diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index ee1046a5a7..349a729703 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -116,6 +116,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/deployment/update/update-compliance-perspectives.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using",
+"redirect_document_id": true
+},
+{
"source_path": "browsers/edge/hardware-and-software-requirements.md",
"redirect_url": "https://docs.microsoft.com/microsoft-edge/deploy/about-microsoft-edge",
"redirect_document_id": true
@@ -6232,6 +6237,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/deployment/update/update-compliance-wdav-status.md",
+"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started",
+"redirect_document_id": true
+},
+{
"source_path": "windows/manage/update-compliance-using.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/update/update-compliance-using",
"redirect_document_id": true
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
index 1ef991e263..c67f992071 100644
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -3,7 +3,8 @@ author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
+manager: dansimp
ms.prod: edge
ms.topic: include
---
@@ -19,8 +20,8 @@ ms.topic: include
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------|:-----:|:--------:|-----------------------------------|:------------------------------------------------:|
| Not configured
**(default)** | Blank | Blank | Users can choose to use Autofill. | |
-| Disabled | 0 | no | Prevented. |  |
-| Enabled | 1 | yes | Allowed. | |
+| Disabled | 0 | 0 | Prevented. |  |
+| Enabled | 1 | 1 | Allowed. | |
---
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index 28a0957588..ceb4d9b0f2 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -47,6 +47,7 @@
#### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
#### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
#### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+#### [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md)
### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
#### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 46a8edef5e..0977b87b94 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -7,7 +7,8 @@ author: dansimp
ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
+manager: dansimp
ms.author: dansimp
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
@@ -57,16 +58,20 @@ You can add individual sites to your compatibility list by using the Enterprise
5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
- - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee.
+ - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), this option will open sites in Internet Explorer mode.
- **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
- **None**. Opens in whatever browser the employee chooses.
-6. Click **Save** to validate your website and to add it to the site list for your enterprise.
+6. If you have enabled [Internet Explorer mode integration on Microsoft Edge](https://docs.microsoft.com/deployedge/edge-ie-mode), and you have sites that still need to opened in the standalone Internet Explorer 11 application, you can check the box for **Standalone IE**. This checkbox is only relevant when associated to 'Open in' IE11. Checking the box when 'Open In' is set to MSEdge or None will not change browser behavior.
+
+7. The checkbox **Allow Redirect** applies to the treatment of server side redirects. If you check this box, server side redirects will open in the browser specified by the open-in tag. For more information, see [here](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance#updated-schema-attributes).
+
+8. Click **Save** to validate your website and to add it to the site list for your enterprise.
If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
+9. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
## Next steps
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index 008e2624c0..d94601a9d5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -20,7 +20,7 @@ ms.date: 07/27/2017
If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](https://go.microsoft.com/fwlink/p/?LinkId=294917).
+You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
new file mode 100644
index 0000000000..bb22b43b3f
--- /dev/null
+++ b/browsers/internet-explorer/ie11-deploy-guide/review-neutral-sites-with-site-list-manager.md
@@ -0,0 +1,47 @@
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: How to use Site List Manager to review neutral sites for IE mode
+author: dansimp
+ms.prod: ie11
+ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
+ms.sitesec: library
+ms.date: 04/02/2020
+---
+
+# Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager
+
+**Applies to:**
+
+- Windows 10
+- Windows 8
+- Windows Server 2012 R2
+- Microsoft Edge version 77 or later
+
+> [!NOTE]
+> This feature is available on the Enterprise Mode Site List Manager version 11.0.
+
+## Overview
+
+While converting your site from v.1 schema to v.2 schema using the latest version of the Enterprise Mode Site List Manager, sites with the *doNotTransition=true* in v.1 convert to *open-in=None* in the v.2 schema, which is characterized as a "neutral site". This is the expected behavior for conversion unless you are using Internet Explorer mode (IE mode). When IE mode is enabled, only authentication servers that are used for modern and legacy sites should be set as neutral sites. For more information, see [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites). Otherwise, a site meant to open in Edge might potentially be tagged as neutral, which results in inconsistent experiences for users.
+
+The Enterprise Mode Site List Manager provides the ability to flag sites that are listed as neutral sites, but might have been added in error. This check is automatically performed when you are converting from v.1 to v.2 through the tool. This check might flag sites even if there was no prior schema conversion.
+
+## Flag neutral sites
+
+To identify neutral sites to review:
+
+1. In the Enterprise Mode Site List Manager (schema v.2), click **File > Flag neutral sites**.
+2. If selecting this option has no effect, there are no sites that needs to be reviewed. Otherwise, you will see a message **"Engine neutral sites flagged for review"**. When a site is flagged, you can assess if the site needs to be removed entirely, or if it needs the open-in attribute changed from None to MSEdge.
+3. If you believe that a flagged site is correctly configured, you can edit the site entry and click on **"Clear Flag"**. Once you select that option for a site, it will not be flagged again.
+
+## Related topics
+
+- [About IE Mode](https://docs.microsoft.com/deployedge/edge-ie-mode)
+- [Configure neutral sites](https://docs.microsoft.com/deployedge/edge-ie-mode-sitelist#configure-neutral-sites)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index bc468576ed..0f35b04d1c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -31,7 +31,7 @@ You can search to see if a specific site already appears in your global Enterpri
**To search your compatibility list**
- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
- The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
+ The search query searches all of the text. For example, entering *“micro”* will return results like, `www.microsoft.com`, `microsoft.com`, and `microsoft.com/images`. Wildcard characters aren’t supported.
## Related topics
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 58ffc300ce..3cbc140f4b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -26,7 +26,7 @@ ms.date: 12/04/2017
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
@@ -49,12 +49,14 @@ The following topics give you more information about the things that you can do
|[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) |How to add several websites to your site list at the same time, using a text or XML file and the WEnterprise Mode Site List Manager (schema v.1). |
|[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md) |How to edit the compatibility mode for specific websites.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md) |How to fix common site list validation errors.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
+|[Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md) |How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion. This topic applies to the Enterprise Mode Site List Manager version 11.0 or later. |
|[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to look to see if a site is already in your global Enterprise Mode site list.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Save your site list to XML in the Enterprise Mode Site List Manager](save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md) |How to save a site list as XML, so you can deploy and use it with your managed systems.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md) |How to export your site list so you can transfer your data and contents to someone else.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](import-into-the-enterprise-mode-site-list-manager.md) |How to import your site list to replace a corrupted or out-of-date list.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete a website from your site list.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
|[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md) |How to delete all of the websites in a site list.
This topic applies to both versions of the Enterprise Mode Site List Manager. |
+| [Review neutral sites for Internet Explorer mode using the Enterprise Mode Site List Manager](review-neutral-sites-with-site-list-manager.md)|How to flag sites listed as neutral, to ensure that they are intentional and not a result of schema conversion.
This topic applies to the latest version of the Enterprise Mode Site List Manager.
## Related topics
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 8314daf903..4decd51404 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -5,6 +5,7 @@
## [Get your HoloLens 2 ready to use](hololens2-setup.md)
## [Set up your HoloLens 2](hololens2-start.md)
## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
+## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md)
## [Supported languages for HoloLens 2](hololens2-language-support.md)
## [Getting around HoloLens 2](hololens2-basic-usage.md)
diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md
index 0973813221..90c5b236fd 100644
--- a/devices/hololens/holographic-3d-viewer-beta.md
+++ b/devices/hololens/holographic-3d-viewer-beta.md
@@ -1,6 +1,6 @@
---
-title: Using 3D Viewer on HoloLens
-description: Describes the types of files and features that 3D Viewer Beta on HoloLens supports, and how to use and troubleshoot the app.
+title: Using 3D Viewer Beta on HoloLens
+description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
@@ -15,15 +15,18 @@ appliesto:
- HoloLens (1st gen)
---
-# Using 3D Viewer on HoloLens
+# Using 3D Viewer Beta on HoloLens
-3D Viewer lets you view 3D models on HoloLens. You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
+3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
-If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
+>[!NOTE]
+>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
-To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer-beta).
+If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
-There are two ways to open a 3D model on HoloLens. See [Viewing 3D models on HoloLens](#viewing-3d-models-on-hololens) to learn more.
+To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
+
+There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting).
@@ -122,7 +125,7 @@ By default, 3D Viewer Beta displays 3D models at a comfortable size and position
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
-## Viewing 3D models on HoloLens
+## Viewing FBX files on HoloLens
### Open an FBX file from Microsoft Edge
diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md
index dcba528079..b03fb4479f 100644
--- a/devices/hololens/hololens-calibration.md
+++ b/devices/hololens/hololens-calibration.md
@@ -86,6 +86,8 @@ If calibration is unsuccessful try:
If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
+Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system.
+
### Calibration data and security
Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
@@ -105,6 +107,8 @@ You can also disable the calibration prompt by following these steps:
### HoloLens 2 eye-tracking technology
The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning.
+> [!NOTE]
+> Setting the IPD is not applicable for Hololens 2, since eye positions are computed by the system.
HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers don’t need to do anything to leverage this capability.
diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md
index fd770fd0cc..7926dab884 100644
--- a/devices/hololens/hololens-connect-devices.md
+++ b/devices/hololens/hololens-connect-devices.md
@@ -32,7 +32,7 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
- HoloLens (1st gen) clicker
> [!NOTE]
-> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [I'm having problems pairing or using a Bluetooth device](hololens-FAQ.md#im-having-problems-pairing-or-using-a-bluetooth-device).
+> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work).
### Pair a Bluetooth keyboard or mouse
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
index 369602ca12..a19c9d48cf 100644
--- a/devices/hololens/hololens-cortana.md
+++ b/devices/hololens/hololens-cortana.md
@@ -48,6 +48,19 @@ Use these commands throughout Windows Mixed Reality to get around faster. Some c
|Hide and show hand ray | "Hide hand ray" / "Show hand ray" |
|See available speech commands | "What can I say?" |
+Starting with version 19041.x of HoloLens 2, you can also use these commands:
+
+| Say this | To do this |
+| - | - |
+| "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. |
+| "Shutdown device" | Bring up a dialogue to confirm you want to turn off the device. You can say "yes" to confirm. |
+| "Brightness up/down" | Increase or decrease the display brightness by 10%. |
+| "Volume up/down" | Increase or decrease the volume by 10%. |
+| "What's my IP address" | Bring up a dialogue displaying your device's current IP address on the local network. |
+| "Take a picture" | Capture a mixed reality photo of what you are currently seeing. |
+| "Take a video" | Start recording a mixed reality video. |
+| "Stop recording" | Stops the current mixed reality video recording if one is in progress. |
+
### Hologram commands
To use these commands, gaze at a 3D object, hologram, or app window.
@@ -87,7 +100,7 @@ Sometimes it's helpful to spell out things like email addresses. For instance, t
## Do more with Cortana
-Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. She can give you suggestions, ideas, reminders, alerts, and more. To get her attention, select Cortana on **Start** or say "Hey Cortana" anytime.
+Cortana can help you do all kinds of things on your HoloLens, but depending on which version of Windows Holographic you're using, the capablities may be different. You can learn more about the updated capabilites of the latest version of Cortana [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
@@ -96,22 +109,27 @@ Here are some things you can try saying (remember to say "Hey Cortana" first).
**Hey, Cortana**...
- What can I say?
+- Launch <*app name*>.
+- What time is it?
+- Show me the latest NBA scores.
+- Tell me a joke.
+
+If you're using *version 18362.x or earlier*, you can also use these commands:
+
+**Hey, Cortana**...
+
- Increase the volume.
- Decrease the brightness.
- Shut down.
- Restart.
- Go to sleep.
- Mute.
-- Launch <*app name*>.
- Move <*app name*> here (gaze at the spot that you want the app to move to).
- Go to Start.
- Take a picture.
- Start recording. (Starts recording a video.)
- Stop recording. (Stops recording a video.)
-- What time is it?
-- Show me the latest NBA scores.
- How much battery do I have left?
-- Tell me a joke.
Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 1f4858772e..68262afb5b 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -36,13 +36,13 @@ If you no longer want to receive Insider builds of Windows Holographic, you can
To verify that your HoloLens is running a production build:
-- Go to **Settings > System > About**, and find the build number.
-- [See the release notes for production build numbers.](hololens-release-notes.md)
+1. Go to **Settings > System > About**, and find the build number.
+1. [See the release notes for production build numbers.](hololens-release-notes.md)
To opt out of Insider builds:
-- On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
-- Follow the instructions to opt out your device.
+1. On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
+1. Follow the instructions to opt out your device.
## Provide feedback and report issues
@@ -65,8 +65,9 @@ Here's a quick summary of what's new:
- Seamlessly apply a provisioning package from a USB drive to your HoloLens
- Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
- Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview.
-- Dark Mode - many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. Navigate to Settings > System > Colors to find "Choose your default app mode."
+- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands
+- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device
@@ -95,9 +96,30 @@ You can now can access these commands with your voice:
- "Volume up"
- "Volume down"
- "What is my IP address?"
+- "Take a picture"
+- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language.
+### Cortana updates
+The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
+
+There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
+
+### Dark mode
+Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
+Here are some of the in-box apps that support Dark mode!
+- Settings
+- Microsoft Store
+- Mail
+- Calendar
+- File Explorer
+- Feedback Hub
+- OneDrive
+- Photos
+- 3D Viewer
+- Movies & TV
+
### FFU download and flash directions
To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.
