diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index ab677cc666..f6b41f4ac4 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -13944,5 +13944,10 @@
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics",
"redirect_document_id": true
},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
+"redirect_document_id": true
+},
]
}
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
index b619fc1428..e5d185bf40 100644
--- a/devices/hololens/hololens-recovery.md
+++ b/devices/hololens/hololens-recovery.md
@@ -49,7 +49,7 @@ To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset
If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image.
-1. On your computer, get [Advanced Recovery Companion](need store link) from Microsoft Store.
+1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
2. Connect HoloLens 2 to your computer.
3. Start Advanced Recovery Companion.
4. On the **Welcome** page, select your device.
@@ -57,4 +57,4 @@ If the device is still having a problem after reset, you can use Advanced Recove
6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
>[!NOTE]
->[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
\ No newline at end of file
+>[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index a264981b50..058ddefab4 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -41,6 +41,7 @@
### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md)
### [Using a room control system](use-room-control-system-with-surface-hub.md)
+### [Implement Quality of Service on Surface Hub](surface-hub-qos.md)
### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index 5771b3f3c5..05e00d56fe 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -64,8 +64,11 @@ Surface Hubs use Azure AD join to:
- Grant admin rights to the appropriate users in your Azure AD tenant.
- Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details.
-> [!IMPORTANT]
-> Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
+### Automatic enrollment via Azure Active Directory join
+
+Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory.
+
+For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
### Which should I choose?
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index 10ae4ecd42..d105eef44f 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -22,6 +22,7 @@ New or changed topic | Description
[Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
[Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only
+[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New
## July 2018
diff --git a/devices/surface-hub/images/qos-create.png b/devices/surface-hub/images/qos-create.png
new file mode 100644
index 0000000000..7cd4726ddb
Binary files /dev/null and b/devices/surface-hub/images/qos-create.png differ
diff --git a/devices/surface-hub/images/qos-setting.png b/devices/surface-hub/images/qos-setting.png
new file mode 100644
index 0000000000..d775d9a46f
Binary files /dev/null and b/devices/surface-hub/images/qos-setting.png differ
diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md
new file mode 100644
index 0000000000..39463f0d49
--- /dev/null
+++ b/devices/surface-hub/surface-hub-qos.md
@@ -0,0 +1,51 @@
+---
+title: Implement Quality of Service on Surface Hub
+description: Learn how to configure QoS on Surface Hub.
+ms.prod: surface-hub
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Implement Quality of Service (QoS) on Surface Hub
+
+Quality of Service (QoS) is a combination of network technologies that allows the administrators to optimize the experience of real time audio/video and application sharing communications.
+
+Configuring [QoS for Skype for Business](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp) on the Surface Hub can be done using your [mobile device management (MDM) provider](manage-settings-with-mdm-for-surface-hub.md) or through a [provisioning package](provisioning-packages-for-surface-hub.md).
+
+
+This procedure explains how to configure QoS for Surface Hub using Microsoft Intune.
+
+1. In Intune, [create a custom policy](https://docs.microsoft.com/intune/custom-settings-configure).
+
+ 
+
+2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), data type, OMA-URI, and value.
+
+ 
+
+3. Add the following custom OMA-URI settings:
+
+ Name | Data type | OMA-URI
./Device/Vendor/MSFT/NetworkQoSPolicy | Value
+ --- | --- | --- | ---
+ Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator
+ Audio DSCP | Integer | /HubAudio/DSCPAction | 46
+ Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator
+ Video DSCP | Integer | /HubVideo/DSCPAction | 34
+ Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
+ Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
+
+ >[!IMPORTANT]
+ >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be `./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition`.
+
+
+
+
+4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm)
+
+
+>[!WARNING]
+>Currently, you cannot configure the setting **IPProtocolMatchCondition** in the [NetworkQoSPolicy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). If this setting is configured, the policy will fail to apply.
+
diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md
index eefb7fd379..c9b1df28bd 100644
--- a/store-for-business/distribute-offline-apps.md
+++ b/store-for-business/distribute-offline-apps.md
@@ -63,9 +63,12 @@ There are several items to download or create for offline-licensed apps. The app
**To download an offline-licensed app**
1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then choose **Apps & software**.
-3. Refine results by **License type** to show apps with offline licenses.
