From e50af964ee9e213780dd45077c28207851567df6 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sat, 11 Apr 2020 22:47:14 +0200
Subject: [PATCH 01/13] Applies to: Windows 10, Windows Server 2019

As per issue ticket #6441 (Supported windows versions are not valid),
this article incorrectly lists both deprecated and outdated OS
versions, both for Server and Client computers. The article itself
states that this policy was introduced in Windows 10, version 1703.

Thanks to yogeshasalkar for reporting this issue.

Changes proposed:
- Change the "Applies to" section to only Windows 10 and Server 2019
- Remove redundant end-of-line whitespace from 3 lines.

Ticket closure or reference:

Closes #6441
---
 .../interactive-logon-dont-display-username-at-sign-in.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
index e1d64c8cfd..84ae5e963d 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@@ -2,7 +2,7 @@
 title: Interactive logon Don't display username at sign-in (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.reviewer: 
+ms.reviewer:
 ms.author: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,9 +20,9 @@ ms.date: 04/19/2017
 # Interactive logon: Don't display username at sign-in
 
 **Applies to**
--   Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8, Windows 10
+- Windows 10, Windows Server 2019
 
-Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. 
+Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
 
 ## Reference
 
@@ -56,7 +56,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 | Domain controller effective default settings | Not defined|
 | Member server effective default settings | Not defined|
 | Effective GPO default settings on client computers | Not defined|
- 
+
 ## Policy management
 
 This section describes features and tools that are available to help you manage this policy.

From f5034fb18403432c8045d522913f386827bfa5f7 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Mon, 13 Apr 2020 09:01:39 -0500
Subject: [PATCH 02/13] Update windows-security-baselines.md

Updated links to the Blog and Community
---
 .../security/threat-protection/windows-security-baselines.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index 48bfb00d06..060257832a 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -64,7 +64,7 @@ The security baselines are included in the [Security Compliance Toolkit (SCT)](s
 
 ## Community
 
-[![Microsoft Security Guidance Blog](images/community.png)](https://blogs.technet.microsoft.com/secguide/) 
+[![Microsoft Security Guidance Blog](images/community.png)](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bd-p/Security-Baselines) 
 
 ## Related Videos
 
@@ -76,6 +76,6 @@ You may also be interested in this msdn channel 9 video:
 -   [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
 -   [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
 -   [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/)
--   [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/)
+-   [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
 -   [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
 -   [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 

From ad8008fa5eb3188c0cbc1a6d0773fef405958a8a Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Mon, 13 Apr 2020 12:55:21 -0500
Subject: [PATCH 03/13] Update
 windows/security/threat-protection/windows-security-baselines.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security/threat-protection/windows-security-baselines.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index 060257832a..9520338818 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -75,7 +75,7 @@ You may also be interested in this msdn channel 9 video:
 
 -   [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
 -   [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
--   [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/)
+- [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/)
 -   [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
 -   [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
 -   [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 

From 5af95cd6dae7c94e435f9de936eced6ec6b54e28 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Mon, 13 Apr 2020 13:16:39 -0500
Subject: [PATCH 04/13] Update
 windows/security/threat-protection/windows-security-baselines.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security/threat-protection/windows-security-baselines.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index 9520338818..4ed9d4f9e8 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -73,8 +73,8 @@ You may also be interested in this msdn channel 9 video:
 
 ## See Also
 
--   [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
--   [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
+- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
+- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
 - [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/)
 -   [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
 -   [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)

From 9696af861e0037f7125a4e61c2ba775130a2df88 Mon Sep 17 00:00:00 2001
From: Rona Song <38082753+qrscharmed@users.noreply.github.com>
Date: Mon, 13 Apr 2020 15:54:09 -0700
Subject: [PATCH 05/13] Update reqs-wd-app-guard.md

Removing:

|Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.<br><br>**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.<br><br>**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.|
---
 .../windows-defender-application-guard/reqs-wd-app-guard.md      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index 5c81b7eb36..ca449ea92c 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -42,4 +42,3 @@ Your environment needs the following software to run Windows Defender Applicatio
 |Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher<br>Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. |
 |Browser|Microsoft Edge and Internet Explorer|
 |Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
-|Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.<br><br>**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.<br><br>**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.|

From fc97842bd9dd03f94e829c1536fb3ab2cc1a001e Mon Sep 17 00:00:00 2001
From: Jordan Geurten <jogeurte@microsoft.com>
Date: Tue, 14 Apr 2020 10:29:11 -0700
Subject: [PATCH 06/13] Fixed the error in filename rules. Also added example.

---
 .../select-types-of-rules-to-create.md                        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index c8e505e884..ab45f10ade 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -129,9 +129,9 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
 
 ## Windows Defender Application Control filename rules
 
-File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. 
+File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. 
 
-Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario.
+Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level.  
 
