applying transforms. Verify that the specified transform paths are valid.**
 
-See the following example:
+An [example](#example) of the error message is displayed at the bottom of this topic. 
-
-![Connector error](images/connector-fail.png)
 
 This error can be resolved by ensuring that the member server where Intune Connector is running has one of the following language packs installed and configured to be the default keyboard layout:
 
-en-US<br>
+|  |  |  |  |  |  |  |  |  |  |  | 
-cs-CZ<br>
+| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
-da-DK<br>
+| en-US | cs-CZ | da-DK | de-DE | el-GR | es-ES | fi-FI | fr-FR | hu-HU | it-IT | ja-JP |
-de-DE<br>
+| ko-KR | nb-NO | nl-NL | pl-PL | pt-BR | ro-RO | ru-RU | sv-SE | tr-TR | zh-CN | zh-TW |
-el-GR<br>
-es-ES<br>
-fi-FI<br>
-fr-FR<br>
-hu-HU<br>
-it-IT<br>
-ja-JP<br>
-ko-KR<br>
-nb-NO<br>
-nl-NL<br>
-pl-PL<br>
-pt-BR<br>
-ro-RO<br>
-ru-RU<br>
-sv-SE<br>
-tr-TR<br>
-zh-CN<br>
-zh-TW
 
-This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
+>[!NOTE]
+>After installing the Intune Connector, you can restore the keyboard layout to its previous settings.<br>
+>This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
 
 To change the default keyboard layout:
 
 1. Click **Settings > Time & language > Region and language** 
 2. Select one of the languages listed above and choose **Set as default**.
 
-Note: If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
+If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
-
+
-
+## Example
+
+The following is an example of the error message that can be displayed if one of the listed languages is not used during setup:
+
+![Connector error](images/connector-fail.png)
 
 

windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md

@@ -26,12 +26,13 @@ Windows Autopilot depends on specific capabilities available in Windows 10 and A
     -   Enterprise
     -   Education
 -   One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality:
-    -   Microsoft 365 Business subscriptions
+    -   [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
-    -   Microsoft 365 F1 subscriptions
+    -   [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
-    -   Microsoft 365 Enterprise E3 or E5 subscriptions, which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
+    -   [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
-    -   Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features
+    -   [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
-    -   Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
+    -   [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features
+    -   [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/en-us/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service)
 
 Additionally, the following are also recommended but not required:
--   Office 365 ProPlus, which can be deployed easily via Intune (or other MDM services)
+-   [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services)
 -   [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise

windows/hub/index.md

@@ -71,7 +71,7 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
 These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
   
 - [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
-- [Read how much space does Windows 10 take](https://www.microsoft.com/en-us/windows/windows-10-specifications)
+
 
 ## Related topics
 [Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)

windows/privacy/gdpr-it-guidance.md

@@ -237,6 +237,11 @@ The lowest diagnostic data setting level supported on Windows Server 2016 and Wi
 
 IT administrators can configure the Windows Server diagnostic data settings using familiar management tools, such as Group Policy, MDM, or Windows Provisioning. IT administrators can also manually change settings using Registry Editor. Setting the Windows Server diagnostic data levels through a management policy overrides any device-level settings.
 
+There are two options for deleting Windows diagnostic data from a Windows Server machine:
+
+- If the “Desktop Experience” option was chosen during the installation of Windows Server 2019, then there are the same options available for an IT administrator that end users have with Windows 10, version 1803 and version 1809, to submit a request for deleting that device’s diagnostic data. This is done by clicking the **Delete** button in the **Delete diagnostic data** section of **Start > Settings > Privacy > Diagnostics & feedback**.
+- Microsoft has provided a [PowerShell cmdlet](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata) that IT administrators can use to delete Windows diagnostic data via the command line on a machine running Windows Server 2016 or Windows Server 2019. This cmdlet provides the same functionality for deleting Windows diagnostic data as with Desktop Experience on Windows Server 2019. For more information, see [the PowerShell Gallery](https://www.powershellgallery.com/packages/WindowsDiagnosticData).
+
 ### Backups and Windows Server
 
 Backups, including live backups and backups that are stored locally within an organization or in the cloud, can contain personal data.

windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md

@@ -0,0 +1,92 @@
+---
+title: MICROSOFT WINDOWS DIAGNOSTIC DATA FOR POWERSHELL
+description: MICROSOFT SOFTWARE LICENSE TERMS
+keywords: privacy, license, terms
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: high
+author: danihalfin
+ms.author: daniha
+ms.date: 11/16/2018
+robots: noindex,nofollow
+---
+
+MICROSOFT SOFTWARE LICENSE TERMS
+
+MICROSOFT WINDOWS DIAGNOSTIC DATA FOR POWERSHELL
+
+
+
+These license terms are an agreement between you and Microsoft Corporation (or one of its affiliates). They apply to the software named above and any Microsoft services or software updates (except to the extent such services or updates are accompanied by new or additional terms, in which case those different terms apply prospectively and do not alter your or Microsoft’s rights relating to pre-updated software or services). IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW. BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS.
+
+1. INSTALLATION AND USE RIGHTS.
+
+a) General. You may install and use any number of copies of the software.
+
+b) Third Party Software. The software may include third party applications that Microsoft, not the third party, licenses to you under this agreement. Any included notices for third party applications are for your information only.
+
+2. DATA COLLECTION. The software may collect information about you and your use of the software and send that to Microsoft. Microsoft may use this information to provide services and improve Microsoft’s products and services. Your opt-out rights, if any, are described in the product documentation. Some features in the software may enable collection of data from users of your applications that access or use the software. If you use these features to enable data collection in your applications, you must comply with applicable law, including getting any required user consent, and maintain a prominent privacy policy that accurately informs users about how you use, collect, and share their data. You can learn more about Microsoft’s data collection and use in the product documentation and the Microsoft Privacy Statement at https://go.microsoft.com/fwlink/?LinkId=512132. You agree to comply with all applicable provisions of the Microsoft Privacy Statement.
+
+3. SCOPE OF LICENSE. The software is licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you will not (and have no right to):
+
+a) work around any technical limitations in the software that only allow you to use it in certain ways;
+
+b) reverse engineer, decompile or disassemble the software;
+
+c) remove, minimize, block, or modify any notices of Microsoft or its suppliers in the software;
+
+d) use the software in any way that is against the law or to create or propagate malware; or
+
+e) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party.
+
+4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit http://aka.ms/exporting.
+
+5. SUPPORT SERVICES. Microsoft is not obligated under this agreement to provide any support services for the software. Any support provided is “as is”, “with all faults”, and without warranty of any kind.
+
+6. ENTIRE AGREEMENT. This agreement, and any other terms Microsoft may provide for supplements, updates, or third-party applications, is the entire agreement for the software.
+
+7. APPLICABLE LAW AND PLACE TO RESOLVE DISPUTES. If you acquired the software in the United States or Canada, the laws of the state or province where you live (or, if a business, where your principal place of business is located) govern the interpretation of this agreement, claims for its breach, and all other claims (including consumer protection, unfair competition, and tort claims), regardless of conflict of laws principles. If you acquired the software in any other country, its laws apply. If U.S. federal jurisdiction exists, you and Microsoft consent to exclusive jurisdiction and venue in the federal court in King County, Washington for all disputes heard in court. If not, you and Microsoft consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington for all disputes heard in court.
+
+8. CONSUMER RIGHTS; REGIONAL VARIATIONS. This agreement describes certain legal rights. You may have other rights, including consumer rights, under the laws of your state, province, or country. Separate and apart from your relationship with Microsoft, you may also have rights with respect to the party from which you acquired the software. This agreement does not change those other rights if the laws of your state, province, or country do not permit it to do so. For example, if you acquired the software in one of the below regions, or mandatory country law applies, then the following provisions apply to you:
+
+a) Australia. You have statutory guarantees under the Australian Consumer Law and nothing in this agreement is intended to affect those rights.
+
+b) Canada. If you acquired this software in Canada, you may stop receiving updates by turning off the automatic update feature, disconnecting your device from the Internet (if and when you re-connect to the Internet, however, the software will resume checking for and installing updates), or uninstalling the software. The product documentation, if any, may also specify how to turn off updates for your specific device or software.
+
+c) Germany and Austria.
+
+i.	Warranty. The properly licensed software will perform substantially as described in any Microsoft materials that accompany the software. However, Microsoft gives no contractual guarantee in relation to the licensed software.
+
+ii.	Limitation of Liability. In case of intentional conduct, gross negligence, claims based on the Product Liability Act, as well as, in case of death or personal or physical injury, Microsoft is liable according to the statutory law.
+
+Subject to the foregoing clause ii., Microsoft will only be liable for slight negligence if Microsoft is in breach of such material contractual obligations, the fulfillment of which facilitate the due performance of this agreement, the breach of which would endanger the purpose of this agreement and the compliance with which a party may constantly trust in (so-called "cardinal obligations"). In other cases of slight negligence, Microsoft will not be liable for slight negligence.
+
+9. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS IS.” YOU BEAR THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. TO THE EXTENT PERMITTED UNDER APPLICABLE LAWS, MICROSOFT EXCLUDES ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
+
+10. LIMITATION ON AND EXCLUSION OF DAMAGES. IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES DESPITE THE PRECEDING DISCLAIMER OF WARRANTY, YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
+
+This limitation applies to (a) anything related to the software, services, content (including code) on third party Internet sites, or third party applications; and (b) claims for breach of contract, warranty, guarantee, or condition; strict liability, negligence, or other tort; or any other claim; in each case to the extent permitted by applicable law.
+
+It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your state, province, or country may not allow the exclusion or limitation of incidental, consequential, or other damages.
+
+
+
+Please note: As this software is distributed in Canada, some of the clauses in this agreement are provided below in French.
+
+Remarque: Ce logiciel étant distribué au Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.
+
+EXONÉRATION DE GARANTIE. Le logiciel visé par une licence est offert « tel quel ». Toute utilisation de ce logiciel est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection des consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
+
+LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
+
+Cette limitation concerne:
+
+•	tout ce qui est relié au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et
+
+•	les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
+
+Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.
+
+EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