-4. Find the app you want to download, click the ellipses under **Actions**, and then choose **Download for offline use**.
+2. Click **Manage**.
+3. Under **Shopping Experience**, set **Show offline apps** to **On**.
+4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory.
+5. Click **Manage**. You now have access to download the appx bundle package metadata and license file.
+6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.)
+
- **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional.
- **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required.
- **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required.
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 4b9157ad49..17d1ddd6e7 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -338,7 +338,7 @@ Delete a provider
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/TraceLevel**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel**
Specifies the level of detail included in the trace log.
The data type is an integer.
@@ -407,7 +407,7 @@ Set provider **TraceLevel**
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/Keywords**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords**
Specifies the provider keywords to be used as MatchAnyKeyword for this provider.
the data type is a string.
@@ -461,7 +461,7 @@ Set provider **Keywords**
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/State**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State**
Specifies if this provider is enabled in the trace session.
The data type is a boolean.
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 563f13334a..6a783571df 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -76,8 +76,8 @@ The data type is string. Supported operations are Get and Replace. Starting in W
Specifies whether the proxy server should be used for local (intranet) addresses.
Valid values:
-- 0 (default) - Do not use proxy server for local addresses
-- 1 - Use proxy server for local addresses
+- 0 (default) - Use proxy server for local addresses
+- 1 - Do not use proxy server for local addresses
The data type is int. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported.
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 09b30b65c0..75e19260d4 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -66,6 +66,15 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
```
```
+If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator.
+
+> [!Note]
+> `` is the entity encoding of 0xF000.
+
+For example, the following syntax grants user rights to Authenticated Users and Replicator user groups:
+```
+
+```
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 954454df28..1bee65476e 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -21,6 +21,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Added information for Shell Launcher v2, coming in the next feature update to Windows 10.
+[Prepare a device for kiosk configuration](kiosk-prepare.md) | Added new recommendations for policies to manage updates.
## February 2019
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index f484267983..436a96f0a8 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -8,7 +8,6 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
-ms.date: 01/09/2019
ms.topic: article
---
@@ -31,12 +30,14 @@ ms.topic: article
## Configuration recommendations
-For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
+For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
Recommendation | How to
--- | ---
-Hide update notifications
(New in Windows 10, version 1809) | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
-or-
Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
-or-
Add the following registry keys as DWORD (32-bit) type:`HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetUpdateNotificationLevel` with a value of `1`, and `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\UpdateNotificationLevel` with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings.
-Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:`HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled`
+Hide update notifications
(New in Windows 10, version 1809) | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
-or-
Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
-or-
Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:
**\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings.
+Enable and schedule automatic updates | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`
-or-
Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`
**Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.
To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**.
+Enable automatic restart at the scheduled time | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time**
+Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:**HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled**
Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** > **System** > **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
Hide **Ease of access** feature on the sign-in screen. | See [how to disable the Ease of Access button in the registry.](https://docs.microsoft.com/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen)
Disable the hardware power button. | Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
@@ -67,7 +68,7 @@ In addition to the settings in the table, you may want to set up **automatic log
>[!NOTE]
>If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
-
+
2. Go to
**HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon**
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 439acaa52b..18eee13ef9 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -42,6 +42,8 @@ Method | Description
>[!TIP]
>You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).
+>
+>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
@@ -169,8 +171,6 @@ Set-AssignedAccess -AppName -UserSID
[Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
-[Learn how to get the SID](https://go.microsoft.com/fwlink/p/?LinkId=615517).
-
To remove assigned access, using PowerShell, run the following cmdlet.
```
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index f704538ec1..74acffcf3a 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -40,7 +40,8 @@ New features and improvements | In update
You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
-
+>[!TIP]
+>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
## Configure a kiosk in Microsoft Intune
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index 48fcd8eb4c..c1f447026d 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -53,7 +53,7 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
-Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
+Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog.
>[!NOTE]
> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it.
diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md
index 7e923f2c27..bbca1ea487 100644
--- a/windows/deployment/update/windows-analytics-azure-portal.md
+++ b/windows/deployment/update/windows-analytics-azure-portal.md
@@ -29,7 +29,7 @@ Go to the [Azure portal](https://portal.azure.com), select **All services**, and
It's important to understand the difference between Azure Active Directory and an Azure subscription:
-**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
+**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index 0b1327b761..c020f63f0f 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -18,14 +18,15 @@ Find the tools and resources you need to help deploy and support Windows as a se
Find the latest and greatest news on Windows 10 deployment and servicing.
