From e8256b90169280013c993ab9a59cdadb8904850d Mon Sep 17 00:00:00 2001
From: Bryce Hutchings <5100250+brycehutchings@users.noreply.github.com>
Date: Fri, 14 Aug 2020 11:39:19 -0700
Subject: [PATCH 01/12] Update manage-windows-mixed-reality.md

Fix misleading code snippet
---
 .../application-management/manage-windows-mixed-reality.md   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 082fa016f4..f75e2713c6 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -38,11 +38,10 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
       > [!NOTE]
       > You must download the FOD .cab file that matches your operating system version.
 
-   1. Use `Add-Package` to add Windows Mixed Reality FOD to the image.
+   1. Use `Dism` to add Windows Mixed Reality FOD to the image.
 
       ```powershell
-      Add-Package
-      Dism /Online /add-package /packagepath:(path)
+      Dism /Online /Add-Package /PackagePath:(path)
       ```
       
       > [!NOTE]

From 209e3149dea06097afffa72c866049e616b0fe01 Mon Sep 17 00:00:00 2001
From: HenkPoley <HenkPoley@gmail.com>
Date: Mon, 17 Aug 2020 11:46:29 +0200
Subject: [PATCH 02/12] Properly show which Windows 10 Client SKUs this applies
 to

It might still be that Window 10 >=1909 Home is excluded. I have no system to test this.
---
 .../credential-guard/credential-guard-manage.md                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index b4bbe78a9d..c113449def 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -21,7 +21,8 @@ ms.custom:
 # Manage Windows Defender Credential Guard
 
 **Applies to**
--   Windows 10
+-   Windows 10 <=1903 Enterprise and Education SKUs
+-   Windows 10 >=1909
 -   Windows Server 2016
 -   Windows Server 2019
 

From 9411c4d57e159a6561a730172bbc4736fcbc8167 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Tue, 18 Aug 2020 17:19:16 +0300
Subject: [PATCH 03/12] add note about RegBack functionality removal starting
 with Windows 10 1803

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6798
---
 .../advanced-troubleshooting-boot-problems.md               | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 5986263a1e..d49922fff2 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -220,6 +220,9 @@ If Windows cannot load the system registry hive into memory, you must restore th
 
 If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
 
+> [!NOTE]
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
+
 ## Kernel Phase
 
 If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
@@ -392,3 +395,6 @@ If the dump file shows an error that is related to a driver (for example, window
         3. Navigate to C:\Windows\System32\Config\.
         4. Rename the all five hives by appending ".old" to the name.
         5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
+
+> [!NOTE]
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).

From be9b49cdd67adaf584ae0724a06d43c6204bbdbf Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 20 Aug 2020 07:36:00 +0500
Subject: [PATCH 04/12] Update
 interactive-logon-display-user-information-when-the-session-is-locked.md

---
 ...-display-user-information-when-the-session-is-locked.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index 98bcd11836..1b157e1ae4 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -61,6 +61,11 @@ This setting has these possible values:
     This change makes this setting consistent with the functionality of the new **Privacy** setting.
     To display no user information, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
 
+-   **Domain and user names only**
+
+    For a domain logon only, the domain\username is displayed.
+    The **Privacy** setting is automatically on and grayed out.
+    
 -   Blank.
 
     Default setting.
@@ -89,7 +94,7 @@ For all versions of Windows 10, only the user display name is shown by default.
 If **Block user from showing account details on sign-in** is enabled, then only the user display name is shown regardless of any other Group Policy settings.
 Users will not be able to show details.
 
-If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username.
+If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** or **Domain and user names only** to show additional details such as domain\username.
 In this case, clients that run Windows 10 version 1607 need [KB 4013429](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429) applied.
 Users will not be able to hide additional details.
 

From 77a8b1c24b6446e09df421b36337d401d11f30c4 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 20 Aug 2020 09:55:10 +0500
Subject: [PATCH 05/12] Update
 windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...logon-display-user-information-when-the-session-is-locked.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index 1b157e1ae4..00e0451b37 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -66,7 +66,7 @@ This setting has these possible values:
     For a domain logon only, the domain\username is displayed.
     The **Privacy** setting is automatically on and grayed out.
     
--   Blank.
+-   **Blank**
 
     Default setting.
     This translates to “Not defined,” but it will display the user’s full name in the same manner as the option **User display name only**.