1. On PC
diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md
index 737b6bcc0e..79c2e77dc1 100644
--- a/devices/hololens/hololens-release-notes.md
+++ b/devices/hololens/hololens-release-notes.md
@@ -26,6 +26,37 @@ appliesto:
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
+### Coming Soon
+
+**Dark mode for supported apps**
+
+Many Windows apps support both dark and light modes, and soon HoloLens 2 customers can choose the default mode for apps that support both color schemes! Based on overwhelmingly positive customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
+Navigate to **Settings > System > Colors** to find **"Choose your default app mode."**
+
+Here are some of the in-box apps that support dark mode:
+- Settings
+- Microsoft Store
+- Mail
+- Calendar
+- File Explorer
+- Feedback Hub
+- OneDrive
+- Photos
+- 3D Viewer
+- Movies & TV
+
+**Improvements and fixes also in the update:**
+- Ensure shell overlays are included in mixed reality captures.
+- Unreal developers are now able to use the 3D View page in Device Portal to test and debug their applications.
+- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used.
+- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app.
+
+### March Update - build 18362.1056
+
+- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used.
+- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation.
+- Developers productivity improvement by enabling customers to paste large amount of text through device portal.
+
### February Update - build 18362.1053
- Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled.
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index 664bdfa289..2b4e28a971 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -22,25 +22,25 @@ appliesto:
# Manage HoloLens updates
-HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the internet. This article describes how to manage updates in an enterprise or other managed environment. For information about managing updates to individual HoloLens devices, see [Update HoloLens](hololens-update-hololens.md).
+HoloLens uses Windows Update in the same manner as other Windows 10 devices. When an update is available, it is automatically downloaded and installed the next time that your device is plugged in and connected to the internet. This article describes how to manage updates in an enterprise or other managed environment. For information about managing updates to individual HoloLens devices, see [Update HoloLens](hololens-update-hololens.md).
## Manage updates automatically
Windows Holographic for Business can use [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) to manage updates. All HoloLens 2 devices can use Windows Holographic for Business. Make sure that they use Windows Holographic for Business build 10.0.18362.1042 or a later build. If you have HoloLens (1st gen) devices, you have to [upgrade them to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage their updates.
-Windows Update for Business connects HoloLens devices directly to the Windows Update service. By using Windows Update for Business, you can control multiple aspects of the update process: which devices get which updates at what time. For example, you can roll out updates to a subset of devices for testing, then roll out updates to the remaining devices at a later date. Or you can define different update schedules for different types of updates.
+Windows Update for Business connects HoloLens devices directly to the Windows Update service. By using Windows Update for Business, you can control multiple aspects of the update process—that is, which devices get which updates at what time. For example, you can roll out updates to a subset of devices for testing, then roll out updates to the remaining devices at a later date. Or, you can define different update schedules for different types of updates.
> [!NOTE]
-> For HoloLens devices, You can automatically manage feature updates (released twice a year) and quality updates (released monthly or as needed, including critical security updates). For more information about update types, see [Types of updates managed by Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
+> For HoloLens devices, you can automatically manage feature updates (released twice a year) and quality updates (released monthly or as required, including critical security updates). For more information about update types, see [Types of updates managed by Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb#types-of-updates-managed-by-windows-update-for-business).
You can configure Windows Update for Business settings for HoloLens by using policies in a Mobile Device Management (MDM) solution such as Microsoft Intune.
-For a detailed discussion of how to use Intune to configure Windows Update for Business, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/intune/protect/windows-update-for-business-configure).
+For a detailed discussion about how to use Intune to configure Windows Update for Business, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/intune/protect/windows-update-for-business-configure).
> [!IMPORTANT]
> Intune provides two policy types for managing updates: *Windows 10 update ring* and *Windows 10 feature updates*. The Windows 10 feature update policy type is in public preview at this time and is not supported for HoloLens.
>
-> You can use Windows 10 update ring policies with HoloLens 2.
+> You can use Windows 10 update ring policies to manage HoloLens 2 updates.
### Configure update policies for HoloLens 2 or HoloLens (1st gen)
@@ -49,21 +49,19 @@ This section describes the policies that you can use to manage updates for eithe
The [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update) defines the policies that configure Windows Update for Business.
> [!NOTE]
-> For details about specific policies that are supported by specific editions of HoloLens, see the following articles:
-> - [Policies supported by HoloLens devices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-devices)
-> - [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business)
+> For details about specific policies that are supported by specific editions of HoloLens, see [Policies supported by HoloLens devices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-devices).
#### Configure automatic checks for updates
-You can use the Update/AllowAutoUpdate policy to manage automatic update behavior, such as scanning, downloading, and installing updates.
+You can use the **Update/AllowAutoUpdate** policy to manage automatic update behavior, such as scanning, downloading, and installing updates.
This policy supports the following values:
- **0** - Notify the user when there is an update that is ready to download that applies to the device.
-- **1** - Automatically install the update and then notify the user to schedule a device restart.
-- **2** - Automatically install the update, and then restart the device. *This is the recommended value*, and is the default value for this policy.
+- **1** - Automatically install the update, and then notify the user to schedule a device restart.
+- **2** - Automatically install the update, and then restart the device. This is the recommended value, and it is the default value for this policy.
-- **3** - Automatically install the update, and restart at a specified time. Specify the installation day and time. If no day and time are specified, the default is daily at 3 AM.
+- **3** - Automatically install the update, and then restart at a specified time. Specify the installation day and time. If no day and time are specified, the default is daily at 3 A.M.
- **4** - Automatically install the update, and then restart the device. This option also sets the Settings page to read-only.
@@ -79,11 +77,11 @@ For more details about the available settings for this policy, see [Update/Allow
To configure how and when updates are applied, use the following policies:
- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday).
- - Values: **0** – **7** (0 = every day, 1 = Sunday, 7 = Saturday)
+ - Values: **0**–**7** (0 = every day, 1 = Sunday, 7 = Saturday)
- Default value: **0** (every day)
- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime).
- - Values: 0 – 23 (0 = 12AM, 23 = 11PM)
- - Default value: 3pm
+ - Values: 0–23 (0 = midnight, 23 = 11 P.M.)
+ - Default value: 3 P.M.
#### For devices that run Windows 10, version 1607 only
@@ -95,23 +93,23 @@ You can use the following update policies to configure devices to get updates fr
### Plan and configure update rollouts for HoloLens 2
-HoloLens 2 supports more update automation features that HoloLens (1st gen), especially if you use Microsoft Intune to manage Windows Update for Business policy. These features make it easier for you to plan and implement update rollouts across your organization.
+HoloLens 2 supports more update automation features than HoloLens (1st gen). this is especially true if you use Microsoft Intune to manage Windows Update for Business policy. These features make it easier for you to plan and implement update rollouts across your organization.
#### Plan the update strategy
Windows Updates for Business supports deferral policies. After Microsoft releases an update, you can use a deferral policy to define how long to wait before installing that update on devices. By associating subsets of your devices (referred to as *update rings*) with different deferral policies, you can coordinate an update rollout strategy for your organization.
-For example, consider an organization that has 1,000 devices and has to update them in five ways. The organization can create five update rings, as shown in the following table:
+For example, consider an organization that has 1,000 devices and has to update them in five ways. The organization can create five update rings, as shown in the following table.
|Group |Number of devices |Deferral (days) |
| ---| :---: | :---: |
-|Grp 1 (IT Staff) |5 |0 |
-|Grp 2 (Early Adopters) |50 |60 |
+|Grp 1 (IT staff) |5 |0 |
+|Grp 2 (early adopters) |50 |60 |
|Grp 3 (main 1) |250 |120 |
|Grp 4 (main 2) |300 |150 |
|Grp 5 (main 3) |395 |180 |
-Here's how the rollout progresses over time to the entire organization:
+Here's how the rollout progresses over time to the entire organization.
@@ -132,18 +130,18 @@ You can configure different deferrals for feature updates and quality updates. T
For a more detailed version of this example, see [Create and assign update rings](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure#create-and-assign-update-rings).
-1. Sign in to the [Microsoft Endpoint Manager Admin Center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to your Intune profiles.
+1. Sign in to the [Microsoft Endpoint Manager Admin Center](https://go.microsoft.com/fwlink/?linkid=2109431), and navigate to your Intune profiles.
1. Select **Software Updates** > **Windows 10 update rings** > **Create**.
-1. Under **Basics**, specify a name, a description (optional) and then select **Next**.
-1. Under **Update ring settings**, for **Servicing channel**, select **Semi-Annual Channel**, and then change **Feature update deferral period** to **120**. When finished, select **Next**.
-1. Under **Assignments**, select **+ Select groups to include** and then assign the update ring to one or more groups. Use **+ Select groups to exclude** to fine-tune the assignments. When finished, select **Next**.
+1. Under **Basics**, specify a name and a description (optional), and then select **Next**.
+1. Under **Update ring settings**, for **Servicing channel**, select **Semi-Annual Channel**, and then change **Feature update deferral period** to **120**. Then, select **Next**.
+1. Under **Assignments**, select **+ Select groups to include**, and then assign the update ring to one or more groups. Use **+ Select groups to exclude** to fine-tune the assignments. Then, select **Next**.
1. Under **Review + create**, review the settings. When you're ready to save the update ring configuration, select **Create**.
The list of update rings now includes the new Windows 10 update ring.
**Example 2: Pause an update ring**
-If you discover a problem while deploying a feature or quality update, you can pause the update for 35 days (starting from a specified date). This pause prevents other devices from installing the update until you mitigate the issue. If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. After the specified time period has passed, the pause automatically expires. At that point, the update process resumes.
+If you encounter a problem when you deploy a feature or quality update, you can pause the update for 35 days (starting from a specified date). This pause prevents other devices from installing the update until you resolve or mitigate the issue. If you pause a feature update, quality updates are still offered to devices to make sure that they stay secure. After the specified time has passed, the pause automatically expires. At that point, the update process resumes.
To pause an update ring in Intune, follow these steps:
@@ -155,16 +153,16 @@ When an update type is paused, the Overview pane for that ring displays how many
While the update ring is paused, you can select either of the following options:
- To extend the pause period for an update type for 35 days, select **Extend**.
-- To restore updates for that ring to active operation, select **Resume**. You can pause the update ring again if needed.
+- To restore updates for that ring to active operation, select **Resume**. You can pause the update ring again if it is necessary.
> [!NOTE]
> The **Uninstall** operation for update rings is not supported for HoloLens 2 devices.
## Manually check for updates
-While HoloLens periodically checks for system updates so you don't have to, there may be circumstances in which you want to manually check.
+Although HoloLens periodically checks for system updates so that you don't have to, there may be circumstances in which you want to manually check.
-To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app says your device is up to date, you have all the updates that are currently available.
+To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app indicates that your device is up to date, you have all the updates that are currently available.
## Manually revert an update
@@ -175,17 +173,18 @@ In some cases, you might want to go back to a previous version of the HoloLens s
You can roll back updates and return to a previous version of HoloLens 2 by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
> [!NOTE]
-> Going back to an earlier version deletes your personal files and settings.
+> Reverting to an earlier version deletes your personal files and settings.
To go back to a previous version of HoloLens 2, follow these steps:
1. Make sure that you don't have any phones or Windows devices plugged in to your computer.
1. On your computer, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
-1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
-1. Use a USB-A to USB-C cable to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens, this type of cable works best.
+1. When you have finished these downloads, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file.
+1. Use a USB-A to USB-C cable to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens, this kind of cable works best.
1. The Advanced Recovery Companion automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile.
-1. On the next screen, select **Manual package selection** and then open the folder that you previously unzipped. Select the installation file (the file that has a .ffu extension).
+1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded.
+1. Select the installation file (the file that has an .ffu extension).
1. Select **Install software**, and then follow the instructions.
### Go back to a previous version (HoloLens (1st gen))
@@ -193,17 +192,18 @@ To go back to a previous version of HoloLens 2, follow these steps:
You can roll back updates and return to a previous version of HoloLens (1st gen) by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
> [!NOTE]
-> Going back to an earlier version deletes your personal files and settings.
+> Reverting to an earlier version deletes your personal files and settings.
To go back to a previous version of HoloLens (1st gen), follow these steps:
1. Make sure that you don't have any phones or Windows devices plugged in to your computer.
1. On your computer, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
-1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
-1. Use the micro-USB cable that came with your HoloLens device to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens device, this one works best.
+1. After the downloads finish, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file.
+1. Use the micro-USB cable that was provided together with your HoloLens device to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens device, this one works best.
1. The WDRT automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile.
-1. On the next screen, select **Manual package selection** and then open the folder that you previously unzipped. Select the installation file (the file that has a .ffu extension).
+1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded.
+1. Select the installation file (the file that has an .ffu extension).
1. Select **Install software**, and then follow the instructions.
> [!NOTE]
diff --git a/devices/hololens/hololens2-maintenance.md b/devices/hololens/hololens2-maintenance.md
new file mode 100644
index 0000000000..1faaca4425
--- /dev/null
+++ b/devices/hololens/hololens2-maintenance.md
@@ -0,0 +1,84 @@
+---
+title: HoloLens 2 device care and cleaning FAQ
+description:
+author: Teresa-Motiv
+ms.author: v-tea
+ms.date: 3/26/2020
+ms.prod: hololens
+ms.topic: article
+ms.custom:
+- CI 115560
+- CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords:
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# Frequently asked questions about cleaning HoloLens 2 devices
+
+> [!IMPORTANT]
+> Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection.
+
+## What are the general cleaning instructions for HoloLens 2 devices?
+
+**To clean the device**
+
+1. Remove any dust by using a dry, lint-free microfiber cloth to gently wipe the surface of the device.
+1. Lightly moisten the cloth by using medical "70%" isopropyl alcohol, and then use the moistened cloth to gently wipe the surface of the device.
+
+ 
+
+1. Let the device dry completely.
