Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

browsers/edge/microsoft-edge-kiosk-mode-deploy.md

@@ -1,6 +1,6 @@
 ---
-title: Deploy Microsoft Edge kiosk mode
-description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
+title: Deploy Microsoft Edge Legacy kiosk mode
+description: Microsoft Edge Legacy kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge Legacy kiosk mode, you must configure Microsoft Edge Legacy as an application in assigned access.
 ms.assetid: 
 ms.reviewer: 
 audience: itpro
@@ -11,20 +11,24 @@ ms.prod: edge
 ms.sitesec: library
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 10/29/2018
+ms.date: 01/17/2020
 ---
 
-# Deploy Microsoft Edge kiosk mode
+# Deploy Microsoft Edge Legacy kiosk mode
 
->Applies to: Microsoft Edge on Windows 10, version 1809  
+>Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later 
 >Professional, Enterprise, and Education
 
 > [!NOTE]
-> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
 
-In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk.  Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode.
+In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk.  Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
 
-In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access.  You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service. 
+In this topic, you'll learn: 
+
+- How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
+- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.  
+- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service. 
 
 At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app.  You also find instructions on how to provide us feedback or get support. 
 
@@ -33,7 +37,7 @@ At the end of this topic, you can find a list of [supported policies](#supported
 
 >**Policy** = Configure kiosk mode (ConfigureKioskMode)
 
-Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.  
+Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.  
 
 - Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image)
 
@@ -44,15 +48,17 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
 - Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down).
 
 
-### Important things to remember before getting started
+### Important things to note before getting started
 
--  The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. 
+- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device. 
 
--  Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
+-  The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks. 
+
+-  Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
 
 -  Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more.
 
--  No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).<p>Learn more about assigned access:
+-  No matter which configuration type you choose, you must set up Microsoft Edge Legacy in assigned access; otherwise, Microsoft Edge Legacy ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).<p>Learn more about assigned access:
 
    - [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
 
@@ -65,46 +71,58 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
 
 [!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)]
 
-## Set up Microsoft Edge kiosk mode
+## Set up Microsoft Edge Legacy kiosk mode
 
-Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode:
+Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:
 
 -   **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device.  For a multi-app kiosk device, use Microsoft Intune or other MDM service. 
 
--   **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).  
+-   **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).  
 
 
 ### Prerequisites
 
-- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
+- Microsoft Edge Legacy on Windows 10, version 1809 (Professional, Enterprise, and Education).
+
+- See [Setup required for Microsoft Edge Legacy kiosk mode](#setup-required-for-microsoft-edge-legacy-kiosk-mode).
 
 - URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.
 
-- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:
+- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:
  
   ```
   Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
   ```
 
+### Setup required for Microsoft Edge Legacy kiosk mode
+
+When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge. 
+
+To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:
+
+- If you plan to install Microsoft Edge Stable channel, want to allow it to be installed, or it is already installed on your kiosk device set the Microsoft Edge [Allow Microsoft Edge Side by Side browser experience](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#allowsxs) policy to **Enabled**.
+- To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge [Allow installation default](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#installdefault) policy for Stable channel or consider using the [Blocker toolkit](https://docs.microsoft.com/DeployEdge/microsoft-edge-blocker-toolkit) to disable automatic delivery of Microsoft Edge.
+
+> [!NOTE]
+> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).  
 
 ### Use Windows Settings
 
 Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.  
 
-
 1.  On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**.
 
 2.  On the **Set up a kiosk** page, click **Get started**.
 
 3.  Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**.
 
-4.  On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**.
+4.  On the **Choose a kiosk app** page, select **Microsoft Edge Legacy** and then click **Next**.
 
-5.  Select how Microsoft Edge displays when running in kiosk mode:
+5.  Select how Microsoft Edge Legacy displays when running in kiosk mode:
 
-    -   **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.   
+    -   **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.   
 
-    -   **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data.   
+    -   **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.   
 
 6.  Select **Next**.
 
@@ -124,42 +142,42 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
 
 - User your new kiosk device. <p>
    OR<p>
-- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
+- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge Legacy**.
 
 ---  
 
 
 ### Use Microsoft Intune or other MDM service
 
-With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
+With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
 
 >[!IMPORTANT]
 >If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
 
 1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
 
-2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
+2. Configure the following MDM settings to setup Microsoft Edge Legacy kiosk mode on the kiosk device and then restart the device.
 
    |   |   |
    |---|---|
-   | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p>![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:**  Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
-   | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul>  |
-   | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png)  | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\>  |
+   | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p>![](images/icon-thin-line-computer.png) | Configure the display mode for Microsoft Edge Legacy as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:**  Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge Legacy running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
+   | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p>![](images/icon-thin-line-computer.png) | Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul>  |
+   | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p>![](images/icon-thin-line-computer.png)  | Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br>&nbsp;&nbsp;&nbsp;\<https://www.msn.com\>\<https:/www.bing.com\>  |
    | **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p>![](images/icon-thin-line-computer.png)  | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul>   |
    | **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p>![](images/icon-thin-line-computer.png)   | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com   |
    | **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p>![](images/icon-thin-line-computer.png)   | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com    |
     
 
-**_Congratulations!_** <p>You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
+**_Congratulations!_** <p>You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.
 
-**_What's next?_** <p>Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode.
+**_What's next?_** <p>Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge Legacy kiosk mode.
 
 ---
 
 
 ## Supported policies for kiosk mode
 
-Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). 
+Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). 
 
 Make sure to check with your provider for instructions.
 
@@ -236,10 +254,11 @@ Make sure to check with your provider for instructions.
 ---  
 
 ## Feature comparison of kiosk mode and kiosk browser app
-In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
+
+In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
 
 
-|                        **Feature**                        |                                                                  **Microsoft Edge kiosk mode**                                                                  |                                                             **Microsoft Kiosk browser app**                                                             |
+|                        **Feature**                        |                                                                  **Microsoft Edge Legacy kiosk mode**                                                                  |                                                             **Microsoft Kiosk browser app**                                                             |
 |-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
 |                       Print support                       |                                                                 ![Supported](images/148767.png)                                                                 |                                                           ![Not supported](images/148766.png)                                                           |
 |                     Multi-tab support                     |                                                                 ![Supported](images/148767.png)                                                                 |                                                           ![Not supported](images/148766.png)                                                           |
@@ -261,9 +280,6 @@ To prevent access to unwanted websites on your kiosk device, use Windows Defende
 
 ## Provide feedback or get support
 
-To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the  **Category**, and **All other issues** as the subcategory. 
+To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the  **Category**, and **All other issues** as the subcategory. 
 
