diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md
index 1d321ed900..9438c6d9d2 100644
--- a/devices/hololens/hololens-status.md
+++ b/devices/hololens/hololens-status.md
@@ -8,7 +8,7 @@ manager: jarrettr
audience: Admin
ms.topic: article
ms.prod: hololens
-localization_priority: Medium
+ms.localizationpriority: Medium
ms.sitesec: library
---
diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md
index d8ff62b687..e8350f4e65 100644
--- a/devices/hololens/hololens2-setup.md
+++ b/devices/hololens/hololens2-setup.md
@@ -22,10 +22,10 @@ The procedures below will help you set up a HoloLens 2 for the first time.
Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet.
- - When the device is charging, the battery indicator lights up in a wave pattern.
- - When your HoloLens is on, the battery indicator displays the battery level in increments.
- - When only one of the five lights is on, the battery level is below 20 percent.
- - If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out.
+ - When the device is charging, the battery indicator lights up in a wave pattern.
+ - When your HoloLens is on, the battery indicator displays the battery level in increments.
+ - When only one of the five lights is on, the battery level is below 20 percent.
+ - If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out.
> [!TIP]
> To get an estimate of your current battery level, say "Hey Cortana, how much battery do I have left?"
@@ -54,14 +54,14 @@ To turn on your HoloLens 2, press the Power button. The LED lights below the Po
### Power button actions for different power transitions
-|To do this |Perform this action and watch for these indicator lights |
+| To do this | Perform this action and watch for these indicator lights |
| - | - |
-|To turn on |**Single click**  |
-|To sleep |**Single click**  |
-|To wake from sleep |**Single click**  |
-|To turn off |**Press and for hold 5s**  |
-|To force the Hololens to restart if it is unresponsive |**Press and hold for 10s**  |
-
+| To turn on | Single button press - lights will indicate battery state. |
+| To sleep | Single button press - lights will indicate battery state then go dark on sleep. |
+| To wake from sleep | Single button press - lights will indicate battery state. |
+| To turn off | Press and for hold 5s - all five lights will light then go dark on shutdown. |
+| To force the Hololens to restart if it is unresponsive | Press and hold for 10s - all lights will light then go dark on shutdown. They'll relight on restart. |
+
## HoloLens indicator lights
Not sure what the indicator lights on your HoloLens mean? Here's some help!
@@ -70,12 +70,12 @@ Not sure what the indicator lights on your HoloLens mean? Here's some help!
|When you do this | And then the lights do this | It means |
| - | - | - |
-|You press the Power button. |All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. | HoloLens is starting up. |
-|You press the Power button. |All five lights turn on, then change to indicate the battery level. A sound immediately plays. | HoloLens is on, awake, and ready to use. |
-|You press and hold the Power button for five seconds or longer. |All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |HoloLens is shutting down. |
-|You press and hold the Power button for less than five seconds. |All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |HoloLens is entering sleep. |
-|You press the Power button. |One light flashes five times, then turns off. |The HoloLens battery is critically low. Charge your HoloLens. |
-|You press the Power button. |All five lights flash five times, then turn off. |HoloLens cannot start correctly and is in an error state. |
+| You press the Power button. |All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. | HoloLens is starting up. |
+| You press the Power button. |All five lights turn on, then change to indicate the battery level. A sound immediately plays. | HoloLens is on, awake, and ready to use. |
+| You press and hold the Power button for five seconds or longer. |All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |HoloLens is shutting down. |
+| You press and hold the Power button for less than five seconds. |All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |HoloLens is entering sleep. |
+| You press the Power button. |One light flashes five times, then turns off. |The HoloLens battery is critically low. Charge your HoloLens. |
+| You press the Power button. |All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. |
### Lights that indicate the battery level
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index 6d0b532210..110355baf4 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -9,7 +9,7 @@ ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface Hub."
