Merge pull request #901 from MicrosoftDocs/public

Public to master

browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md

@@ -6,7 +6,8 @@ author: dansimp
 ms.prod: ie11
 ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
 ms.reviewer: 
-audience: itpro
manager: dansimp
+audience: itpro
+manager: dansimp
 ms.author: dansimp
 title: Collect data using Enterprise Site Discovery
 ms.sitesec: library

browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md

@@ -6,7 +6,7 @@ author: lomayor
 ms.prod: ie11
 ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
 ms.reviewer: 
-audience: itpro
manager: dansimp
+manager: dansimp
 ms.author: lomayor
 title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
 ms.sitesec: library

browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md

@@ -6,7 +6,7 @@ author: lomayor
 ms.prod: ie11
 ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
 ms.reviewer: 
-audience: itpro
manager: dansimp
+manager: dansimp
 ms.author: lomayor
 title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library

browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md

@@ -6,7 +6,7 @@ author: lomayor
 ms.prod: ie11
 ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
 ms.reviewer: 
-audience: itpro
manager: dansimp
+manager: dansimp
 ms.author: lomayor
 title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
 ms.sitesec: library

devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md

@@ -2,8 +2,6 @@
 title: General Data Privacy Regulation and Surface Hub
 description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
 ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
-ms.reviewer: 
-manager: 
 keywords: GDPR
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md

@@ -2,8 +2,6 @@
 title: What to do if the Connect app in Surface Hub exits unexpectedly
 description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
 ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
-ms.reviewer: 
-manager: 
 keywords: surface, hub, connect, input, displayport
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md

@@ -2,8 +2,6 @@
 title: Known issues and additional information about Microsoft Surface Hub
 description: Outlines known issues with Microsoft Surface Hub.
 ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
-ms.reviewer: 
-manager: 
 keywords: surface, hub, issues
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md

@@ -2,8 +2,6 @@
 title: Surface Hub may install updates and restart outside maintenance hours
 description: troubleshooting information for Surface Hub regarding automatic updates
 ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
-ms.reviewer: 
-manager: 
 keywords: surface hub, maintenance window, update
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surface-hub-update-history.md

@@ -2,8 +2,6 @@
 title: Surface Hub update history
 description: Surface Hub update history
 ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
-ms.reviewer:
-manager:
 keywords:
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md

@@ -2,8 +2,6 @@
 title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
 description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
 ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
-ms.reviewer: 
-manager: 
 keywords:
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md

@@ -2,8 +2,6 @@
 title: How to use cloud recovery for BitLocker on a Surface Hub
 description: How to use cloud recovery for BitLocker on a Surface Hub
 ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
-ms.reviewer: 
-manager: 
 keywords: Accessibility settings, Settings app, Ease of Access
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md

@@ -2,8 +2,6 @@
 title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
 description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
 ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
-ms.reviewer: 
-manager: 
 keywords: Accessibility settings, Settings app, Ease of Access
 ms.prod: surface-hub
 ms.sitesec: library

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -1,5 +1,5 @@
 ---
-title: Download the latest firmware and drivers for Surface devices (Surface)
+title: Deploy the latest firmware and drivers for Surface devices (Surface)
 description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
 ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
 ms.reviewer: 
@@ -11,27 +11,43 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: dansimp
-ms.date: 11/15/2018
+ms.date: 08/13/2018
 ms.author: dansimp
 ms.topic: article
 ---
 
-# Deploying the latest firmware and drivers for Surface devices
+# Deploy the latest firmware and drivers for Surface devices
 Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. 
 
-## Downloading MSI files
+## Download MSI files
 To download MSI files, refer to the following Microsoft Support page:
  
 - [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)<br>
 Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
 
 ## Deploying MSI files
-Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10. 
+Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
-In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
 
+The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book.
+
+To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
 
 ### Surface MSI naming convention
-Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build  number and version number, and ending with the revision of version number.  SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
+Beginning in August 2019, MSI files use the following naming formula:
+
+- Product > Windows release > Windows build number > Version number >  Revision of version number (typically zero).
+
+**Example:**
+SurfacePro6_Win10_18362_19.073.44195_0.msi :
+
+| Product     | Windows release | Build | Version |  Revision of version |
+| --- | --- | --- | --- | --- |
+| SurfacePro6 | Win10  | 18362  | 19.073.44195 | 0  |
+|       |      |       | Indicates key date and sequence information.  | Indicates release history of the update.   |
+|      |        |     | **19:** Signifies the year (2019).<br>**073**: Signifies the month (July) and week of the release (3).  <br>**44195**: Signifies the minute of the month that the MSI file was created. |**0:**  Signifies it's the first release of version 1907344195 and has not been re-released for any reason. |
+
+### Legacy Surface MSI naming convention
+Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number.  
 