 **_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
-
-
-

browsers/internet-explorer/TOC.md

@@ -186,3 +186,6 @@
 ### [IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md)
 ### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
 
+## Troubleshooting
+### [Clear the Internet Explorer cache from a command line](/../troubleshooting/clear-ie-cache-from-command-line.md)
+### [IE and Microsoft Edge FAQ for IT Pros](/../troubleshooting/ie-edge-faqs.md)

browsers/troubleshooting/clear-ie-cache-from-command-line.md

@@ -0,0 +1,133 @@
+---
+title: Clear the Internet Explorer cache from a command line
+description: Introduces command-line commands and a sample batch file for clearing the IE cache.
+author: ramakoni
+manager: dcscontentpm
+ms.prod: internet-explorer
+ms.topic: troubleshooting 
+ms.author: ramakoni
+ms.custom: CI=111020
+ms.reviewer: ramakoni, DEV_Triage
+audience: ITPro
+ms.localizationpriority: Normal
+ms.date: 01/20/2020
+---
+# How to clear Internet Explorer cache by using the command line
+
+This article outlines the procedure to clear the Internet Explorer cache by using the command line.
+
+## Command line commands to clear browser cache
+
+1. Delete history from the Low folder  
+   `del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah`
+
+2. Delete history     
+   `RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1`
+
+3. Delete cookies     
+   `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2`
+
+4. Delete temporary internet files     
+   `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8`
+
+5. Delete form data     
+   `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16`
+
+6. Delete stored passwords     
+   `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32`
+
+7. Delete all  
+   `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255`
+
+8. Delete files and settings stored by add-ons     
+   `InetCpl.cpl,ClearMyTracksByProcess 4351`
+
+If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions:  
+`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9`  
+
+Command to reset Internet Explorer settings:  
+`Rundll32.exe inetcpl.cpl ResetIEtoDefaults`
+
+## Sample batch file to clear Internet Explorer cache files
+
+A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip.
+
+The batch file offers the following options:
+
+- Delete Non-trusted web History (low-level hidden cleanup) 
+- Delete History 
+- Delete Cookies 
+- Delete Temporary Internet Files 
+- Delete Form Data 
+- Delete Stored Passwords 
+- Delete All 
+- Delete All "Also delete files and settings stored by add-ons"
+- Delete IE10 and IE9 Temporary Internet Files
+- Resets IE Settings
+- EXIT
+
+**Contents of the batch file**
+
+```console
+@echo off
+::  AxelR Test Batch
+::  tested on Windows 8 + IE10, Windows7 + IE9
+
+:home
+cls
+COLOR 00
+echo Delete IE History
+echo Please select the task you wish to run.
+echo Pick one: 
+echo.
+echo  1. Delete Non-trusted web History(low level hidden clean up) 
+echo  2. Delete History 
+echo  3. Delete Cookies 
+echo  4. Delete Temporary Internet Files 
+echo  5. Delete Form Data 
+echo  6. Delete Stored Passwords 
+echo  7. Delete All 
+echo  8. Delete All "Also delete files and settings stored by add-ons"
+echo  9. Delete IE10 and 9 Temporary Internet Files
+echo  10. Reset IE Settings
+echo  77. EXIT
+:choice
+Echo Hit a number [1-10] and press enter. 
+set /P CH=[1-10]
+
+if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah 
+if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 
+if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 
+if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 
+if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 
+if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 
+if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 
+if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 
+if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9  
+if "%CH%"=="10" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults
+if "%CH%"=="77" goto quit
+
+%x%
+
+goto Home
+
+::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media 
+::that  are saved for faster viewing.
+::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by 
+::websites to save preferences such as login information.
+::History > Delete history - To delete the history of the websites you have visited.
+::Form data > Delete forms - To delete all the saved information that you have typed into 
+::forms.
+::Passwords > Delete passwords - To delete all the passwords that are automatically filled in 
+::when you log on to a website that you've previously visited.
+::Delete all - To delete all of these listed items in one operation.
+
+::enter below in search/run to see Low  history dir if exists
+::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low
+
+::Delete all low(untrusted history) very hidden 
+::this will clean any unlocked  files under the dir and not delete the dir structure 
+::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah
+
+goto Home
+```