+
+**To clean the brow pad**
+
+1. Use water and a mild, antibiotic soap to moisten a cloth, and then use the moistened cloth to wipe the brow pad.
+1. Let the brow pad dry completely.
+
+## Can I use any lens cleaner for cleaning the HoloLens visor?
+
+No. Lens cleaners can be abrasive to the coatings on the visor. To clean the visor, follow these steps:
+
+1. Remove any dust by using a dry lint-free microfiber cloth to gently wipe the visor.
+1. Lightly moisten a cloth by using medical "70%" isopropyl alcohol, and then gently wipe the visor.
+1. Let the visor dry completely.
+
+## Can I use disinfecting wipes to clean the device?
+
+Yes, if the wipes do not contain bleach. You can use non-bleach disinfecting wipes to [gently wipe the HoloLens surfaces](#what-are-the-general-cleaning-instructions-for-hololens-2-devices).
+
+> [!CAUTION]
+> Avoid using disinfecting wipes that contains bleach to clean the HoloLens surfaces. It is acceptable to use bleach wipes in critical situations, when nothing else is available. However, bleach may damage the HoloLens visor or other surfaces.
+
+## Can I use alcohol to clean the device?
+
+Yes. You can use a solution of "70%" isopropyl alcohol and water to clean the hard surfaces of the device, including the visor. Lightly moisten the cloth by using a mix of isopropyl alcohol and water, and then gently wipe the surface of the device
+
+## Is the brow pad replaceable?
+
+Yes. The brow pad is magnetically attached to the device. To detach it, pull it gently away from the headband. To replace it, snap it back into place.
+
+
+
+## How can I clean the brow pad?
+
+To clean the brow pad, wipe it by using a cloth that's moistened by using water and a mild antibiotic soap. Let the brow pad dry completely before you use it again.
+
+## Can I use ultraviolet (UV) light to sanitize the device?
+
+UV germicidal irradiation has not been tested on HoloLens 2.
+
+> [!CAUTION]
+> High levels of UV exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV radiation has the following effects, in order of the duration and intensity of exposure:
+>
+> 1. The brow pad and device closures become discolored.
+> 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows.
+> 1. Defects appear in the base materials of the visor and on the sensor windows.
+> 1. SRG performance degrades.
+
+## Is the rear pad replaceable?
+
+No.
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index b26023e070..67516c9773 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -1,4 +1,4 @@
-# [Microsoft Surface Hub](index.md)
+# [Microsoft Surface Hub](index.yml)
# Surface Hub 2S
@@ -45,6 +45,7 @@
### [Update pen firmware on Surface Hub 2S](surface-hub-2s-pen-firmware.md)
## Secure
+### [Surface Hub security overview](surface-hub-security.md)
### [Secure and manage Surface Hub 2S with SEMM and UEFI](surface-hub-2s-secure-with-uefi-semm.md)
### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
@@ -58,8 +59,8 @@
## Overview
### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
-### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
-### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
+### [Technical information for 55" Microsoft Surface Hub](surface-hub-technical-55.md)
+### [Technical information for 84" Microsoft Surface Hub](surface-hub-technical-84.md)
### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
## Plan
diff --git a/devices/surface-hub/images/hub-sec-1.png b/devices/surface-hub/images/hub-sec-1.png
new file mode 100644
index 0000000000..fe4e25d084
Binary files /dev/null and b/devices/surface-hub/images/hub-sec-1.png differ
diff --git a/devices/surface-hub/images/hub-sec-2.png b/devices/surface-hub/images/hub-sec-2.png
new file mode 100644
index 0000000000..fdf7af7ca6
Binary files /dev/null and b/devices/surface-hub/images/hub-sec-2.png differ
diff --git a/devices/surface-hub/index.yml b/devices/surface-hub/index.yml
index 7f4e46228a..249deba5a0 100644
--- a/devices/surface-hub/index.yml
+++ b/devices/surface-hub/index.yml
@@ -25,13 +25,17 @@ highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items:
# Card
- - title: What is Surface Hub 2S?
- itemType: overview
- url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099
- # Card
- title: What's new in Surface Hub 2S?
itemType: whats-new
url: surface-hub-2s-whats-new.md
+ # Card
+ - title: Surface Hub security overview
+ itemType: learn
+ url: surface-hub-security.md
+ # Card
+ - title: Manage Surface Hub 2S with Intune
+ itemType: how-to-guide
+ url: surface-hub-2s-manage-intune.md
# Card
- title: Operating system essentials
itemType: learn
@@ -41,10 +45,6 @@ highlightedContent:
itemType: learn
url: surface-hub-2s-site-readiness-guide.md
# Card
- - title: Install and mount Surface Hub 2S
- itemType: how-to-guide
- url: surface-hub-2s-install-mount.md
- # Card
- title: Customize Surface Hub 2S installation
itemType: how-to-guide
url: surface-hub-2s-custom-install.md
diff --git a/devices/surface-hub/surface-hub-security.md b/devices/surface-hub/surface-hub-security.md
new file mode 100644
index 0000000000..4dc2b7518e
--- /dev/null
+++ b/devices/surface-hub/surface-hub-security.md
@@ -0,0 +1,158 @@
+---
+title: "Surface Hub security overview"
+description: "This page explains the Defense in Depth design of Surface Hub and describes security enhancements in Surface Hub 2S, wireless security protections, and related features."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: coveminer
+ms.author: v-jokai
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 03/27/2020
+ms.localizationpriority: High
+---
+# Surface Hub security overview
+
+Surface Hub provides a locked-down computing appliance with custom platform firmware running the Windows 10 Team Edition operating system. The resulting device takes the traditional, "single use" secure kiosk, "only run what you need" philosophy and delivers a modern take on it. Built to support a rich collaborative user experience, Surface Hub is protected against continually evolving security threats.
+
+Built on Windows 10, Surface Hub delivers enterprise-grade modern security enabling IT admins to enforce data protection with BitLocker, Trusted Platform Module 2.0 (TPM), plus cloud-powered security with Windows Defender (also known as Microsoft Defender).
+
+## Defense in Depth security
+
+Security protocols begin as soon as Surface Hub is turned on. Starting at the firmware level, Surface Hub will only load the operating system and its components in response to multiple security checks. Surface Hub employs a strategy called Defense in Depth that involves layering independent defensive sub-components to protect the whole of the system in the event of partial failure. This industry practice has proven to be highly effective in mitigating against potential unilateral exploits and weakness in sub-components.
+
+The modern Unified Extensible Firmware Interface (UEFI) is statically and securely configured by Microsoft to only boot an authenticated Windows 10 Team Edition operating system from internal storage. Every line of code that runs on Surface Hub has its signature verified prior to execution. Only applications signed by Microsoft, either as part of the operating system or installed via the Microsoft Store, can run on the Surface Hub. Code or apps not meeting these requirements are blocked.
+
+Surface Hub security systems include the following:
+
+- **Boot-time defenses.** Loads only trusted Surface Hub operating system components.
+- **Operating system defenses.** Protects against execution of unintended or malicious software or code.
+- **User interface defenses.** Provides a user interface that's safe for end users, preventing access to potentially risky activities such as running executables from the command line.
+
+### Boot-time defenses
+
+The SoC has a security processor that's separate from every other core. When you first start Surface Hub, only the security processor starts before anything else can be loaded.
+
+
+
+#### Secure Boot
+
+Secure Boot is used to verify that the components of the boot process, including drivers and the operating system, are validated against a database of valid and known signatures. On Surface Hub, a platform-specific signature must first be validated before the authorized Windows Team operating system can be loaded. This helps prevent attacks from a cloned or modified system running malicious code hidden in what appears to be an otherwise normal user experience. For more information, see [Secure Boot overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot).
+
+### Operating system defenses
+
+Once the operating system is verified as originating from Microsoft and Surface Hub successfully completes the boot process, the device scrutinizes the executable code. Our approach to securing the operating system involves identifying the code signature of all executables, allowing only those that pass our restrictions to be loaded into the runtime. This code signing method enables the operating system to verify the author and confirm that code was not altered prior to running on the device.
+
+Surface Hub uses a code signing feature known as User Mode Code Integrity (UMCI) in Windows Application Control (formerly known as Device Guard). Policy settings are configured to only allow apps that meet one of these requirements:
+
+- Universal Windows Platform (Microsoft Store) apps that are [officially certified](https://docs.microsoft.com/windows/uwp/publish/the-app-certification-process).
+- Apps signed with the unique Microsoft Production Root Certification Authority (CA), which can only be signed by Microsoft employees with authorized access to those certificates.
+- Apps signed with the unique Surface Hub Production Root C.
+
+The configuration file is signed using the Microsoft Production Root CA designed to prevent restrictions from being removed or modified by a third party. All other executables at this point are simply blocked at the operating system runtime level and prevented from accessing processing power. This attack surface reduction provides the following protections:
+
+- No legacy document modes
+- No legacy script engines
+- No Vector Markup Language
+- No Browser Helper Objects
+- No ActiveX controls
+
+In addition to blocking unsigned or incorrectly signed code via UMCI, Surface Hub uses Windows Application Control to block Windows components, such as the Command Prompt, PowerShell, and Task Manager. These safeguards reflect a key design feature of Surface Hub as a secure computing appliance. For more information, see the following:
+
+- [Application Control overview](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)
+
+- [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)
+
+### User interface defenses
+
+While boot-time defenses and operating system lockdown safeguards deliver foundational security, the user interface provides an additional layer designed to further reduce risk. To prevent malicious code from reaching the device through drivers, Surface Hub does not download advanced drivers for plug and play (PnP) devices. Devices that leverage basic drivers, such as USB flash drives or certified Surface Hub peripherals (speakers, microphones, cameras) work as expected, but advanced systems, such as printers, will not.
+
+User interface defenses also simplify the UI, further preventing the execution of malicious software or code. The following Surface Hub UI elements layer the core security provided by code signing:
+
+- **File Explorer.** Surface Hub has a custom File Explorer that enables quick access to Music, Videos, Documents, Pictures, and Downloads folders — without exposing users to system or program files. Other locations on the local hard drive are not available through File Explorer. In addition, many file types running such as .exe, and .msi installation files cannot run providing another layer of safety against potentially malicious executables.
+
+- **Start & All Apps.** The Start and All Apps components of Surface Hub do not expose access to Command Prompt, PowerShell, or other Windows components blocked via Application Control. In addition, Windows run functionality typically accessed on PCs from the Search box is turned off for Surface Hub.
+
+## Security enhancements in Surface Hub 2S
+
+Although Surface Hub and Surface Hub 2S both run the same operating system software, some features unique to Surface Hub 2S provide additional management and security capabilities enabling IT admins to perform the following tasks:
+
+- Manage UEFI settings with SEMM
+- Recover Hub with bootable USB
+- Harden device account with password rotation
+
+### Manage UEFI settings with SEMM
+
+UEFI is an interface between the underlying hardware platform pieces and the operating system. On Surface Hub, a custom UEFI implementation allows granular control over these settings and prevents any non-Microsoft entity from changing the UEFI settings of the device — or booting to a removable drive to modify or change the operating system.
+
+At a high level, during the factory provisioning process, Surface Hub UEFI is preconfigured to enable Secure Boot and is set to only boot from the internal solid-state drive (SSD), with access to UEFI menus locked down and shortcuts removed. This seals UEFI access and ensures the device can only boot into the Windows Team operating system installed on Surface Hub.
+
+When managed via Microsoft Surface Enterprise Management Mode (SEMM), IT admins can deploy UEFI settings on Hub devices across an organization. This includes the ability to enable or disable built-in hardware components, protect UEFI settings from being changed by unauthorized users, and adjust boot settings.
+
+
+
+Admins can implement SEMM and enrolled Surface Hub 2S devices using the downloadable [Microsoft Surface UEFI Configurator](https://www.microsoft.com/download/details.aspx?id=46703). For more information, see [Secure and manage Surface Hub 2S with SEMM and UEFI](https://docs.microsoft.com/surface-hub/surface-hub-2s-secure-with-uefi-semm).
+Secured using a certificate to protect the configuration from unauthorized tampering or removal, SEMM enables management of the following components:
+
+- Wired LAN
+- Camera
+- Bluetooth
+- Wi-Fi
+- Occupancy sensor
+- IPv6 for PXE Boot
+- Alternate Boot
+- Boot Order Lock
+- USB Boot
+- UEFI front page interface
+ - Devices
+ - Boot
+ - Date/Time
+
+
+### Recover Hub with bootable USB
+
+Surface Hub 2S enables admins to reinstall the device to factory settings using a recovery image in as little as 20 minutes. Typically, you would only need to do this if your Surface Hub is no longer functioning. Recovery is also useful if you have lost the Bitlocker key or no longer have admin credentials to the Settings app.
+
+### Harden device account with password rotation
+
+Surface Hub uses a device account, also known as a "room account" to authenticate with Exchange, Microsoft Teams, and other services. When you enable password rotation, Hub 2S automatically generates a new password every 7 days, consisting of 15-32 characters with a combination of uppercase and lowercase letters, numbers, and special characters. Because no one knows the password, the device account password rotation effectively mitigates associated risk from human error and potential social engineering security attacks.
+
+## Windows 10 enterprise-grade security
+
+In addition to Surface Hub-specific configurations and features addressed in this document, Surface Hub also uses the standard security features of Windows 10. These include:
+
+- **BitLocker**. The Surface Hub SSD is equipped with BitLocker to protect the data on the device. Its configuration follows industry standards. For more information, see [BitLocker overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot).
+- **Windows Defender.** The Windows Defender anti-malware engine runs continuously on Surface Hub and works to automatically remediate threats found on Surface Hub. The Windows Defender engine receives updates automatically and is manageable via remote management tools for IT admins. The Windows Defender engine is a perfect example of our Defense in Depth approach: If malware can find a way around our core code-signage-based security solution, it will be caught here. For more information, see [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).