-localization_priority: High
+ms.localizationpriority: High
---
# Get started with Surface Hub
diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md
index 2ea4ff4188..7e007abc4e 100644
--- a/devices/surface/get-started.md
+++ b/devices/surface/get-started.md
@@ -10,7 +10,7 @@ ms.tgt_pltfrm: na
ms.devlang: na
ms.topic: landing-page
description: "Get started with Microsoft Surface devices"
-localization_priority: High
+ms.localizationpriority: High
---
# Get started with Surface devices
diff --git a/devices/surface/index.md b/devices/surface/index.md
index 8a40146adb..2677bffc49 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -8,7 +8,7 @@ ms.author: robmazz
manager: laurawi
ms.topic: hub-page
keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation
-localization_priority: High
+ms.localizationpriority: High
audience: ITPro
ms.prod: Surface
description: Learn about Microsoft Surface and Surface Hub devices.
diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md
index cad2a6924f..42d9e3a2c5 100644
--- a/devices/surface/surface-wireless-connect.md
+++ b/devices/surface/surface-wireless-connect.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
ms.audience: itpro
-ms.localization_priority: normal
+ms.localizationpriority: normal
ms.author: dansimp
ms.topic: article
ms.date: 08/15/2019
diff --git a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
index e162df6f9b..638fd0e895 100644
--- a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
+++ b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
@@ -1,11 +1,11 @@
---
title: About App-V Package Accelerators (App-V 4.6 SP1)
description: About App-V Package Accelerators (App-V 4.6 SP1)
-author: dansimp
+author: manikadhiman
ms.assetid: fc2d2375-8f17-4a6d-b374-771cb947cb8c
ms.reviewer:
manager: dansimp
-ms.author: manikadhiman
+ms.author: v-madhi
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
index d154228918..d8bed1b729 100644
--- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md
@@ -1,5 +1,5 @@
---
-title: How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer
+title: "How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer"
description: How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer
ms.assetid: 2a43ca1b-6847-4dd1-ade2-336ac4ac6af0
ms.reviewer:
diff --git a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
index cd80095b3e..c9f0e46454 100644
--- a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
+++ b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md
@@ -7,7 +7,7 @@ audience: ITPro
ms.topic: article
ms.prod: w10
manager: miaposto
-localization_priority: Normal
+ms.localizationpriority: Normal
---
# Upgrade from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 9fca236820..48023ee817 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -103,6 +103,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
DeviceHealthMonitoring/AllowDeviceHealthMonitoring
DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope
DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination
+DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
+DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
Experience/ShowLockOnUserTile
InternetExplorer/AllowEnhancedSuggestionsInAddressBar
InternetExplorer/DisableActiveXVersionListAutoDownload
@@ -1909,6 +1911,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
+|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
### August 2019
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 61718b8d22..276d195179 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1209,6 +1209,9 @@ The following diagram shows the Policy configuration service provider in tree fo
DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+
+ DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
+
DeviceInstallation/PreventDeviceMetadataFromNetwork
@@ -1218,6 +1221,9 @@ The following diagram shows the Policy configuration service provider in tree fo
DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
+
+ DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
+
DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
@@ -3553,6 +3559,15 @@ The following diagram shows the Policy configuration service provider in tree fo
TextInput/AllowLinguisticDataCollection
+
+ TextInput/ConfigureJapaneseIMEVersion
+
+
+ TextInput/ConfigureSimplifiedChineseIMEVersion
+
+
+ TextInput/ConfigureTraditionalChineseIMEVersion
+
TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 75e6a2bd5a..ba62dc186a 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -4,6 +4,7 @@ ms.reviewer:
manager: dansimp
description: Policy CSP - DeviceInstallation
ms.author: dansimp
+ms.date: 09/26/2019
ms.topic: article
ms.prod: w10
ms.technology: windows
@@ -11,6 +12,8 @@ author: manikadhiman
---
# Policy CSP - DeviceInstallation
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -24,6 +27,9 @@ author: manikadhiman
DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
+
+ DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
+
DeviceInstallation/PreventDeviceMetadataFromNetwork
@@ -33,12 +39,14 @@ author: manikadhiman
DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
+
+ DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
+
DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
-
@@ -132,7 +140,7 @@ To enable this policy, use the following SyncML. This example allows Windows to
```
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
```txt
>>> [Device Installation Restrictions Policy Check]
@@ -247,7 +255,7 @@ Enclose the class GUID within curly brackets {}. To configure multiple classes,
```
-To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
```txt
@@ -264,6 +272,105 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
+
+**DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs**
+
+
+
+
+ Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903. Also available in Windows 10, version 1809. This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.