browsers/troubleshooting/ie-edge-faqs.md

@@ -0,0 +1,229 @@
+---
+title: IE and Microsoft Edge FAQ for IT Pros
+description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
+author: ramakoni
+manager: dcscontentpm
+ms.prod: internet-explorer
+ms.topic: troubleshooting 
+ms.author: ramakoni
+ms.custom: CI=111020
+ms.reviewer: ramakoni
+audience: ITPro
+ms.localizationpriority: Normal
+ms.date: 01/20/2020
+---
+# Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
+
+## Cookie-related questions
+
+### What is a cookie?
+
+An HTTP cookie (the web cookie or browser cookie) is a small piece of data that a server sends to the user's web browser. The web browser may store the cookie and return it to the server together with the next request. For example, a cookie might be used to indicate whether two requests come from the same browser in order to allow the user to remain logged-in. The cookie records stateful information for the stateless HTTP protocol.
+
+### How does Internet Explorer handle cookies?
+
+For more information about how Internet Explorer handles cookies, see the following articles:
+
+- [Beware Cookie Sharing in Cross-Zone Scenarios](https://blogs.msdn.microsoft.com/ieinternals/2011/03/10/beware-cookie-sharing-in-cross-zone-scenarios/)
+- [A Quick Look at P3P](https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/)
+- [Internet Explorer Cookie Internals FAQ](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/)
+- [Privacy Beyond Blocking Cookies](https://blogs.msdn.microsoft.com/ie/2008/08/25/privacy-beyond-blocking-cookies-bringing-awareness-to-third-party-content/)
+- [Description of Cookies](https://support.microsoft.com/help/260971/description-of-cookies)
+
+### Where does Internet Explorer store cookies?
+
+To see where Internet Explorer stores its cookies, follow these steps:
+
+1. Start File Explorer.
+2. Select **Views** > **Change folder and search options**.
+3. In the **Folder Options** dialog box, select **View**.
+4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**.
+5. Clear **Hide protected operation system files (Recommended)**.
+6. Select **Apply**.
+7. Select **OK**.
+
+The following are the folder locations where the cookies are stored:
+
+**In Windows 10**  
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCache
+
+**In Windows 8 and Windows 8.1**  
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCookies
+
+**In Windows 7**  
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies  
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies\Low
+
+### What is the per-domain cookie limit?
+
+Since the June 2018 cumulative updates for Internet Explorer and Microsoft Edge, the per-domain cookie limit is increased from 50 to 180 for both browsers. The cookies vary by path. So, if the same cookie is set for the same domain but for different paths, it's essentially a new cookie.
+
+There's still a 5 Kilobytes (KB) limit on the size of the cookie header that is sent out. This limit can cause some cookies to be lost after they exceed that value.
+
+The JavaScript limitation was updated to 10 KB from 4 KB.
+
+For more information, see [Internet Explorer Cookie Internals (FAQ)](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/).
+
+#### Additional information about cookie limits
+
+**What does the Cookie RFC allow?** 
+
+RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following:
+
+- At least 300 cookies total
+
+- At least 20 cookies per unique host or domain name
+
+For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer.
+
+### Cookie size limit per domain
+
+Some browsers also limit the amount of space that any one domain can use for cookies. This means that if your browser sets a limit of 4,096 bytes per domain for cookies, 4,096 bytes is the maximum available space in that domain even though you can set up to 180 cookies.
+
+## Proxy Auto Configuration (PAC)-related questions
+
+### Is an example Proxy Auto Configuration (PAC) file available?
+
+Here is a simple PAC file:
+
+```vb
+function FindProxyForURL(url, host)
+{
+ return "PROXY proxyserver:portnumber";
+}
+```
+
+> [!NOTE]
+> The previous PAC always returns the **proxyserver:portnumber** proxy.
+
+For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
+
+**Third-party information disclaimer**
+
+The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
+
+### How to improve performance by using PAC scripts
+
+- [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/help/315810/browser-is-slow-to-respond-when-you-use-an-automatic-configuration-scr)
+
+- [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/)
+
+## Other questions
+
+### How to set home and start pages in Microsoft Edge and allow user editing
+
+For more information, see the following blog article:
+
+[How do I set the home page in Microsoft Edge?](https://blogs.msdn.microsoft.com/askie/2017/10/04/how-do-i-set-the-home-page-in-edge/)
+
+### How to add sites to the Enterprise Mode (EMIE) site list
+
+For more information about how to add sites to an EMIE list, see [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool).
+
+### What is Content Security Policy (CSP)?
+
+By using [Content Security Policy](https://docs.microsoft.com/microsoft-edge/dev-guide/security/content-security-policy), you create an allow list of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
+
+Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
+
+CSP2 makes these scenarios easier to manage by adding support for nonces and hashes for script and style resources. A nonce is a cryptographically strong random value that is generated on each page load that appears in both the CSP policy and in the script tags on the page. Using nonces can help minimize the need to maintain a list of allowed source URL values while also allowing trusted scripts that are declared in script elements to run.
+
+For more information, see the following articles:
+
+- [Introducing support for Content Security Policy Level 2](https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/)
+- [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
+
+### Where to find Internet Explorer security zones registry entries
+
+Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users). 
+This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
+
+The default Zone Keys are stored in the following locations:
+
+- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+
+- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+
+### Why don't HTML5 videos play in Internet Explorer 11?
+
+To play HTML5 videos in the Internet Zone, use the default settings or make sure that the registry key value of **2701** under **Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3** is set to **0**.
+
+- 0 (the default value): Allow
+- 3: Disallow
+
+This key is read by the **URLACTION_ALLOW_AUDIO_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone.
+
+For more information, see [Unable to play HTML5 Videos in IE](https://blogs.msdn.microsoft.com/askie/2014/12/31/unable-to-play-html5-videos-in-ie/).
+
+For Windows 10 N and Windows KN editions, you must also download the feature pack that is discussed in [Media feature pack for Windows 10 N and Windows 10 KN editions](https://support.microsoft.com/help/3010081/media-feature-pack-for-windows-10-n-and-windows-10-kn-editions).
+
+For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running)
+
+### What is the Enterprise Mode Site List Portal? 
+
+This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
+
+### What is Enterprise Mode Feature?
+
+For more information about this topic, see [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode).
+
+### Where can I obtain a list of HTTP Status codes?
+
+For information about this list, see [HTTP Status Codes](https://docs.microsoft.com/windows/win32/winhttp/http-status-codes).
+
+### What is end of support for Internet Explorer 11?
+
+Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
+
+For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
+
+### How to configure TLS (SSL) for Internet Explorer
+
+For more information about how to configure TLS/SSL for Internet Explorer, see [Group Policy Setting to configure TLS/SSL](https://gpsearch.azurewebsites.net/#380).
+
+### What is Site to Zone?
+
+Site to Zone usually refers to one of the following:
+
+**Site to Zone Assignment List**
+
+This is a Group Policy policy setting that can be used to add sites to the various security zones.
+
+The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones:
+
+- Intranet zone
+- Trusted Sites zone
+- Internet zone 
+- Restricted Sites zone
+
+If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site.
+
+**Site to Zone Mapping**
+
+Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list:
+
+- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
+- HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
+
+**Site to Zone Assignment List policy**
+
+This policy setting is available for both Computer Configuration and User Configuration:
+
+- Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+- User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+
+**References**
+
+[How to configure Internet Explorer security zone sites using group polices](https://blogs.msdn.microsoft.com/askie/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices/)
+
+### What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
+
+For more information about these settings and limits, see [Connectivity Enhancements in Windows Internet Explorer 8](https://docs.microsoft.com/previous-versions/cc304129(v=vs.85)).
+
+### What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting?
+
+The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server. 
+ 
+For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](https://blogs.msdn.microsoft.com/jpsanders/2009/06/29/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer/).
+
+

windows/deployment/upgrade/resolution-procedures.md

@@ -194,7 +194,7 @@ Disconnect all peripheral devices that are connected to the system, except for t
 <tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
 Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
 <br>Review the rollback log and determine the stop code.
-<br>The rollback log is located in the <strong>C:$Windows.~BT\Sources\Panther</strong> folder.  An example analysis is shown below. This example is not representative of all cases:
+<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder.  An example analysis is shown below. This example is not representative of all cases:
 <pre>
 Info SP     Crash 0x0000007E detected
 Info SP       Module name           :

windows/security/identity-protection/hello-for-business/hello-identity-verification.md

@@ -36,18 +36,6 @@ Windows Hello addresses the following problems with passwords:
 
 ## Prerequisites
 
-> [!Important]
-> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>. 
-> **Requirements:**</br>
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
->
-> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
-> **Requirements:**</br>
-> Reset from settings - Windows 10, version 1703, Professional</br>
-> Reset above lock screen - Windows 10, version 1709, Professional</br>
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
-
 ### Cloud Only Deployment
 
 * Windows 10, version 1511 or later
@@ -75,6 +63,18 @@ The table shows the minimum requirements for each deployment. For key trust in a
 | Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | 
 | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
 
+> [!Important]
+> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. </br> 
+> **Requirements:**</br>
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>
+> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
+> **Requirements:**</br>
+> Reset from settings - Windows 10, version 1703, Professional</br>
+> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
 ### On-premises Deployments
 
 The table shows the minimum requirements for each deployment.