+- **Plug and play drivers.** To prevent malicious code from reaching the device through drivers, Surface Hub does not download advanced drivers for PnP devices. This allows devices that leverage basic drivers such as USB flash drives to work as expected while blocking more advanced systems such as printers.
+- **Trusted Platform Module 2.0.** Surface Hub has an industry standard discrete Trusted Platform Module (dTPM) for generating and storing cryptographic keys and hashes. The dTPM protects keys used for the verification of boot phases, the BitLocker master key, password-less sign-on key, and more. The dTPM meets [FIPS 140-2 Level 2](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation) certification, the U.S. government computer security standard, and is compliant with [Common Criteria](https://docs.microsoft.com/windows/security/threat-protection/windows-platform-common-criteria) certification used worldwide.
+
+## Wireless security for Surface Hub
+
+Surface Hub uses Wi-Fi Direct / Miracast technology and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design.
+
+Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
+
+Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to communicate directly and create groups of networks without requiring a traditional Wi-Fi Access Point or an Internet connection.
+
+Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Devices can be authenticated using a numerical pin, a physical or virtual push button, or an out-of-band message using near-field communication. Surface Hub supports both push button by default as well PIN methods. For more information, see [How Surface Hub addresses Wi-Fi Direct security issues](https://docs.microsoft.com/surface-hub/surface-hub-wifi-direct).
+
+## Learn more
+
+- [Secure Boot overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot)
+
+- [BitLocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)
+
+- [Application Control overview](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)
+
+- [Secure and manage Surface Hub 2S with SEMM and UEFI](https://docs.microsoft.com/surface-hub/surface-hub-2s-secure-with-uefi-semm)
+
+- [How Surface Hub addresses Wi-Fi Direct security issues](https://docs.microsoft.com/surface-hub/surface-hub-wifi-direct)
+
+- [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)
+
+- [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703)
+
+- [FIPS 140-2 Level 2](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation)
+
+- [Common Criteria certification](https://docs.microsoft.com/windows/security/threat-protection/windows-platform-common-criteria)
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index a6e9524cd2..416610d656 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -1,6 +1,6 @@
---
title: Set up and use Microsoft Whiteboard
-description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
+description: Microsoft Whiteboard's latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
ms.prod: surface-hub
ms.sitesec: library
author: dansimp
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
# Set up and use Microsoft Whiteboard
-The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices to collaborate in real time on the same board.
+The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices with the Microsoft Whiteboard app installed to collaborate in real time on the same board.
## Prerequisites
@@ -48,14 +48,16 @@ On the other device, such as a Surface Hub, when you are signed in, the shared b
- You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it.
- You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working.
+For more information, see [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d).
+
> [!NOTE]
-> If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you’re done, tap **Settings** > **Export to email** or save a copy of the board. The SVG export provides higher resolution than PNG and can be opened in a web browser.
+> If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you're done, tap **Settings** > **Export to email** or save a copy of the board. If you choose to export to SVG, it exports vector graphics and provides higher resolution than PNG and can be opened in a web browser.
## New features in Whiteboard
The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including:
-- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery.
+- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. There is no local folder name or directory.
- **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices.
- **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon.
- **Intelligence** – In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink.
@@ -68,3 +70,5 @@ The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a
- [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
+
+- [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
diff --git a/devices/surface/index.yml b/devices/surface/index.yml
index 29bd13e5da..d9d7043dc2 100644
--- a/devices/surface/index.yml
+++ b/devices/surface/index.yml
@@ -24,17 +24,18 @@ additionalContent:
- title: For IT Professionals # < 60 chars (optional)
items:
# Card
- - title: Surface devices
+ - title: Surface devices documentation
summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
url: https://docs.microsoft.com/en-us/surface/get-started
# Card
- - title: Surface Hub
- summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Learn how to plan, deploy, manage, and support your Surface Hub devices.
+ - title: Surface Hub documentation
+ summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device.
url: https://docs.microsoft.com/surface-hub/index
- # Card
- - title: Surface for Business
- summary: Explore how Surface devices are transforming the modern workplace with people-centric design and flexible form factors, helping you get the most out of AI, big data, the cloud, and other foundational technologies.
- url: https://www.microsoft.com/surface/business
+ # Card
+ - title: Surface Hub adoption guidance
+ summary: Get best practices for technical readiness and adoption across your lines of business.
+ url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
+
- title: Other resources # < 60 chars (optional)
items:
# Card
@@ -51,8 +52,7 @@ additionalContent:
url: https://docs.microsoft.com/learn/browse/?term=Surface
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
- - text: Surface Hub 2S adoption and training
- url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
+
# Card
- title: Need help?
links:
@@ -60,3 +60,5 @@ additionalContent:
url: https://support.microsoft.com/products/surface-devices
- text: Surface Hub
url: https://support.microsoft.com/hub/4343507/surface-hub-help
+ - text: Contact Surface Hub Support
+ url: https://support.microsoft.com/supportforbusiness/productselection?sapId=bb7066fb-e329-c1c0-9c13-8e9949c6a64e
diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
index 1a417a6bcd..7c84f5c0e4 100644
--- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
+++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
@@ -29,7 +29,7 @@ Before you run the diagnostic tool, make sure you have the latest Windows update
**To run the Surface Diagnostic Toolkit for Business:**
-1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B).
+1. Download the Surface Diagnostic Toolkit for Business. To do this, go to the [**Surface Tools for IT** download page](https://www.microsoft.com/download/details.aspx?id=46703), choose **Download**, select **Surface Diagnostic Toolkit for Business** from the provided list, and choose **Next**.
2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index 062008fc1e..9c7b32f336 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -39,6 +39,7 @@ System Model and System SKU are variables that are stored in the System Manageme
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
+| Surface Laptop | Surface Laptop | Surface_Laptop |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index fed3ff8374..7e016c22c0 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -34,8 +34,12 @@ Many schools use online testing for formative and summative assessments. It's cr
-There are several ways to configure devices for assessments. You can:
-- **Configure an assessment URL and a dedicated testing account**
+There are several ways to configure devices for assessments, depending on your use case:
+
+- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL.
+- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing.
+
+1. **Configure an assessment URL and a dedicated testing account**
In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
@@ -58,9 +62,9 @@ There are several ways to configure devices for assessments. You can:
For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md).
-- **Distribute the assessment URL through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link**
+2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method**
- This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
+ This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link.
You can enable this using a schema activation.
diff --git a/mdop/agpm/agpm-4-navengl.md b/mdop/agpm/agpm-4-navengl.md
index 76b3146249..d9b63043f8 100644
--- a/mdop/agpm/agpm-4-navengl.md
+++ b/mdop/agpm/agpm-4-navengl.md
@@ -25,7 +25,8 @@ ms.date: 06/16/2016
- [Release Notes for Microsoft Advanced Group Policy Management 4.0](release-notes-for-microsoft-advanced-group-policy-management-40.md)
-
+> [!NOTE]
+> Advanced Group Policy Management (AGPM) 4.0 will be end of life on January 12, 2021. Please upgrade to a supported version, such as AGPM 4.0 with Service Pack 3 prior to this date.
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
index abe185ad6b..5fa848da03 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
@@ -45,9 +45,9 @@ For more information about AGPM, see the following:
- [Advanced Group Policy Management TechNet Library](https://go.microsoft.com/fwlink/?LinkID=146846) (https://go.microsoft.com/fwlink/?LinkID=146846)
-- [Microsoft Desktop Optimization Pack TechCenter](https://go.microsoft.com/fwlink/?LinkId=159870) (http://www.microsoft.com/technet/mdop)
+- [Microsoft Desktop Optimization Pack TechCenter](https://go.microsoft.com/fwlink/?LinkId=159870) (https://www.microsoft.com/technet/mdop)
-- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkId=145531) (http://www.microsoft.com/gp)
+- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkId=145531) (https://www.microsoft.com/gp)
## Providing feedback
diff --git a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md b/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
index 8a54d8a0da..03301519d2 100644
--- a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
+++ b/mdop/appv-v5/about-app-v-50-dynamic-configuration.md
@@ -102,7 +102,7 @@ The structure of the App-V 5.0 Dynamic Configuration file is explained in the fo
**Header** - the header of a dynamic user configuration file is as follows:
-<?xml version="1.0" encoding="utf-8"?><UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
+<?xml version="1.0" encoding="utf-8"?><UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
The **PackageId** is the same value as exists in the Manifest file.
@@ -110,7 +110,7 @@ The **PackageId** is the same value as exists in the Manifest file.
1. **Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
- <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
+ <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
<Applications>
@@ -128,7 +128,7 @@ The **PackageId** is the same value as exists in the Manifest file.
2. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>:
- <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
+ <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
<Subsystems>
@@ -572,7 +572,7 @@ The **PackageId** is the same value as exists in the Manifest file.
**Header** - The header of a Deployment Configuration file is as follows:
-<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
+<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
The **PackageId** is the same value as exists in the manifest file.
@@ -582,7 +582,7 @@ The **PackageId** is the same value as exists in the manifest file.
- Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS.
-<DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
+<DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns=";
<UserConfiguration>
diff --git a/mdop/appv-v5/about-the-connection-group-file.md b/mdop/appv-v5/about-the-connection-group-file.md
index 6052eca8c9..49785fcb96 100644
--- a/mdop/appv-v5/about-the-connection-group-file.md
+++ b/mdop/appv-v5/about-the-connection-group-file.md
@@ -87,7 +87,7 @@ The following table describes the parameters in the XML file that define the con
Schema name |
Name of the schema.
Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
-xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
|
+xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
AppConnectionGroupId |
@@ -160,8 +160,8 @@ The following example connection group XML file shows examples of the fields in
```XML
Schema name
Name of the schema.
Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
-xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
|
+xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
AppConnectionGroupId |
@@ -160,8 +160,8 @@ The following example connection group XML file shows examples of the fields in
```XML
+
+Microsoft SQL Server 2019 |
+ |
+32-bit or 64-bit |
+
+
Microsoft SQL Server 2017 |
|
@@ -145,7 +149,7 @@ The following table lists the SQL Server versions that are supported for the App
-
+For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f).
### Publishing server operating system requirements
@@ -303,7 +307,6 @@ The following table lists the SQL Server versions that are supported for the App
## App-V client system requirements
-
The following table lists the operating systems that are supported for the App-V 5.1 client installation.
**Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
@@ -416,7 +419,6 @@ App-V adds no additional requirements beyond those of Windows Server.
## Sequencer system requirements
-
The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation.
@@ -479,7 +481,6 @@ See the Windows or Windows Server documentation for the hardware requirements. A
## Supported versions of System Center Configuration Manager
-
The App-V client supports the following versions of System Center Configuration Manager:
- Microsoft System Center 2012 Configuration Manager
@@ -543,23 +544,8 @@ The following App-V and System Center Configuration Manager version matrix shows
For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx).
-
-
-
-
-
## Related topics
-
[Planning to Deploy App-V](planning-to-deploy-app-v51.md)
[App-V 5.1 Prerequisites](app-v-51-prerequisites.md)
-
-
-
-
-
-
-
-
-
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
index 02c3ed99ef..08be8a6ee4 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md
@@ -36,7 +36,7 @@ The following procedure does not require an App-V 5.0 management server.
<DeploymentConfiguration
- xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
+ xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
<MachineConfiguration/>
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
index 19ee17d2ed..3a18c1b154 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md
@@ -37,7 +37,7 @@ The following procedure does not require an App-V 5.1 management server.
<DeploymentConfiguration
- xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
+ xmlns="" PackageId=<Package ID> DisplayName=<Display Name>
<MachineConfiguration/>
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
index 5221f2f8c7..6e636ec80a 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md
@@ -29,7 +29,7 @@ Use the following procedure to migrate packages created with App-V using the use
<UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
- xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+ xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
PackageName=<Package ID>
diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
index ddcc67a299..cbec1bdbe6 100644
--- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
+++ b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md
@@ -32,7 +32,7 @@ This procedure assumes that you are running the latest version of App-V 4.6.
<UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package>
- xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
+ xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true"
PackageName=<Package ID>
diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
index d8239f46ed..8c95c046c5 100644
--- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
+++ b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md
@@ -119,7 +119,7 @@ Before using optional packages, see [Requirements for using optional packages in
Example connection group XML document with optional packages:
<?xml version="1.0" ?>
<AppConnectionGroup
- xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
+ xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
DisplayName="Contoso Software Connection Group" >
diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
index 8a87b7ff92..b29a4ff7a9 100644
--- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
+++ b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md
@@ -118,7 +118,7 @@ Before using optional packages, see [Requirements for using optional packages in
Example connection group XML document with optional packages:
<?xml version="1.0" ?>
<AppConnectionGroup
- xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
+ xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
DisplayName="Contoso Software Connection Group" >
diff --git a/mdop/appv-v5/index.md b/mdop/appv-v5/index.md
index c51ad7bc30..8f3c652084 100644
--- a/mdop/appv-v5/index.md
+++ b/mdop/appv-v5/index.md
@@ -21,8 +21,14 @@ Microsoft Application Virtualization (App-V) 5 lets administrators make applicat
[Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md)
+> [!NOTE]
+> Application Virtualization 5.1 for Remote Desktop Services will be end of life on January 10, 2023. Please upgrade to a supported version, such as App-V 5.0 with Service Pack 3 prior to this date.
+
[Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md)
+> [!NOTE]
+> Application Virtualization 5.0 for Windows Desktops will be end of life on January 10, 2023. Please upgrade to a supported version, such as App-V 5.0 with Service Pack 3 prior to this date.