windows/privacy/manage-windows-1709-endpoints.md

@@ -153,7 +153,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 

windows/privacy/manage-windows-1803-endpoints.md

@@ -145,20 +145,16 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. 
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
 
-| Source process | Protocol | Destination |
+Additionally, it is used to download certificates that are publicly known to be fraudulent.
-|----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
-
-The following endpoints are used to download certificates that are publicly known to be fraudulent.
 These settings are critical for both Windows security and the overall security of the Internet. 
 We do not recommend blocking this endpoint.
 If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 

windows/privacy/manage-windows-1809-endpoints.md

@@ -155,20 +155,16 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 
 ## Certificates
 
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. 
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
 
-| Source process | Protocol | Destination |
+Additionally, it is used to download certificates that are publicly known to be fraudulent.
-|----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
-
-The following endpoints are used to download certificates that are publicly known to be fraudulent.
 These settings are critical for both Windows security and the overall security of the Internet. 
 We do not recommend blocking this endpoint.
 If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
 
 | Source process | Protocol | Destination |
 |----------------|----------|------------|
-| svchost        | HTTP     | ctldl.windowsupdate.com |
+| svchost        | HTTP     | ctldl.windowsupdate.com | 
 
 ## Device authentication
 

windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md

@@ -19,7 +19,7 @@ Windows Hello for Business authentication is passwordless, two-factor authentica
 Azure Active Directory joined devices authenticate to Azure during sign-in and can optional authenticate to Active Directory.  Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.<br>
 
 [Azure AD join authentication to Azure Active Directory](#Azure-AD-join-authentication-to-Azure-Active-Directory)<br>
-[Azure AD join authentication to Active Direcotry using a Key](#Azure-AD-join-authentication-to-Active-Direcotry-using-a-Key)<br>
+[Azure AD join authentication to Active Directory using a Key](#Azure-AD-join-authentication-to-Active-Directory-using-a-Key)<br>
 [Azure AD join authentication to Active Directory using a Certificate](#Azure-AD-join-authentication-to-Active-Directory-using-a-Certificate)<br>
 [Hybrid Azure AD join authentication using a Key](#Hybrid-Azure-AD-join-authentication-using-a-Key)<br>
 [Hybrid Azure AD join authentication using a Certificate](#Hybrid-Azure-AD-join-authentication-using-a-Certificate)<br>
@@ -38,7 +38,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
 
 [Return to top](#Windows-Hello-for-Business-and-Authentication)
 ## Azure AD join authentication to Active Directory using a Key
-![Azure AD join authentication to Active Direotory using a Key](images/howitworks/auth-aadj-keytrust-kerb.png)
+![Azure AD join authentication to Active Directory using a Key](images/howitworks/auth-aadj-keytrust-kerb.png)
 
 
 | Phase  | Description  |

windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md

@@ -75,7 +75,7 @@ If you do not have an existing public key infrastructure, please review [Certifi
 
 > [!IMPORTANT]
 > For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
-> * Install the root certificate authority certificate for your organization in the user's trusted root certifcate store.
+> * Install the root certificate authority certificate for your organization in the user's trusted root certificate store.
 > * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url.
 
 ### Section Review ###
@@ -84,7 +84,7 @@ If you do not have an existing public key infrastructure, please review [Certifi
 > *  Minimum Windows Server 2012 Certificate Authority.
 > *  Enterprise Certificate Authority.
 > *  Functioning public key infrastructure.
-> *  Root certifcate authority certificate (Azure AD Joined devices).
+> *  Root certificate authority certificate (Azure AD Joined devices).
 > *  Highly available certificate revocation list (Azure AD Joined devices).
   
 ## Azure Active Directory ##
@@ -131,7 +131,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 > * Review the overview and uses of Azure Multifactor Authentication.
 > * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
 > * Create an Azure Multifactor Authentication Provider, if necessary.
-> * Configure Azure Multufactor Authentiation features and settings.
+> * Configure Azure Multifactor Authentiation features and settings.
 > * Understand the different User States and their effect on Azure Multifactor Authentication.
 > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary.
 

windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

@@ -19,7 +19,7 @@ ms.date: 08/19/2018
 -   Key trust
 
 
-## Directory Syncrhonization
+## Directory Synchronization
 
 In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure.  Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.  
 

windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: justinha
 ms.localizationpriority: medium
-ms.date: 10/12/2018
+ms.date: 11/28/2018
 ---
 
 # How Windows Information Protection protects files with a sensitivity label 
@@ -27,13 +27,15 @@ Microsoft information protection technologies work together as an integrated sol
 
 Microsoft information protection technologies include:
 
-- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
+- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects local data at rest on endpoint devices, and manages apps to protect local data in use. Data that leaves the endpoint device, such as email attachment, is not protected by WIP. 
 
 - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps.
 
-- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
+- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. Azure Information Protection is applied directly to content, and roams with the content as it's moved between locations and cloud services.
 
-  ![Sensitivity labels](images/sensitivity-labels.png)
+End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
+
+![Sensitivity labels](images/sensitivity-labels.png)
 
 ## Default WIP behaviors for a sensitivity label
 

windows/security/threat-protection/TOC.md

@@ -6,6 +6,7 @@
 #### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
 ##### [Hardware-based isolation](windows-defender-atp/overview-hardware-based-isolation.md)
 ###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
+####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
 ###### [System isolation](windows-defender-atp/how-hardware-based-containers-help-protect-windows.md)
 ##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
 ##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
@@ -265,7 +266,7 @@
 ######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
 
 ####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md)
-######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
+######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
@@ -274,8 +275,8 @@
 
 
 ####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md)
-######## [List MachineActions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
+######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Get MachineAction](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
+######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
 ######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
 ######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
 ######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md)
@@ -284,6 +285,7 @@
 ######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
 ######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md)
 ######## [Offboard machine](windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
+######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
 
 ####### [User](windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md)
 ######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/security-compliance-toolkit-10.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: sagaudre
 author: brianlic-msft
-ms.date: 06/25/2018
+ms.date: 11/26/2018
 ---
 
 # Microsoft Security Compliance Toolkit 1.0
@@ -22,6 +22,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 -   Windows 10 security baselines
+    -   Windows 10 Version 1809 (October 2018 Update)
     -   Windows 10 Version 1803 (April 2018 Update)
     -   Windows 10 Version 1709 (Fall Creators Update)
     -   Windows 10 Version 1703 (Creators Update)
@@ -30,6 +31,7 @@ The Security Compliance Toolkit consists of:
     -   Windows 10 Version 1507
 
 -   Windows Server security baselines
+    -   Windows Server 2019
     -   Windows Server 2016
     -   Windows Server 2012 R2
 

windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md

@@ -301,11 +301,10 @@ This setting will help ensure protection for a VM that has been offline for some
 
 ### Exclusions
 On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, you can refer to the exclusions that are applied on this page:
-- [Automatic exclusions for Windows Server Antimalware](https://technet.microsoft.com/windows-server-docs/security/windows-defender/automatic-exclusions-for-windows-defender)
+- [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)
 
 ## Additional resources
 
 - [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( http://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
-- [Project VRC: Windows Defender Antivirus impact and best practices on VDI](https://blogs.technet.microsoft.com/privatecloud/2013/12/06/orchestrated-offline-vm-patching-using-service-management-automation/)
 - [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS)
 - [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript)

windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 09/03/2018
+ms.date: 11/16/2018
 ---
 
 # Restore quarantined files in Windows Defender AV
@@ -25,7 +25,7 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
 1. Open **Windows Security**.
 2. Click **Virus & threat protection** and then click **Threat History**.
 3. Under **Quarantined threats**, click **See full history**.
-4. Click **Restore** for any items you want to keep. (If you prefer to remove them, you can click **Remove**.)
+4. Click an item you want to keep, then click **Restore**. (If you prefer to remove the item, you can click **Remove**.)
 
 ## Related topics
 

windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md

@@ -65,7 +65,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
     ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin
     ```
 
-After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (IntialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
+After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (InitialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
 
 > [!Note] 
 > We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: jsuther1974
-ms.date: 05/03/2018
+ms.date: 11/28/2018
 ---
 
 # Windows Defender Application Control 
@@ -17,6 +17,7 @@ ms.date: 05/03/2018
 
 -   Windows 10
 -   Windows Server 2016
+-   Windows Server 2019 
 
 With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks. 
 In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. 
@@ -36,9 +37,9 @@ WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs
 
 ## WDAC System Requirements
 
-WDAC policies can only be created on computers running Windows 10 Enterprise or Windows Server 2016. 
+WDAC policies can only be created on computers beginning with Windows 10 Enterprise or Professional editions or Windows Server 2016. 
 They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and managed via Mobile Device Management (MDM), such as Microsoft Intune. 
-Group Policy can also be used to distribute Group Policy Objects that contain WDAC policies on computers running Windows 10 Enterprise or Windows Server 2016. 
+Group Policy or Intune can be used to distribute WDAC policies. 
 
 ## New and changed functionality
 

windows/security/threat-protection/windows-defender-application-guard/TOC.md

@@ -0,0 +1,7 @@
+# [Windows Defender Application Guard](wd-app-guard-overview.md)
+
+## [System requirements](reqs-wd-app-guard.md)
+## [Install WDAG](install-wd-app-guard.md)
+## [Configure WDAG policies](configure-wd-app-guard.md)
+## [Test scenarios](test-scenarios-wd-app-guard.md)
+## [FAQ](faq-wd-app-guard.md)

windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md

@@ -8,14 +8,14 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: justinha
 ms.author: justinha
-ms.date: 09/07/2018
+ms.date: 11/27/2018
 ---
 
 # Windows Defender Application Guard overview
 
 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
  
-Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete. 
+Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. 
 
 ## What is Application Guard and how does it work?
 Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -4,6 +4,7 @@
 ### [Attack surface reduction](overview-attack-surface-reduction.md)
 #### [Hardware-based isolation](overview-hardware-based-isolation.md)
 ##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
+###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
 ##### [System isolation](how-hardware-based-containers-help-protect-windows.md)
 #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
 #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
@@ -262,7 +263,7 @@
 ####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
 
 ###### [Machine](machine-windows-defender-advanced-threat-protection-new.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection-new.md)
+####### [List machines](get-machines-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
@@ -270,8 +271,8 @@
 ####### [Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
 
 ###### [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md)
-####### [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
+####### [List Machine Actions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-####### [Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
+####### [Get Machine Action](get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
 ####### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
 ####### [Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
 ####### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md)
@@ -280,7 +281,7 @@
 ####### [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
 ####### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md)
 ####### [Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
-
+####### [Stop and quarantine file](stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
 
 ###### [User](user-windows-defender-advanced-threat-protection-new.md)
 ####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md

@@ -15,10 +15,12 @@ ms.date: 12/08/2017
 
 # Add or Remove Machine Tags API
 
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 - Adds or remove tag to a specific machine.
 
