Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md

@@ -1,5 +1,5 @@
 ---
-title: How to enable the Surface Laptop keyboard during MDT deployment (Surface)
+title: How to enable the Surface Laptop keyboard during MDT deployment 
 description: When you use MDT to deploy Windows 10 to Surface laptops, you need to import keyboard drivers to use in the Windows PE environment.
 keywords: windows 10 surface, automate, customize, mdt
 ms.prod: w10
@@ -9,7 +9,7 @@ ms.sitesec: library
 author: Teresa-Motiv
 ms.author: v-tea
 ms.topic: article
-ms.date: 10/31/2019
+ms.date: 01/17/2020
 ms.reviewer: scottmca
 ms.localizationpriority: medium
 ms.audience: itpro
@@ -22,14 +22,14 @@ appliesto:
 
 # How to enable the Surface Laptop keyboard during MDT deployment
 
+This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies. On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository).
+
 > [!NOTE]
-> This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies.
+> It is currently not supported to add Surface Laptop 2 and Surface Laptop 3 keyboard drivers in the same Windows PE boot instance due to a driver conflict; use separate instances instead.
 
 > [!IMPORTANT]
 > If you are deploying a Windows 10 image to a Surface Laptop that has Windows 10 in S mode preinstalled, see KB [4032347, Problems when deploying Windows to Surface devices with preinstalled Windows 10 in S mode](https://support.microsoft.com/help/4032347/surface-preinstall-windows10-s-mode-issues).
 
-On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository).
-
 To add the keyboard drivers to the selection profile, follow these steps:
 
 1. Download the latest Surface Laptop MSI file from the appropriate locations:

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md

@@ -34,23 +34,24 @@ For information on other tables in the advanced hunting schema, see [the advance
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
-| `Timestamp` | datetime | Date and time when the event was recorded
-| `DeviceId` | string | Unique identifier for the machine in the service
-| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
-| `SHA1` | string | SHA-1 of the file that the recorded action was applied to
-| `IsSigned` | boolean | Indicates whether the file is signed
-| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
-| `Signer` | string | Information about the signer of the file
-| `SignerHash` | string | Unique hash value identifying the signer
-| `Issuer` | string | Information about the issuing certificate authority (CA)
-| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
-| `CrlDistributionPointUrls` | string |  URL of the network share that contains certificates and the certificate revocation list (CRL)
-| `CertificateCreationTime` | datetime | Date and time the certificate was created
-| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
-| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
-| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
-| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
-| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
+| `Timestamp` | datetime | Date and time when the event was recorded |
+| `DeviceId` | string | Unique identifier for the machine in the service |
+| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
+| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
+| `IsSigned` | boolean | Indicates whether the file is signed |
+| `SignatureType` | string | Indicates whether signature information was read as embedded | content in the file itself or read from an external catalog file |
+| `Signer` | string | Information about the signer of the file |
+| `SignerHash` | string | Unique hash value identifying the signer |
+| `Issuer` | string | Information about the issuing certificate authority (CA) |
+| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA) |
+| `CertificateSerialNumber` | string | Identifier for the certificate that is unique to the issuing certificate authority (CA) |
+| `CrlDistributionPointUrls` | string |  JSON array listing the URLs of network shares that contain certificates and certificate revocation lists (CRLs) |
+| `CertificateCreationTime` | datetime | Date and time the certificate was created |
+| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire |
+| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned |
+| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes |
+| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft |
+| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns. |
 
 
 ## Related topics

windows/security/threat-protection/microsoft-defender-atp/user-roles.md

@@ -43,6 +43,11 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
       
         - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
          - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions.
+            - Security operations - Take response actions
+              - Approve or dismiss pending remediation actions
+              - Manage allowed/blocked lists for automation
+              - Manage allowed/blocked create Indicators
+
          >[!NOTE]
          >To enable your Security operation personnel to choose remediation options and file exceptions, select **Threat and vulnerability management - Remediation handling**, and **Threat and vulnerability management - Exception handling**.