-**Working to make Windows updates clear and transparent**
-> [!VIDEO https://www.youtube-nocookie.com/embed/u5P20y39DrA]
+**Discovering the Windows 10 Update history pages**
+> [!VIDEO https://www.youtube-nocookie.com/embed/GADIXBf9R58]
Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues.
The latest news:
- Improving the Windows 10 update experience with control, quality and transparency - April 4, 2019
+- Call to action: review your Windows Update for Business deferral values - April 3, 2019
- Windows 10, version 1809 designated for broad deployment - March 28, 2019
- Data, insights and listening to improve the customer experience - March 6, 2019
- Getting to know the Windows update history pages - February 21, 2019
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index 9fb4c1f48f..94224b2a0c 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -25,7 +25,7 @@ By default, all users are migrated. The only way to specify which users to inclu
- [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone)
## To migrate all user accounts and user settings
-
+Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window:
@@ -49,7 +49,7 @@ By default, all users are migrated. The only way to specify which users to inclu
## To migrate two domain accounts (User1 and User2)
-
+Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and specify:
@@ -62,7 +62,7 @@ By default, all users are migrated. The only way to specify which users to inclu
`loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
-
+Links to detailed explanations of commands are available in the Related Topics section.
1. Log on to the source computer as an administrator, and type the following at the command-line prompt:
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index da571eeaf2..5ee34276fb 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -155,14 +155,18 @@ The following table defines the endpoints for Connected User Experiences and Tel
Windows release | Endpoint
--- | ---
-Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1Functional: v20.vortex-win.data.microsoft.com/collect/v1Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1settings-win.data.microsoft.com
-Windows 10, version 1607 | v10.vortex-win.data.microsoft.comsettings-win.data.microsoft.com
+Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed| Diagnostics data: v10c.vortex-win.data.microsoft.comFunctional: v20.vortex-win.data.microsoft.comWindows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.comsettings-win.data.microsoft.com
+Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | Diagnostics data: v10.events.data.microsoft.comFunctional: v20.vortex-win.data.microsoft.comWindows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.comsettings-win.data.microsoft.com
+Windows 10, version 1709 or earlier | Diagnostics data: v10.vortex-win.data.microsoft.comFunctional: v20.vortex-win.data.microsoft.comWindows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.comsettings-win.data.microsoft.com
+Windows 7 and Windows 8.1 | vortex-win.data.microsoft.com
The following table defines the endpoints for other diagnostic data services:
| Service | Endpoint |
| - | - |
| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
+| | umwatsonc.events.data.microsoft.com |
+| | kmwatsonc.events.data.microsoft.com |
| | ceuswatcab01.blob.core.windows.net |
| | ceuswatcab02.blob.core.windows.net |
| | eaus2watcab01.blob.core.windows.net |
@@ -170,7 +174,7 @@ The following table defines the endpoints for other diagnostic data services:
| | weus2watcab01.blob.core.windows.net |
| | weus2watcab02.blob.core.windows.net |
| [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
-| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
+| OneDrive app for Windows 10 | vortex.data.microsoft.com |
### Data use and access
diff --git a/windows/release-information/index.md b/windows/release-information/index.md
index cc36f41dd6..45697f0cda 100644
--- a/windows/release-information/index.md
+++ b/windows/release-information/index.md
@@ -1 +1,3 @@
-# Welcome to release-information!
\ No newline at end of file
+# Welcome to release-information!
+
+test
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 0edce00395..626de0ca3e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -43,6 +43,14 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will
To enforce processing of the group policy, you can run ```gpupdate /force```.
+### Enable Windows Defender Credential Guard by using Intune
+
+1. From **Home** click **Microsoft Intune**
+2. Click **Device configuration**
+3. Click **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
+
+> [!NOTE]
+> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
### Enable Windows Defender Credential Guard by using the registry
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 1528aad8e3..aade96adc6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -35,9 +35,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs th
## Enable Windows Hello for Business Group Policy
-The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
+The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
-You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
## Use certificate for on-premises authentication
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index 936c4a59e4..e795b09887 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -187,7 +187,7 @@ Joining a device is an extension to registering a device. This means, it provide
[Return to Top](hello-how-it-works-technology.md)
## Key Trust
-The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The certificate trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers.