 ## Permissions
@@ -68,10 +70,10 @@ Here is an example of a request that adds machine tag.
 [!include[Improve request performance](improverequestperformance-new.md)]
 
 ```
-POST https://api.securitycenter.windows.com/api/machines/863fed4b174465c703c6e412965a31b5e1884cc4/tags
+POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
 Content-type: application/json
 {
-  "Value" : "Test Tag",
+  "Value" : "test Tag 2",
   "Action": "Add"
 }
 
@@ -85,26 +87,25 @@ HTTP/1.1 200 Ok
 Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity",
-    "id": "863fed4b174465c703c6e412965a31b5e1884cc4",
+    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "mymachine55.contoso.com",
+    "computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2018-07-31T14:20:55.8223496Z",
+    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-    "lastSeen": "2018-09-27T08:44:05.6228836Z",
+	"lastSeen": "2018-08-02T14:55:03.7791856Z",
     "osPlatform": "Windows10",
-    "osVersion": null,
+    "osVersion": "10.0.0.0",
-    "lastIpAddress": "10.248.240.38",
+    "lastIpAddress": "172.17.230.209",
-    "lastExternalIpAddress": "167.220.2.166",
+    "lastExternalIpAddress": "167.220.196.71",
-    "agentVersion": "10.3720.16299.98",
+    "agentVersion": "10.5830.18209.1001",
-    "osBuild": 16299,
+    "osBuild": 18209,
     "healthStatus": "Active",
-    "isAadJoined": true,
+    "rbacGroupId": 140,
-    "machineTags": [
+	"rbacGroupName": "The-A-Team",
-        "Test Tag"
+    "riskScore": "Low",
-    ],
+	"isAadJoined": true,
-    "rbacGroupId": 75,
+    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-    "riskScore": "Medium",
+	"machineTags": [ "test tag 1", "test tag 2" ]
-    "aadDeviceId": null
 }
 
 ```
 
-To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
+- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.

windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md

@@ -37,12 +37,12 @@ To effectively build queries that span multiple tables, you need to understand t
 | ActionType | string | Type of activity that triggered the event |
 | AdditionalFields | string | Additional information about the event in JSON array format |
 | AlertId | string | Unique identifier for the alert |
+| AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
 | ComputerName | string | Fully qualified domain name (FQDN) of the machine |
 | ConnectedNetworks | string | Networks that the adapter is connected to. Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it’s connected publicly to the internet. |
 | DefaultGateways | string | Default gateway addresses in JSON array format |
-| DnsServers | string | DNS server addresses in JSON array format |
+| DnsAddresses | string | DNS server addresses in JSON array format |
 | EventTime | datetime | Date and time when the event was recorded |
-| EventType | string | Table where the record is stored |
 | FileName | string | Name of the file that the recorded action was applied to |
 | FileOriginIp | string | IP address where the file was downloaded from |
 | FileOriginReferrerUrl | string | URL of the web page that links to the downloaded file |
@@ -61,7 +61,7 @@ To effectively build queries that span multiple tables, you need to understand t
 | InitiatingProcessMd5 | string | MD5 hash of the process (image file) that initiated the event |
 | InitiatingProcessParentCreationTime | datetime | Date and time when the parent of the process responsible for the event was started |
 | InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event |
-| InitiatingProcessParentName | string | Name of the parent process that spawned the process responsible for the event |
+| InitiatingProcessParentFileName | string | Name of the parent process that spawned the process responsible for the event |
 | InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event |
 | InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populated—use the SHA1 column when available. |
 | InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event |
@@ -71,6 +71,7 @@ To effectively build queries that span multiple tables, you need to understand t
 | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory |
 | LocalIP | string | IP address assigned to the local machine used during communication |
 | LocalPort | int | TCP port on the local machine used during communication |
+| LocalIPType | string | Type of IP address, for example Public, Private, Reserved, Loopback, Teredo, FourToSixMapping, and Broadcast |
 | LogonId | string | Identifier for a logon session. This identifier is unique on the same machine only between restarts. |
 | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format |
 | LogonType | string | Type of logon session, specifically:<br><br> - **Interactive** - User physically interacts with the machine using the local keyboard and screen<br><br> - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients<br><br> - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed<br><br> - **Batch** - Session initiated by scheduled tasks<br><br> - **Service** - Session initiated by services as they start<br> 
@@ -81,7 +82,6 @@ To effectively build queries that span multiple tables, you need to understand t
 | NetworkAdapterName | string | Name of the network adapter |
 | NetworkAdapterStatus | string | Operational status of the network adapter. For the possible values, refer to [this enumeration](https://docs.microsoft.com/dotnet/api/system.net.networkinformation.operationalstatus?view=netframework-4.7.2). |
 | NetworkAdapterType | string | Network adapter type. For the possible values, refer to [this enumeration](https://docs.microsoft.com/dotnet/api/system.net.networkinformation.networkinterfacetype?view=netframework-4.7.2). |
-| NetworkCardIPs | string | List of all network adapters on the machine, including their MAC addresses and assigned IP addresses, in JSON array format |
 | OSArchitecture | string | Architecture of the operating system running on the machine |
 | OSBuild | string | Build version of the operating system running on the machine |
 | OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
@@ -94,7 +94,7 @@ To effectively build queries that span multiple tables, you need to understand t
 | ProcessId | int | Process ID (PID) of the newly created process |
 | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. |
 | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process |
-| ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log |
+| Protocol | string | IP protocol used, whether TCP or UDP |
 | PublicIP | string | Public IP address used by the onboarded machine to connect to the Windows Defender ATP service. This could be the IP address of the machine itself, a NAT device, or a proxy. |
 | RegistryKey | string | Registry key that the recorded action was applied to |
 | RegistryValueData | string | Data of the registry value that the recorded action was applied to |
@@ -102,12 +102,14 @@ To effectively build queries that span multiple tables, you need to understand t
 | RegistryValueType | string | Data type, such as binary or string, of the registry value that the recorded action was applied to |
 | RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. |
 | RemoteIP | string | IP address that was being connected to |
+| RemoteIPType | string | Type of IP address, for example Public, Private, Reserved, Loopback, Teredo, FourToSixMapping, and Broadcast |
 | RemotePort | int | TCP port on the remote device that was being connected to |
 | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to |
 | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. |
 | SHA1 | string | SHA-1 of the file that the recorded action was applied to |
 | SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. |
-| TunnelingProtocol | string | Tunneling protocol, if the interface is used for this purpose, for example: <br> - Various IPv6 to IPv4 tunneling protocols (6to4, Teredo, ISATAP) <br> - VPN (PPTP, SSTP) <br> - SSH <br> **NOTE:** This field doesn’t provide full IP tunneling specifications. |
+| Table | string | Table that contains the details of the event |
+| TunnelingType | string | Tunneling protocol, if the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH |
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)        
 

windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md

@@ -65,15 +65,16 @@ For more information on the query language and supported operators, see [Query L
 
 The following tables are exposed as part of Advanced hunting:
 
-- **AlertEvents** - Stores alerts related information 
+- **AlertEvents** - Alerts on Windows Defender Security Center 
-- **MachineInfo** - Stores machines properties
+- **MachineInfo** - Machine information, including OS information 
-- **ProcessCreationEvents** - Stores process creation events 
+- **MachineNetworkInfo** - Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains
-- **NetworkCommunicationEvents** - Stores network communication events
+- **ProcessCreationEvents** - Process creation and related events 
-- **FileCreationEvents** - Stores file creation, modification, and rename events
+- **NetworkCommunicationEvents** - Network connection and related events
-- **RegistryEvents** - Stores registry key creation, modification, rename and deletion events 
+- **FileCreationEvents** - File creation, modification, and other file system events
-- **LogonEvents** - Stores login events 
+- **RegistryEvents** - Creation and modification of registry entries 
-- **ImageLoadEvents** - Stores load dll events  
+- **LogonEvents** - Login and other authentication events 
-- **MiscEvents** - Stores several types of events, process injection events, access to LSASS processes, and others.
+- **ImageLoadEvents** - DLL loading events  
+- **MiscEvents** - Multiple event types, such as process injection, creation of scheduled tasks, and LSASS access attempts
 
 These tables include data from the last 30 days.
 