windows/security/threat-protection/TOC.md

@@ -153,6 +153,15 @@
 ### [Portal overview](microsoft-defender-atp/portal-overview.md)
 ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
 
+
+## [Deployment guide]()
+### [Product brief](microsoft-defender-atp/product-brief.md)
+### [Prepare deployment](microsoft-defender-atp/prepare-deployment.md)
+### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
+### [Production deployment](microsoft-defender-atp/production-deployment.md)
+### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
+
+
 ## [Get started]()
 ### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
 ### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md

@@ -39,7 +39,7 @@ For information on other tables in the advanced hunting schema, see [the advance
 | `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
 | `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
 | `IsSigned` | boolean | Indicates whether the file is signed |
-| `SignatureType` | string | Indicates whether signature information was read as embedded | content in the file itself or read from an external catalog file |
+| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file |
 | `Signer` | string | Information about the signer of the file |
 | `SignerHash` | string | Unique hash value identifying the signer |
 | `Issuer` | string | Information about the issuing certificate authority (CA) |

windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md

@@ -0,0 +1,60 @@
+---
+title: Helpful Microsoft Defender Advanced Threat Protection resources
+description: Access helpful resources such as links to blogs and other resources related to  Microsoft Defender Advanced Threat Protection
+keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual 
+---
+
+# Helpful Microsoft Defender Advanced Threat Protection resources
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Access helpful resources such as links to blogs and other resources related to  Microsoft Defender Advanced Threat Protection.
+
+## Endpoint protection platform
+-   [Top scoring in industry
+    tests](https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests)
+
+-   [Inside out: Get to know the advanced technologies at the core of Microsoft
+    Defender ATP next generation
+    protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/)
+
+-   [Protecting disconnected devices with Microsoft Defender
+    ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341)
+
+-   [Tamper protection in Microsoft Defender
+    ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
+
+## Endpoint Detection Response
+
+-   [Incident response at your fingertips with Microsoft Defender ATP live
+    response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894)
+
+## Threat Vulnerability Management
+
+-   [Microsoft Defender ATP Threat & Vulnerability Management now publicly
+    available!](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977)
+
+## Operational
+
+-   [The Golden Hour remake - Defining metrics for a successful security
+    operations](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/The-Golden-Hour-remake-Defining-metrics-for-a-successful/ba-p/782014)
+
+-   [Microsoft Defender ATP Evaluation lab is now available in public preview
+    ](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-Evaluation-lab-is-now-available-in-public/ba-p/770271)
+
+-   [How automation brings value to your security
+    teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297)

windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md

@@ -44,7 +44,7 @@ If you turn network protection off, users or apps will not be blocked from conne
 
 If you do not configure it, network blocking will be turned off by default.
 
-For more information, see [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection).
+For more information, see [Enable network protection](enable-network-protection.md).
 
 ## Investigation impact
 When network protection is turned on, you'll see that on a machine's timeline the IP address will keep representing the proxy, while the real target address shows up.
@@ -86,4 +86,3 @@ DeviceNetworkEvents
 
 ## Related topics
 - [Applying network protection with GP - policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection)
-- [Protect your network](https://docs.microsoft.comwindows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)

windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md

@@ -0,0 +1,162 @@
+---
+title: Prepare Microsoft Defender ATP deployment
+description: Prepare stakeholder sign-off, timelines, environment considerations, and adoption order when deploying Microsoft Defender ATP
+keywords: deploy, prepare, stakeholder, timeline, environment, endpoint, server, management, adoption
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article 
+---
+
+# Prepare Microsoft Defender ATP deployment
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Stakeholders and Sign-off
+The following section serves to identify all the stakeholders that are involved
+in this project and need to sign-off, review, or stay informed. Add stakeholders
+to the table below as appropriate for your organization.
+
+-   SO = Sign-off on this project
+
+-   R = Review this project and provide input
+
+-   I = Informed of this project
+
+| Name                 | Role                                                                                                                                                                                                          | Action |
+|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|
+| Enter name and email | **Chief Information Security Officer (CISO)** *An executive representative who serves as sponsor inside the organization for the new technology deployment.*                                                  | SO     |
+| Enter name and email | **Head of Cyber Defense Operations Center (CDOC)** *A representative from the CDOC team in charge of defining how this change is aligned with the processes in the customers security operations team.*       | SO     |
+| Enter name and email | **Security Architect** *A representative from the Security team in charge of defining how this change is aligned with the core Security architecture in the organization.*                         | R      |
+| Enter name and email | **Workplace Architect** *A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization.*                             | R      |
+| Enter name and email | **Security Analyst** *A representative from the CDOC team who can provide input on the detection capabilities, user experience and overall usefulness of this change from a security operations perspective.* | I      |
+
+## Project Management
+
+### In Scope
+
+The following is in scope for this project:
+
+-   Enabling Microsoft Defender ATP endpoint protection platform (EPP)
+    capabilities
+
+    -   Next Generation Protection
+
+    -   Attack Surface Reduction
+
+-   Enabling Microsoft Defender ATP endpoint detection and response (EDR)
+    capabilities including automatic investigation and remediation
+
+-   Enabling Microsoft Defender ATP threat and vulnerability management (TVM)
+-   Use of System Center Configuration Manager to onboard endpoints into the service.
+
+### Out of scope
+
+The following are out of scope of this project:
+
+-   Configuration of third-party solutions that might integrate with Microsoft
+    Defender ATP.
+
+-   Penetration testing in production environment.
+
+## Environment 
+
+
+This section is used to ensure your environment is deeply understood by the
+stakeholders which will help identify potential dependencies and/or changes
+required in technologies or processes.
+
+| What                                  | Description |
+|---------------------------------------|-------------|
+| Endpoint count                        |             |
+| Server count                          |             |
+| Management engine                     |             |
+| CDOC distribution                     |             |
+| Security information and event (SIEM) |             |
+
+
+## Role-based access control
+
+Microsoft recommends using the concept of least privileges. Microsoft Defender
+ATP leverages built-in roles within Azure Active Directory. Microsoft recommend
+[review the different roles that are
+available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
+and choose the right one to solve your needs for each persona for this
+application. Some roles may need to be applied temporarily and removed after the
+deployment has been completed.
+
+| Personas                     | Roles | Azure AD Role (if required) | Assign to |
+|------------------------------|-------|-----------------------------|-----------|
+| Security Administrator       |       |                             |           |
+| Security Analyst             |       |                             |           |
+| Endpoint Administrator       |       |                             |           |
+| Infrastructure Administrator |       |                             |           |
+| Business Owner/Stakeholder   |       |                             |           |
+
+Microsoft recommends using [Privileged Identity
+Management](https://docs.microsoft.com/azure/active-directory/active-directory-privileged-identity-management-configure)
+to manage your roles to provide additional auditing, control, and access review
+for users with directory permissions.
+
+Microsoft Defender ATP supports two ways to manage permissions:
+
+-   **Basic permissions management**: Set permissions to either full access or
+    read-only. In the case of basic permissions management users with Global
+    Administrator or Security Administrator role in Azure Active Directory have
+    full access while the Security reader role has read-only access.
+
+-   **Role-based access control (RBAC)**: Set granular permissions by defining
+    roles, assigning Azure AD user groups to the roles, and granting the user
+    groups access to machine groups. For more information. see [Manage portal access using role-based access control](rbac.md).
+
+Microsoft recommends leveraging RBAC to ensure that only users that have a
+business justification can access Microsoft Defender ATP.
+
+You can find details on permission guidelines
+[here](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group).
+
+The following example table serves to identify the Cyber Defense Operations
+Center structure in your environment that will help you determine the RBAC
+structure required for your environment.
+
+| Tier   | Description                                                                                                                                                                                                 | Permission Required |
+|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
+| Tier 1 | **Local security operations team / IT team**<br>This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.                                              |                     |
+| Tier 2 | **Regional security operations team**<br>This team can see all the machines for their region and perform remediation actions.                                                                                                                        |        View data               |
+| Tier 3 | **Global security operations team**<br>This team consists of security experts and are authorized to see and perform all actions from the portal. | View data <br>  Alerts investigation Active remediation actions <br> Alerts investigation Active remediation actions <br> Manage portal system settings <br> Manage security settings |
+
+
+
+## Adoption Order
+In many cases organizations will have existing endpoint security products in
+place. The bare minimum every organization should have is an antivirus solution. But in some cases an organization might also already implanted an EDR solution.
+Historically, replacing any security solution was time intensive and difficult
+to achieve due to the tight hooks into the application layer and infrastructure
+dependencies. However, because Microsoft Defender ATP is built into the
+operating system, replacing third-party solutions is easy to achieve.
+
+Choose which component of Microsoft Defender ATP to be used and remove the ones
+that do not apply. The table below indicates the Microsoft recommendation on the
+order on how the endpoint security suite should be enabled.
+
+| Component                               | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Adoption Order Rank |
+|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
+| Endpoint Detection & Response (EDR)     | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)                                                                                                                                                                                                                                             | 1                   |
+| Next Generation Protection (NGP)        | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | 2                   |
+| Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 3                   |
+| Threat & Vulnerability Management (TVM) | Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | 4                   |
+| Auto Investigation & Remediation (AIR)  | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable      |
+| Microsoft Threat Experts (MTE)          | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)                                                                                                                                                                                                                                                                                                                     | Not applicable      |
+
+## Related topic
+- [Production deployment](production-deployment.md)