+
## More Information
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
index d8aa6ae42a..d18673c97f 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
@@ -476,11 +476,11 @@ Server Performance Tuning Guidelines for
- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
## Sequencing Steps to Optimize Packages for Publishing Performance
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
index 936a78123f..c6309edacb 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
@@ -483,11 +483,11 @@ Server Performance Tuning Guidelines for
- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
-- [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
## Sequencing Steps to Optimize Packages for Publishing Performance
diff --git a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
index b821b00937..f230087d93 100644
--- a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md
@@ -68,9 +68,9 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
**Type: String**
-UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
-``
+``
### Data types
@@ -644,10 +644,10 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
```xml
@@ -1005,9 +1005,9 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
**Type: String**
-UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
-``
+``
### Data types
@@ -1578,10 +1578,10 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
```xml
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index cfbb3dcb99..3989e6d860 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -61,7 +61,7 @@ People in your org can request license for apps that they need, or that others n
## Acquire apps
**To acquire an app**
-1. Sign in to http://businessstore.microsoft.com
+1. Sign in to https://businessstore.microsoft.com
2. Select **Shop for my group**, or use Search to find an app.
3. Select the app you want to purchase.
4. On the product description page, choose your license type - either online or offline.
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 7b5828d9c2..1eb4d1d50b 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -44,51 +44,51 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
-| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? |
-|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
-| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes |
-| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
-| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
-| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No |
-| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No |
-| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
-| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
-| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No |
-| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
-| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No |
-| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No |
-| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
-| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.VP9VideoExtensions | | | | | x | No |
-| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No |
-| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No |
-| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
-| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No |
-| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No |
-| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
-| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No |
-| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
-| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
-
+| Package name | App name | 1709 | 1803 | 1809 | 1909 | Uninstall through UI? |
+|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
+| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes |
+| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
+| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
+| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | |
+| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
+| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.VP9VideoExtensions | | | | x | x | No |
+| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | x | x | x | No |
+| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
+| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | x | x | x | No |
+| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
+| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | x | x | No |
+| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
+| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
@@ -149,7 +149,7 @@ System apps are integral to the operating system. Here are the typical system ap
> [!NOTE]
-> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
+> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
## Installed Windows apps
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 6601e238eb..52a10357c5 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -9,7 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
-manager: dcscontentpm
+manager: willchen
---
# Generate a kernel or complete crash dump
@@ -61,7 +61,7 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
2. Select **Start**, and then select **Command Prompt**.
3. At the command line, run the following command:
- ```cmd
+ ```console
notMyfault.exe /crash
```
@@ -80,6 +80,7 @@ To do this, follow these steps:
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
1. In Registry Editor, locate the following registry subkey:
+
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
@@ -101,6 +102,8 @@ To do this, follow these steps:
9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
+If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](https://docs.microsoft.com/azure/virtual-machines/linux/serial-console-nmi-sysrq).
+
### Use the keyboard
[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
@@ -108,4 +111,3 @@ To do this, follow these steps:
### Use Debugger
[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)
-
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index d6d6a9fc16..40de22d2b3 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
-ms.date: 04/17/2018
+ms.date: 03/27/2020
ms.reviewer:
manager: dansimp
---
@@ -39,6 +39,9 @@ Available naming macros:
Supported operation is Add.
+> [!Note]
+> For desktop PCs on the next major release of Windows 10 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md).
+
**Users**
Interior node for the user account information.
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 9292eb002c..859ffd1672 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
-ms.date: 07/11/2018
+ms.date: 03/27/2020
---
# DevDetail CSP
@@ -29,121 +29,136 @@ The following diagram shows the DevDetail configuration service provider managem
**DevTyp**
-Required. Returns the device model name /SystemProductName as a string.
+Required. Returns the device model name /SystemProductName as a string.
-
Supported operation is Get.
+Supported operation is Get.
**OEM**
-
Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
+Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
-
Supported operation is Get.
+Supported operation is Get.
**FwV**
-
Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
+Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
-
For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
+For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
-
Supported operation is Get.
+Supported operation is Get.
**SwV**
-
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
+Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
-
Supported operation is Get.
+Supported operation is Get.
**HwV**
-
Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
+Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
-
For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
+For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
-
Supported operation is Get.
+Supported operation is Get.
**LrgObj**
-
Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
+Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
-
Supported operation is Get.
+Supported operation is Get.
**URI/MaxDepth**
-
Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
+Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
-
Supported operation is Get.
+Supported operation is Get.
-
This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
+This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
**URI/MaxTotLen**
-
Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
+Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
-
Supported operation is Get.
+Supported operation is Get.
-
This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
+This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
**URI/MaxSegLen**
-
Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
+Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
-
Supported operation is Get.
+Supported operation is Get.
-
This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
+This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
**Ext/Microsoft/MobileID**
-
Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support.
+Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support.
-
Supported operation is Get.
+Supported operation is Get.
-
The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
-
-**Ext/Microsoft/LocalTime**
-
Required. Returns the client local time in ISO 8601 format.
-
-
Supported operation is Get.
-
-**Ext/Microsoft/OSPlatform**
-
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
-
-
Supported operation is Get.
-
-**Ext/Microsoft/ProcessorType**
-
Required. Returns the processor type of the device as documented in SYSTEM_INFO.
-
-
Supported operation is Get.
+The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
**Ext/Microsoft/RadioSwV**
-
Required. Returns the radio stack software version number.
+Required. Returns the radio stack software version number.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/Microsoft/Resolution**
-
Required. Returns the UI screen resolution of the device (example: "480x800").
+Required. Returns the UI screen resolution of the device (example: "480x800").
-
Supported operation is Get.
+Supported operation is Get.
**Ext/Microsoft/CommercializationOperator**
-
Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
+Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
-
Supported operation is Get.
+Supported operation is Get.
**Ext/Microsoft/ProcessorArchitecture**
-
Required. Returns the processor architecture of the device as "arm" or "x86".
+Required. Returns the processor architecture of the device as "arm" or "x86".
-
Supported operation is Get.
+Supported operation is Get.
+
+**Ext/Microsoft/ProcessorType**
+Required. Returns the processor type of the device as documented in SYSTEM_INFO.
+
+Supported operation is Get.
+
+**Ext/Microsoft/OSPlatform**
+Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
+
+Supported operation is Get.
+
+**Ext/Microsoft/LocalTime**
+Required. Returns the client local time in ISO 8601 format.
+
+Supported operation is Get.
**Ext/Microsoft/DeviceName**
-
Required. Contains the user-specified device name.
+Required. Contains the user-specified device name.
-
Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
+Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
-
Value type is string.
+Value type is string.
-
Supported operations are Get and Replace.
+Supported operations are Get and Replace.
+
+**Ext/Microsoft/DNSComputerName**
+Added in the next major release of Windows 10. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md).
+
+The following are the available naming macros:
+
+| Macro | Description | Example | Generated Name |
+| -------| -------| -------| -------|
+| %RAND:<# of digits> | Generates the specified number of random digits. | Test%RAND:6% | Test123456|
+| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| Test-Device-%SERIAL% | Test-Device-456|
+
+Value type is string. Supported operations are Get and Replace.
+
+> [!Note]
+> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer"s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
**Ext/Microsoft/TotalStorage**
-
Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
+Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
-
Supported operation is Get.
+Supported operation is Get.
> [!NOTE]
> This is only supported in Windows 10 Mobile.
**Ext/Microsoft/TotalRAM**
-
Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
+Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
Supported operation is Get.
@@ -153,45 +168,45 @@ Added in Windows 10, version 1809. SMBIOS Serial Number of the device.
Value type is string. Supported operation is Get.
**Ext/WLANMACAddress**
-
The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
+The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
-
Supported operation is Get.
+Supported operation is Get.
> [!NOTE]
> This is not supported in Windows 10 for desktop editions.
**Ext/VoLTEServiceSetting**
-
Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
+Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/WlanIPv4Address**
-
Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
+Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/WlanIPv6Address**
-
Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/WlanDnsSuffix**
-
Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/WlanSubnetMask**
-
Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
+Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
-
Supported operation is Get.
+Supported operation is Get.
**Ext/DeviceHardwareData**
-
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
+Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
> [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
-
Supported operation is Get.
+Supported operation is Get.
## Related topics
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index b313ad3605..47df0219d5 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DevDeta
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is for Windows 10, version 1809.
+The XML below is the current version for this CSP.
```xml
@@ -488,6 +488,28 @@ The XML below is for Windows 10, version 1809.
+
+ DNSComputerName
+
+
+
+
+
+ This node specifies the DNS name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. If both macros are in the string, the RANDOM macro will take priority over the SERIAL macro (SERIAL will be ignored). The server must explicitly reboot the device for this value to take effect. This value has a maximum allowed length of 63 characters as per DNS standards.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TotalStorage
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 36ba902151..dcc548afd6 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -245,6 +245,7 @@ To collect Event Viewer logs:
### Useful Links
+- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)
- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880)
diff --git a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png
index 6926801241..6ece851369 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png and b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png differ
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index f32917cdbc..adf4eb44d5 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -74,7 +74,7 @@ manager: dansimp
-Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
+Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Enable Exploit Protection on Devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
The system settings require a reboot; the application settings do not require a reboot.
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 205d51bff6..83b2b4ee01 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -83,7 +83,7 @@ manager: dansimp
Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
> [!Note]
-> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
+> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index c485382b9e..25159c3271 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -53,17 +53,17 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
```
- *S-1-5-32-544*S-1-5-11
+ *S-1-5-32-544*S-1-5-11
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
```
- *S-1-5-32-544Authenticated Users
+ *S-1-5-32-544Authenticated Users
```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
```
- Authenticated UsersAdministrators
+ Authenticated UsersAdministrators
```
- Empty input indicates that there are no users configured to have that user right
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index f13d6f81c8..ad794f7530 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -117,11 +117,11 @@ When you have the Start layout that you want your users to see, use the [Export-
- <LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+ <LayoutModificationTemplate Version="1" xmlns="https://schemas.microsoft.com/Start/2014/LayoutModification">
<DefaultLayoutOverride>
<StartLayoutCollection>
- <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
- <start:Group Name="Life at a glance" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
+ <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout">
+ <start:Group Name="Life at a glance" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout">
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
<start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index a523b64e83..0f99ece694 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -40,7 +40,6 @@ Remove access to the context menus for the task bar | Enabled
Clear history of recently opened documents on exit | Enabled
Prevent users from customizing their Start Screen | Enabled
Prevent users from uninstalling applications from Start | Enabled
-Remove All Programs list from the Start menu | Enabled
Remove Run menu from Start Menu | Enabled
Disable showing balloon notifications as toast | Enabled
Do not allow pinning items in Jump Lists | Enabled
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 2a219ab6bc..f9fb4b255a 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -70,9 +70,9 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
**Type: String**
-UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
-``
+``
### Data types
@@ -646,10 +646,10 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
```xml
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 70054cae5a..f3d37601d0 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -67,7 +67,7 @@ WORKAROUND: None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 391961e1bd..d4e56af1b7 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -103,15 +103,16 @@
##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
### Deploy Windows 10 with Microsoft Endpoint Configuration Manager
-#### [Prepare for Windows 10 deployment with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-#### Deploy Windows 10 with Configuration Manager
+#### Prepare for Windows 10 deployment with Configuration Manager
+##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md)
##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
+
+#### Deploy Windows 10 with Configuration Manager
##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
@@ -245,13 +246,20 @@
### Monitor Windows Updates
#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
#### [Get started with Update Compliance](update/update-compliance-get-started.md)
+##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md)
+##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md)
#### [Use Update Compliance](update/update-compliance-using.md)
##### [Need Attention! report](update/update-compliance-need-attention.md)
##### [Security Update Status report](update/update-compliance-security-update-status.md)
##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
-##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
-##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
+##### [Data Handling and Privacy in Update Compliance](update/update-compliance-privacy.md)
+##### [Update Compliance Schema Reference](update/update-compliance-schema.md)
+###### [WaaSUpdateStatus](update/update-compliance-schema-waasupdatestatus.md)
+###### [WaaSInsiderStatus](update/update-compliance-schema-waasinsiderstatus.md)
+###### [WaaSDeploymentStatus](update/update-compliance-schema-waasdeploymentstatus.md)
+###### [WUDOStatus](update/update-compliance-schema-wudostatus.md)
+###### [WUDOAggregatedStatus](update/update-compliance-schema-wudoaggregatedstatus.md)
### Best practices
#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
#### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md)
diff --git a/windows/deployment/deploy-windows-cm/TOC.md b/windows/deployment/deploy-windows-cm/TOC.md
index daaec1091b..b26445c4ab 100644
--- a/windows/deployment/deploy-windows-cm/TOC.md
+++ b/windows/deployment/deploy-windows-cm/TOC.md
@@ -1,13 +1,14 @@
# Deploy Windows 10 with Microsoft Endpoint Configuration Manager
-## [Prepare for Windows 10 deployment with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-
-## Deploy Windows 10 with Configuration Manager
+## Prepare for Windows 10 deployment with Configuration Manager
+### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
+
+## Deploy Windows 10 with Configuration Manager
### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 0e61dad11c..e8896d30de 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -30,7 +30,12 @@ For the purposes of this guide, we will use one server computer: CM01.
## Add drivers for Windows PE
-This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
+This section will show you how to import some network and storage drivers for Windows PE.
+
+>[!NOTE]
+>Windows PE usually has a fairly comprehensive set of drivers out of the box, assuming that you are using a recent version of the Windows ADK. This is different than the full Windows OS which will often require drivers. You shouldn't add drivers to Windows PE unless you have an issue or are missing functionality, and in these cases you should only add the driver that you need. An example of a common driver that is added is the Intel I217 driver. Adding too many drivers can cause conflicts and lead to driver bloat in the Config Mgr database. This section shows you how to add drivers, but typically you can just skip this procedure.