@@ -137,8 +138,8 @@ The filter selections will resolve as an additional query term and the results w
 
 
 
-## Public Advanced Hunting query GitHub repository  
+## Public Advanced hunting query GitHub repository  
-Check out the [Advanced Hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 
+Check out the [Advanced hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. 
 
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink)

windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md

@@ -37,45 +37,48 @@ Method|Return Type |Description
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-id | String | Alert ID
+id | String | Alert ID.
-severity | String | Severity of the alert. Allowed values are: 'Low', 'Medium' and 'High'.
+incidentId | String | The [Incident](incidents-queue.md) ID of the Alert. 
-status | String | Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'.
+assignedTo | String | Owner of the alert.
+severity | Enum | Severity of the alert. Possible values are: 'UnSpecified', 'Informational', 'Low', 'Medium' and 'High'.
+status | Enum | Specifies the current status of the alert. Possible values are: 'Unknown', 'New', 'InProgress' and 'Resolved'.
+investigationState | Nullable Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign Failed PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert' .
+classification | Nullable Enum | Specification of the alert. Possible values are: 'Unknown', 'FalsePositive', 'TruePositive'. 
+determination | Nullable Enum | Specifies the determination of the alert. Possible values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'.
+category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and	'General' .
+detectionSource | string | Detection source.
+threatFamilyName | string | Threat family.
+title | string | Alert title.
 description | String | Description of the threat, identified by the alert.
 recommendedAction | String | Action recommended for handling the suspected threat.
 alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created.
-category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and	'General'.
-title | string | Alert title
-threatFamilyName | string | Threat family
-detectionSource | string | Detection source 
-assignedTo | String | Owner of the alert
-classification | String | Specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. 
-determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
-resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
+resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
 machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
 
 # JSON representation
 ```
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
-    "id": "636688558380765161_2136280442",
+    "id": "121688558380765161_2136280442",
-    "severity": "Informational",
+	"incidentId": 7696,
-    "status": "InProgress",
+	"assignedTo": "secop@contoso.com",
-    "description": "Some alert description 1",
+	"severity": "High",
-    "recommendedAction": "Some recommended action 1",
+	"status": "New",
-    "alertCreationTime": "2018-08-03T01:17:17.9516179Z",
+	"classification": "TruePositive",
-    "category": "General",
+	"determination": "Malware",
-    "title": "Some alert title 1",
+	"investigationState": "Running",
-    "threatFamilyName": null,
+	"category": "MalwareDownload",
-    "detectionSource": "WindowsDefenderAtp",
+	"detectionSource": "WindowsDefenderAv",
-    "classification": "TruePositive",
+	"threatFamilyName": "Mikatz",
-    "determination": null,
+	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-    "assignedTo": "best secop ever",
+	"description": "Some description"
-    "resolvedTime": null,
+	"recommendedAction": "Some recommended action"
-    "lastEventTime": "2018-08-02T07:02:52.0894451Z",
+	"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
-    "firstEventTime": "2018-08-02T07:02:52.0894451Z",
+	"firstEventTime": "2018-11-26T16:17:50.0948658Z",
-    "actorName": null,
+	"lastEventTime": "2018-11-26T16:18:01.809871Z",
-    "machineId": "ff0c3800ed8d66738a514971cd6867166809369f"
+	"resolvedTime": null,
+	"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
 }
 ```

windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 09/03/2018
+ms.date: 11/28/2018
 ---
 
 # Assign user access to Windows Defender Security Center
@@ -31,7 +31,7 @@ Windows Defender ATP supports two ways to manage permissions:
 > [!NOTE]
 >If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
 
->- Users with full access (Security Administrators) are automatically assigned the default **Global administrator** role, which also has full access. Only global administrators can manage permissions using RBAC. 
+>- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Windows Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Windows Defender ATP administrator role after switching to RBAC.  Only users assigned to the Windows Defender ATP administrator role can manage permissions using RBAC. 
 >- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
 >- After switching to RBAC, you will not be able to switch back to using basic permissions management.
 

windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.author: lomayor
 author: lomayor
 ms.localizationpriority: medium
-ms.date: 28/02/2018
+ms.date: 11/20/2018
 ---
 
 # Experience Windows Defender ATP through simulated attacks 
@@ -25,6 +25,10 @@ ms.date: 28/02/2018
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
 
+>[!TIP]
+> Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+
+
 You might want to experience Windows Defender ATP before you onboard more than a few machines to the service. To do this, you can run controlled attack simulations on a few test machines. After running the simulated attacks, you can review how Windows Defender ATP surfaces malicious activity and explore how it enables an efficient response.
 
 ## Before you begin

windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md

@@ -39,7 +39,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/CreateAlertByReference
+POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
 ```
 
 ## Request headers
@@ -77,7 +77,7 @@ Here is an example of the request.
 [!include[Improve request performance](improverequestperformance-new.md)]
 
 ```
-POST https://api.securitycenter.windows.com/api/CreateAlertByReference
+POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
 Content-Length: application/json
 
 {

windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md

@@ -21,12 +21,17 @@ ms.date: 11/15/2018
 
 - If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
 
--  Currently, [Machine](machine-windows-defender-advanced-threat-protection-new.md) and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities supports all OData queries. 
+- Not all properties are filterable.
--  [Alert](alerts-windows-defender-advanced-threat-protection-new.md) entity support all OData queries except $filter. 
+
+### Properties that supports $filter:
+
+- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
+- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
+- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
 
 ### Example 1
 
-**Get all the machines with the tag 'ExampleTag'**
+- Get all the machines with the tag 'ExampleTag'
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=machineTags/any(tag: tag eq 'ExampleTag')
@@ -41,25 +46,23 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "b9d4c51123327fb2a25db29ff1b8f3b64888e7ba",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-03-07T11:19:11.7234147Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-15T11:23:38.3196947Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.17.255.241",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "123.220.196.180",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6400.18282.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18282,
+            "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
+            "rbacGroupId": 140,
-            "machineTags": [
+			"rbacGroupName": "The-A-Team",
-                "ExampleTag"
+            "riskScore": "High",
-            ],
+			"isAadJoined": true,
-            "rbacGroupId": 5,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "rbacGroupName": "Developers",
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
-            "riskScore": "North",
-            "aadDeviceId": null
         },
 		.
 		.
@@ -70,6 +73,50 @@ Content-type: application/json
 
 ### Example 2
 
+- Get all the alerts that created after 2018-10-20 00:00:00
+
+```
+HTTP GET  https://api.securitycenter.windows.com/api/alerts?$filter=alertCreationTime gt 2018-11-22T00:00:00Z
+```
+
+**Response:**
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
+    "value": [
+        {
+            "id": "121688558380765161_2136280442",
+			"incidentId": 7696,
+			"assignedTo": "secop@contoso.com",
+			"severity": "High",
+			"status": "New",
+			"classification": "TruePositive",
+			"determination": "Malware",
+			"investigationState": "Running",
+			"category": "MalwareDownload",
+			"detectionSource": "WindowsDefenderAv",
+			"threatFamilyName": "Mikatz",
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
+			"description": "Some description"
+			"recommendedAction": "Some recommended action"
+			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
+			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
+			"lastEventTime": "2018-11-26T16:18:01.809871Z",
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
+        },
+		.
+		.
+		.
+    ]
+}
+```
+
+### Example 3
+
 - Get all the machines with 'High' 'RiskScore'
 
 ```
@@ -85,23 +132,23 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "e3a77eeddb83d581238792387b1239b01286b2f",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2016-11-02T23:26:03.7882168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T10:27:08.708723Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.123.10.33",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "124.124.160.172",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18279.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18279,
+            "osBuild": 18209,
-            "healthStatus": "ImpairedCommunication",
+            "healthStatus": "Active",
-            "isAadJoined": true,
+            "rbacGroupId": 140,
-            "machineTags": [],
+			"rbacGroupName": "The-A-Team",
-            "rbacGroupId": 5,
-            "rbacGroupName": "Developers",
             "riskScore": "High",
-            "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a"
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
         },
 		.
 		.
@@ -110,7 +157,7 @@ Content-type: application/json
 }
 ```
 