+
+If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, the "Prevent installation of devices that match any of these device instance IDs" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed.
+
+Peripherals can be specified by their [device instance ID](https://docs.microsoft.com/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Allow installation of devices that match any of these device instance IDs*
+- GP name: *DeviceInstall_Instance_IDs_Allow*
+- GP path: *System/Device Installation/Device Installation Restrictions*
+- GP ADMX file name: *deviceinstallation.admx*
+
+
+
+
+
+
+To enable this policy, use the following SyncML.
+
+``` xml
+
+
+
+ $CmdID$
+ -
+
+ ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
+
+
+ string
+
+
+
+
+
+
+```
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+``` txt
+>>> [Device Installation Restrictions Policy Check]
+>>> Section start 2018/11/15 12:26:41.659
+<<< Section end 2018/11/15 12:26:41.751
+<<< [Exit status: SUCCESS]
+```
+
+
+
+
+
+
+
+
**DeviceInstallation/PreventDeviceMetadataFromNetwork**
@@ -546,6 +653,107 @@ For example, this custom profile blocks installation and usage of USB devices wi
+
+
+
+**DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs**
+
+
+
+
+ Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+ 6 |
+ 6 |
+ 6 |
+ 6 |
+ |
+ |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Added in Windows 10, version 1903. Also available in Windows 10, version 1809. This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+
+Peripherals can be specified by their [device instance ID](https://docs.microsoft.com/windows-hardware/drivers/install/device-instance-ids). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:
+- GP English name: *Prevent installation of devices that match any of these device instance IDs*
+- GP name: *DeviceInstall_Instance_IDs_Deny*
+- GP path: *System/Device Installation/Device Installation Restrictions*
+- GP ADMX file name: *deviceinstallation.admx*
+
+
+
+
+
+
+To enable this policy, use the following SyncML.
+
+``` xml
+
+
+
+ $CmdID$
+ -
+
+ ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
+
+
+ string
+
+
+
+
+
+
+```
+To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see if the following is listed near the end of the log:
+
+``` txt
+>>> [Device Installation Restrictions Policy Check]
+>>> Section start 2018/11/15 12:26:41.659
+<<< Section end 2018/11/15 12:26:41.751
+<<< [Exit status: SUCCESS]
+```
+
+
+
+
+
+
+
**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index dd9948d56b..060fa7985d 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 08/09/2018
+ms.date: 09/20/2019
ms.reviewer:
manager: dansimp
---
@@ -14,7 +14,7 @@ manager: dansimp
# Policy CSP - TextInput
> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> Some information relates to prereleased products, which may be substantially modified before they are commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@@ -60,6 +60,15 @@ manager: dansimp
TextInput/AllowLinguisticDataCollection
+ TextInput/ConfigureJapaneseIMEVersion
+
+
+ TextInput/ConfigureSimplifiedChineseIMEVersion
+
+
+ TextInput/ConfigureTraditionalChineseIMEVersion
+
+
TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
@@ -705,6 +714,171 @@ This setting supports a range of values between 0 and 1.
+
+**TextInput/ConfigureJapaneseIMEVersion**
+
+
+
+
+ Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  |
+  |
+  |
+  |
+  |
+  |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> - The policy is only enforced in Windows 10 for desktop.
+> - This policy requires reboot to take effect.
+
+Added in next major release of Windows 10. Allows IT admins to configure Microsoft Japanese IME version in the desktop.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allows you to configure which Microsoft Japanese IME version to use. The new Microsoft Japanese IME version is configured by default.
+- 1 - Does not allow you to configure which Microsoft Japanese IME version to use. The previous version of Microsoft Japanese IME is always selected.