+
+This section assumes you have downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..091ae48f32 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -22,6 +22,7 @@ ms.topic: article
- Windows 10
In Microsoft Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
+- The boot image that is created is based on the version of ADK that is installed.
For the purposes of this guide, we will use one server computer: CM01.
- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
@@ -30,7 +31,9 @@ For the purposes of this guide, we will use one server computer: CM01.
## Add DaRT 10 files and prepare to brand the boot image
-The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you have created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
+The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you do not wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
+
+We assume you have downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you have created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named ContosoBackground.bmp.
On **CM01**:
@@ -61,6 +64,8 @@ On **CM01**:
Add the DaRT component to the Configuration Manager boot image.
+ >Note: Another common component to add here is Windows PowerShell to enable PowerShell support within Windows PE.
+
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then click **Next** twice. Wait a few minutes while the boot image is generated, and then click **Finish**.
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 19ebb6ea7b..a5ea3f78c2 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -21,7 +21,16 @@ ms.topic: article
- Windows 10
-In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001.
+In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
+
+This topic assumes that you have completed the following prerequisite procedures:
+- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
+- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
+- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS).
@@ -36,10 +45,8 @@ All servers are running Windows Server 2019. However, an earlier, supported vers
All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
-An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
-
>[!NOTE]
->No WDS console configuration required for PXE to work. Everything is done with the Configuration Manager console.
+>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
## Procedures
@@ -52,7 +59,7 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
* Install the Windows 10 operating system.
* Install the Configuration Manager client and the client hotfix.
- * Join the machine to the domain.
+ * Join the computer to the domain.
* Install the application added to the task sequence.
>[!NOTE]
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index f70da6e88f..ca87d2d6b3 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -35,7 +35,8 @@ In this topic, you will use [components](#components-of-configuration-manager-op
- The Configuration Manager [reporting services](https://docs.microsoft.com/configmgr/core/servers/manage/configuring-reporting) point role has been added and configured.
- A file system folder structure and Configuration Manager console folder structure for packages has been created. Steps to verify or create this folder structure are [provided below](#review-the-sources-folder-structure).
- The [Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) (including USMT) version 1903, Windows PE add-on, WSIM 1903 update, [MDT](https://www.microsoft.com/download/details.aspx?id=54259) version 8456, and DaRT 10 (part of [MDOP 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015)) are installed.
-- The CMTrace tool (part of the [Microsoft System 2012 R2 Center Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717)) is installed on the distribution point.
+- The [CMTrace tool](https://docs.microsoft.com/configmgr/core/support/cmtrace) (cmtrace.exe) is installed on the distribution point.
+ - Note: CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**. In previous releases of ConfigMgr it was necessary to install the [Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) separately to get the CMTrace tool, but this is no longer needed. Configuraton Manager version 1910 installs version 5.0.8913.1000 of the CMTrace tool.
For the purposes of this guide, we will use three server computers: DC01, CM01 and HV01.
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server.
@@ -372,7 +373,6 @@ MDT Zero Touch simply extends Configuration Manager with many useful built-in op
### Why use MDT Lite Touch to create reference images
You can create reference images for Configuration Manager in Configuration Manager, but in general we recommend creating them in MDT Lite Touch for the following reasons:
-- In a deployment project, it is typically much faster to create a reference image using MDT Lite Touch than Configuration Manager.
- You can use the same image for every type of operating system deployment - Microsoft Virtual Desktop Infrastructure (VDI), Microsoft System Center Virtual Machine Manager (VMM), MDT, Configuration Manager, Windows Deployment Services (WDS), and more.
- Configuration Manager performs deployment in the LocalSystem context. This means that you cannot configure the Administrator account with all of the settings that you would like to be included in the image. MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
- The Configuration Manager task sequence does not suppress user interface interaction.
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 5dc23ca66e..45e00f7007 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -233,7 +233,7 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
1. Disk validation is performed.
2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
3. UEFI boot files are installed to the ESP.
-4. GPT metatdata and layout information is applied.
+4. GPT metadata and layout information is applied.
5. The boot configuration data (BCD) store is updated.
6. Drive letter assignments are restored.
@@ -427,6 +427,9 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
+ > [!NOTE]
+ > You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
+
**Command 1:**
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index 520d6cc598..5a34226e0f 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -21,7 +21,8 @@ The features described below are no longer being actively developed, and might b
**The following list is subject to change and might not include every affected feature or functionality.**
->If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
+> [!NOTE]
+> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
|Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- |
@@ -47,7 +48,6 @@ The features described below are no longer being actively developed, and might b
|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**
The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 |
|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 |
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
-|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 |
@@ -63,4 +63,4 @@ The features described below are no longer being actively developed, and might b
|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
-|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quite switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
Applies to Windows Server 2016 and Windows Server 2019 as well.|
+|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507
Applies to Windows Server 2016 and Windows Server 2019 as well.|
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index 3063058112..5f0a73e50a 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -18,7 +18,7 @@ ms.topic: article
Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.**
-For information about features that might be removed in a future release, see [Windows 10 features we’re no longer developing](windows-10-deprecated-features.md)
+For information about features that might be removed in a future release, see [Windows 10 features we’re no longer developing](windows-10-deprecated-features.md).
> [!NOTE]
> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
@@ -50,12 +50,13 @@ The following features and functionalities have been removed from the installed
|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 |
|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 |
-|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 |
+|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 |
|Tile Data Layer |To be replaced by the Tile Store.| 1709 |
+|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 |
|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 |
|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 |
|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
-|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
\ No newline at end of file
+|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP). | 1703 |
diff --git a/windows/deployment/update/images/UC-vid-crop.jpg b/windows/deployment/update/images/UC-vid-crop.jpg
deleted file mode 100644
index 47e74febbc..0000000000
Binary files a/windows/deployment/update/images/UC-vid-crop.jpg and /dev/null differ
diff --git a/windows/deployment/update/images/UC_00_marketplace_search.PNG b/windows/deployment/update/images/UC_00_marketplace_search.PNG
deleted file mode 100644
index dcdf25d38a..0000000000
Binary files a/windows/deployment/update/images/UC_00_marketplace_search.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_01_marketplace_create.PNG b/windows/deployment/update/images/UC_01_marketplace_create.PNG
deleted file mode 100644
index 4b34311112..0000000000
Binary files a/windows/deployment/update/images/UC_01_marketplace_create.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_02_workspace_create.PNG b/windows/deployment/update/images/UC_02_workspace_create.PNG
deleted file mode 100644
index ed3eeeebbb..0000000000
Binary files a/windows/deployment/update/images/UC_02_workspace_create.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_03_workspace_select.PNG b/windows/deployment/update/images/UC_03_workspace_select.PNG
deleted file mode 100644
index d00864b861..0000000000
Binary files a/windows/deployment/update/images/UC_03_workspace_select.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG b/windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG
deleted file mode 100644
index 3ea9f57531..0000000000
Binary files a/windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_commercialID.png b/windows/deployment/update/images/UC_commercialID.png
deleted file mode 100644
index 6896be03e6..0000000000
Binary files a/windows/deployment/update/images/UC_commercialID.png and /dev/null differ
diff --git a/windows/deployment/update/images/UC_commercialID_GP.png b/windows/deployment/update/images/UC_commercialID_GP.png
deleted file mode 100644
index 95d92cf6df..0000000000
Binary files a/windows/deployment/update/images/UC_commercialID_GP.png and /dev/null differ
diff --git a/windows/deployment/update/images/UC_telemetrylevel.png b/windows/deployment/update/images/UC_telemetrylevel.png
deleted file mode 100644
index a11e68a5f8..0000000000
Binary files a/windows/deployment/update/images/UC_telemetrylevel.png and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_WDAV_status.PNG b/windows/deployment/update/images/UC_workspace_WDAV_status.PNG
deleted file mode 100644
index 40dcaef949..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_WDAV_status.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-01-wdav.png b/windows/deployment/update/images/uc-01-wdav.png
deleted file mode 100644
index c0ef37ebc6..0000000000
Binary files a/windows/deployment/update/images/uc-01-wdav.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-01.png b/windows/deployment/update/images/uc-01.png
deleted file mode 100644
index 7f4df9f6d7..0000000000
Binary files a/windows/deployment/update/images/uc-01.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-02.png b/windows/deployment/update/images/uc-02.png
deleted file mode 100644
index 8317f051c3..0000000000
Binary files a/windows/deployment/update/images/uc-02.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-02a.png b/windows/deployment/update/images/uc-02a.png
deleted file mode 100644
index d12544e3a0..0000000000
Binary files a/windows/deployment/update/images/uc-02a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-03.png b/windows/deployment/update/images/uc-03.png
deleted file mode 100644
index 58494c4128..0000000000
Binary files a/windows/deployment/update/images/uc-03.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-03a.png b/windows/deployment/update/images/uc-03a.png
deleted file mode 100644
index 39412fc8f3..0000000000
Binary files a/windows/deployment/update/images/uc-03a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-04.png b/windows/deployment/update/images/uc-04.png
deleted file mode 100644
index ef9a37d379..0000000000
Binary files a/windows/deployment/update/images/uc-04.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-04a.png b/windows/deployment/update/images/uc-04a.png
deleted file mode 100644
index 537d4bbe72..0000000000
Binary files a/windows/deployment/update/images/uc-04a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-05.png b/windows/deployment/update/images/uc-05.png
deleted file mode 100644
index 21c8e9f9e0..0000000000
Binary files a/windows/deployment/update/images/uc-05.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-05a.png b/windows/deployment/update/images/uc-05a.png
deleted file mode 100644
index 2271181622..0000000000
Binary files a/windows/deployment/update/images/uc-05a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-06.png b/windows/deployment/update/images/uc-06.png
deleted file mode 100644
index 03a559800b..0000000000
Binary files a/windows/deployment/update/images/uc-06.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-06a.png b/windows/deployment/update/images/uc-06a.png
deleted file mode 100644
index 15df1cfea0..0000000000
Binary files a/windows/deployment/update/images/uc-06a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-07.png b/windows/deployment/update/images/uc-07.png
deleted file mode 100644
index de1ae35e82..0000000000
Binary files a/windows/deployment/update/images/uc-07.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-07a.png b/windows/deployment/update/images/uc-07a.png
deleted file mode 100644
index c0f2d9fd73..0000000000
Binary files a/windows/deployment/update/images/uc-07a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-08.png b/windows/deployment/update/images/uc-08.png
deleted file mode 100644
index 877fcd64c0..0000000000
Binary files a/windows/deployment/update/images/uc-08.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-08a.png b/windows/deployment/update/images/uc-08a.png
deleted file mode 100644
index 89da287d3d..0000000000
Binary files a/windows/deployment/update/images/uc-08a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-09.png b/windows/deployment/update/images/uc-09.png
deleted file mode 100644
index 37d7114f19..0000000000
Binary files a/windows/deployment/update/images/uc-09.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-09a.png b/windows/deployment/update/images/uc-09a.png
deleted file mode 100644
index f6b6ec5b60..0000000000
Binary files a/windows/deployment/update/images/uc-09a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-10.png b/windows/deployment/update/images/uc-10.png
deleted file mode 100644
index ea065590b9..0000000000
Binary files a/windows/deployment/update/images/uc-10.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-10a.png b/windows/deployment/update/images/uc-10a.png
deleted file mode 100644
index 1c6b8b01dc..0000000000
Binary files a/windows/deployment/update/images/uc-10a.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-11.png b/windows/deployment/update/images/uc-11.png
deleted file mode 100644
index 8b4fc568ea..0000000000
Binary files a/windows/deployment/update/images/uc-11.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-12.png b/windows/deployment/update/images/uc-12.png
deleted file mode 100644
index 4198684c99..0000000000
Binary files a/windows/deployment/update/images/uc-12.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-13.png b/windows/deployment/update/images/uc-13.png
deleted file mode 100644
index 117f9b9fd8..0000000000
Binary files a/windows/deployment/update/images/uc-13.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-14.png b/windows/deployment/update/images/uc-14.png
deleted file mode 100644
index 66047984e7..0000000000
Binary files a/windows/deployment/update/images/uc-14.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-15.png b/windows/deployment/update/images/uc-15.png
deleted file mode 100644
index c241cd9117..0000000000
Binary files a/windows/deployment/update/images/uc-15.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-16.png b/windows/deployment/update/images/uc-16.png
deleted file mode 100644
index e7aff4d4ed..0000000000
Binary files a/windows/deployment/update/images/uc-16.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-17.png b/windows/deployment/update/images/uc-17.png
deleted file mode 100644
index cb8e42ca5e..0000000000
Binary files a/windows/deployment/update/images/uc-17.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-18.png b/windows/deployment/update/images/uc-18.png
deleted file mode 100644
index 5eff59adc9..0000000000
Binary files a/windows/deployment/update/images/uc-18.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-19.png b/windows/deployment/update/images/uc-19.png
deleted file mode 100644
index 791900eafc..0000000000
Binary files a/windows/deployment/update/images/uc-19.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-20.png b/windows/deployment/update/images/uc-20.png
deleted file mode 100644
index 7dbb027b9f..0000000000
Binary files a/windows/deployment/update/images/uc-20.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-21.png b/windows/deployment/update/images/uc-21.png
deleted file mode 100644
index 418db41fe4..0000000000
Binary files a/windows/deployment/update/images/uc-21.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-22.png b/windows/deployment/update/images/uc-22.png
deleted file mode 100644
index 2ca5c47a61..0000000000
Binary files a/windows/deployment/update/images/uc-22.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-23.png b/windows/deployment/update/images/uc-23.png
deleted file mode 100644
index 58b82db82d..0000000000
Binary files a/windows/deployment/update/images/uc-23.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-24.png b/windows/deployment/update/images/uc-24.png
deleted file mode 100644
index 00bc61e3e1..0000000000
Binary files a/windows/deployment/update/images/uc-24.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-25.png b/windows/deployment/update/images/uc-25.png
deleted file mode 100644
index 4e0f0bdb03..0000000000
Binary files a/windows/deployment/update/images/uc-25.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-DO-status.png b/windows/deployment/update/images/uc-DO-status.png
deleted file mode 100644
index d4b47be324..0000000000
Binary files a/windows/deployment/update/images/uc-DO-status.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-emptyworkspacetile.PNG b/windows/deployment/update/images/uc-emptyworkspacetile.PNG
deleted file mode 100644
index 24c37d4279..0000000000
Binary files a/windows/deployment/update/images/uc-emptyworkspacetile.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-featureupdatestatus.PNG b/windows/deployment/update/images/uc-featureupdatestatus.PNG
deleted file mode 100644
index ae6a38502f..0000000000
Binary files a/windows/deployment/update/images/uc-featureupdatestatus.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-filledworkspacetile.PNG b/windows/deployment/update/images/uc-filledworkspacetile.PNG
deleted file mode 100644
index 7293578b1a..0000000000
Binary files a/windows/deployment/update/images/uc-filledworkspacetile.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-filledworkspaceview.PNG b/windows/deployment/update/images/uc-filledworkspaceview.PNG
deleted file mode 100644
index 8d99e52e02..0000000000
Binary files a/windows/deployment/update/images/uc-filledworkspaceview.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-needattentionoverview.PNG b/windows/deployment/update/images/uc-needattentionoverview.PNG
deleted file mode 100644
index 50b6d04699..0000000000
Binary files a/windows/deployment/update/images/uc-needattentionoverview.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-overviewblade.PNG b/windows/deployment/update/images/uc-overviewblade.PNG
deleted file mode 100644
index dca364daf6..0000000000
Binary files a/windows/deployment/update/images/uc-overviewblade.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-perspectiveupdatedeploymentstatus.png b/windows/deployment/update/images/uc-perspectiveupdatedeploymentstatus.png
deleted file mode 100644
index f52087a4a7..0000000000
Binary files a/windows/deployment/update/images/uc-perspectiveupdatedeploymentstatus.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-securityupdatestatus.PNG b/windows/deployment/update/images/uc-securityupdatestatus.PNG
deleted file mode 100644
index 75e9d10fd8..0000000000
Binary files a/windows/deployment/update/images/uc-securityupdatestatus.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/uc-windowsdefenderavstatus.PNG b/windows/deployment/update/images/uc-windowsdefenderavstatus.PNG
deleted file mode 100644
index e3f6990348..0000000000
Binary files a/windows/deployment/update/images/uc-windowsdefenderavstatus.PNG and /dev/null differ
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
new file mode 100644
index 0000000000..fc22965271
--- /dev/null
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -0,0 +1,77 @@
+---
+title: Manually configuring devices for Update Compliance
+ms.reviewer:
+manager: laurawi
+description: Manually configuring devices for Update Compliance
+keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Manually Configuring Devices for Update Compliance
+
+There are a number of requirements to consider when manually configuring Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
+
+The requirements are separated into different categories:
+
+1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
+2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations.