windows/security/threat-protection/microsoft-defender-atp/product-brief.md

@@ -0,0 +1,74 @@
+---
+title: Microsoft Defender Advanced Threat Protection product brief
+description: Learn about the Microsoft Defender Advanced Threat Protection capabilities and licensing requirements
+keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual 
+---
+
+# Microsoft Defender Advanced Threat Protection product brief 
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+Microsoft Defender ATP is a platform designed to
+help enterprise networks prevent, detect, investigate, and respond to advanced
+threats.
+
+![Image of the Microsoft Defender ATP components](images/mdatp-platform.png)
+
+## Platform capabilities
+
+Capability | Description 
+:---|:---
+**Threat and Vulnerability Management**  | This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
+**Attack Surface Reduction** |  The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
+**Next Generation Protection** |  To further reinforce the security perimeter of the organizations network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
+**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 
+**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+**Microsoft Threat Experts** | Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+**Secure Score** | Microsoft Defender ATP includes a secure score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization. 
+ **Advance Hunting** | Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in the organization.
+**Management and API** | Integrate Microsoft Defender Advanced Threat Protection into existing workflows.  
+ **Microsoft Threat Protection** | Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to the organization.             |   |
+
+Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+
+-   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
+    collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
+
+
+-   **Cloud security analytics**: Leveraging big-data, machine-learning, and
+    unique Microsoft optics across the Windows ecosystem,
+    enterprise cloud products (such as Office 365), and online assets, behavioral signals
+    are translated into insights, detections, and recommended responses
+    to advanced threats.
+
+-   **Threat intelligence**: Generated by Microsoft hunters, security teams,
+    and augmented by threat intelligence provided by partners, threat
+    intelligence enables Microsoft Defender ATP to identify attacker
+    tools, techniques, and procedures, and generate alerts when these
+    are observed in collected sensor data.
+
+## Licensing requirements
+Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+
+- Windows 10 Enterprise E5
+- Windows 10 Education A5
+- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
+- Microsoft 365 A5 (M365 A5)
+
+## Related topic
+- [Prepare deployment](prepare-deployment.md)

windows/security/threat-protection/microsoft-defender-atp/production-deployment.md