From 177fcb6481e634b7b45f38fd237acc86a363d226 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 20 Aug 2020 18:10:23 +0500
Subject: [PATCH 06/12] Update accounts-administrator-account-status.md

---
 .../accounts-administrator-account-status.md             | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index 1b01a9d308..b9ee489d84 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -81,16 +81,13 @@ None. Changes to this policy become effective without a device restart when they
 
 ### Safe mode considerations
 
-When you start a device in safe mode, the disabled administrator account is enabled only if the computer is non-domain joined and there are no other active local administrator accounts. If the computer is joined to a domain, the disabled administrator account is not enabled.
-If the administrator account is disabled, you can still access the computer by using safe mode with the current administrative credentials. For example, if a failure occurs using a secure channel with a domain-joined computer, and there is no other local administrator account, you must restart the device in safe mode to fix the failure.
+When you start a device in safe mode, the disabled administrator account is enabled only if the computer is non-domain joined and there are no other active local administrator accounts. In this case, you can access the computer by using safe mode with the current administrative credentials. If the computer is joined to a domain, the disabled administrator account is not enabled.
 
 ### How to access a disabled Administrator account
 
 You can use the following methods to access a disabled Administrator account:
--   When there is only one local administrator account that is disabled, start the device in safe mode (locally or over a network), and sign in by using the credentials for the administrator account on that computer.
--   When there are local administrator accounts in addition to the built-in account, start the computer in safe mode (locally or over a network), and sign in by using the credentials for the administrator account on that device. An alternate method is to sign in to Windows by using another local 
-Administrator account that was created.
--   When multiple domain-joined servers have a disabled local Administrator account that can be accessed in safe mode, you can remotely run psexec by using the following command: **net user administrator /active: no**.
+-   For non-domain joined computers: when all the local administrator accounts are disabled, start the device in safe mode (locally or over a network), and sign in by using the credentials for the default local administrator account on that computer. 
+-   For domain joined computers: remotely run the command **net user administrator /active: yes** by using psexec to enable the default local administrator account.
 
 ## Security considerations
 

From 55d6af8834762bc5ea016c8e153d39bba95e5545 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 21 Aug 2020 09:20:07 +0500
Subject: [PATCH 07/12] Update
 windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../accounts-administrator-account-status.md                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index b9ee489d84..242f47b39f 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -87,7 +87,7 @@ When you start a device in safe mode, the disabled administrator account is enab
 
 You can use the following methods to access a disabled Administrator account:
 -   For non-domain joined computers: when all the local administrator accounts are disabled, start the device in safe mode (locally or over a network), and sign in by using the credentials for the default local administrator account on that computer. 
--   For domain joined computers: remotely run the command **net user administrator /active: yes** by using psexec to enable the default local administrator account.
+-   For domain-joined computers: remotely run the command **net user administrator /active: yes** by using psexec to enable the default local administrator account.
 
 ## Security considerations
 

From 4fa88c8f922eac6d004ed9e3a703b76e19601e55 Mon Sep 17 00:00:00 2001
From: katoma2017 <48699113+katoma2017@users.noreply.github.com>
Date: Thu, 27 Aug 2020 14:56:36 -0700
Subject: [PATCH 08/12] Add Update Baseline

Adding a blurb and explanation of Update Baseline when it comes to helping improve end user experience
---
 windows/deployment/update/waas-manage-updates-wufb.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index e0d6464259..197b911da2 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -119,8 +119,12 @@ A compliance deadline policy (released in June 2019) enables you to set separate
 
 This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
 
+#### Update Baseline
+The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators that are looking to achieve the best end user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more. Whether you are an IT administrator who is just beginning with Windows update policies or one who has an overwhelming set of potentially conflicting policies from Windows 7 and who wants to reset to a clean state, Update Baseline is a tool for you.
 
+The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. Download the Update Baseline toolkit [here](https://www.microsoft.com/en-us/download/details.aspx?id=101056).
 
+Note: Update Baseline toolkit is currently only available for Group Policy. Update Baseline does not impact your offering policies, regardless of if you’re using deferrals or target version to manage which updates are offered to your devices when.
 
 <!--
 

From c10b27e43888cb66e5746009bbf4c07b78ae00c3 Mon Sep 17 00:00:00 2001
From: Steve Burkett <SteveBurkettNZ@users.noreply.github.com>
Date: Fri, 28 Aug 2020 10:10:38 +1200
Subject: [PATCH 09/12] Simple typo fix

Remove an extraneous backslash.
---
 .../microsoft-defender-atp/live-response-command-examples.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
index ba716299fe..0d734e593a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
@@ -155,7 +155,7 @@ registry HKEY_CURRENT_USER\Console
 
 ```
 # Show information about a specific registry value
-registry HKEY_CURRENT_USER\Console\\ScreenBufferSize
+registry HKEY_CURRENT_USER\Console\ScreenBufferSize
 ```
 
 

From a595c5e86a4fc46440cd2505239696b912c8ec53 Mon Sep 17 00:00:00 2001
From: Shravan Thota <57046359+shthota77@users.noreply.github.com>
Date: Fri, 28 Aug 2020 19:12:40 +0530
Subject: [PATCH 10/12] Update microsoft-defender-atp-android.md

---
 .../microsoft-defender-atp/microsoft-defender-atp-android.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index c824373e81..9e20ced652 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -85,7 +85,7 @@ For more information, see [Deploy Microsoft Defender ATP for Android with Micros
 
 > [!NOTE]
 > **Microsoft Defender ATP for Android is available on Google Play now.**
-You can connect to Google Play from Intune directly to deploy app across Device Administrator and Android Enterprise entrollment modes. 
+> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes. 
 
 ## How to Configure Microsoft Defender ATP for Android
 

From 000a242b3fbab7886b55c13c7df82f82808c9c41 Mon Sep 17 00:00:00 2001
From: Shravan Thota <57046359+shthota77@users.noreply.github.com>
Date: Fri, 28 Aug 2020 19:20:45 +0530
Subject: [PATCH 11/12] Update android-intune.md

---
 .../microsoft-defender-atp/android-intune.md        | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index a9706cf61d..5d1858846d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -31,7 +31,8 @@ device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-co
 
 > [!NOTE]
 > **Microsoft Defender ATP for Android is now available on Google Play.**
-You can connect to Google Play from Intune to deploy app across Device Administrator and Android Enterprise entrollment modes. Updates to the app are automatic via Google Play.
+> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app across Device Administrator and Android Enterprise entrollment modes.
+  Updates to the app are automatic via Google Play.
 
 ## Deploy on Device Administrator enrolled devices
 
@@ -40,10 +41,6 @@ Administrator enrolled devices**
 
 This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. 
 
-> [!NOTE]
-> If you have already deployed **Preview APK as "Line of Business (LOB)" app**, you need to redeploy by adding new app as "Android store app" 
-
-
 ### Add as Android store app
 
 1. In [Microsoft Endpoint Manager admin
@@ -97,9 +94,6 @@ completed successfully.
 2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
 to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
 
-   > [!NOTE]
-   > If you already have **preview version of Microsoft Defender ATP app** installed, follow onboarding instruction to replace the existing version of app
-
 3. Upon successful onboarding, the device will start showing up on the Devices
 list in Microsoft Defender Security Center.
 
@@ -116,9 +110,6 @@ Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
 Currently only Personal devices with Work Profile enrolled  are supported for deployment. 
 
 
->[!NOTE]
-> If you have already deployed **Preview version of Microsoft Defender for Android app**, you need to redeploy by adding new app as 'managed Google Play App'
-
 
 ## Add Microsoft Defender ATP for Android as a Managed Google Play app
 

From 0190b0fcc1037b24b3ae8d16b93a1e66b9690061 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Fri, 28 Aug 2020 08:54:53 -0700
Subject: [PATCH 12/12] Update waas-manage-updates-wufb.md

Corrections for style and markdown formatting.
---
 windows/deployment/update/waas-manage-updates-wufb.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 197b911da2..95321b1013 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -120,11 +120,12 @@ A compliance deadline policy (released in June 2019) enables you to set separate
 This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This is extremely beneficial in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
 
 #### Update Baseline
-The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators that are looking to achieve the best end user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more. Whether you are an IT administrator who is just beginning with Windows update policies or one who has an overwhelming set of potentially conflicting policies from Windows 7 and who wants to reset to a clean state, Update Baseline is a tool for you.
+The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
 
-The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. Download the Update Baseline toolkit [here](https://www.microsoft.com/en-us/download/details.aspx?id=101056).
+The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
 
-Note: Update Baseline toolkit is currently only available for Group Policy. Update Baseline does not impact your offering policies, regardless of if you’re using deferrals or target version to manage which updates are offered to your devices when.
+>[!NOTE]
+>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when.
 
 <!--