+- 2 - Does not allow you to configure which Microsoft Japanese IME version to use. The new Microsoft Japanese IME version is always selected.
+
+
+
+
+
+
+
+**TextInput/ConfigureSimplifiedChineseIMEVersion**
+
+
+
+
+ Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  |
+  |
+  |
+  |
+  |
+  |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> - This policy is enforced only in Windows 10 for desktop.
+> - This policy requires reboot to take effect.
+
+Added in next major release of Windows 10. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allows you to configure which Microsoft Simplified Chinese IME version to use. The new Microsoft Simplified Chinese IME version is configured by default.
+- 1 - Does not allow you to configure which Microsoft Simplified Chinese IME version to use. The previous version of Microsoft Simplified Chinese IME is always selected.
+- 2 - Does not allow you to configure which Microsoft Simplified Chinese IME version to use. The new Microsoft Simplified Chinese IME version is always selected.
+
+
+
+
+
+
+
+**TextInput/ConfigureTraditionalChineseIMEVersion**
+
+
+
+
+ Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ Mobile Enterprise |
+
+
+  |
+  |
+  |
+  |
+  |
+  |
+  |
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+> [!NOTE]
+> - This policy is enforced only in Windows 10 for desktop.
+> - This policy requires reboot to take effect.
+
+Added in next major release of Windows 10. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop.
+
+
+
+The following list shows the supported values:
+
+- 0 (default) - Allows you to configure which Microsoft Traditional Chinese IME version to use. The new Microsoft Traditional Chinese IME version is configured by default.
+- 1 - Does not allow you to configure which Microsoft Traditional Chinese IME version to use. The previous version of Microsoft Traditional Chinese IME is always selected.
+- 2 - Does not allow you to configure which Microsoft Traditional Chinese IME version to use. The new Microsoft Traditional Chinese IME version is always selected.
+
+
+
+
+
+
**TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode**
@@ -762,6 +936,7 @@ The following list shows the supported values:
+
**TextInput/ExcludeJapaneseIMEExceptJIS0208**
@@ -1339,4 +1514,4 @@ Footnotes:
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
-
\ No newline at end of file
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
index 4fd47f3d99..dec845f1d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@@ -1,6 +1,6 @@
---
title: Onboard non-Windows machines to the Microsoft Defender ATP service
-description: Configure non-Winodws machines so that they can send sensor data to the Microsoft Defender ATP service.
+description: Configure non-Windows machines so that they can send sensor data to the Microsoft Defender ATP service.
keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Microsoft Defender Advanced Threat Protection machines
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -27,14 +27,10 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink)
-
-
Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work.
-
-
## Onboarding non-Windows machines
You'll need to take the following steps to onboard non-Windows machines:
1. Select your preferred method of onboarding:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index a3780835a9..692f8cc37b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -46,8 +46,6 @@ The following features are included in the preview release:
- [API Explorer](api-explorer.md)
The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender ATP API endpoint.
-- [Tamper Protection settings in Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-with-intune)
You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune).
-
- [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md)
You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.
- [Indicators for IP addresses, URLs/Domains](manage-indicators.md)
You can now allow or block URLs/domains using your own threat intelligence.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index b6571426ba..1704845ac8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -4,6 +4,7 @@ description: What's in the Threat & Vulnerability Management dashboard and how i
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
search.appverid: met150
search.product: eADQiWindows 10XVcnh
+ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index f8f068cd50..be3d95c1f3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -25,11 +25,13 @@ ms.topic: conceptual
The following features are generally available (GA) in the latest release of Microsoft Defender ATP as well as security features in Windows 10 and Windows Server.
-
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
## September 2019
+
+- [Tamper Protection settings using Intune](../windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune).
+
- [Live response](live-response.md)
Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.