 **Example:**
 SurfacePro6_Win10_16299_1900307_0.msi :
@@ -39,8 +55,8 @@ SurfacePro6_Win10_16299_1900307_0.msi :
 | Product     | Windows release | Build | Version |  Revision of version |
 | --- | --- | --- | --- | --- |
 | SurfacePro6 | Win10  | 16299  | 1900307 | 0  |
-|       |      |       | Indicates key date and sequence information  | Indicates release history of the MSI file   |
+|       |      |       | Indicates key date and sequence information.  | Indicates release history of the MSI file.   |
-|      |        |     | **19:** Signifies the year (2019)<br>**003**: Signifies that it’s the third release of 2019<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
+|      |        |     | **19:** Signifies the year (2019)<br>**003**: Signifies that it’s the third release of 2019.<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
 
 Look to the **version** number to determine the latest files that contain the most recent security updates.  For example, you might need to install the newest file from the following list:
 
@@ -60,9 +76,9 @@ There are no downloadable firmware or driver updates available for Surface devic
 
 For more information about deploying Surface drivers and firmware, refer to:
 
-- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates).
+- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
 
-- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business).
+- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)
 
 
  

mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md

@@ -272,15 +272,17 @@ As an AGPM Administrator (Full Control), you designate the e-mail addresses of A
 
 **To configure e-mail notification for AGPM**
 
-1.  In the details pane, click the **Domain Delegation** tab.
+1.  In **Group Policy Management Editor** , navigate to the **Change Control** folder 
 
-2.  In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
+2.  In the details pane, click the **Domain Delegation** tab.
 
-3.  In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
+3.  In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
 
-4.  In the **SMTP server** field, type a valid SMTP mail server.
+4.  In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
 
-5.  In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
+5.  In the **SMTP server** field, type a valid SMTP mail server.
+
+6.  In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
 
 ### <a href="" id="bkmk-config5"></a>Step 5: Delegate access
 

mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md

@@ -222,7 +222,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
 
    2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
 
-      ``` syntax
+      ```xml
       <Configuration>
          <Add SourcePath= ”\\Server\Office2016” OfficeClientEdition="32" >
           <Product ID="O365ProPlusRetail ">
@@ -633,7 +633,7 @@ You may want to disable specific applications in your Office App-V package. For
 
 5.  Add the Office 2016 App-V Package with the new Deployment Configuration File.
 
-    ``` syntax
+    ```xml
     <Application Id="[{AppVPackageRoot}]\office16\lync.exe" Enabled="true">
       <VisualElements>
         <Name>Lync 2016</Name>

mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md

@@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients
 Import-Module AppVPkgConverter
 ```
 
-3. 
+3. The following cmdlets are available:
-
-   The following cmdlets are available:
 
    -   Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.
 

mdop/docfx.json

@@ -27,6 +27,7 @@
       "ms.technology": "windows",
       "audience": "ITPro",
       "manager": "dansimp",
+      "ms.prod": "w10",
       "ms.author": "dansimp",
       "author": "dansimp",
       "ms.sitesec": "library",

mdop/medv-v1/configuring-med-v-for-remote-networks.md

@@ -53,7 +53,7 @@ When applying new settings, the service must be restarted.
 
 -   You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry:
 
-    ``` syntax
+    ```xml
     <ImageDistribution>
     <!-- The authentication used for image download. Basic and digest authentication should be used only under SSL.-->
        <!-- The line below can be one of the following: -->

mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md

@@ -32,7 +32,7 @@ You can configure which folders are indexed on the host as part of the Trim Tran
 
 When applying new settings, the service must be restarted.
 
-``` syntax
+```xml
 <HostIndexingXP type="System.String[]"> 
 - <ArrayOfString>
 <string>%WINDIR%</string> 

windows/client-management/mdm/applocker-csp.md

@@ -830,7 +830,7 @@ The following list shows the apps that may be included in the inbox.
 
 The following example disables the calendar application.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Add>
@@ -854,7 +854,7 @@ The following example disables the calendar application.
 
 The following example blocks the usage of the map application.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Add>
@@ -1394,7 +1394,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
 ## Example for Windows 10 Holographic for Business
 The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable to enable a working device, as well as Settings.
 
-``` syntax
+```xml
 <RuleCollection Type="Appx" EnforcementMode="Enabled">
     <FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
                      Name="Whitelist BackgroundTaskHost"

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -653,7 +653,7 @@ An alert is send to the MDM server in DM package\#1.
 
 Here's an example.
 
-``` syntax
+```xml
 <SyncBody>
  <Alert>
   <CmdID>1</CmdID>

windows/client-management/mdm/clientcertificateinstall-csp.md

@@ -372,7 +372,7 @@ Data type is string.
 
 Enroll a client certificate through SCEP.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Atomic>
@@ -571,7 +571,7 @@ Enroll a client certificate through SCEP.
 
 Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store.
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
             <Delete>

windows/client-management/mdm/cm-proxyentries-csp.md

@@ -90,7 +90,7 @@ Specifies the username used to connect to the proxy.
 
 To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection.
 
-``` syntax
+```xml
 <wap-provisioningdoc>
    <characteristic type="CM_ProxyEntries">
       <nocharacteristic type="GPRS_Proxy"/>

windows/client-management/mdm/defender-csp.md

@@ -215,7 +215,7 @@ Supported product status values:
 
 Example:
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
   <SyncBody>
     <Get>

windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md

@@ -73,7 +73,7 @@ When the PC is already enrolled in MDM, you can remotely collect logs from the P
 
 Example: Enable the Debug channel logging
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Replace>

windows/client-management/mdm/dmacc-csp.md

@@ -262,7 +262,7 @@ Stores specifies which certificate stores the DM client will search to find the
 
 Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
 
-``` syntax
+```xml
 <parm name="SSLCLIENTCERTSEARCHCRITERIA" 
    value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />
 ```

windows/client-management/mdm/eap-configuration.md

@@ -56,7 +56,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
 
 9.  Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
 
-    ``` syntax
+    ```powershell
     Get-VpnConnection -Name Test
     ```
 
@@ -80,17 +80,17 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
     IdleDisconnectSeconds : 0
     ```
 
-    ``` syntax
+    ```powershell
     $a = Get-VpnConnection -Name Test
     ```
 
-    ``` syntax
+    ```powershell
     $a.EapConfigXmlStream.InnerXml
     ```
 
     Here is an example output
 
-    ``` syntax
+    ```xml
     <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.co
     m/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorTy
     pe xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisi
@@ -158,7 +158,7 @@ The following XML sample explains the properties for the EAP TLS XML including c
 
  
 
-``` syntax
+```xml
 <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
  <EapMethod>
   <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>

windows/client-management/mdm/healthattestation-csp.md

@@ -314,7 +314,7 @@ For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint nod
 
 The following example shows a sample call that instructs a managed device to communicate with an enterprise managed DHA-Service.
 
-``` syntax
+```xml
 <Replace>
     <CmdID>1</CmdID>
     <Item>
@@ -334,7 +334,7 @@ Send a SyncML call to start collection of the DHA-Data.
 
 The following example shows a sample call that triggers collection and verification of health attestation data from a managed device.
 
-``` syntax
+```xml
 <Exec>
     <CmdID>1</CmdID>
     <Item>
@@ -364,7 +364,7 @@ After the client receives the health attestation request, it sends a response. T
 
 Here is a sample alert that is issued by DHA_CSP:
 
-``` syntax
+```xml
 <Alert>
     <CmdID>1</CmdID>
     <Data>1226</Data>
@@ -389,7 +389,7 @@ Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and
 
 Here is an example:
 
-``` syntax
+```xml
 <Replace>
     <CmdID>1</CmdID>
     <Item>
@@ -417,7 +417,6 @@ Here is an example:
         </Target>
     </Item>
 </Get>
-
 ```
 
 ## <a href="" id="forward-data-to-has"></a>**Step 6: Forward device health attestation data to DHA-service**
@@ -1019,7 +1018,7 @@ Each of these are described in further detail in the following sections, along w
 ## DHA-Report V3 schema
 
 
-``` syntax
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3"

windows/client-management/mdm/policy-csp-update.md

@@ -3874,7 +3874,7 @@ The following list shows the supported values:
 <!--Example-->
 Example
 
-``` syntax
+```xml
 <Replace>
     <CmdID>$CmdID$</CmdID>
     <Item>

windows/client-management/mdm/remotelock-csp.md

@@ -117,7 +117,7 @@ A Get operation on this node must follow an Exec operation on the /RemoteLock/Lo
 
 Initiate a remote lock of the device.
 
-``` syntax
+```xml
 <Exec>
    <CmdID>1</CmdID>
    <Item>
@@ -130,7 +130,7 @@ Initiate a remote lock of the device.
 
 Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below.
 
-``` syntax
+```xml
 <Sequence>
     <CmdID>1</CmdID>
     <Exec>

windows/client-management/mdm/remotering-csp.md

@@ -31,7 +31,7 @@ The supported operation is Exec.
 
 The following sample shows how to initiate a remote ring on the device.
 
-``` syntax
+```xml
 <Exec>
   <CmdID>5</CmdID>
     <Item>

windows/client-management/mdm/reporting-csp.md

@@ -81,7 +81,7 @@ Supported operations are Get and Replace.
 
 Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime.
 
-``` syntax
+```xml
 <SyncML>
     <SyncBody>
         <Replace>
@@ -104,7 +104,7 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr
 
 Retrieve a specified number of security auditing logs starting from the specified StartTime.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/client-management/mdm/securitypolicy-csp.md

@@ -199,7 +199,7 @@ The following security roles are supported.
 
 Setting a security policy:
 
-``` syntax
+```xml
 <wap-provisioningdoc>
     <characteristic type="SecurityPolicy">
         <parm name="4141" value="0"/>
@@ -209,7 +209,7 @@ Setting a security policy:
 
 Querying a security policy:
 
-``` syntax
+```xml
 <wap-provisioningdoc>
     <characteristic type="SecurityPolicy">
         <parm-query name="4141"/>
@@ -222,7 +222,7 @@ Querying a security policy:
 
 Setting a security policy:
 
-``` syntax
+```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
     <SyncHdr>
     …
@@ -245,7 +245,7 @@ Setting a security policy:
 
 Querying a security policy:
 
-``` syntax
+```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
     <SyncHdr>
     …

windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md

@@ -53,7 +53,7 @@ The following table shows the OMA DM versions that are supported.
 
 The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification.
 
-``` syntax
+```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
    <SyncHdr>
       <VerDTD>1.2</VerDTD>
@@ -107,7 +107,7 @@ The following example shows the header component of a DM message. In this case,
 
  
 
-``` syntax
+```xml
 <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
@@ -130,7 +130,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM
 
 The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This is indicated by the &lt;Final /&gt; tag that occurs immediately after the terminating tag for the Get command.
 
-``` syntax
+```xml
 <SyncBody>
    <!-- query device OS software version -->
    <Get>
@@ -157,7 +157,7 @@ The Replace command is used to update a device setting.
 
 The following example illustrates how to use the Replace command to update a device setting.
 
-``` syntax
+```xml
 <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>

windows/client-management/mdm/supl-csp.md

@@ -481,7 +481,7 @@ Adding a SUPL and a V2 UPL account to the same device. Values in italic must be
 
 Adding a SUPL account to a device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.1">
     <SyncBody>
         <Add>

windows/client-management/mdm/surfacehub-csp.md

@@ -39,7 +39,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
  
 <p style="margin-left: 20px">Here&#39;s a SyncML example.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
     <SyncBody>
         <Replace>

windows/client-management/mdm/tpmpolicy-csp.md

@@ -37,7 +37,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
 
 Here is an example:
 
-``` syntax
+```xml
 <Replace>
     <CmdID>101</CmdID>
     <Item>

windows/client-management/mdm/vpnv2-csp.md

@@ -598,7 +598,7 @@ Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
 Profile example
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2" xmlns:A="syncml:metinf">
   <SyncBody>
     <Atomic>
@@ -657,7 +657,7 @@ Profile example
 
 AppTriggerList
 
-``` syntax
+```xml
 <!-- Internet Explorer -->
 <Add>
   <CmdID>10013</CmdID>
@@ -691,8 +691,7 @@ AppTriggerList
 
 RouteList and ExclusionRoute
 
-``` syntax
+```xml
- 
 <Add>
   <CmdID>10008</CmdID>
   <Item>
@@ -726,13 +725,11 @@ RouteList and ExclusionRoute
     <Data>true</Data>
   </Item>
 </Add>
- 
 ```
 
 DomainNameInformationList
 
-``` syntax
+```xml
- 
 <!-- Domain Name rule with Suffix Match with DNS Servers -->
 <Add>
   <CmdID>10013</CmdID>
@@ -860,7 +857,7 @@ DomainNameInformationList
 
 AutoTrigger
 
-``` syntax
+```xml
 <Add>
   <CmdID>10010</CmdID>
   <Item>
@@ -877,7 +874,7 @@ AutoTrigger
 
 Persistent
 
-``` syntax
+```xml
 <Add>
   <CmdID>10010</CmdID>
   <Item>
@@ -894,7 +891,7 @@ Persistent
 
 TrafficFilterLIst App
 
-``` syntax
+```xml
   Desktop App
     <Add>
         <CmdID>10013</CmdID>
@@ -929,7 +926,7 @@ TrafficFilterLIst App
 
 Protocol, LocalPortRanges, RemotePortRanges, LocalAddressRanges, RemoteAddressRanges, RoutingPolicyType, EDPModeId, RememberCredentials, AlwaysOn, Lockdown, DnsSuffix, TrustedNetworkDetection
 
-``` syntax
+```xml
 Protocol
       <Add>
         <CmdID>$CmdID$</CmdID>
@@ -1077,7 +1074,7 @@ Protocol
 
 Proxy - Manual or AutoConfigUrl
 
-``` syntax
+```xml
 Manual
       <Add>
         <CmdID>$CmdID$</CmdID>
@@ -1103,7 +1100,7 @@ Manual
 
 Device Compliance - Sso
 
-``` syntax
+```xml
   Enabled
 <Add>
         <CmdID>10011</CmdID>
@@ -1143,7 +1140,7 @@ Device Compliance - Sso
 
 PluginProfile
 
-``` syntax
+```xml
 PluginPackageFamilyName
       <!-- Configure VPN Server Name or Address (PhoneNumber=) [Comma Separated]-->
       <Add>
@@ -1181,7 +1178,7 @@ PluginPackageFamilyName
 
 NativeProfile
 
-``` syntax
+```xml
 Servers
 <Add>
         <CmdID>10001</CmdID>

windows/client-management/mdm/vpnv2-profile-xsd.md

@@ -344,7 +344,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
 ## Plug-in profile example
 
 
-``` syntax
+```xml
 <VPNProfile>
     <PluginProfile>
         <ServerUrlList>testserver1.contoso.com;testserver2.contoso..com</ServerUrlList>

windows/client-management/mdm/w7-application-csp.md

@@ -160,7 +160,7 @@ Stores specifies which certificate stores the DM client will search to find the
 
 Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
 
-``` syntax
+```xml
 <parm name="SSLCLIENTCERTSEARCHCRITERIA" 
    value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />
 ```

windows/client-management/mdm/wifi-csp.md

@@ -121,7 +121,7 @@ These XML examples show how to perform various tasks using OMA DM.
 
 The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Atomic>
@@ -160,7 +160,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
 
 The following example shows how to query Wi-Fi profiles installed on an MDM server.
 
-``` syntax
+```xml
 <Get>
    <CmdID>301</CmdID>
    <Item>
@@ -173,7 +173,7 @@ The following example shows how to query Wi-Fi profiles installed on an MDM serv
 
 The following example shows the response.
 
-``` syntax
+```xml
 <Results>
    <CmdID>3</CmdID>
    <MsgRef>1</MsgRef>
@@ -190,7 +190,7 @@ The following example shows the response.
 
 The following example shows how to remove a network with SSID ‘MyNetwork’ and no proxy. Removing all network authentication types is done in this same manner.
 
-``` syntax
+```xml
 <Atomic>
   <CmdID>300</CmdID>
   <Delete>
@@ -208,7 +208,7 @@ The following example shows how to remove a network with SSID ‘MyNetwork’ an
 
 The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetwork’ and root CA validation for server certificate.
 
-``` syntax
+```xml
 <Atomic>
   <CmdID>300</CmdID>
   <Add>

windows/client-management/mdm/windowsadvancedthreatprotection-csp.md

@@ -120,7 +120,7 @@ The following list describes the characteristics and parameters.
 ## Examples
 
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>

windows/client-management/mdm/wmi-providers-supported-in-windows.md

@@ -27,7 +27,7 @@ The child node names of the result from a WMI query are separated by a forward s
 
 Get the list of network adapters from the device.
 
-``` syntax
+```xml
 <Get>
    <Target>
       <LocURI>./cimV2/Win32_NetworkAdapter</LocURI>
@@ -37,7 +37,7 @@ Get the list of network adapters from the device.
 
 Result
 
-``` syntax
+```xml
 <Item>
    <Source>
       <LocURI>./cimV2/Win32_NetworkAdapter</LocURI>

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -172,18 +172,19 @@ Here are the predefined assigned access AppLocker rules for **desktop apps**:
 The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
 
 <span id="apps-sample" />
+
 ```xml
-&lt;AllAppsList&gt;
+<AllAppsList>
-        &lt;AllowedApps&gt;
+        <AllowedApps>
-          &lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
-          &lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
-          &lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
-          &lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-          &lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
-          &lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" />
-          &lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; rs5:AutoLaunch=&quot;true&quot; rs5:AutoLaunchArguments=&quot;123.txt&quot;/&gt;
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="123.txt">
-        &lt;/AllowedApps&gt;
+        </AllowedApps>
-&lt;/AllAppsList&gt;</code>
+</AllAppsList>
 ```
 
 ##### FileExplorerNamespaceRestrictions

windows/deployment/upgrade/upgrade-readiness-additional-insights.md

@@ -5,7 +5,8 @@ manager: laurawi
 ms.author: greglin
 description: Explains additional features of Upgrade Readiness.
 ms.prod: w10
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
 ms.topic: article
 ms.collection: M365-analytics
 ---
@@ -14,44 +15,9 @@ ms.collection: M365-analytics
 
 This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
 
-- [Spectre and Meltdown protections](#spectre-and-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities.
 - [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer.
 - [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
 
-## Spectre and Meltdown protection status
-Microsoft has published guidance for IT Pros that outlines the steps you can take to improve protection against the hardware vulnerabilities known as "Spectre" and "Meltdown." See [Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities](https://go.microsoft.com/fwlink/?linkid=867468) for details about the vulnerabilities and steps you can take.
- 
-Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities:
-- Verify that you are running a supported antivirus application.
-- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates.
-- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s).
- 
-Upgrade Readiness reports on status of your devices in these three areas.
-
-![Spectre-Meltdown protection blades](../images/spectre-meltdown-prod-closeup.png)
-
->[!IMPORTANT]
->To provide these blades with data, ensure that your devices can reach the endpoint **http://adl.windows.com**. (See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) for more about necessary endpoints and how to whitelist them.)
-
-### Anti-virus status blade
-This blade helps you determine if your devices' anti-virus solution is compatible with the latest Windows operating system updates. It shows the number of devices that have an anti-virus solution with no known issues, issues reported, or an unknown status for a particular Windows security update. In the following example, an anti-virus solution that has no known issues with the January 3, 2018 Windows update is installed on about 2,800 devices.
-
-![Spectre-Meltdown antivirus blade](../images/AV-status-by-computer.png)
-
-### Security update status blade
-This blade indicates whether a Windows security update that includes Spectre- or Meltdown-related fixes (January 3, 2018 or later) has been installed, as well as whether specific fixes have been disabled. Though protections are enabled by default on devices running Windows (but not Windows Server) operating systems, some IT administrators might choose to disable specific protections. In the following example, about 4,300 devices have a Windows security update that includes Spectre or Meltdown protections installed, and those protections are enabled.
-
-![Spectre-Meltdown antivirus blade](../images/win-security-update-status-by-computer.png)
-
->[!IMPORTANT]
->If you are seeing computers with statuses of either “Unknown – action may be required” or “Installed, but mitigation status unknown,” it is likely that you need to whitelist the **http://adl.windows.com** endpoint.
-
-### Firmware update status blade
-This blade reports the number of devices that have installed a firmware update that includes Spectre or Meltdown protections. The blade might report a large number of blank, “unknown”, or “to be determined” statuses at first. As CPU information is provided by partners, the blade will automatically update with no further action required on your part.
-
-
-
-
 ## Site discovery
 
 The IE site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.

windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md

@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.sitesec: library
 ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
+author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article

windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

@@ -1730,7 +1730,7 @@ If you're running Windows 10, version 1607 or later, you need to:
        > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. 
 
 
--AND-
+  \-AND-
 
 
   - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips** to **Enabled** 
@@ -1740,7 +1740,7 @@ If you're running Windows 10, version 1607 or later, you need to:
   - Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
 
 
--AND-
+  \-AND-
 
 
   - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences** to **Enabled**

windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md

@@ -85,8 +85,8 @@ Sign-in to a certificate authority or management workstations with _Enterprise A
 3. In the **Certificate Templates Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
 4. Click the **Superseded Templates** tab. Click **Add**.
 5. From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**.  Click **Add**.
-6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **Add**.
+6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**.  Click **Add**.
-7. From the **Add Superseded Template** dialog, select the **Kerberos Authentication** certificate template and click **Add**. 
+7. From the **Add Superseded Template** dialog, select the **Kerberos Authentication** certificate template and click **OK**.  Click **Add**. 
 8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
 9. Click **OK** and close the **Certificate Templates** console.
 

windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

@@ -535,7 +535,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 1. Sign-in to the [Azure Portal](https://portal.azure.com/).
 2. Select **All Services**.  Type **Intune** to filter the list of services.  Click **Microsoft Intune**.
 ![Microsoft Intune Console](images/aadjcert/microsoftintuneconsole.png)
-3. Select **Device Configuration**, and then select **Certificate Authority**.
+3. Select **Device Configuration**, and then select **Certificate Connectors**.
 ![Intune Certificate Authority](images/aadjcert/intunedeviceconfigurationcertauthority.png)
 4. Click **Add**, and then click **Download the certificate connector software** under the **Steps to install connector for SCEP** section.
 ![Intune Download Certificate connector](images/aadjcert/intunedownloadcertconnector.png)
@@ -610,7 +610,7 @@ Sign-in the NDES server with access equivalent to _domain admin_.
 
 1. Open a command prompt.
 2. Type the following command to confirm the NDES Connector's last connection time is current.</br>
-```reg query hklm\software\Micosoft\MicrosoftIntune\NDESConnector\ConnectionStatus```</br>
+```reg query hklm\software\Microsoft\MicrosoftIntune\NDESConnector\ConnectionStatus```</br>
 3. Close the command prompt.
 4. Open **Internet Explorer**.
 5. In the navigation bar, type</br>
@@ -636,7 +636,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 8. Click **Members**.  Use the  **Select members** pane to add members to this group. When finished click **Select**.
 9. Click **Create**.
 
-### Create a SCEP Certificte Profile
+### Create a SCEP Certificate Profile
 Sign-in a workstation with access equivalent to a _domain user_.
 
 1. Sign-in to the [Azure Portal](https://portal.azure.com/).

windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md

@@ -114,7 +114,7 @@ Sign-in a certificate authority or management workstations with *Domain Admin* e
 
 1. Open the **Certificate Authority** management console.
 2. Right-click **Certificate Templates** and click **Manage**.
-3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**.
+3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent (Offline request)** template in the details pane and click **Duplicate Template**.
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
 6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected.  Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.

windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md

@@ -59,7 +59,7 @@ Always On is a feature in Windows 10 which enables the active VPN profile to con
 When the trigger occurs, VPN tries to connect. If an error occurs or any user input is needed, the user is shown a toast notification for additional interaction.
 
 
-When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. 
+When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile and therefore only one user will be able to use the Always On triggers.
 
 Preserving user Always On preference
 

windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md

@@ -36,7 +36,7 @@ Selecting an alert in either of those places brings up the **Alert management pa