+The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The key trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers.
### Related topics
[Certificate Trust](#certificate-trust), [Deployment Type](#deployment-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined), [Hybrid Deployment](#hybrid-deployment), [On-premises Deployment](#on-premises-deployment), [Trust Type](#trust-type)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 6f443cff4f..5c60844b4e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -82,7 +82,7 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation ##
-Federating your on-premises Active Directory with Azure Active Directory ensures all identities have access to all resources regardless if they reside in cloud or on-premises. Windows Hello for Business hybrid certificate trust needs Windows Server 2016 Active Directory Federation Services. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
+Windows Hello for Business hybrid certificate trust requires Active Directory being federated with Azure Active Directory and needs Windows Server 2016 Active Directory Federation Services or newer. Windows Hello for Business hybrid certificate trust doesn’t support Managed Azure Active Directory using Pass-through authentication or password hash sync. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 672ad0f33f..ae8da9280d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -50,7 +50,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**
*Minimum:* Windows 10, version 1703
*Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).**Azure AD Joined:**
Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
| Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema |
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
-| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
+| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
andWindows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
| Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter| Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter |
@@ -67,7 +67,7 @@ The table shows the minimum requirements for each deployment.
| Windows 10, version 1703 or later | Windows 10, version 1703 or later |
| Windows Server 2016 Schema | Windows Server 2016 Schema|
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
-| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
+| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) |
| AD FS with Azure MFA Server, orAD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, orAD FS with 3rd Party MFA Adapter |
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index d4040d63f5..ccafee06af 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r
The Remote Desktop client device:
-- Must be running at least Windows 10, version 1703 to be able to supply credentials.
+- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine.
- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host.
- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.
@@ -176,4 +176,4 @@ mstsc.exe /remoteGuard
- No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own.
-- The server and client must authenticate using Kerberos.
\ No newline at end of file
+- The server and client must authenticate using Kerberos.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index f1d02e941e..0b3297ec31 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -13,7 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 04/02/2019
+ms.date: 04/17/2019
---
# BitLocker Group Policy settings
@@ -238,11 +238,11 @@ This policy setting is used to control which unlock options are available for op
**Reference**
-If you want to use BitLocker on a computer without a TPM, select the **Allow BitLocker without a compatible TPM** check box. In this mode, a USB drive is required for startup. Key information that is used to encrypt the drive is stored on the USB drive, which creates a USB key. When the USB key is inserted, access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable, you need to use one of the BitLocker recovery options to access the drive.
+If you want to use BitLocker on a computer without a TPM, select **Allow BitLocker without a compatible TPM**. In this mode, a password or USB drive is required for startup. The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. If the USB drive is lost or unavailable, BitLocker recovery is required to access the drive.
-On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use:
+On a computer with a compatible TPM, additional authentication methods can be used at startup to improve protection for encrypted data. When the computer starts, it can use:
-- only the TPM for authentication
+- only the TPM
- insertion of a USB flash drive containing the startup key
- the entry of a 4-digit to 20-digit personal identification number (PIN)
- a combination of the PIN and the USB flash drive
@@ -392,7 +392,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p
| **Policy description** | This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys. |
| **Introduced** | Windows 10, version 1703 |
| **Drive type** | Operating system drives |
-| **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives|
+| **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption|
| **Conflicts** | None |
| **When enabled** | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs in again. |
| **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.|
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index e6b09cec2e..86ebe29111 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -13,7 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 02/28/2019
+ms.date: 04/17/2019
---
# Prepare your organization for BitLocker: Planning and policies
@@ -163,9 +163,9 @@ Full drive encryption means that the entire drive will be encrypted, regardless
## Active Directory Domain Services considerations
-BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following Group Policy setting to enable backup of BitLocker recovery information:
+BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following Group Policy setting for each drive type to enable backup of BitLocker recovery information:
-Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Turn on BitLocker backup to Active Directory Domain Services
+Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\*drive type*\\Choose how BitLocker protected drives can be recovered.
By default, only Domain Admins have access to BitLocker recovery information, but [access can be delegated to others](https://blogs.technet.microsoft.com/craigf/2011/01/26/delegating-access-in-ad-to-bitlocker-recovery-information/).