- [Evaluation lab](evaluation-lab.md)
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index acd0f63ec6..9576d05d77 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a
ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
ms.reviewer:
ms.author: dansimp
-ms.prod: ws10
+ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 5ba3f228c0..0a78bbd6af 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -46,9 +46,9 @@ Tamper Protection doesn't prevent you from viewing your security settings. And,
### What do you want to do?
-[Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine)
+[Turn Tamper Protection on (or off) for an individual machine using Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine)
-[Turn Tamper Protection on (or off) for your organization with Intune (Preview)](#turn-tamper-protection-on-or-off-for-your-organization-with-intune)
+[Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
## Turn Tamper Protection on (or off) for an individual machine
@@ -68,11 +68,9 @@ If you are a home user, or you are not subject to settings managed by a security
> Once you’ve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
-## Turn Tamper Protection on (or off) for your organization with Intune
+## Turn Tamper Protection on (or off) for your organization using Intune
-If you are part of your organization's security team, the ability to turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune) is now in preview. "In preview" means this feature is rolling out to business customers who have [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and who have agreed to participate in the preview program. As a preview feature, the following applies:
-
-*Some information in this section relates to prereleased product that might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.*
+If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and that you meet the prerequisites listed below.)
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
@@ -118,7 +116,7 @@ Tamper Protection will not have any impact on such devices.
If you are a home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
-If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization with Intune](#turn-tamper-protection-on-or-off-for-your-organization-with-intune).
+If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
### How does configuring Tamper Protection in Intune affect how I manage Windows Defender through my group policy?
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 785d80cbcc..c0e0200d21 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: mdsakibMSFT
+ms.author: mdsakib
ms.date: 05/21/2019
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index adf5eb6279..bf87000f78 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -1,9 +1,6 @@
-ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
-ms.reviewer:
---
title: Use a reference device to create and maintain AppLocker policies (Windows 10)
description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
-
ms.author: macapara
ms.prod: w10
ms.mktglfcycl: deploy
@@ -16,6 +13,8 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
+ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
+ms.reviewer:
---
# Use a reference device to create and maintain AppLocker policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md
index babbce2e0b..44a9846b76 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: mdsakibMSFT
+ms.author: mdsakib
ms.date: 05/17/2019
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index 40326f9ba8..d192ac21a9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: mdsakibMSFT
+ms.author: mdsakib
ms.date: 05/17/2019
---
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md
index fe043e036b..87a52c4dd8 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md
@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
author: appcompatguy
manager: dansimp
audience: ITPro
@@ -177,7 +177,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
| Network / Network Connections | Prohibit use of Internet Connection Sharing on your DNS domain network | Enabled | Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. |
| Network / Network Provider | Hardened UNC Paths | \\\\\*\\SYSVOL and \\\\\*\\NETLOGON RequireMutualAuthentication = 1, RequireIntegrity = 1 | This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. |
| Network / Windows Connection Manager | Prohibit connection to non-domain networks when connected to domain authenticated network | Enabled | This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time. |
-| System / Credentials Delegation | Encryption Oracle Remediation | Force Updated Clients | Enryption Oracle Remediation |
+| System / Credentials Delegation | Encryption Oracle Remediation | Force Updated Clients | Encryption Oracle Remediation |
| System / Credentials Delegation | Remote host allows delegation of non-exportable credentials | Enabled | When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host supports Restricted Admin or Remote Credential Guard mode. |
| System / Device Installation / Device Installation Restrictions | Prevent installation of devices that match any of these device IDs | [[[main setting]]] = Enabled
Also apply to matching devices that are already installed = True
1 = PCI\CC_0C0A | This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in a list that you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. |
| System / Device Installation / Device Installation Restrictions | Prevent installation of devices using drivers that match these device setup classes | [[[main setting]]] = Enabled
Also apply to matching devices that are already installed = True
1 = {d48179be-ec20-11d1-b6b8-00c04fa372a7} | This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. if you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. |
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
index 3671675351..f66320e362 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md
@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
author: appcompatguy
manager: dansimp
audience: ITPro
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
index d1673ce03b..640af6ba59 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md
@@ -5,7 +5,7 @@ keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.author: appcompatguy
+ms.author: cjacks
author: appcompatguy
manager: dansimp
audience: ITPro