 **Table 3. Windows Defender Application Control policy - filename levels**
 

From a1a1fc928482ad5108a899b484afbc06aa554ab4 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Thu, 16 Apr 2020 21:25:15 +0300
Subject: [PATCH 07/13] Update configure-endpoints-vdi.md

Proposing minor adjustments
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 121fd50e7c..e4551828c9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -111,11 +111,14 @@ For more information on DISM commands and offline servicing, please refer to the
 - [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)
 - [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image)
 
-- If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
+If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
 
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
 
-2. Ensure the sensor is off by running 'sc query sense'.
+2. Ensure the sensor is 'STOPPED' by running the command below in CMD window:
+```
+sc query sense
+```
 
 3. Service the image as needed.
 

From bb15f02474593626e8eddea1cbc58ce4f8d52544 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 16 Apr 2020 11:44:54 -0700
Subject: [PATCH 08/13] Update configure-endpoints-vdi.md

---
 .../microsoft-defender-atp/configure-endpoints-vdi.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index e4551828c9..455785a8c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 04/24/2018
+ms.date: 04/16/2020
 ---
 
 # Onboard non-persistent virtual desktop infrastructure (VDI) machines
@@ -115,7 +115,7 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
 
-2. Ensure the sensor is 'STOPPED' by running the command below in CMD window:
+2. Ensure the sensor is stopped by running the command below in CMD window:
 ```
 sc query sense
 ```

From 87718feff4528a0a59982bdda483af19158829a5 Mon Sep 17 00:00:00 2001
From: Drew Baron <52174821+drewbaron-wifi@users.noreply.github.com>
Date: Thu, 16 Apr 2020 11:51:21 -0700
Subject: [PATCH 09/13] Update miracast-over-infrastructure.md

---
 devices/surface-hub/miracast-over-infrastructure.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md
index 0e871c1ca4..2bb6381924 100644
--- a/devices/surface-hub/miracast-over-infrastructure.md
+++ b/devices/surface-hub/miracast-over-infrastructure.md
@@ -41,7 +41,6 @@ If you have a Surface Hub or other Windows 10 device that has been updated to Wi
     - As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
 - The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. 
 - Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. 
-- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled within System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests. 
 
 
 It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method.

From 06891ea03d6148a9be281aec7161a1429e1ccbaf Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Apr 2020 12:47:33 -0700
Subject: [PATCH 10/13] Update
 windows/security/threat-protection/windows-security-baselines.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../threat-protection/windows-security-baselines.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index 4ed9d4f9e8..535af777d7 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -76,6 +76,6 @@ You may also be interested in this msdn channel 9 video:
 - [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
 - [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
 - [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/)
--   [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
--   [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
--   [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 
+- [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
+- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
+- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 

From a4de951e5d126aebec42e4267bbb18e2feca3ed0 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Apr 2020 12:48:56 -0700
Subject: [PATCH 11/13] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 455785a8c3..776b06c87e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -111,7 +111,7 @@ For more information on DISM commands and offline servicing, please refer to the
 - [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)
 - [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image)
 
-If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
+If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
 
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
 

From c7d6bda764f6b38fc0d1ff8284bd655a08d16f7e Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 16 Apr 2020 12:49:10 -0700
Subject: [PATCH 12/13] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 776b06c87e..28deb56cbf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -115,7 +115,7 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
 
-2. Ensure the sensor is stopped by running the command below in CMD window:
+2. Ensure the sensor is stopped by running the command below in a CMD window:
 ```
 sc query sense
 ```

From 4559ab1e0a3389cc01a447b3d8f79a5974b1918f Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 16 Apr 2020 14:19:47 -0700
Subject: [PATCH 13/13] Indented code blocks, trying to get hanging indent in
 other list items

---
 .../configure-endpoints-vdi.md                | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 28deb56cbf..2c8c2b2f66 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -81,15 +81,15 @@ The following steps will guide you through onboarding VDI machines and will high
 
 6. Test your solution:
 
-      a. Create a pool with one machine.
+    a. Create a pool with one machine.
       
-      b. Logon to machine.
+    b. Logon to machine.
       
-      c. Logoff from machine.
+    c. Logoff from machine.
 
-      d. Logon to machine with another user.
+    d. Logon to machine with another user.
       
-      e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
+    e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
     **For multiple entries for each machine**: Check multiple entries in Microsoft Defender Security Center.
 
 7. Click **Machines list** on the Navigation pane.
@@ -116,20 +116,21 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
 
 2. Ensure the sensor is stopped by running the command below in a CMD window:
-```
-sc query sense
-```
+
+    ```
+    sc query sense
+    ```
 
 3. Service the image as needed.
 
 4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
 
-```
-PsExec.exe -s cmd.exe
-cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
-del *.* /f /s /q
-exit
-```
+    ```
+    PsExec.exe -s cmd.exe
+    cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
+    del *.* /f /s /q
+    exit
+    ```
 
 5. Re-seal the golden/master image as you normally would.