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index fc50cfc48c..7728af0c4f 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -11,10 +11,10 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 03/25/2019
+ms.date: 04/17/2019
---
-# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
+# Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
**Applies to:**
@@ -23,8 +23,17 @@ ms.date: 03/25/2019
Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune only manages the apps on a user's personal device.
->[!NOTE]
->If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**). the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. MAM supports only one user per device.
+## Differences between MDM and MAM for WIP
+
+You can create an app protection policy in Intune either with device enrollment for MDM or without device enrollment for MAM. The process to create either policy is similar, but there are important differences:
+
+- If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access.
+- MAM supports only one user per device.
+- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
+- MAM has additional **Access** settings for Windows Hello for Business.
+- MAM can [selectively wipe company data](https://docs.microsoft.com/intune/apps-selective-wipe) from a user's personal device.
+- MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
+- An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
## Prerequisites
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 178b297aa0..3feed9a1fa 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -345,6 +345,10 @@
###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md)
###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md)
+##### Interoperability
+###### [Partner applications](windows-defender-atp/partner-applications.md)
+
+
##### Role-based access control
###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)
@@ -389,7 +393,7 @@
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-###### [Manage allowed/blocked lists](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Manage indicators](windows-defender-atp/manage-indicators.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 1bd7c641e8..6187a558da 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -132,7 +132,7 @@ This event is generated only on domain controllers.
| 0x8 | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.
Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 operating system.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
| 0x10 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/library/cc223991.aspx).
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
| 0x20 | TRUST\_ATTRIBUTE\_WITHIN\_FOREST | If this bit is set, then the trusted domain is within the same forest.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
-| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are [more stringently filtered](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/library/cc237917.aspx) section 4.1.2.2.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
+| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are [more stringently filtered](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
| 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT |
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
index 14740a3224..2be015772f 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
@@ -24,7 +24,7 @@ Describes the best practices, location, values, management, and security conside
## Reference
-Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver. This policy setting allows you to control the locking time by using Group Policy.
+Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver (screen saver should be active on the destination machine). This policy setting allows you to control the locking time by using Group Policy.
### Possible values
@@ -40,6 +40,8 @@ Set the time for elapsed user-input inactivity based on the device’s usage and
Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options (While creating and linking group policy on server)
+
### Default values
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index ea2b3fa6af..024554261c 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -14,7 +14,8 @@ ms.localizationpriority: medium
# Use Windows Event Forwarding to help with intrusion detection
**Applies to**
-- Windows 10
+- Windows 10
+- Windows Server
Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 78351fac00..492af0b7b7 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -24,6 +24,9 @@ You can exclude certain files from Windows Defender Antivirus scans by modifying
Generally, you shouldn't need to apply exclusions. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+> [!NOTE]
+> Automatic exclusions apply only to Windows Server 2016 and above.
+
>[!TIP]
>The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index 15865ca9fa..fbe8f28763 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -56,14 +56,11 @@ SIP is a built-in macOS security feature that prevents low-level tampering with
## Installation and configuration overview
There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
In general you'll need to take the following steps:
- - [Register macOS devices](#register-macos-devices) with Windows Defender ATP
- - Deploy Microsoft Defender ATP for Mac using any of the following deployment methods and tools:
- - [Microsoft Intune based deployment](#microsoft-intune-based-deployment)
- - [JAMF based deployment](#jamf-based-deployment)
- - [Manual deployment](#manual-deployment)
-
-## Deploy Microsoft Defender ATP for Mac
-Use any of the supported methods to deploy Microsoft Defender ATP for Mac
+ - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
+ - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
+ * [Microsoft Intune based deployment](#microsoft-intune-based-deployment)
+ * [JAMF based deployment](#jamf-based-deployment)
+ * [Manual deployment](#manual-deployment)
## Microsoft Intune based deployment
@@ -293,7 +290,6 @@ After some time, the machine's User Approved MDM status will change to Yes.
You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
-
### Deployment
Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
@@ -329,7 +325,7 @@ Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
You can also check the onboarding status:
```
-mavel-mojave:~ testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
@@ -351,13 +347,13 @@ For example, this script removes Microsoft Defender ATP from the /Applications d
```
echo "Is WDAV installed?"
