Merge remote-tracking branch 'refs/remotes/origin/rs1' into Aug2

windows/keep-secure/.vscode/settings.json

@@ -0,0 +1,4 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+    "update.channel": "none",
+}

windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md

@@ -47,6 +47,8 @@ Everyone can get the **Microsoft Authenticator** app from the Windows Store. If
 [Tell people how to sign in using their phone.](prepare-people-to-use-microsoft-passport.md#bmk-remote)
 
 
+
+
 ## Related topics
 
 [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)

windows/keep-secure/prepare-people-to-use-microsoft-passport.md

@@ -97,3 +97,5 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
 [Event ID 300 - Windows Hello successfully created](passport-event-300.md)
 
 [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md) 
+
+

windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md

@@ -1014,6 +1014,38 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
+<p>NOTE: Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
+<li>Default Internet Explorer or Edge setting</li>
+<li>User Access Control settings</li>
+<li>Chrome settings</li>
+<li>Boot Control Data</li>
+<li>Regedit and Task Manager registry settings</li>
+<li>Windows Update, Background Intelligent Transfer Service, and Remote Procedure Call service</li>
+<li>Windows Operating System files</li></ul>
+The above context applies to the following client and server versions:
+<table>
+<tr>
+<th>Operating system</th>
+<th>Operating system version</th>
+</tr>
+<tr>
+<td>
+<p>Client Operating System </p>
+</td>
+<td>
+<p>Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Server Operating System</p>
+</td>
+<td>
+<p>Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016</p>
+</td>
+</tr>
+</p>
+</dl>
 </p>
 </td>
 </tr>

windows/keep-secure/vpn-profile-options.md

@@ -60,7 +60,7 @@ A VPN profile configured with LockDown secures the device to only allow network
 
 ## Learn more
 
-- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/vpn-connections-in-microsoft-intune)
+- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
 - [VPNv2 configuration service provider (CSP) reference](http://go.microsoft.com/fwlink/p/?LinkId=617588)
 - [How to Create VPN Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618028)
 

windows/keep-secure/wip-enterprise-overview.md

@@ -74,4 +74,4 @@ WIP gives you a new way to manage data policy enforcement for apps and documents
 You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info.
 
 ## Related topics
-- [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-EDP.md)
+- [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-edp.md)