+3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
+
+## Required policies
+
+> [!NOTE]
+> Windows 10 MDM and Group Policies are backed by registry keys. It is not recommended you set these registry keys directly for configuration as it can lead to unexpected behavior, so the exact registry key locations are not provided, though they are referenced for troubleshooting configuration issues with the [Update Compliance Configuration Script](update-compliance-configuration-script.md).
+
+Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
+
+- **Policy** corresponds to the location and name of the policy.
+- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) telemetry, but can function off Enhanced or Full (or Optional).
+- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
+
+### Mobile Device Management policies
+
+Each MDM Policy links to its documentation in the CSP hierarchy, providing its exact location in the hierarchy and more details.
+
+| Policy | Value | Function |
+|---------------------------|-|------------------------------------------------------------|
+|**Provider/*ProviderID*/**[**CommercialID**](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
+|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |1- Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
+|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | Disable Telemetry opt-in Settings | (*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
+|**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
+
+### Group Policies
+
+All Group Policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.
+
+| Policy | Value | Function |
+|---------------------------|-|-----------------------------------------------------------|
+|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
+|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
+|**Configure telemetry opt-in setting user interface** | Disable telemetry opt-in Settings |(*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
+|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
+
+## Required endpoints
+
+To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
+
+| **Endpoint** | **Function** |
+|---------------------------------------------------------|-----------|
+| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. Census.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. |
+| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
+| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
+| `http://adl.windows.com` | Required for Windows Update functionality. |
+| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
+| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
+| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. This also requires Microsoft Account Sign-in Assistant service to be running (wlidsvc). |
+
+## Required services
+
+Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
new file mode 100644
index 0000000000..d97bb2897a
--- /dev/null
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -0,0 +1,99 @@
+---
+title: Update Compliance Configuration Script
+ms.reviewer:
+manager: laurawi
+description: Downloading and using the Update Compliance Configuration Script
+keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+author: jaimeo
+ms.author: jaimeo
+ms.localizationpriority: medium
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Configuring devices through the Update Compliance Configuration Script
+
+The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
+
+You can [**download the script here**](https://github.com/cinglis-msft/UpdateComplianceConfigurationScript). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
+
+## How the script is organized
+
+The script is organized into two folders **Pilot** and **Deployment**. Both folders have the same key files: `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the .bat itself, which will then execute `ConfigScript.ps1` with the parameters entered to RunConfig.bat.
+
+- The **Pilot** folder and its contents are intended to be used on an initial set of single devices in specific environments (main office & satellite office, for example) for testing and troubleshooting prior to broader deployment. This script is configured to collect and output detailed logs for every device it runs on.
+- The **Deployment** folder is intended to be deployed across an entire device population in a specific environment once devices in that environment have been validated with the Pilot script.
+
+## How to use the script
+
+### Piloting and Troubleshooting
+
+> [!IMPORTANT]
+> If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support.
+
+When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows:
+
+1. Configure `logPath` to a path where the script will have write access and a place you can easily access. This specifies the output of the log files generated when the script is in Verbose mode.
+2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid).
+3. Run the script. The script must be run in System context.
+4. Examine the Logs output for any issues. If there were issues:
+ - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance] (update-compliance-configuration-manual.md).
+ - Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes.
+ - Make the necessary corrections and run the script again.
+5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder.
+
+
+### Broad deployment
+
+After verifying on a set of devices in a specific environment that everything is configured correctly, you can proceed to broad deployment.
+
+1. Configure `commercialIDValue` in `RunConfig.bat` to [your CommercialID](update-compliance-get-started.md#get-your-commercialid).
+2. Use a management tool like Configuration Manager or Intune to broadly deploy the script to your entire target population.
+
+## Script Error Reference
+
+|Error |Description |
+|-|-------------------|
+| 27 | Not system account. |
+| 37 | Unexpected exception when collecting logs|
+| 1 | General unexpected error|
+| 6 | Invalid CommercialID|
+| 48 | CommercialID is not a GUID|
+| 8 | Couldn't create registry key path to setup CommercialID|
+| 9 | Couldn't write CommercialID at registry key path|
+| 53 | There are conflicting CommercialID values.|
+| 11 | Unexpected result when setting up CommercialID.|
+| 62 | AllowTelemetry registry key is not of the correct type `REG_DWORD`|
+| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
+| 64 | AllowTelemetry is not of the correct type `REG_DWORD`.|
+| 99 | Device is not Windows 10.|
+| 40 | Unexpected exception when checking and setting telemetry.|
+| 12 | CheckVortexConnectivity failed, check Log output for more information.|
+| 12 | Unexpected failure when running CheckVortexConnectivity.|
+| 66 | Failed to verify UTC connectivity and recent uploads.|
+| 67 | Unexpected failure when verifying UTC CSP connectivity of the WMI Bridge.|
+| 41 | Unable to impersonate logged-on user.|
+| 42 | Unexpected exception when attempting to impersonate logged-on user.|
+| 43 | Unexpected exception when attempting to impersonate logged-on user.|
+| 16 | Reboot is pending on device, restart device and restart script.|
+| 17 | Unexpected exception in CheckRebootRequired.|
+| 44 | Error when running CheckDiagTrack service.|
+| 45 | DiagTrack.dll not found.|
+| 50 | DiagTrack service not running.|
+| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
+| 55 | Failed to create new registry path for `SetDeviceNameOptIn` of the PowerShell script.|
+| 56 | Failed to create property for `SetDeviceNameOptIn` of the PowerShell script at registry path.|
+| 57 | Failed to update value for `SetDeviceNameOptIn` of the PowerShell script.|
+| 58 | Unexpected exception in `SetDeviceNameOptIn` of the PowerShell script.|
+| 59 | Failed to delete `LastPersistedEventTimeOrFirstBoot` property at registry path when attempting to clean up OneSettings.|
+| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
+| 61 | Unexpected exception when attempting to clean up OneSettings.|
+| 52 | Could not find Census.exe|
+| 51 | Unexpected exception when attempting to run Census.exe|
+| 34 | Unexpected exception when attempting to check Proxy settings.|
+| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
+| 35 | Unexpected exception when checking User Proxy.|
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index 2d3216901c..1fc602e081 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -37,9 +37,7 @@ Refer to the following list for what each state means:
## Compatibility holds
-Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device’s upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
-
-To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status).
+Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device's upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
### Opting out of compatibility hold
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 5e81c8e5a0..4e77a4d513 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -1,8 +1,8 @@
---
-title: Get started with Update Compliance (Windows 10)
+title: Get started with Update Compliance
ms.reviewer:
manager: laurawi
-description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
+description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
@@ -16,113 +16,68 @@ ms.topic: article
---
# Get started with Update Compliance
-This topic explains the steps necessary to configure your environment for Update Compliance.
-Steps are provided in sections that follow the recommended setup process:
+This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
-1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
-2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
-3. [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance).
-4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and get Delivery Optimization insights.
+1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance.
+2. [Add Update Compliance](#add-update-compliance-to-your-azure-subscription) to your Azure subscription.
+3. [Configure devices](#enroll-devices-in-update-compliance) to send data to Update Compliance.
+
+After adding the solution to Azure and configuring devices, there will be a waiting period of up to 72 hours before you can begin to see devices in the solution. Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
## Update Compliance prerequisites
+
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
-1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
-2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
-3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
-4. For Windows 10 1803+, device names will not appear in Update Compliance unless you opt in. The steps to accomplish this is outlined in the [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance) section.
+
+1. **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](https://docs.microsoft.com/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
+2. **Compatible Windows 10 Servicing Channels**: Update Compliance supports Windows 10 devices on the Semi-Annual Channel (SAC) and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview (WIP) devices, but does not currently provide detailed deployment insights for them.
+3. **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
+4. **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
+5. **Showing Device Names in Update Compliance**: For Windows 10 1803+, device names will not appear in Update Compliance unless you individually opt-in devices via policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
## Add Update Compliance to your Azure subscription
-Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
-1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
+Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
+
+1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this.
+2. Select **Get it now**.
+3. Choose an existing or configure a new Log Analytics Workspace. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data.
+ - [Desktop Analytics](https://docs.microsoft.com/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
+ - [Azure Update Management](https://docs.microsoft.com/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance.
+4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created.
> [!NOTE]
-> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
+> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](https://docs.microsoft.com/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
-2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
+### Get your CommercialID
-
+A CommercialID is a globally-unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
-3. Select **Update Compliance** and a blade will appear summarizing the solution’s offerings. At the bottom, select **Create** to begin adding the solution to Azure.
+To find your CommercialID within Azure:
-
+1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
+2. From there, select the Update Compliance Settings page on the navbar.
+3. Your CommercialID is available in the settings page.
-4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
- - [Desktop Analytics](https://docs.microsoft.com/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
- - If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- - Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
- - For the resource group setting select **Create new** and use the same name you chose for your new workspace.
- - For the location setting, choose the Azure region where you would prefer the data to be stored.
- - For the pricing tier select **per GB**.
-
-
-
-5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
-
-
-
-6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
-
-
+> [!IMPORTANT]
+> Regenerate your CommercialID only if your original ID can no longer be used or if you want to completely reset your workspace. Regenerating your CommercialID cannot be undone and will result in you losing data for all devices that have the current CommercialID until the new CommercialID is deployed to devices.
## Enroll devices in Update Compliance
-Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are three key steps to ensure successful enrollment:
-### Deploy your Commercial ID to devices
-A Commercial ID is a globally-unique identifier assigned to a specific Log Analytics workspace. This is used to identify devices as part of your environment.
+Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance.
-To find your Commercial ID within Azure:
-1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
-2. From there, select the Update Compliance Settings page on the navbar.
-3. Your Commercial ID is available in the settings page.
+> [!NOTE]
+> After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
-
+### Configure devices using the Update Compliance Configuration Script
->**Important**
->
->Regenerate your Commercial ID only if your Original ID key can no longer be used or if you want to completely reset your workspace. Regenerating your Commercial ID cannot be undone and will result in you losing data for all devices that have the current Commercial ID until the new Commercial ID is deployed to devices.
+The recommended way to configure devices to send data to Update Compliance is using the [Update Compliance Configuration Script](update-compliance-configuration-script.md). The script configures required policies via Group Policy. The script comes with two versions:
-#### Deploying Commercial ID using Group Policy
-Commercial ID can be deployed using Group Policy. The Group Policy for Commercial ID is under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure the Commercial ID**.