-ls -ld '/Applications/Microsoft Defender.app' 2>/dev/null
+ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Uninstalling WDAV..."
-rm -rf '/Applications/Microsoft Defender.app'
+rm -rf '/Applications/Microsoft Defender ATP.app'
echo "Is WDAV still installed?"
-ls -ld '/Applications/Microsoft Defender.app' 2>/dev/null
+ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Done!"
```
@@ -374,7 +370,7 @@ Configure the appropriate scope in the **Scope** tab to specify the machines tha
You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
```
-/Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
+sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
```
This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
@@ -435,7 +431,7 @@ The installation will proceed.
The client machine is not associated with orgId. Note that the orgid is blank.
```
- mavel-mojave:wdavconfig testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+ mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid :
```
@@ -449,7 +445,7 @@ The installation will proceed.
3. Verify that the machine is now associated with orgId:
```
- mavel-mojave:wdavconfig testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
+ mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
```
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index 154d463930..b1e10dc63f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -61,7 +61,7 @@ AppLocker uses path variables for well-known directories in Windows. Path variab
| Windows directory or drive | AppLocker path variable | Windows environment variable |
| - | - | - |
| Windows | %WINDIR% | %SystemRoot% |
-| System32 | %SYSTEM32%| %SystemDirectory%|
+| System32 and sysWOW64 | %SYSTEM32%| %SystemDirectory%|
| Windows installation directory | %OSDRIVE%|%SystemDrive%|
| Program Files | %PROGRAMFILES%| %ProgramFiles% and %ProgramFiles(x86)%|
| Removable media (for example, CD or DVD) | %REMOVABLE%| |
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 8b6d1d2ef7..34fbe7530e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -60,6 +60,8 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
|Lee Christensen|@tifkin_|
|Vladas Bulavas | Kaspersky Lab |
|Lasse Trolle Borup | Langkjaer Cyber Defence |
+|Jimmy Bayne | @bohops |
+|Philip Tsukerman | @PhilipTsukerman |
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index 3ac4481724..3a56abbd31 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -338,6 +338,10 @@
##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md)
##### [Machine health and compliance reports](machine-reports-windows-defender-advanced-threat-protection.md)
+
+#### Interoperability
+##### [Partner applications](partner-applications.md)
+
#### Role-based access control
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)
@@ -374,7 +378,7 @@
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
-##### [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage indicators](manage-indicators.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configuration-score.md b/windows/security/threat-protection/windows-defender-atp/configuration-score.md
index 746d31cc8f..bb6764a9a3 100644
--- a/windows/security/threat-protection/windows-defender-atp/configuration-score.md
+++ b/windows/security/threat-protection/windows-defender-atp/configuration-score.md
@@ -2,7 +2,7 @@
title: Overview of Configuration score in Microsoft Defender Security Center
description: Expand your visibility into the overall security configuration posture of your organization
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
-search.product: Windows 10
+search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index f6ed806476..e6933232eb 100644
--- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -49,7 +49,7 @@ If the machine was offboarded it will still appear in machines list. After 7 day
If the machine is not sending any signals for more than 7 days to any of the Windows Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive.
-Do you expect a machine to be in ‘Active’ status? [Open a support ticket ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
+Do you expect a machine to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
## Misconfigured machines
Misconfigured machines can further be classified to:
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md
similarity index 100%
rename from windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
rename to windows/security/threat-protection/windows-defender-atp/manage-indicators.md
diff --git a/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md
index d83dc2575a..cefa8aada0 100644
--- a/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -2,7 +2,7 @@
title: Next-generation Threat & Vulnerability Management
description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
keywords: threat and vulnerability management, MDATP-TVM, vulnerability management, threat and vulnerability scanning
-search.product: Windows 10
+search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/windows-defender-atp/partner-applications.md b/windows/security/threat-protection/windows-defender-atp/partner-applications.md
new file mode 100644
index 0000000000..24ba042fc8
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/partner-applications.md
@@ -0,0 +1,64 @@
+---
+title: Partner applications in Microsoft Defender ATP
+description: View supported partner applications to enhance the detection, investigation, and threat intelligence capabilities of the platform
+keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Partner applications in Microsoft Defender ATP
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+
+
+The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats.
+
+Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems.
+
+## SIEM integration
+Microsoft Defender ATP supports SIEM integration through a variety of methods specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+
+## Ticketing and IT service management
+Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API.
