Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

.openpublishing.redirection.json

@@ -13,7 +13,7 @@
 {
 "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
 "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
-"redirect_document_id": true
+"redirect_document_id": false
 },
 {
 "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md",

windows/deployment/update/fod-and-lang-packs.md

@@ -8,16 +8,16 @@ ms.pagetype: article
 ms.author: elizapo
 author: lizap
 ms.localizationpriority: medium
-ms.date: 10/18/2018
+ms.date: 03/13/2019
 ms.topic: article
 ---
 # How to make Features on Demand and language packs available when you're using WSUS/SCCM
 
 > Applies to: Windows 10
 
-As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, language packs can only be installed from Windows Update.
+As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, FOD and language packs can only be installed from Windows Update.
  
-For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading language and FOD packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor.
+For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading FOD and language packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor.
 
 Changing this policy does not affect how other updates are distributed. They continue to come from WSUS or SCCM as you have scheduled them.
 

windows/deployment/update/windows-update-troubleshooting.md

@@ -102,7 +102,7 @@ netsh winhttp set proxy ProxyServerName:PortNumber
  
 If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_MISMATCH error, or if you notice high CPU usage while updates are downloading, check the proxy configuration to permit HTTP RANGE requests to run.  
  
-You may choose to apply a rule to permit HTTP RANGE requests for the following URLs:
+You may choose to apply a rule to permit HTTP RANGE requests for the following URLs: 
 
 *.download.windowsupdate.com  
 *.dl.delivery.mp.microsoft.com  

windows/deployment/volume-activation/install-vamt.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 04/25/2018
+ms.date: 03/11/2019
 ms.topic: article
 ---
 
@@ -18,7 +18,7 @@ This topic describes how to install the Volume Activation Management Tool (VAMT)
 
 ## Install VAMT
 
-You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10.
+You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
 
 >[!IMPORTANT]  
 >VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator. 
@@ -26,24 +26,46 @@ You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)
 >[!NOTE]  
 >The VAMT Microsoft Management Console snap-in ships as an x86 package. 
 
-To install SQL Server Express:
-1.  Install the Windows ADK.
-2.  Ensure that **Volume Activation Management Tool** is selected to be installed.
-3.  Click **Install**.
+### Requirements
+
+- [Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access and all updates applied
+- [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036)
+- [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express)
+
+### Install SQL Server 2017 Express
+
+1. Download and open the [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package.
+2. Select **Basic**.
+3. Accept the license terms.
+4. Enter an install location or use the default path, and then select **Install**.
+5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. 
+    ![In this example, the instance name is SQLEXPRESS01](images/sql-instance.png)
+
+### Install VAMT using the ADK
+
+1. Download and open the [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036) package.
+2. Enter an install location or use the default path, and then select **Next**.
+3. Select a privacy setting, and then select **Next**.
+4. Accept the license terms.
+5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.)
+6. On the completion page, select **Close**.
+
+### Configure VAMT to connect to SQL Server 2017 Express
+
+1. Open **Volume Active Management Tool 3.1** from the Start menu.
+2. Enter the server instance name and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example.
+
+    ![Server name is .\SQLEXPRESS and database name is VAMT](images/vamt-db.png)
 
-## Select a Database
 
-VAMT requires a SQL database. After you install VAMT, if you have a computer information list (CIL) that was created in a previous version of VAMT, you must import the list into a SQL database. If you do not have SQL installed, you can [download a free copy of Microsoft SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) and create a new database into which you can import the CIL. 
 
-You must configure SQL installation to allow remote connections and you must provide the corresponding server name in the format: *Machine Name\\SQL Server Name*. If a new VAMT database needs to be created, provide a name for the new database.
 
 ## Uninstall VAMT
 
-To uninstall VAMT via the **Programs and Features** Control Panel:
-1.  Open the **Control Panel** and select **Programs and Features**.
+To uninstall VAMT using the **Programs and Features** Control Panel:
+1.  Open **Control Panel** and select **Programs and Features**.
 2.  Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
 
-## Related topics
-- [Install and Configure VAMT](install-configure-vamt.md)
+
  
  

windows/security/information-protection/TOC.md

@@ -34,7 +34,8 @@
 #### [Create a WIP policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
 ##### [Deploy your WIP policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)
 ##### [Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)
-#### [Create a WIP policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md)
+#### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)
+#### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md)
 ### [Create a WIP policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md)
 #### [Create and deploy a WIP policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md)
 #### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -109,6 +109,9 @@ If you don't know the Store app publisher or product name, you can find them by
     >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<br><br>For example:<br>
     <code>{<br>"windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",<br>}</code>
 
+<!-- Go Kamatsu says the following info about Windows Mobile can be removed after Windows Mobile EOL at end of 2019
+-->
+
 If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
 
 >**Note**<br>Your PC and phone must be on the same wireless network.

windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md

@@ -5,7 +5,7 @@ keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, d
 ms.prod: w10
 ms.mktglfcycl: secure
 ms.sitesec: library
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.author: ellevin
 author: levinec
 manager: dansimp

windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md

@@ -26,7 +26,7 @@ ms.topic: article
 
 The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time.
 
-The dashboard is structured into two columns:
+The dashboard is structured into two sections:
 
 ![Image of the threat protection report](images/atp-threat-protection-reports.png)
 
@@ -43,7 +43,7 @@ By default, the alert trends display alert information from the 30-day period en
 - 6 months
 - Custom
 
-While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to 6 months.
+While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to the current day.
 
  The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections.