Merge branch 'master' into vdi-note

windows/client-management/mdm/defender-csp.md

@@ -410,6 +410,17 @@ Valid values are:
 - 1 – Enable.
 - 0 (default) – Disable.
 
+<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>
+Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+-	1 – Enable.
+-	0 (default) – Disable.
+
 <a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**  
 Enables or disables file hash computation feature.
 When this feature is enabled Windows defender will compute hashes for files it scans.

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -1392,12 +1392,12 @@ ms.date: 10/08/2020
 - [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
 - [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
 - [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses)
-- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork)
-- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses)
 - [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
 - [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
 - [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)

windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md

@@ -220,12 +220,12 @@ ms.date: 07/18/2019
 - [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
 - [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
 - [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids)
-- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses)
-- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork)
+- [DeviceInstallation/PreventDeviceMetadataFromNetwork](./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork)
-- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings)
+- [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids)
-- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+- [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses)
 - [DeviceLock/MinimumPasswordAge](./policy-csp-devicelock.md#devicelock-minimumpasswordage)
 - [DeviceLock/PreventEnablingLockScreenCamera](./policy-csp-devicelock.md#devicelock-preventenablinglockscreencamera)
 - [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -5655,28 +5655,28 @@ The following diagram shows the Policy configuration service provider in tree fo
 
 <dl>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceids" id="deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceids" id="deviceinstallation-allowinstallationofmatchingdeviceids">DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdevicesetupclasses" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdevicesetupclasses" id="deviceinstallation-allowinstallationofmatchingdevicesetupclasses">DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-allowinstallationofmatchingdeviceinstanceids"id="deviceinstallation-allowinstallationofmatchingdeviceinstanceids">DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids"id="deviceinstallation-allowinstallationofmatchingdeviceinstanceids">DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventdevicemetadatafromnetwork" id="deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventdevicemetadatafromnetwork" id="deviceinstallation-preventdevicemetadatafromnetwork">DeviceInstallation/PreventDeviceMetadataFromNetwork</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofdevicesnotdescribedbyotherpolicysettings" id="deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings">DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceinstanceids"id="deviceinstallation-preventinstallationofmatchingdeviceinstanceids">DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids"id="deviceinstallation-preventinstallationofmatchingdeviceinstanceids">DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs</a>
   </dd>
   <dd>
-    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdevicesetupclasses" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
   </dd>
 </dl>
 

windows/client-management/mdm/policy-csp-localusersandgroups.md

@@ -82,7 +82,7 @@ Available in Windows 10, version 20H2. This policy setting allows IT admins to a
 >
 > Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
 
-Here's an example of the policy definition XML for group configuration:
+Here is an example of the policy definition XML for group configuration:
 
 ```xml
 <GroupConfiguration>
@@ -104,7 +104,9 @@ where:
 - `<remove member>`: Specifies the SID or name of the member to remove from the specified group.
 
     > [!NOTE]
-    > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). This way, you can avoid getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. 
+    > When specifying member names of the user accounts, you must use following format – AzureAD/userUPN. For example, "AzureAD/user1@contoso.com" or "AzureAD/user2@contoso.co.uk". 
+For adding Azure AD groups, you need to specify the Azure AD Group SID. Azure AD group names are not supported with this policy.
+for more information, see [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea).  
 
 See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
 
@@ -121,35 +123,51 @@ See [Use custom settings for Windows 10 devices in Intune](https://docs.microsof
 
 **Examples**
 
-Example 1: Update action for adding and removing group members.
+Example 1: AAD focused.
 
-The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**). 
+The following example updates the built-in administrators group with AAD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444. On an AAD joined machines**. 
 
 ```xml
 <GroupConfiguration>
-    <accessgroup desc = "Backup Operators"> 
+    <accessgroup desc = "Administrators">
+        <group action = "U" />
+        <add member = "AzureAD\bob@contoso.com"/>
+        <add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
+    </accessgroup>
+</GroupConfiguration>
+```
+
+Example 2: Replace / Restrict the built-in administrators group with an AAD user account.
+
+> [!NOTE]
+> When using ‘R’ replace option to configure the built-in ‘Administrators’ group, it is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group.
+
+Example:
+```xml
+<GroupConfiguration>
+    <accessgroup desc = "Administrators">
+        <group action = "R" />
+        <add member = "AzureAD\bob@contoso.com"/>
+        <add member = "Administrator"/>
+    </accessgroup>
+</GroupConfiguration>
+```
+Example 3: Update action for adding and removing group members on a hybrid joined machine.
+
+The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists.
+
+```xml
+<GroupConfiguration> 
+    <accessgroup desc = "Administrators"> 
         <group action = "U" /> 
         <add member = "Contoso\ITAdmins"/>
-        <add member = "S-1-5-32-544"/>
         <add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
         <remove member = "Guest"/> 
     </accessgroup> 
 </GroupConfiguration>
 ```
 
-Example 2: Restrict action for replacing the group membership.
 
-The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**).
-
-```xml
-<GroupConfiguration>
-    <accessgroup desc = "Backup Operators">
-        <group action = "R" />
-        <add member = "S-1-5-32-544"/>
-        <add member = "Guest"/>
-    </accessgroup>
-</GroupConfiguration>
-```
 <!--/Example-->
 <!--Validation-->
 
@@ -157,6 +175,17 @@ The following example shows how you can restrict a local group (**Backup Operato
 <!--/Policy-->
 <hr/>
 
+> [!NOTE]
+> 
+> When AAD group SID’s are added to local groups, during AAD account logon privileges are evaluated only for the following well-known groups on a Windows 10 device:
+> 
+> - Administrators
+> - Users
+> - Guests
+> - Power Users
+> - Remote Desktop Users
+> - Remote Management Users
+
 ## FAQs
 
 This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. 
@@ -223,10 +252,69 @@ To troubleshoot Name/SID lookup APIs:
     ```cmd
     Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force
     ```
-
+```xml
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" version="1.0">
+                          <xs:simpleType name="name">
+                            <xs:restriction base="xs:string">
+                              <xs:maxLength value="255" />
+                            </xs:restriction>
+                          </xs:simpleType>
+                          <xs:element name="accessgroup">
+                            <xs:complexType>
+                                <xs:sequence>
+                                    <xs:element name="group" minOccurs="1" maxOccurs="1">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Configuration Action</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="action" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="add" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Member to Add</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="member" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="remove" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group Member to Remove</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="member" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="property" minOccurs="0" maxOccurs="unbounded">
+                                      <xs:annotation>
+                                        <xs:documentation>Group property to configure</xs:documentation>
+                                      </xs:annotation>
+                                      <xs:complexType>
+                                        <xs:attribute name="desc" type="name" use="required"/>
+                                        <xs:attribute name="value" type="name" use="required"/>
+                                      </xs:complexType>
+                                    </xs:element>
+                                  </xs:sequence>
+                              <xs:attribute name="desc" type="name" use="required"/>
+                            </xs:complexType>
+                          </xs:element>
+                          <xs:element name="GroupConfiguration">
+                            <xs:complexType>
+                              <xs:sequence>
+                                <xs:element name="accessgroup" minOccurs="0" maxOccurs="unbounded">
+                                  <xs:annotation>
+                              <xs:documentation>Local Group Configuration</xs:documentation>
+                            </xs:annotation>
+                                </xs:element>
+                              </xs:sequence>
+                            </xs:complexType>
+                          </xs:element>
+                      </xs:schema>
+```
 
 Footnotes:
 
-- 9 - Available in Windows 10, version 20H2.
+Available in Windows 10, version 20H2
 
 <!--/Policies-->

windows/security/identity-protection/remote-credential-guard.md

@@ -181,7 +181,7 @@ mstsc.exe /remoteGuard
 ```
 
 > [!NOTE]
-> The user must be part of administrators group.
+> The user must be authorized to connect to the remote server using Remote Desktop Protocol, for example by being a member of the Remote Desktop Users local group on the remote computer.
 
 ## Considerations when using Windows Defender Remote Credential Guard
 

windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md

@@ -32,7 +32,9 @@ ms.technology: mde
 
 When onboarding a device, you might see sign in issues after the app is installed. 
 
-This article provides solutions to help address sign in issues.  
+During onboarding, you might encounter sign in issues after the app is installed on your device. 
+
+This article provides solutions to help address the sign-on issues.  
 
 ## Sign in failed - unexpected error
 **Sign in failed:** *Unexpected error, try later*
@@ -64,8 +66,7 @@ from Google Play Store and try again
 
 **Cause:**
 
-You do not have Microsoft 365 license assigned, or your organization does not
+You do not have Microsoft 365 license assigned, or your organization does not have a license for Microsoft 365 Enterprise subscription.
-have a license for Microsoft 365 Enterprise subscription.
 
 **Solution:**
 

windows/security/threat-protection/microsoft-defender-atp/common-errors.md

@@ -21,12 +21,16 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
+
+* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs.
+* In addition to the error code, every error response contains an error message, which can help resolve the problem.
+* The message is a free text that can be changed.
+* At the bottom of the page, you can find response examples.
+
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-* The table below shows the error codes that may be returned by an operation from the Microsoft Defender for Endpoint APIs.
+
-* In addition to the error code, every error response contains an error message that can help describe the problem.
+
-* Note that the message is a free text that can be changed.
-* At the bottom of the page, you can find response examples.
 
 Error code |HTTP status code |Message 
 :---|:---|:---

windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md

@@ -28,7 +28,7 @@ ms.technology: mde
 
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-You can configure attack surface reduction with a number of tools, including:
+You can configure attack surface reduction with many tools, including:
 
 * Microsoft Intune
 * Microsoft Endpoint Configuration Manager

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md

@@ -1,5 +1,5 @@
 ---
-title: Get domain related alerts API
+title: Get domain-related alerts API
 description: Learn how to use the Get domain related alerts API to retrieve alerts related to a given domain address in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, domain, related, alerts
 search.product: eADQiWindows 10XVcnh
@@ -17,7 +17,7 @@ ms.topic: article
 ms.technology: mde
 ---
 
-# Get domain related alerts API
+# Get domain-related alerts API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 

windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md

@@ -1,6 +1,6 @@
 ---
-title: Get file related alerts API
+title: Get file-related alerts API
-description: Learn how to use the Get file related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint.
+description: Learn how to use the Get file-related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, file, hash
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
@@ -17,7 +17,7 @@ ms.topic: article
 ms.technology: mde
 ---
 
-# Get file related alerts API
+# Get file-related alerts API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -71,7 +71,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md

@@ -1,6 +1,6 @@
 ---
-title: Get file related machines API
+title: Get file-related machines API
-description: Learn how to use the Get file related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint.
+description: Learn how to use the Get file-related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint.
 keywords: apis, graph api, supported apis, get, devices, hash
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
@@ -17,7 +17,7 @@ ms.topic: article
 ms.technology: mde
 ---
 
-# Get file related machines API
+# Get file-related machines API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -71,7 +71,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/ios-terms.md

@@ -30,7 +30,7 @@ ms.technology: mde
 ## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT
 
 These license terms ("Terms") are an agreement between Microsoft Corporation (or
-based on where you live, one of its affiliates) and you. Please read them. They
+based on where you live, one of its affiliates) and you. They
 apply to the application named above. These Terms also apply to any Microsoft
 
 -   updates,
@@ -52,21 +52,21 @@ DO NOT USE THE APPLICATION.**
 1.  **INSTALLATION AND USE RIGHTS.**
 
     1.  **Installation and Use.** You may install and use any number of copies
-        of this application on iOS enabled device or devices which you own
+        of this application on iOS enabled device or devices that you own
         or control. You may use this application with your company's valid
         subscription of Defender for Endpoint or
-        an online service that includes MDATP functionalities.
+        an online service that includes Microsoft Defender for Endpoint functionalities.
 
-    2.  **Updates.** Updates or upgrades to MDATP may be required for full
+    2.  **Updates.** Updates or upgrades to Microsoft Defender for Endpoint may be required for full
         functionality. Some functionality may not be available in all countries.
 
-    3.  **Third Party Programs.** The application may include third party
+    3.  **Third-Party Programs.** The application may include third-party
         programs that Microsoft, not the third party, licenses to you under this
         agreement. Notices, if any, for the third-party program are included for
         your information only.
 
 2.  **INTERNET ACCESS MAY BE REQUIRED.** You may incur charges related to
-    Internet access, data transfer and other services per the terms of the data
+    Internet access, data transfer, and other services per the terms of the data
     service plan and any other agreement you have with your network operator due
     to use of the application. You are solely responsible for any network
     operator charges.
@@ -79,8 +79,7 @@ DO NOT USE THE APPLICATION.**
         operates as your consent to the transmission of standard device
         information (including but not limited to technical information about
         your device, system and application software, and peripherals) for
-        Internet-based or wireless services. If other terms are provided in
+        Internet-based or wireless services. If other terms are provided with your use of the services, those terms also apply.
-        connection with your use of the services, those terms also apply.
 
         -   Data. Some online services require, or may be enhanced by, the
             installation of local software like this one. At your, or your
@@ -92,21 +91,20 @@ DO NOT USE THE APPLICATION.**
             improve Microsoft products and services and enhance your experience.
             You may limit or control collection of some usage and performance
             data through your device settings. Doing so may disrupt your use of
-            certain features of the application. For additional information on
+            certain features of the application. For more information on Microsoft's data collection and use, see the [Online Services
-            Microsoft's data collection and use, see the [Online Services
             Terms](https://go.microsoft.com/fwlink/?linkid=2106777).
 
     2.  Misuse of Internet-based Services. You may not use any Internet-based
         service in any way that could harm it or impair anyone else's use of it
         or the wireless network. You may not use the service to try to gain
-        unauthorized access to any service, data, account or network by any
+        unauthorized access to any service, data, account, or network by any
         means.
 
 4.  **FEEDBACK.** If you give feedback about the application to Microsoft, you
-    give to Microsoft, without charge, the right to use, share and commercialize
+    give to Microsoft, without charge, the right to use, share, and commercialize
     your feedback in any way and for any purpose. You also give to third
     parties, without charge, any patent rights needed for their products,
-    technologies and services to use or interface with any specific parts of a
+    technologies, and services to use or interface with any specific parts of a
     Microsoft software or service that includes the feedback. You will not give
     feedback that is subject to a license that requires Microsoft to license its
     software or documentation to third parties because we include your feedback
@@ -130,16 +128,14 @@ DO NOT USE THE APPLICATION.**
 
     -   publish the application for others to copy;
 
-    -   rent, lease or lend the application; or
+    -   rent, lease, or lend the application; or
 
     -   transfer the application or this agreement to any third party.
 
 6.  **EXPORT RESTRICTIONS.** The application is subject to United States export
     laws and regulations. You must comply with all domestic and international
     export laws and regulations that apply to the application. These laws
-    include restrictions on destinations, end users and end use. For additional
+    include restrictions on destinations, end users and end use. For more information, see [www.microsoft.com/exporting](https://www.microsoft.com/exporting).
-    information,
-    see [www.microsoft.com/exporting](https://www.microsoft.com/exporting).
 
 7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
     provide support services for it. If you have any issues or questions about
@@ -151,14 +147,13 @@ DO NOT USE THE APPLICATION.**
 
 8.  **APPLICATION STORE.**
 
-    1.  If you obtain the application through an application store (e.g., App 
+    1.  If you obtain the application through an application store (for example, App 
-        Store), please review the applicable application store terms to ensure
+        Store), review the applicable application store terms to ensure
         your download and use of the application complies with such terms.
-        Please note that these Terms are between you and Microsoft and not with
+        These terms are between you and Microsoft and not with
         the application store.
 
-    2.  The respective application store provider and its subsidiaries are third
+    2.  The respective application store provider and its subsidiaries are third-party beneficiaries of these Terms, and upon your acceptance of these
-        party beneficiaries of these Terms, and upon your acceptance of these
         Terms, the application store provider(s) will have the right to directly
         enforce and rely upon any provision of these Terms that grants them a
         benefit or rights.
@@ -213,20 +208,20 @@ DO NOT USE THE APPLICATION.**
 This limitation applies to:
 
 -   anything related to the application, services, content (including code) on
-    third party Internet sites, or third party programs; and
+    third-party Internet sites, or third-party programs; and
 
--   claims for breach of contract, warranty, guarantee or condition; consumer
+-   claims for breach of contract, warranty, guarantee, or condition; consumer
     protection; deception; unfair competition; strict liability, negligence,
-    misrepresentation, omission, trespass or other tort; violation of statute or
+    misrepresentation, omission, trespass, or other tort; violation of statute or
     regulation; or unjust enrichment; all to the extent permitted by applicable
     law.
 
 It also applies even if:
 
-a.  Repair, replacement or refund for the application does not fully compensate
+a.  Repair, replacement, or refund for the application does not fully compensate
     you for any losses; or
 
 b.  Covered Parties knew or should have known about the possibility of the
     damages.
 
-The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
+The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential, or other damages.

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -143,28 +143,34 @@ Create a subtask or role files that contribute to an playbook or task.
 
   ```bash
   - name: Add Microsoft APT key
-      apt_key:
+    apt_key:
-          keyserver: https://packages.microsoft.com/
+      keyserver: https://packages.microsoft.com/
-          id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
+      id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
-      when: ansible_os_family == "Debian"
+    when: ansible_os_family == "Debian"
 
   - name: Add Microsoft apt repository for MDATP
-      apt_repository:
+    apt_repository:
-          repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
+      repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
-          update_cache: yes
+      update_cache: yes
-          state: present
+      state: present
-          filename: microsoft-[channel].list
+      filename: microsoft-[channel].list
-      when: ansible_os_family == "Debian"
+    when: ansible_os_family == "Debian"
+
+  - name: Add Microsoft DNF/YUM key
+    rpm_key:
+      state: present
+      key: https://packages.microsoft.com/keys/microsoft.asc
+    when: ansible_os_family == "RedHat"
 
   - name: Add  Microsoft yum repository for MDATP
-      yum_repository:
+    yum_repository:
-          name: packages-microsoft-com-prod-[channel]
+      name: packages-microsoft-com-prod-[channel]
-          description: Microsoft Defender for Endpoint
+      description: Microsoft Defender for Endpoint
-          file: microsoft-[channel]
+      file: microsoft-[channel]
-          baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
+      baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/
-          gpgcheck: yes
+      gpgcheck: yes
-          enabled: Yes
+      enabled: Yes
-      when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat"
   ```
 
 - Create the Ansible install and uninstall YAML files.
@@ -176,13 +182,13 @@ Create a subtask or role files that contribute to an playbook or task.
         ```
         ```Output
         - hosts: servers
-            tasks:
+          tasks:
-                - include: ../roles/onboarding_setup.yml
+            - include: ../roles/onboarding_setup.yml
-                - include: ../roles/add_apt_repo.yml
+            - include: ../roles/add_apt_repo.yml
-                - apt:
+            - apt:
-                    name: mdatp
+                name: mdatp
-                    state: latest
+                state: latest
-                    update_cache: yes
+                update_cache: yes
         ```
 
         ```bash
@@ -203,13 +209,13 @@ Create a subtask or role files that contribute to an playbook or task.
         ```
         ```Output
         - hosts: servers
-        tasks:
+          tasks:
             - include: ../roles/onboarding_setup.yml
             - include: ../roles/add_yum_repo.yml
             - yum:
-                name: mdatp
+              name: mdatp
-                state: latest
+              state: latest
-                enablerepo: packages-microsoft-com-prod-[channel]
+              enablerepo: packages-microsoft-com-prod-[channel]
         ```
 
         ```bash
@@ -219,7 +225,7 @@ Create a subtask or role files that contribute to an playbook or task.
         - hosts: servers
         tasks:
             - yum:
-                name: mdatp
+               name: mdatp
                 state: absent
         ```
 

windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md

@@ -107,11 +107,11 @@ Devices on your network must be running one of these editions.
 The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.
 
 > [!NOTE]
-> Machines running mobile versions of Windows are not supported.
+> Machines running mobile versions of Windows (such as Windows CE and Windows 10 Mobile) are not supported.
 >
-> Virtual Machines running Windows 10 Enterprise 2016 LTSB (which is based on Windows 10, version 1607) may encounter performance issues if run on non-Microsoft virtualization platforms.
+> Virtual Machines running Windows 10 Enterprise 2016 LTSB may encounter performance issues if run on non-Microsoft virtualization platforms.
 >
-> For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 (which is based on Windows 10, version 1809) or later.
+> For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 or later.
 
 
 ### Other supported operating systems

windows/security/threat-protection/microsoft-defender-atp/partner-applications.md

@@ -101,13 +101,15 @@ Logo |Partner name   | Description
 :---|:---|:---
 ![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats
 ![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy 
-![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution that protects your mobile devices with granular visibility and control from Corrata 
+![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata 
 ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices
 ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices 
 ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense
 
 
-## More integrations
+
+## Other integrations
+
 Logo |Partner name   | Description 
 :---|:---|:---
 ![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering
@@ -120,25 +122,29 @@ Logo |Partner name   | Description
 ## SIEM integration
 Defender for Endpoint supports SIEM integration through various of methods. This can include specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management.  For more information, see [Enable SIEM integration](enable-siem-integration.md).
 
+
 ## Ticketing and IT service management 
 Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. 
 
 ## Security orchestration and automation response (SOAR) integration 
-Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
+Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs exposes to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. 
 
 ## External alert correlation and Automated investigation and remediation  
 Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale.
   
 Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices.  
 
+
 External alerts can be pushed to Defender for Endpoint. These alerts are shown side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert and can reveal the full story of an attack.  
 
 ## Indicators matching
 You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs).
 
-Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts.  You can also useg prevention and automated response capabilities to block execution and take remediation actions when there's a match.
+
+Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts.  You can also use prevention and automated response capabilities to block execution and take remediation actions when there's a match.
+
 
 Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.  
 
 ## Support for non-Windows platforms
-Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. 
+Defender for Endpoint provides a centralized security operations experience for Windows and non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network.