-### Example 3
+### Example 4
 
 - Get top 100 machines with 'HealthStatus' not equals to 'Active'
 
@@ -127,23 +174,23 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1113333ddb83d581238792387b1239b01286b2f",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2016-11-02T23:26:03.7882168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T10:27:08.708723Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.123.10.33",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "124.124.160.172",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18279.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18279,
+            "osBuild": 18209,
-            "healthStatus": "ImpairedCommunication",
+            "healthStatus": "Active",
-            "isAadJoined": true,
+            "rbacGroupId": 140,
-            "machineTags": [],
+			"rbacGroupName": "The-A-Team",
-            "rbacGroupId": 5,
+            "riskScore": "High",
-            "rbacGroupName": "Developers",
+			"isAadJoined": true,
-            "riskScore": "Medium",
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a"
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
         },
 		.
 		.
@@ -152,12 +199,12 @@ Content-type: application/json
 }
 ```
 
-### Example 4
+### Example 5
 
 - Get all the machines that last seen after 2018-10-20
 
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-10-20Z
+HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z
 ```
 
 **Response:**
@@ -169,23 +216,23 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "83113465ffceca4a731234e5dcde3357e026e873",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples-vm10",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-11-12T16:07:50.1706168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T16:07:50.1706168Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "WindowsServer2019",
+            "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "lastIpAddress": "10.123.72.35",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "123.220.2.3",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18281.1000",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18281,
+            "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": false,
+            "rbacGroupId": 140,
-            "machineTags": [],
+			"rbacGroupName": "The-A-Team",
-            "rbacGroupId": 5,
+            "riskScore": "High",
-            "rbacGroupName": "Developers",
+			"isAadJoined": true,
-            "riskScore": "None",
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "aadDeviceId": null
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
         },
 		.
 		.
@@ -194,7 +241,7 @@ Content-type: application/json
 }
 ```
 
-### Example 5
+### Example 6
 
 - Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Windows Defender ATP
 

windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md

@@ -15,7 +15,7 @@ ms.date: 12/08/2017
 
 # File resource type
 
-[!include[Prerelease information](prerelease.md)]
+[!include[Prerelease information](prerelease.md)]
 
 Represent a file entity in WDATP.
 
@@ -34,7 +34,7 @@ Property |	Type	|	Description
 sha1 | String | Sha1 hash of the file content
 sha256 | String | Sha256 hash of the file content
 md5 | String | md5 hash of the file content
-globalPrevalence | Integer | File prevalence accross organization
+globalPrevalence | Integer | File prevalence across organization
 globalFirstObserved | DateTimeOffset | First time the file was observed.
 globalLastObserved | DateTimeOffset | Last time the file was observed.
 size | Integer | Size of the file.

windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md

@@ -15,11 +15,12 @@ ms.date: 12/08/2017
 
 # Find machines by internal IP API
 
-[!include[Prerelease information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
 - Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
 - The given timestamp must be in the past 30 days.
 
@@ -83,22 +84,23 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "863fed4b174465c703c6e412965a31b5e1884cc4",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine33.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-07-31T14:20:55.8223496Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": null,
+			"lastSeen": "2018-09-22T08:55:03.7791856Z",
-            "osPlatform": "Windows10",
+			"osPlatform": "Windows10",
-            "osVersion": null,
+			"osVersion": "10.0.0.0",
-            "lastIpAddress": "10.248.240.38",
+			"lastIpAddress": "10.248.240.38",
-            "lastExternalIpAddress": "167.220.2.166",
+			"lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.3720.16299.98",
+			"agentVersion": "10.5830.18209.1001",
-            "osBuild": 16299,
+			"osBuild": 18209,
-            "healthStatus": "Active",
+			"healthStatus": "Active",
-            "isAadJoined": true,
+			"rbacGroupId": 140,
-            "machineTags": [],
+			"rbacGroupName": "The-A-Team",
-            "rbacGroupId": 75,
+			"riskScore": "Low",
-            "riskScore": "Medium",
+			"isAadJoined": true,
-            "aadDeviceId": null
+			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md

@@ -64,7 +64,7 @@ Here is an example of the request.
 [!include[Improve request performance](improverequestperformance-new.md)]
 
 ```
-GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442
+GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442
 ```
 
 **Response**
@@ -75,24 +75,25 @@ Here is an example of the response.
 ```
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
-    "id": "636688558380765161_2136280442",
+    "id": "441688558380765161_2136280442",
-    "severity": "Informational",
+	"incidentId": 8633,
-    "status": "InProgress",
+	"assignedTo": "secop@contoso.com",
-    "description": "Some alert description 1",
+	"severity": "Low",
-    "recommendedAction": "Some recommended action 1",
+	"status": "InProgress",
-    "alertCreationTime": "2018-08-03T01:17:17.9516179Z",
+	"classification": "TruePositive",
-    "category": "General",
+	"determination": "Malware",
-    "title": "Some alert title 1",
+	"investigationState": "Running",
-    "threatFamilyName": null,
+	"category": "MalwareDownload",
-    "detectionSource": "WindowsDefenderAtp",
+	"detectionSource": "WindowsDefenderAv",
-    "classification": "TruePositive",
+	"threatFamilyName": "Mikatz",
-    "determination": null,
+	"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-    "assignedTo": "best secop ever",
+	"description": "Some description"
-    "resolvedTime": null,
+	"recommendedAction": "Some recommended action"
-    "lastEventTime": "2018-08-02T07:02:52.0894451Z",
+	"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
-    "firstEventTime": "2018-08-02T07:02:52.0894451Z",
+	"firstEventTime": "2018-11-25T16:17:50.0948658Z",
-    "actorName": null,
+	"lastEventTime": "2018-11-25T16:18:01.809871Z",
-    "machineId": "ff0c3800ed8d66738a514971cd6867166809369f"
+	"resolvedTime": null,
+	"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
 }
 
 ```

windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md

@@ -50,8 +50,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and domain exist - 200 OK.
+If successful and alert and domain exist - 200 OK. If alert not found - 404 Not Found.
-If alert not found or domain not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md

@@ -50,8 +50,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and files exist - 200 OK.
+If successful and alert and files exist - 200 OK. If alert not found - 404 Not Found.
-If alert not found or files not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md

@@ -51,7 +51,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and an IP exist - 200 OK. If alert not found or IPs not found - 404 Not Found.
+If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md

@@ -14,12 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related machine information API
+
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-Retrieves machine that is related to a specific alert.
+- Retrieves machine that is related to a specific alert.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -52,8 +53,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and machine exist - 200 OK.
+If successful and alert and machine exist - 200 OK. If alert not found or machine not found - 404 Not Found.
-If alert not found or machine not found - 404 Not Found.
 
 ## Example
 
@@ -78,22 +78,22 @@ HTTP/1.1 200 OK
 Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity",
-    "id": "ff0c3800ed8d66738a514971cd6867166809369f",
+    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "amazingmachine.contoso.com",
+    "computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2017-12-10T07:47:34.4269783Z",
+    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-	"lastSeen": "2017-12-10T07:47:34.4269783Z",
+	"lastSeen": "2018-08-02T14:55:03.7791856Z",
     "osPlatform": "Windows10",
     "osVersion": "10.0.0.0",
-    "systemProductName": null,
+    "lastIpAddress": "172.17.230.209",
-    "lastIpAddress": "172.17.0.0",
+    "lastExternalIpAddress": "167.220.196.71",
-    "lastExternalIpAddress": "167.220.0.0",
+    "agentVersion": "10.5830.18209.1001",
-    "agentVersion": "10.5830.17732.1001",
+    "osBuild": 18209,
-    "osBuild": 17732,
     "healthStatus": "Active",
-    "isAadJoined": true,
+    "rbacGroupId": 140,
-    "machineTags": [],
+	"rbacGroupName": "The-A-Team",
-    "rbacGroupId": 75,
     "riskScore": "Low",
-    "aadDeviceId": "80fe8ff8-0000-0000-9591-41f0491218f9"
+	"isAadJoined": true,
+    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+	"machineTags": [ "test tag 1", "test tag 2" ]
 }
 ```

windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md

@@ -51,8 +51,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and a user exists - 200 OK with user in the body.
+If successful and alert and a user exists - 200 OK with user in the body. If alert or user not found - 404 Not Found.
-If alert not found or user not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md

@@ -21,8 +21,10 @@ ms.date: 12/08/2017
 [!include[Prerelease information](prerelease.md)]
 
 
-Retrieves top recent alerts.
+- Retrieves a collection of Alerts.
-
+- Supports [OData V4 queries](https://www.odata.org/documentation/).
+- The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
+- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -58,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK, and a list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) objects in the response body. If no recent alerts found - 404 Not Found.
+If successful, this method returns 200 OK, and a list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) objects in the response body.
 
 
 ## Example
@@ -81,50 +83,55 @@ Here is an example of the response.
 >The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
 
 
-```
+```json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
     "value": [
         {
-            "id": "636688558380765161_2136280442",
+            "id": "121688558380765161_2136280442",
-            "severity": "Informational",
+			"incidentId": 7696,
-            "status": "InProgress",
+			"assignedTo": "secop@contoso.com",
-            "description": "Some alert description 1",
+			"severity": "High",
-            "recommendedAction": "Some recommended action 1",
+			"status": "New",
-            "alertCreationTime": "2018-08-03T01:17:17.9516179Z",
+			"classification": "TruePositive",
-            "category": "General",
+			"determination": "Malware",
-            "title": "Some alert title 1",
+			"investigationState": "Running",
-            "threatFamilyName": null,
+			"category": "MalwareDownload",
-            "detectionSource": "WindowsDefenderAtp",
+			"detectionSource": "WindowsDefenderAv",
-            "classification": "TruePositive",
+			"threatFamilyName": "Mikatz",
-            "determination": null,
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-            "assignedTo": "best secop ever",
+			"description": "Some description"
-            "resolvedTime": null,
+			"recommendedAction": "Some recommended action"
-            "lastEventTime": "2018-08-02T07:02:52.0894451Z",
+			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
-            "firstEventTime": "2018-08-02T07:02:52.0894451Z",
+			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
-            "actorName": null,
+			"lastEventTime": "2018-11-26T16:18:01.809871Z",
-            "machineId": "ff0c3800ed8d66738a514971cd6867166809369f"
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
         },
         {
-            "id": "636688558380765161_2136280442",
+            "id": "441688558380765161_2136280442",
-            "severity": "Informational",
+			"incidentId": 8633,
-            "status": "InProgress",
+			"assignedTo": "secop@contoso.com",
-            "description": "Some alert description 2",
+			"severity": "Low",
-            "recommendedAction": "Some recommended action 2",
+			"status": "InProgress",
-            "alertCreationTime": "2018-08-04T01:17:17.9516179Z",
+			"classification": "TruePositive",
-            "category": "General",
+			"determination": "Malware",
-            "title": "Some alert title 2",
+			"investigationState": "Running",
-            "threatFamilyName": null,
+			"category": "MalwareDownload",
-            "detectionSource": "WindowsDefenderAtp",
+			"detectionSource": "WindowsDefenderAv",
-            "classification": "TruePositive",
+			"threatFamilyName": "Mikatz",
-            "determination": null,
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-            "assignedTo": "best secop ever",
+			"description": "Some description"
-            "resolvedTime": null,
+			"recommendedAction": "Some recommended action"
-            "lastEventTime": "2018-08-03T07:02:52.0894451Z",
+			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
-            "firstEventTime": "2018-08-03T07:02:52.0894451Z",
+			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
-            "actorName": null,
+			"lastEventTime": "2018-11-25T16:18:01.809871Z",
-            "machineId": "ff0c3800ed8d66738a514971cd6867166809369d"
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
         }
 	]
 }
 ```
+
+## Related topics
+- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain and alert exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain or alert does not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain does not exist - 404 Not Found.
 
 
 ## Example
@@ -84,44 +84,46 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "636688558380765161_2136280442",
+            "id": "441688558380765161_2136280442",
-            "severity": "Informational",
+			"incidentId": 8633,
-            "status": "InProgress",
+			"assignedTo": "secop@contoso.com",
-            "description": "Some alert description 1",
+			"severity": "Low",
-            "recommendedAction": "Some recommended action 1",
+			"status": "InProgress",
-            "alertCreationTime": "2018-08-03T01:17:17.9516179Z",
+			"classification": "TruePositive",
-            "category": "General",
+			"determination": "Malware",
-            "title": "Some alert title 1",
+			"investigationState": "Running",
-            "threatFamilyName": null,
+			"category": "MalwareDownload",
-            "detectionSource": "WindowsDefenderAtp",
+			"detectionSource": "WindowsDefenderAv",
-            "classification": "TruePositive",
+			"threatFamilyName": "Mikatz",
-            "determination": null,
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-            "assignedTo": "best secop ever",
+			"description": "Some description"
-            "resolvedTime": null,
+			"recommendedAction": "Some recommended action"
-            "lastEventTime": "2018-08-02T07:02:52.0894451Z",
+			"alertCreationTime": "2018-11-25T16:19:21.8409809Z",
-            "firstEventTime": "2018-08-02T07:02:52.0894451Z",
+			"firstEventTime": "2018-11-25T16:17:50.0948658Z",
-            "actorName": null,
+			"lastEventTime": "2018-11-25T16:18:01.809871Z",
-            "machineId": "ff0c3800ed8d66738a514971cd6867166809369f"
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
         },
         {
-            "id": "636688558380765161_2136280442",
+            "id": "121688558380765161_2136280442",
-            "severity": "Informational",
+			"incidentId": 4123,
-            "status": "InProgress",
+			"assignedTo": "secop@contoso.com",
-            "description": "Some alert description 2",
+			"severity": "Low",
-            "recommendedAction": "Some recommended action 2",
+			"status": "InProgress",
-            "alertCreationTime": "2018-08-04T01:17:17.9516179Z",
+			"classification": "TruePositive",
-            "category": "General",
+			"determination": "Malware",
-            "title": "Some alert title 2",
+			"investigationState": "Running",
-            "threatFamilyName": null,
+			"category": "MalwareDownload",
-            "detectionSource": "WindowsDefenderAtp",
+			"detectionSource": "WindowsDefenderAv",
-            "classification": "TruePositive",
+			"threatFamilyName": "Mikatz",
-            "determination": null,
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-            "assignedTo": "best secop ever",
+			"description": "Some description"
-            "resolvedTime": null,
+			"recommendedAction": "Some recommended action"
-            "lastEventTime": "2018-08-03T07:02:52.0894451Z",
+			"alertCreationTime": "2018-11-24T16:19:21.8409809Z",
-            "firstEventTime": "2018-08-03T07:02:52.0894451Z",
+			"firstEventTime": "2018-11-24T16:17:50.0948658Z",
-            "actorName": null,
+			"lastEventTime": "2018-11-24T16:18:01.809871Z",
-            "machineId": "ff0c3800ed8d66738a514971cd6867166809369d"
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
         }
 	]
 }

windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -52,7 +52,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain and machine exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities. If domain or machines do not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities. If domain do not exist - 404 Not Found.
 
 
 ## Example
@@ -80,43 +80,43 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "02ea9a24e8bd39c247ed7ca0edae879c321684e5",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "testMachine1",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-07-30T20:12:00.3708661Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-07-30T20:12:00.3708661Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
+            "lastIpAddress": "172.17.230.209",
-            "lastIpAddress": "10.209.67.177",
+            "lastExternalIpAddress": "167.220.196.71",
-            "lastExternalIpAddress": "167.220.1.210",
+            "agentVersion": "10.5830.18209.1001",
-            "agentVersion": "10.5830.18208.1000",
+            "osBuild": 18209,
-            "osBuild": 18208,
+            "healthStatus": "Active",
-            "healthStatus": "Inactive",
+            "rbacGroupId": 140,
-            "isAadJoined": false,
+			"rbacGroupName": "The-A-Team",
-            "machineTags": [],
-            "rbacGroupId": 75,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
-            "id": "02efb9a9b85f07749a018fbf3f962b4700b3b949",
+            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
-            "computerDnsName": "testMachine2",
+            "computerDnsName": "mymachine2.contoso.com",
-            "firstSeen": "2018-07-30T19:50:47.3618349Z",
+            "firstSeen": "2018-07-09T13:22:45.1250071Z",
-			"lastSeen": "2018-07-30T19:50:47.3618349Z",
+			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
+            "lastIpAddress": "192.168.12.225",
-            "lastIpAddress": "10.209.70.231",
+            "lastExternalIpAddress": "79.183.65.82",
-            "lastExternalIpAddress": "167.220.0.28",
+            "agentVersion": "10.5820.17724.1000",
-            "agentVersion": "10.5830.18208.1000",
+            "osBuild": 17724,
-            "osBuild": 18208,
             "healthStatus": "Inactive",
-            "isAadJoined": false,
+			"rbacGroupId": 140,
-            "machineTags": [],
+			"rbacGroupName": "The-A-Team",
-            "rbacGroupId": 75,
+            "riskScore": "Low",
-            "riskScore": "None",
+			"isAadJoined": false,
-            "aadDeviceId": null
+            "aadDeviceId": null,
-        }    
+			"machineTags": [ "test tag 1" ]
+        }
 	]
 }
 ```

windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md

@@ -50,8 +50,7 @@ Authorization | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain exists - 200 OK, with statistics object in the response body.
+If successful and domain exists - 200 OK, with statistics object in the response body. If domain does not exist - 404 Not Found.
-If domain does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md

@@ -52,8 +52,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with the [file](files-windows-defender-advanced-threat-protection-new.md) entity in the body.
+If successful and file exists - 200 OK with the [file](files-windows-defender-advanced-threat-protection-new.md) entity in the body. If file does not exist - 404 Not Found.
-If file does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -55,8 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file and alert exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body.
+If successful and file exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
-If file or alerts do not exist - 404 Not Found.
 
 
 ## Example
@@ -83,24 +82,25 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
     "value": [
         {
-            "id": "636692391408655573_2010598859",
+            "id": "121688558380765161_2136280442",
-            "severity": "Low",
+			"incidentId": 7696,
-            "status": "New",
+			"assignedTo": "secop@contoso.com",
-            "description": "test alert",
+			"severity": "High",
-            "recommendedAction": "do this and that",
+			"status": "New",
-            "alertCreationTime": "2018-08-07T11:45:40.0199932Z",
+			"classification": "TruePositive",
-            "category": "None",
+			"determination": "Malware",
-            "title": "test alert",
+			"investigationState": "Running",
-            "threatFamilyName": null,
+			"category": "MalwareDownload",
-            "detectionSource": "CustomerTI",
+			"detectionSource": "WindowsDefenderAv",
-            "classification": null,
+			"threatFamilyName": "Mikatz",
-            "determination": null,
+			"title": "Windows Defender AV detected 'Mikatz', high-severity malware",
-            "assignedTo": null,
+			"description": "Some description"
-            "resolvedTime": null,
+			"recommendedAction": "Some recommended action"
-            "lastEventTime": "2018-08-03T16:45:21.7115182Z",
+			"alertCreationTime": "2018-11-26T16:19:21.8409809Z",
-            "firstEventTime": "2018-08-03T16:45:21.7115182Z",
+			"firstEventTime": "2018-11-26T16:17:50.0948658Z",
-            "actorName": null,
+			"lastEventTime": "2018-11-26T16:18:01.809871Z",
-            "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07"
+			"resolvedTime": null,
+			"machineId": "9d80fbbc1bdbc5ce968f1d37c72384cbe17ee337"
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Get file related machines API
+
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-Retrieves a collection of machines related to a given file hash.
+- Retrieves a collection of machines related to a given file hash.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -53,8 +54,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file and machines exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body.
+If successful and file exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
-If file or machines do not exist - 404 Not Found.
 
 
 ## Example
@@ -84,39 +84,37 @@ Content-type: application/json
             "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
             "computerDnsName": "mymachine1.contoso.com",
             "firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lasttSeen": "2018-07-09T13:22:45.1250071Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "172.17.230.209",
             "lastExternalIpAddress": "167.220.196.71",
             "agentVersion": "10.5830.18209.1001",
             "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
-            "machineTags": [],
             "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
             "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
             "computerDnsName": "mymachine2.contoso.com",
             "firstSeen": "2018-07-09T13:22:45.1250071Z",
-			"lasttSeen": "2018-07-09T13:22:45.1250071Z",
+			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "192.168.12.225",
             "lastExternalIpAddress": "79.183.65.82",
             "agentVersion": "10.5820.17724.1000",
             "osBuild": 17724,
             "healthStatus": "Inactive",
-            "isAadJoined": true,
+			"rbacGroupId": 140,
-            "machineTags": [],
-            "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": false,
+            "aadDeviceId": null,
+			"machineTags": [ "test tag 1" ]
         }
     ]
 }