@@ -0,0 +1,602 @@
+---
+title: Microsoft Defender ATP production deployment
+description: 
+keywords:
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article 
+---
+
+# Microsoft Defender ATP production deployment
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on:
+- Tenant configuration
+- Network configuration
+- Onboarding using System Center Configuration Manager
+- Endpoint detection and response
+- Next generation protection
+- Attack surface reduction
+
+>[!NOTE]
+>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
+
+## Tenant Configuration
+
+When accessing [Microsoft Defender Security Center](https://securitycenter.windows.com/) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client machine.
+
+1. From a web browser, navigate to <https://securitycenter.windows.com>.
+
+    ![Image of Set up your permissions for Microsoft Defender ATP](images/atp-setup-permissions-wdatp-portal.png)
+
+2. If going through a TRIAL license, go to the link (<https://signup.microsoft.com/Signup?OfferId=6033e4b5-c320-4008-a936-909c2825d83c&dl=WIN_DEF_ATP&pc=xxxxxxx-xxxxxx-xxx-x>)
+
+    Once the authorization step is completed, the **Welcome** screen will be displayed.
+3. Go through the authorization steps.
+
+    ![Image of Welcome screen for portal set up](images/welcome1.png)
+
+4. Set up preferences.
+
+   **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU or UK. You cannot change the location after this setup and Microsoft will not transfer the data from the specified geolocation. 
+
+    **Data retention** - The default is 6 months.
+
+    **Enable preview features** - The default is on, can be changed later.
+
+    ![Image of geographic location in set up](images/setup-preferences.png)
+
+5. Select **Next**.
+
+     ![Image of final preference set up](images/setup-preferences2.png)
+
+6. Select **Continue**.
+
+
+## Network configuration
+If the organization does not require the endpoints to use a Proxy to access the
+Internet, skip this section.
+
+The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to
+report sensor data and communicate with the Microsoft Defender ATP service. The
+embedded Microsoft Defender ATP sensor runs in the system context using the
+LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP)
+to enable communication with the Microsoft Defender ATP cloud service. The
+WinHTTP configuration setting is independent of the Windows Internet (WinINet)
+internet browsing proxy settings and can only discover a proxy server by using
+the following discovery methods:
+
+**Auto-discovery methods:**
+
+-   Transparent proxy
+
+-   Web Proxy Auto-discovery Protocol (WPAD)
+
+If a Transparent proxy or WPAD has been implemented in the network topology,
+there is no need for special configuration settings. For more information on
+Microsoft Defender ATP URL exclusions in the proxy, see the
+Appendix section in this document for the URLs Whitelisting or on
+[Microsoft
+Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
+
+**Manual static proxy configuration:**
+
+-   Registry based configuration
+
+-   WinHTTP configured using netsh command <br> Suitable only for desktops in a
+    stable topology (for example: a desktop in a corporate network behind the
+    same proxy)
+
+### Configure the proxy server manually using a registry-based static proxy
+
+Configure a registry-based static proxy to allow only Microsoft Defender ATP
+sensor to report diagnostic data and communicate with Microsoft Defender ATP
+services if a computer is not permitted to connect to the Internet. The static
+proxy is configurable through Group Policy (GP). The group policy can be found
+under:
+
+-   Administrative Templates \> Windows Components \> Data Collection and
+    Preview Builds \> Configure Authenticated Proxy usage for the Connected User
+    Experience and Telemetry Service
+
+    -   Set it to **Enabled** and select **Disable Authenticated Proxy usage**
+
+1. Open the Group Policy Management Console.
+2. Create a policy or edit an existing policy based off the organizational practices.
+3. Edit the Group Policy and navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service**. 
+    ![Image of Group Policy setting](images/atp-gpo-proxy1.png)
+
+4. Select **Enabled**.
+5. Select **Disable Authenticated Proxy usage**.
+   
+6. Navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure connected user experiences and telemetry**.
+    ![Image of Group Policy setting](images/atp-gpo-proxy2.png)
+7. Select **Enabled**.
+8. Enter the **Proxy Server Name**.
+
+The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`.
+
+The registry value `TelemetryProxyServer` takes the following string format:
+
+```text
+<server name or ip>:<port>
+```
+
+For example: 10.0.0.6:8080
+
+The registry value `DisableEnterpriseAuthProxy` should be set to 1.
+
+###  Configure the proxy server manually using netsh command
+
+Use netsh to configure a system-wide static proxy.
+
+> [!NOTE]
+> - This will affect all applications including Windows services which use WinHTTP with default proxy.</br>
+> - Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.
+
+1. Open an elevated command-line:
+
+    a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+2. Enter the following command and press **Enter**:
+
+   ```PowerShell
+   netsh winhttp set proxy <proxy>:<port>
+   ```
+
+   For example: netsh winhttp set proxy 10.0.0.6:8080
+
+
+###  Proxy Configuration for down-level machines
+
+Down-Level machines include Windows 7 SP1 and Windows 8.1 workstations as well
+as Windows Server 2008 R2, Windows Sever 2012, Windows Server 2012 R2, and
+versions of Windows Server 2016 prior to Windows Server CB 1803. These operating
+systems will have the proxy configured as part of the Microsoft Management Agent
+to handle communication from the endpoint to Azure. Refer to the
+Microsoft Management Agent Fast Deployment Guide for information on how a proxy
+is configured on these machines.
+
+### Proxy Service URLs
+URLs that include v20 in them are only needed if you have Windows 10, version
+1803 or later machines. For example, ```us-v20.events.data.microsoft.com``` is only
+needed if the machine is on Windows 10, version 1803 or later.
+
+ Service location | Microsoft.com DNS record
+-|-
+Common URLs for all locations | ```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```<br>```notify.windows.com```<br> ```settings-win.data.microsoft.com```
+European Union | ```eu.vortex-win.data.microsoft.com``` <br> ```eu-v20.events.data.microsoft.com``` <br> ```usseu1northprod.blob.core.windows.net```  <br>```usseu1westprod.blob.core.windows.net``` <br> ```winatp-gw-neu.microsoft.com``` <br> ```winatp-gw-weu.microsoft.com``` <br>```wseu1northprod.blob.core.windows.net``` <br>```wseu1westprod.blob.core.windows.net``` 
+United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com``` <br>```ussuk1southprod.blob.core.windows.net``` <br>```ussuk1westprod.blob.core.windows.net``` <br>```winatp-gw-uks.microsoft.com``` <br>```winatp-gw-ukw.microsoft.com``` <br>```wsuk1southprod.blob.core.windows.net``` <br>```wsuk1westprod.blob.core.windows.net``` 
+United States | ```us.vortex-win.data.microsoft.com``` <br> ```ussus1eastprod.blob.core.windows.net``` <br> ```ussus1westprod.blob.core.windows.net``` <br> ```ussus2eastprod.blob.core.windows.net``` <br> ```ussus2westprod.blob.core.windows.net``` <br> ```ussus3eastprod.blob.core.windows.net``` <br> ```ussus3westprod.blob.core.windows.net``` <br> ```ussus4eastprod.blob.core.windows.net``` <br> ```ussus4westprod.blob.core.windows.net``` <br> ```us-v20.events.data.microsoft.com``` <br> ```winatp-gw-cus.microsoft.com``` <br> ```winatp-gw-eus.microsoft.com``` <br> ```wsus1eastprod.blob.core.windows.net``` <br> ```wsus1westprod.blob.core.windows.net``` <br> ```wsus2eastprod.blob.core.windows.net``` <br> ```wsus2westprod.blob.core.windows.net```
+
+
+If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+
+###  Microsoft Defender ATP service backend IP range
+
+If you network devices don't support the URLs white-listed in the prior section, you can use the following information.
+
+Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
+
+- \+\<Region Name="uswestcentral">