 You can create a new incident from the alert or link to an existing incident. 
 
 ## Assign alerts
-If an alert is no yet assigned, you can select **Assign to me** to assign the alert to yourself.
+If an alert is not yet assigned, you can select **Assign to me** to assign the alert to yourself.
 
 
 ## Suppress alerts

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md

@@ -151,7 +151,7 @@ realTimeProtectionEnabled               : true
 2. Install the configuration file on a client machine:
 
     ```bash
-    python WindowsDefenderATPOnboarding.py
+    /usr/bin/python WindowsDefenderATPOnboarding.py
     Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
     ```
 

windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md

@@ -29,6 +29,9 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
 3. Under **Quarantined threats**, click **See full history**.
 4. Click an item you want to keep, then click **Restore**. (If you prefer to remove the item, you can click **Remove**.)
 
+> [!NOTE]
+> You can also use the dedicated command-line tool [mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to restore quarantined files in Windows Defender AV.
+
 ## Related topics
 
 - [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)

windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -47,7 +47,6 @@ You can configure and manage Windows Defender Antivirus with:
 > [!NOTE]
 > For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp).
 
-=======
 <a id="sysreq"></a>
 ## Minimum system requirements
 

windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md

@@ -20,7 +20,7 @@ ms.date: 10/13/2017
 # Understand AppLocker policy design decisions
 
 **Applies to**
- -   Windows 10 
+- Windows 10
 - Windows Server
 
 This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.

windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md

@@ -20,7 +20,7 @@ ms.date: 09/21/2017
 # Understanding the path rule condition in AppLocker
 
 **Applies to**
- -   Windows 10 
+- Windows 10
 - Windows Server
 
 This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.

windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md

@@ -20,7 +20,7 @@ ms.date: 09/21/2017
 # What Is AppLocker?
 
 **Applies to**
- -   Windows 10 
+- Windows 10
 - Windows Server
 
 This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.

windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md

@@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/11/2019
 ---
 
 # Create Windows Firewall rules in Intune
@@ -35,29 +34,7 @@ Select Windows Defender Firewall.
 
 ## Firewall rule components
 
-Following table has description for each field.
+The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp).
-
-
-| Property | Type | Description |
-|----------|------|-------------|
-| DisplayName | String | The display name of the rule. Does not need to be unique. |
-| Description | String | The description of the rule. |
-| PackageFamilyName | String | The package family name of a Microsoft Store application that's affected by the firewall rule. |
-| FilePath | String | The full file path of an app that's affected by the firewall rule. |
-| FullyQualifiedBinaryName | String | The fully qualified binary name. |
-| ServiceName | String | The name used in cases when a service, not an application, is sending or receiving traffic. |
-| Protocol | Nullable Integer - default value is null which maps to All | 0-255 number representing the [IP protocol](https://www.wikipedia.org/wiki/List_of_IP_protocol_numbers) (TCP = 6, UDP = 17).  If not specified, the default is All. |
-| LocalPortRanges | String array | List of local port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
-| RemotePortRanges | String array | List of remote port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
-| LocalAddressRanges | String array | List of local addresses covered by the rule. Valid tokens include:<br>- "\*" indicates any local address. If present, this must be the only token included.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
-| RemoteAddressRanges | String array | List of tokens specifying the remote addresses covered by the rule.Tokens are case insensitive. Valid tokens include:<br>- "\*" indicates any remote address. If present, this must be the only token included.<br>- "Defaultgateway"<br>- "DHCP"<br>- "DNS"<br>- "WINS"<br>- "Intranet"<br>- "RmtIntranet"<br>- "Internet"<br>- "Ply2Renders"<br>- "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
-| ProfileTypes | WindowsFirewallNetworkProfileTypes | Specifies the profiles to which the rule belongs. If not specified, the default is All. |
-| Action| StateManagementSetting | The action the rule enforces. If not specified, the default is Allowed. |
-| TrafficDirection | WindowsFirewallRuleTrafficDirectionType | The traffic direction that the rule is enabled for. If not specified, the default is Out. |
-| InterfaceTypes | WindowsFirewallRuleInterfaceTypes | The interface types of the rule. |
-| EdgeTraversal | StateManagementSetting | Indicates whether edge traversal is enabled or disabled for this rule.<br>The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.<br>New rules have the EdgeTraversal property disabled by default. |
-| LocalUserAuthorizations | String | Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format. |
-
 
 ## Application
 Control connections for an app or program. 

windows/security/threat-protection/windows-platform-common-criteria.md

@@ -174,4 +174,3 @@ An Evaluation Technical Report (ETR) is a report submitted to the Common Criteri
 ## Other Common Criteria Related Documents
 
 - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc)
-

windows/whats-new/ltsc/whats-new-windows-10-2019.md

@@ -8,7 +8,7 @@ keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-audience: itpro
author: greg-lindsay
+author: greg-lindsay
 ms.localizationpriority: low
 ms.topic: article
 ---