+
+## Security orchestration and automation response (SOAR) integration
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger machine isolation, block/allow, resolve alert and others.
+
+## External alert correlation and Automated investigation and remediation
+Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale.
+
+Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.
+
+External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert - with the real process and the full story of attack.
+
+## Indicators matching
+You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
+
+Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when theres a match.
+
+Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.
+
+## Support for non-Windows platforms
+Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products sensor data giving you a unified experience.
+
+
+
+
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
index 9ace9bafb4..9128e2354d 100644
--- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
@@ -112,7 +112,6 @@ Icon | Description
 | Threat & Vulnerability Management - possible active alert
 | Threat & Vulnerability Management - recommendation insights
-
## Related topics
- [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md)
- [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
index a88e212a95..1e60255cf2 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -1,8 +1,8 @@
---
title: Threat & Vulnerability Management scenarios
-description:
-keywords:
-search.product: Windows 10
+description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats.
+keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls
+search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md
index 9613ef139d..af2aff1186 100644
--- a/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md
@@ -1,10 +1,10 @@
---
title: What's in the dashboard and what it means for my organization's security posture
-description:
-keywords:
-search.product: Windows 10
+description: What's in the Threat & Vulnerability Management dashboard and how it can help SecOps and Security Administrators arrive at informed decisions in addressing cybersecurity threat vulnerabilities and building their organization's security resilience.
+keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
+search.product: eADQiWindows 10XVcnh
search.appverid: met150
-ms.prod: w10
+ms.prod: eADQiWindows 10XVcnh
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
index 6d2c512257..f9ac32f49d 100644
--- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
+++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
@@ -25,10 +25,12 @@ Here are the new features in the latest release of Windows Defender ATP as well
## April 2019
### In preview
-The following capability is included in the April 2019 preview release.
+The following capabilities are included in the April 2019 preview release.
- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt)
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
+- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/partner-applications)
Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
+
## March 2019
### In preview
The following capability are included in the March 2019 preview release.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index c49eae7912..bde9222c86 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -100,6 +100,9 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
>The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*.
>CFG will be enabled for *miles.exe*.
+>[!NOTE]
+>If you have found any issues in this article, you can report it directly to a Windows Server/Windows Client partner or use the Microsoft technical support numbers for your country.
+
### Configure system-level mitigations with the Windows Security app
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index c5d238cf59..73bc1915d3 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -17,7 +17,7 @@ ms.author: v-anbic
[Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) help prevent actions and apps that malware often uses to infect computers. You can set attack surface reduction rules for computers running Windows 10 or Windows Server 2019.
-To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjuction with ASR rules.
+To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
## Exclude files and folders from ASR rules
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
index 667c554a43..958cc3e6d8 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@@ -49,10 +49,11 @@ You can also use Group Policy, Intune, MDM, or System Center Configuration Manag
The following controlled folder access events appear in Windows Event Viewer.
-Event ID | Description
-5007 | Event when settings are changed
-1124 | Audited controlled folder access event
-1123 | Blocked controlled folder access event
+| Event ID | Description |
+| --- | --- |
+| 5007 | Event when settings are changed |
+| 1124 | Audited controlled folder access event |
+| 1123 | Blocked controlled folder access event |
## Customize protected folders and apps
@@ -63,4 +64,4 @@ See [Protect important folders with controlled folder access](controlled-folders
## Related topics
- [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md)
- [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md)
-- [Use audit mode](audit-windows-defender-exploit-guard.md)
\ No newline at end of file
+- [Use audit mode](audit-windows-defender-exploit-guard.md)
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index a48b1bcd0e..1798631ea3 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -29,7 +29,6 @@ Windows 10 provides IT professionals with advanced protection against modern sec
## Learn more
-- [Windows 10 roadmap](https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap)
- [Windows 10 release information](https://technet.microsoft.com/windows/release-info)
- [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history)
- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 4a15ed3e75..dd8a314962 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -305,7 +305,7 @@ IT Pros can use Autopilot Reset to quickly remove personal files, apps, and sett
### Faster sign-in to a Windows 10 shared pc
-If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](/windows/configuration/set-up-shared-or-guest-pc.md) in a flash!
+If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash!
**To enable fast sign-in:**
1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC.