Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -113,8 +113,7 @@ Here is an example:
 
 ```
 <groupmembership>
- <accessgroup desc="Administrators">
+ <accessgroup desc="Group SID for Administrators"/>
-    <member name="Contoso\Alice">
     <member name = "S-188-5-5666-5-688">
   </accessgroup>
 </groupmembership>

windows/deployment/update/windows-analytics-get-started.md

@@ -169,7 +169,7 @@ These policies are under Microsoft\Windows\DataCollection:
 | CommercialDataOptIn (in Windows 7 and Windows 8) |	1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
 
 
-You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/ProviderID/CommercialID). For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
+You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/*Provider ID*/CommercialID). (If you are using Microsoft Intune, use `MS DM Server` as the provider ID.) For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
 
 The corresponding preference registry values are available in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** and can be configured by the deployment script. If a given setting is configured by both preference registry settings and policy, the policy values will override. However, the **IEDataOptIn** setting is different--you can only set this with the preference registry keys:
 

windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md

@@ -105,12 +105,12 @@ The following table contains the default BCD validation profile used by BitLocke
 
 This following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked.
 > **Note:**  Additional BCD settings exist that have hex values but do not have friendly names. These settings are not included in this list.
- 
+
 | Hex Value | Prefix | Friendly Name |
 | - | - | - |
-| 0x12000004 | all| description| 
+| 0x12000004 | all | description | 
-| 0x12000005| all| locale|
+| 0x12000005 | all | locale | 
-| 0x12000016| all| targetname| 
+| 0x12000016 | all | targetname | 
 | 0x12000019| all| busparams| 
 | 0x1200001d| all| key| 
 | 0x1200004a| all| fontpath| 
@@ -182,7 +182,7 @@ This following is a full list of BCD settings with friendly names which are igno
 | 0x25000061 | winload| numproc| 
 | 0x25000063 | winload| configflags|
 | 0x25000066| winload| groupsize|
-| 0x25000071 | winload| msi| 
+| 0x25000071 | winload| msi|
 | 0x25000072 | winload| pciexpress| 
 | 0x25000080 | winload| safeboot| 
 | 0x250000a6 | winload| tscsyncpolicy| 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -591,7 +591,7 @@ WIP can integrate with Microsoft Azure Rights Management to enable secure sharin
 
 To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
 
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. 
+Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive.
 
 >[!IMPORTANT]
 >Curly braces -- {} -- are required around the RMS Template ID.

windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md

@@ -63,7 +63,7 @@ This section covers how WIP works with sensitivity labels in specific use cases.
 
 ### User downloads from or creates a document on a work site
 
-If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regradless of whether the document has a sensitivity label.
+If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regardless of whether the document has a sensitivity label.
 
 If the document also has a sensitivity label, which can be Office or PDF files, WIP protection is applied according to the label. 
 

windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md

@@ -107,7 +107,7 @@ The following steps assume that you have completed all the required steps in [Be
      <td>Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.</td>
      <tr>
      <td>Refresh Token</td>
-     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
+     <td>You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <br><br> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). </br> </br>**Get your refresh token using the restutil tool:** </br> a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. </br></br> b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open. </br> </br>c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. </br> </br>d.	A refresh token is shown in the command prompt. </br></br> e. Copy and paste it into the **Refresh Token** field.
      </td>
      </tr>
      </tr>