Merge branch 'master' into MTE_alertdescupdate

windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md

@@ -23,10 +23,7 @@ ms.topic: article
 
 Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and machine configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
 
-The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can
- focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
+The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
 
 When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs.
 

windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md

@@ -33,7 +33,7 @@ During installation, the ```HTTPS_PROXY``` environment variable must be passed t
 - The ```HTTPS_PROXY``` variable is defined in ```/etc/environment``` with the following line:
 
     ```bash
-    HTTPS_PROXY=”http://proxy.server:port/”
+    HTTPS_PROXY="http://proxy.server:port/"
     ```
 
 - The `HTTPS_PROXY` variable is defined in the package manager global configuration. For example, in Ubuntu 18.04, you can add the following line to `/etc/apt/apt.conf.d/proxy.conf`:
@@ -48,7 +48,7 @@ During installation, the ```HTTPS_PROXY``` environment variable must be passed t
 - The `HTTPS_PROXY` variable is prepended to the installation or uninstallation commands. For example, with the APT package manager, prepend the variable as follows when installing Microsoft Defender ATP: 
 
     ```bash  
-    $ HTTPS_PROXY=”http://proxy.server:port/" apt install mdatp
+    $ HTTPS_PROXY="http://proxy.server:port/" apt install mdatp
     ```
 
     > [!NOTE]
@@ -62,12 +62,12 @@ Note that installation and uninstallation will not necessarily fail if a proxy i
   
 After installation, the `HTTPS_PROXY` environment variable must be defined in the Microsoft Defender ATP service file. To do this, open `/lib/systemd/system/mdatp.service` in a text editor while running as the root user. You can then propagate the variable to the service in one of two ways:
 
-- Uncomment the line `#Environment=HTTPS_PROXY="http://address:port”` and specify your static proxy address.
+- Uncomment the line `#Environment="HTTPS_PROXY=http://address:port"` and specify your static proxy address.
 
 - Add a line `EnvironmentFile=/path/to/env/file`. This path can point to `/etc/environment` or a custom file, either of which needs to add the following line:
   
     ```bash
-    HTTPS_PROXY=”http://proxy.server:port/”
+    HTTPS_PROXY="http://proxy.server:port/"
     ```
 
 After modifying the `mdatp.service` file, save and close it. Restart the service so the changes can be applied. In Ubuntu, this involves two commands:  

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -65,10 +65,10 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
 | **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.| 
-| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
-| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
-| **18 Disabled:Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
-| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically-loaded libraries. |
+| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.|
+| **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above. |
+| **18 Disabled:Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. NOTE: This option is only supported on Windows 10, version 1903, and above. |
+| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically-loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. |
 
 ## Windows Defender Application Control file rule levels
 

windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md

@@ -24,7 +24,7 @@ manager: dansimp
 - Windows 10, version 1703 and later
 
 
-The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
+The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they are seeing, such as the [configure the Load and unload device drivers security policy setting](https://docs.microsoft.com/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
 
 The [Windows 10 IT pro troubleshooting topic](https://docs.microsoft.com/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](https://docs.microsoft.com/windows/windows-10/) can also be helpful for resolving issues.