+- \+\<Region Name="useast2">
+- \+\<Region Name="useast">
+- \+\<Region Name="europenorth">
+- \+\<Region Name="europewest">
+- \+\<Region Name="uksouth">
+- \+\<Region Name="ukwest">
+
+You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653).
+
+> [!NOTE]
+> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
+
+## Onboarding using System Center Configuration Manager 
+### Collection creation
+To onboard Windows 10 devices with System Center Configuration Manager, the
+deployment can target either and existing collection or a new collection can be
+created for testing. The onboarding like group policy or manual method does
+not install any agent on the system. Within the Configuration Manager console
+the onboarding process will be configured as part of the compliance settings
+within the console. Any system that receives this required configuration will
+maintain that configuration for as long as the Configuration Manager client
+continues to receive this policy from the management point. Follow the steps
+below to onboard systems with Configuration Manager.
+
+1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.            
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-device-collections.png)
+
+2. Right Click **Device Collection** and select **Create Device Collection**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-create-device-collection.png)
+
+3. Provide a **Name** and **Limiting Collection**, then select **Next**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-limiting-collection.png)
+
+4. Select **Add Rule** and choose **Query Rule**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-query-rule.png)
+
+5.  Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
+
+     ![Image of System Center Configuration Manager wizard](images/sccm-direct-membership.png)
+
+6. Select **Criteria** and then choose the star icon.
+
+     ![Image of System Center Configuration Manager wizard](images/sccm-criteria.png)
+
+7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-simple-value.png)
+
+8. Select **Next** and **Close**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-membership-rules.png)
+
+9. Select **Next**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-confirm.png)
+
+After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. 
+
+## Endpoint detection and response
+### Windows 10
+From within the Microsoft Defender Security Center it is possible to download
+the '.onboarding' policy that can be used to create the policy in System Center Configuration
+Manager and deploy that policy to Windows 10 devices.
+
+1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
+
+
+
+2. Under Deployment method select the supported version of **System Center Configuration Manager**.
+
+    ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png)
+
+3.	Select **Download package**.
+
+    ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png)
+
+4. Save the package to an accessible location.
+5. In  System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
+
+6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-create-policy.png)
+
+7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
+
+    ![Image of System Center Configuration Manager wizard](images/sccm-policy-name.png)
+
+8. Click **Browse**.
+
+9. Navigate to the location of the downloaded file from step 4 above.
+
+    ![Image of configuration settings](images/1b9f85316170cfe24b46330afa8517d5.png)
+
+10. Click **Next**.
+11. Configure the Agent with the appropriate samples (**None** or **All file types**).
+
+    ![Image of configuration settings](images/1b9f85316170cfe24b46330afa8517d5.png)
+
+12. Select the appropriate telemetry (**Normal** or **Expedited**) then click **Next**.
+
+    ![Image of configuration settings](images/13201b477bc9a9ae0020814915fe80cc.png)
+
+14. Verify the configuration, then click **Next**.
+
+     ![Image of configuration settings](images/adc17988b0984ca2aa3ff8f41ddacaf9.png)
+
+15. Click **Close** when the Wizard completes.
+
+16.  In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
+
+     ![Image of configuration settings](images/4a37f3687e6ff53a593d3670b1dad3aa.png)
+
+17. On the right panel, select the previously created collection and click **OK**.
+
+    ![Image of configuration settings](images/26efa2711bca78f6b6d73712f86b5bd9.png)
+
+
+### Previous versions of Windows Client (Windows 7 and Windows 8.1)
+Follow the steps below to identify the Microsoft Defender ATP Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
+
+1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
+
+2. Under operating system choose **Windows 7 SP1 and 8.1**.
+
+    ![Image of onboarding](images/91b738e4b97c4272fd6d438d8c2d5269.png)
+
+3. Copy the **Workspace ID** and **Workspace Key** and save them. They will be used later in the process.
+
+Before the systems can be onboarded into the workspace, the deployment scripts need to be updated to contain the correct information. Failure to do so will result in the systems not being properly onboarded. Depending on the deployment method, this step may have already been completed.
+
+Edit the InstallMMA.cmd with a text editor, such as notepad and update the
+following lines and save the file:
+
+   ![Image of onboarding](images/a22081b675da83e8f62a046ae6922b0d.png)
+
+Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file:
+
+   ![Image of onboarding](images/09833d16df7f37eda97ea1d5009b651a.png)
+
+Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating
+Systems:
+
+-   Server SKUs: Windows Server 2008 SP1 or Newer
+
+-   Client SKUs: Windows 7 SP1 and later
+
+The MMA agent will need to be installed on Windows devices. To install the
+agent, some systems will need to download the [Update for customer experience
+and diagnostic
+telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
+in order to collect the data with MMA. These system versions include but may not
+be limited to:
+
+-   Windows 8.1
+
+-   Windows 7
+
+-   Windows Server 2016
+
+-   Windows Server 2012 R2
+
+-   Windows Server 2008 R2
+
+Specifically, for Windows 7 SP1, the following patches must be installed:
+
+-   Install
+    [KB4074598](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
+
+-   Install either [.NET Framework
+    4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or
+    later) **or**
+    [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
+    Do not install both on the same system.
+
+To deploy the MMA with System Center Configuration Manager, follow the steps
+below to utilize the provided batch files to onboard the systems. The CMD file
+when executed, will require the system to copy files from a network share by the
+System, the System will install MMA, Install the DependencyAgent, and configure
+MMA for enrollment into the workspace.
+
+
+1. In  System Center Configuration Manager console, navigate to **Software
+    Library**.
+
+2.  Expand **Application Management**.
+
+3.  Right-click **Packages**  then select **Create Package**.
+
+4. Provide a Name for the package, then click **Next**
+
+    ![Image of System Center Configuration Manager console](images/e156a7ef87ea6472d57a3dc594bf08c2.png)
+
+5. Verify **Standard Program** is selected.
+
+   ![Image of System Center Configuration Manager console](images/227f249bcb6e7f29c4d43aa1ffaccd20.png)
+
+6.  Click **Next**.
+
+    ![Image of System Center Configuration Manager console](images/2c7f9d05a2ebd19607cc76b6933b945b.png)
+
+7. Enter a program name.
+
+8.  Browse to the location of the InstallMMA.cmd.
+
+9.  Set Run to **Hidden**.
+
+10.  Set **Program can run** to **Whether or not a user is logged on**.
+
+11.  Click **Next**.
+
+12.  Set the **Maximum allowed run time** to 720.
+
+13.  Click **Next**.
+
+   ![Image of System Center Configuration Manager console](images/262a41839704d6da2bbd72ed6b4a826a.png)
+
+14. Verify the configuration, then click **Next**.
+
+    ![Image of System Center Configuration Manager console](images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png)
+
+15. Click **Next**.
+
+16. Click **Close**.
+
+17.  In the System Center Configuration Manager console, right-click the Microsoft Defender ATP
+    Onboarding Package just created and select **Deploy**.
+
+18. On the right panel select the appropriate collection.
+
+19.  Click **OK**.
+
+## Next generation protection 
+Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
+
+    ![Image of antimalware policy](images/9736e0358e86bc778ce1bd4c516adb8b.png)
+
+2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence   updates** and choose **OK**.
+
+    ![Image of next generation protection pane](images/1566ad81bae3d714cc9e0d47575a8cbd.png)
+
+    In certain industries or some select enterprise customers might have specific
+needs on how Antivirus is configured.
+
+  
+    [Quick scan versus full scan and custom scan](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus#quick-scan-versus-full-scan-and-custom-scan)
+
+    For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework)
+  
+    
+    ![Image of next generation protection pane](images/cd7daeb392ad5a36f2d3a15d650f1e96.png)
+
+    ![Image of next generation protection pane](images/36c7c2ed737f2f4b54918a4f20791d4b.png)
+
+    ![Image of next generation protection pane](images/a28afc02c1940d5220b233640364970c.png)
+
+    ![Image of next generation protection pane](images/5420a8790c550f39f189830775a6d4c9.png)
+
+    ![Image of next generation protection pane](images/33f08a38f2f4dd12a364f8eac95e8c6b.png)
+
+    ![Image of next generation protection pane](images/41b9a023bc96364062c2041a8f5c344e.png)
+
+    ![Image of next generation protection pane](images/945c9c5d66797037c3caeaa5c19f135c.png)
+
+    ![Image of next generation protection pane](images/3876ca687391bfc0ce215d221c683970.png)
+
+3. Right-click on the newly created antimalware policy and select **Deploy** .
+
+    ![Image of next generation protection pane](images/f5508317cd8c7870627cb4726acd5f3d.png)
+
+4. Target the new antimalware policy to your Windows 10 collection and click **OK**.
+
+     ![Image of next generation protection pane](images/26efa2711bca78f6b6d73712f86b5bd9.png)
+
+After completing this task, you now have successfully configured Windows
+Defender Antivirus.
+
+## Attack Surface Reduction
+The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
+Protection. All these features provide an audit mode and a block mode. In audit mode there is no end user impact all it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step by step move security controls into block mode.
+
+To set ASR rules in Audit mode:
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+   ![Image of System Center Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png)
+
+
+2.  Select **Attack Surface Reduction**.
+   
+
+3. Set rules to **Audit** and click **Next**.
+
+    ![Image of System Center Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png)
+
+4. Confirm the new Exploit Guard policy by clicking on **Next**.
+
+    ![Image of System Center Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png)
+
+    
+5. Once the policy is created click **Close**.
+
+    ![Image of System Center Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png)
+
+    
+
+6.  Right-click on the newly created policy and choose **Deploy**.
+    
+    ![Image of System Center Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png)
+
+7. Target the policy to the newly created Windows 10 collection and click **OK**.
+
+    ![Image of System Center Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png)
+
+After completing this task, you now have successfully configured ASR rules in audit mode.  
+  
+Below are additional steps to verify whether ASR rules are correctly applied to
+endpoints. (This may take few minutes)
+
+
+1. From a web browser, navigate to <https://securitycenter.windows.com>.
+
+2.  Select **Configuration management** from left side menu.
+
+    ![A screenshot of a cell phone Description automatically generated](images/653db482c7ccaf31d06f29fb2aa24b7a.png)
+
+3. Click **Go to attack surface management** in the Attack surface management panel. 
+    
+    ![Image of attack surface management](images/3a01c7970ce3ec977a35883c0a01f0a2.png)
+
+4. Click **Configuration** tab in Attack Surface reduction rules reports. It shows ASR rules configuration overview and ASR rules status on each devices.
+
+    ![A screenshot of attack surface reduction rules reports](images/f91f406e6e0aae197a947d3b0e8b2d0d.png)
+
+5. Click each device shows configuration details of ASR rules.
+
+    ![A screenshot of attack surface reduction rules reports](images/24bfb16ed561cbb468bd8ce51130ca9d.png)
+
+See [Optimize ASR rule deployment and
+detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr)   for more details.  
+
+
+### To set Network Protection rules in Audit mode:
+1. In the System Center Configuration Manager console, navigate to **Assets and  Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+    ![A screenshot System Center Confirugatiom Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png)
+
+2. Select **Network protection**.
+
+3. Set the setting to **Audit** and click **Next**. 
+
+    ![A screenshot System Center Confirugatiom Manager](images/c039b2e05dba1ade6fb4512456380c9f.png)
+
+4. Confirm the new Exploit Guard Policy by clicking **Next**.
+    
+    ![A screenshot Exploit GUard policy](images/0a6536f2c4024c08709cac8fcf800060.png)
+
+5. Once the policy is created click on **Close**.
+
+    ![A screenshot Exploit GUard policy](images/95d23a07c2c8bc79176788f28cef7557.png)
+
+6. Right-click on the newly created policy and choose **Deploy**.
+
+    ![A screenshot System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png)
+
+7. Select the policy to the newly created Windows 10 collection and choose **OK**.
+
+    ![A screenshot System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png)
+
+After completing this task, you now have successfully configured Network
+Protection in audit mode.
+
+### To set Controlled Folder Access rules in Audit mode:
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+    ![A screenshot of System Center Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png)
+
+2. Select **Controlled folder access**.
+    
+3. Set the configuration to **Audit** and click **Next**.
+
+    ![A screenshot of System Center Configuration Manager](images/a8b934dab2dbba289cf64fe30e0e8aa4.png)    
+    
+4. Confirm the new Exploit Guard Policy by clicking on **Next**.
+
+    ![A screenshot of System Center Configuration Manager](images/0a6536f2c4024c08709cac8fcf800060.png)
+
+5. Once the policy is created click on **Close**.
+
+    ![A screenshot of System Center Configuration Manager](images/95d23a07c2c8bc79176788f28cef7557.png)
+
+6. Right-click on the newly created policy and choose **Deploy**.
+
+    ![A screenshot of System Center Configuration Manager](images/8999dd697e3b495c04eb911f8b68a1ef.png)
+
+7.  Target the policy to the newly created Windows 10 collection and click **OK**.
+
+    ![A screenshot of System Center Configuration Manager](images/0ccfe3e803be4b56c668b220b51da7f7.png)
+
+After completing this task, you now have successfully configured Controlled folder access in audit mode.
+

windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md

@@ -99,6 +99,7 @@ Over time, new ways to manage security policy settings have been introduced, whi
 </tr>
 </tbody>
 </table>
+
  
 ## <a href="" id="bkmk-secpol"></a>Using the Local Security Policy snap-in
 
@@ -135,7 +136,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
 
 **To administer security policies by using the Security Compliance Manager**
 
-1.  Download the most recent version. You can find out more info on the [Microsoft Security Guidance](http://blogs.technet.com/b/secguide/) blog.
+1.  Download the most recent version. You can find out more info on the [Microsoft Security Guidance](https://blogs.technet.com/b/secguide/) blog.
 2.  Read the relevant security baseline documentation that is included in this tool.
 3.  Download and import the relevant security baselines. The installation process steps you through baseline selection.
 4.  Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.
@@ -208,6 +209,7 @@ The following table lists the features of the Security Configuration Manager.
 </tr>
 </tbody>
 </table>
+
  
 ### <a href="" id="bkmk-seccfgana"></a>Security Configuration and Analysis