+- Pilot is more verbose and is intended to be use on an initial set of devices and for troubleshooting.
+- Deployment is intended to be deployed across the entire device population you want to monitor with Update Compliance.
-
+To download the script and learn what you need to configure and how to troubleshoot errors, see [Configuring Devices using the Update Compliance Configuration Script](update-compliance-configuration-script.md).
-#### Deploying Commercial ID using MDM
-Commercial ID can be deployed through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy beginning with Windows 10, version 1607. Commercial ID is under the [DMClient configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).
+### Configure devices manually
-### Ensure endpoints are whitelisted
-To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to whitelist the following endpoints. You may need security group approval to do this.
-
-| **Endpoint** | **Function** |
-|---------------------------------------------------------|-----------|
-| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. |
-| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
-| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
-| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
-| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
-| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
-| `https://login.live.com` | This endpoint is optional but allows for the Update Compliance service to more reliably identify and process devices. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
-
-### Set diagnostic data levels
-Update Compliance requires that devices are configured to send Microsoft at least the Basic level of diagnostic data in order to function. For more information on Windows diagnostic data, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
-
-#### Configuring Telemetry level using Group Policy
-You can set Allow Telemetry through Group Policy, this setting is in the same place as the Commercial ID policy, under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry**. Update Compliance requires at least Basic (level 1) to function.
-
-
-
-#### Configuring Telemetry level using MDM
-Telemetry level can additionally be configured through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy. Allow Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
-
-### Enabling Device Name in telemetry
-Beginning with Windows 10, version 1803, Device Name is no longer collected as part of normal Windows Diagnostic Data and must explicitly be allowed to be sent to Microsoft. If devices do not have this policy enabled, their device name will appear as '#' instead.
-
-#### Allow Device Name in Telemetry with Group Policy
-Allow Device Name in Telemetry is under the same node as Commercial ID and Allow Telemetry policies in Group Policy, listed as **Allow device name to be sent in Windows diagnostic data**.
-
-#### Allow Device Name in Telemetry with MDM
-Allow Device Name in Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
-
->[!NOTE]
->After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.
\ No newline at end of file
+It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index e1e7e102cc..55408f3c78 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -20,9 +20,8 @@ ms.topic: article
> [!IMPORTANT]
> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal; however, please note the following updates:
>
-> * On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
-> * The Perspectives feature of Update Compliance will also be removed on March 31, 2020 in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
-
+> * On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).
+> * The Perspectives feature of Update Compliance was retired on March 31, 2020 in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
## Introduction
@@ -38,26 +37,11 @@ Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data
See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
-- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
-- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
+- [Get started with Update Compliance](update-compliance-get-started.md) provides directions on adding Update Compliance to your Azure subscription and configuring devices to send data to Update Compliance.
+- [Using Update Compliance](update-compliance-using.md) breaks down every aspect of the Update Compliance experience.
-## Update Compliance architecture
-
-The Update Compliance architecture and data flow follows this process:
-
-1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
-2. Diagnostic data is analyzed by the Update Compliance Data Service.
-3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
-4. Diagnostic data is available in the Update Compliance solution.
-
-
-> [!NOTE]
-> This process assumes that Windows diagnostic data is enabled and data sharing is enabled as outlined in the enrollment section of [Get started with Update Compliance](update-compliance-get-started.md).
-
-
-
-
## Related topics
-[Get started with Update Compliance](update-compliance-get-started.md)
-[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
+* [Get started with Update Compliance](update-compliance-get-started.md)
+* [Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
+* [Update Compliance Schema Reference](update-compliance-schema.md)
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index a4b940a236..b3a4ca35a7 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -19,8 +19,8 @@ ms.topic: article
The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
->[!NOTE]
->The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
+> [!NOTE]
+> The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
The different issues are broken down by Device Issues and Update Issues:
@@ -39,8 +39,8 @@ The different issues are broken down by Device Issues and Update Issues:
Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
->[!NOTE]
->This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
+> [!NOTE]
+> This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
## List of Queries
diff --git a/windows/deployment/update/update-compliance-perspectives.md b/windows/deployment/update/update-compliance-perspectives.md
deleted file mode 100644
index b07741ffeb..0000000000
--- a/windows/deployment/update/update-compliance-perspectives.md
+++ /dev/null
@@ -1,70 +0,0 @@
----
-title: Update Compliance - Perspectives
-ms.reviewer:
-manager: laurawi
-description: an overview of Update Compliance Perspectives
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.pagetype: deploy
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.author: jaimeo
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Perspectives
-
-> [!IMPORTANT]
-> On March 31, 2020, the Perspectives feature of Update Compliance will be removed in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
-
-
-
-
-Perspectives are elaborations on specific queries hand-crafted by developers which data views that provide deeper insight into your data. Perspectives are loaded whenever clicking into more detailed views from both the Security Update Status section and Feature Update Status section of Update Compliance.
-
-There is only one perspective framework; it is for **Update Deployment Status**. The same framework is utilized for both feature and quality updates.
-
-The first blade is the **Build Summary** blade. This blade summarizes the most important aspects of the given build being queried, listing the total number of devices, the total number of update failures for the build, and a breakdown of the different errors encountered.
-
-The second blade is the **Deferral Configurations** blade, breaking down Windows Update for Business deferral settings (if any).
-
-## Deployment status
-
-The third blade is the **Deployment Status** blade. This defines how many days it has been since the queried version has been released, and breaks down the various states in the update funnel each device has reported to be in. The possible states are as follows:
-
-| State | Description |
-| --- | --- |
-| Update Completed | When a device has finished the update process and is on the queried update, it will display here as Update completed. |
-| In Progress | Devices that report they are "In Progress" are one of the various stages of installing an update; these stages are reported in the Detailed Deployment Status blade. |
-| Deferred | When a device's Windows Update for Business deferral policy dictates that the update is not yet applicable due to deferral, it will report as such in this blade. |
-| Progress stalled | Devices that report as "Progress stalled" have been stuck at "In progress" for more than 7 days. |
-| Cancelled | The update was canceled. |
-| Blocked | There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. |
-| Unknown | Devices that do not report detailed information on the status of their updates will report Unknown. This is most likely devices that do not use Windows Update for deployment. |
-| Update paused | These devices have Windows Update for Business pause enabled, preventing this update from being installed. |
-| Failed | A device is unable to install an update. This failure could be linked to a serious error in the update installation process or, in some cases, a [compatibility hold](update-compliance-feature-update-status.md#compatibility-holds). |
-
-## Detailed deployment status
-
-The final blade is the **Detailed Deployment Status** blade. This blade breaks down the detailed stage of deployment a device is in, beyond the generalized terms defined in Deployment Status. The following are the possible stages a device can report:
-
-| State | Description |
-| --- | --- |
-| Update deferred | When a device's Windows Update for Business policy dictates the update is deferred. |
-| Update paused | The device's Windows Update for Business policy dictates the update is paused from being offered. |
-| Update offered | The device has been offered the update, but has not begun downloading it. |
-| Pre-Download tasks passed | The device has finished all necessary tasks prior to downloading the update. |
-| Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
-| Download Started | The update has begun downloading on the device. |
-| Download Succeeded | The update has successfully completed downloading. |
-| Pre-Install Tasks Passed | Tasks that must be completed prior to installing the update have been completed. |
-| Install Started | Installation of the update has begun. |
-| Reboot Required | The device has finished installing the update, and a reboot is required before the update can be completed.
-| Reboot Pending | The device has a scheduled reboot to apply the update. |
-| Reboot Initiated | The scheduled reboot has been initiated. |
-| Update Completed/Commit | The update has successfully installed. |
-
-> [!NOTE]
-> Interacting with any rows in the perspective view will automatically apply the given value to the query and execute it with the new parameter, narrowing the perspective to devices that satisfy that criteria. For example, clicking "Not configured (-1)" devices in Deferral Configurations will filter the query to only contain devices that do not have a deferral configuration. These filters can also be applied to queries via the filter sidebar.
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
new file mode 100644
index 0000000000..a455261f8c
--- /dev/null
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -0,0 +1,55 @@
+---
+title: Privacy in Update Compliance
+ms.reviewer:
+manager: laurawi
+description: an overview of the Feature Update Status report
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Privacy in Update Compliance
+
+Update Compliance is fully committed to privacy, centering on these tenets:
+
+- **Transparency:** Windows 10 diagnostic data events that are required for Update Compliance's operation are fully documented (see the links for additional information) so you can review them with your company's security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
+- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10, version 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics.
+- **Security:** Your data is protected with strong security and encryption.
+- **Trust:** Update Compliance supports the Online Services Terms.
+
+## Data flow for Update Compliance
+
+The data flow sequence is as follows:
+
+1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
+2. An IT Administrator creates an Azure Log Analytics workspace. They then choose the location this workspace will store data and receives a Commercial ID for that workspace. The Commercial ID is added to each device in an organization by way of Group Policy, MDM or registry key.
+3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management Service, identifying devices by Commercial ID.
+4. These snapshots are copied to transient storage, used solely for Update Compliance where they are partitioned by Commercial ID.
+5. The snapshots are then copied to the appropriate Azure Log Analytics workspace, where the Update Compliance experience pulls the information from to populate visuals.
+
+## FAQ
+
+### Can Update Compliance be used without a direct client connection to the Microsoft Data Management Service?
+
+No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
+
+### Can I choose the data center location?
+
+Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
+
+## Related topics
+
+See related topics for additional background information on privacy and treatment of diagnostic data:
+
+- [Windows 10 and the GDPR for IT Decision Makers](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance)
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
+- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
+- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
+- [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
+- [Trust Center](https://www.microsoft.com/trustcenter)
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
new file mode 100644
index 0000000000..3cbcbbeb28
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -0,0 +1,46 @@
+---
+title: Update Compliance Schema - WaaSDeploymentStatus
+ms.reviewer:
+manager: laurawi
+description: WaaSDeploymentStatus schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# WaaSDeploymentStatus
+
+WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time.
+
+|Field |Type |Example |Description |
+|-|-|-----|------------------------|
+|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
+|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**DeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). |
+|**DeploymentError** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
+|**DeploymentErrorCode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
+|**DeploymentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Failed` |The high level status of installing this update on this device. Possible values are:
**Update completed**: Device has completed the update installation. **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`. **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update. **Cancelled**: The update was cancelled. **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`. **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
+|**DetailedStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:
**Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred. **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered. **Update offered**: The device has been offered the update, but has not begun downloading it. **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update. **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds). **Download started**: The update has begun downloading on the device. **Download Succeeded**: The update has successfully completed downloading. **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed. **Install Started**: Installation of the update has begun. **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed. **Reboot Pending**: The device has a scheduled reboot to apply the update. **Reboot Initiated**: The scheduled reboot has been initiated. **Commit**: Changes are being committed post-reboot. This is another step of the installation process. **Update Completed**: The update has successfully installed.|
+|**ExpectedInstallDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
+|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
+|**OriginBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build currently installed on the device. |
+|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`719` |The revision of the OSBuild installed on the device. |
+|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
+|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
+|**PauseState** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.
**Expired**: The pause period has expired. **NotConfigured**: Pause is not configured. **Paused**: The device was last reported to be pausing this content type. **NotPaused**: The device was last reported to not have any pause on this content type. |
+|**RecommendedAction** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The recommended action to take in the event this device needs attention, if any. |
+|**ReleaseName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`KB4551762` |The KB Article corresponding to the TargetOSRevision, if any. |
+|**TargetBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The target OSBuild, the update being installed or considered as part of this WaaSDeploymentStatus record. |
+|**TargetOSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The target OSVersion. |
+|**TargetOSRevision** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |The target OSRevisionNumber. |
+|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
+|**UpdateCategory** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Quality` |The high-level category of content type this Windows Update belongs to. Possible values are **Feature** and **Quality**. |
+|**UpdateClassification** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Security` |Similar to UpdateCategory, this more specifically determines whether a Quality update is a security update or not. |
+|**UpdateReleasedDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the time the update came available on Windows Update. |
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
new file mode 100644
index 0000000000..2ddf505e62
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -0,0 +1,35 @@
+---
+title: Update Compliance Schema - WaaSInsiderStatus
+ms.reviewer:
+manager: laurawi
+description: WaaSInsiderStatus schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# WaaSInsiderStatus
+
+WaaSInsiderStatus records contain device-centric data and acts as the device record for devices on Windows Insider Program builds in Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. Insider devices have fewer fields than [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md).
+
+
+|Field |Type |Example |Description |
+|--|--|---|--|
+|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
+|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
+|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
+|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
+|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
+|**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
+|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
+|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
+|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
new file mode 100644
index 0000000000..0b5adb4096
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -0,0 +1,46 @@
+---
+title: Update Compliance Schema - WaaSUpdateStatus
+ms.reviewer:
+manager: laurawi
+description: WaaSUpdateStatus schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# WaaSUpdateStatus
+
+WaaSUpdateStatus records contain device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention.
+
+|Field |Type |Example |Description |
+|--|-|----|------------------------|
+|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
+|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Simple (99)` |The device's Delivery Optimization DownloadMode. To learn about possible values, see [Delivery Optimization Reference - Download mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) |
+|**FeatureDeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.
- **<0**: A value below 0 indicates the policy is disabled.
- **0**: A value of 0 indicates the policy is enabled, but the deferral period is 0 days.
- **1+**: A value of 1 and above indicates the deferral setting, in days. |
+|**FeaturePauseDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |*Deprecated* This provides the count of days left in a pause |
+|**FeaturePauseState** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.
**Expired**: The pause period has expired. **NotConfigured**: Pause is not configured. **Paused**: The device was last reported to be pausing this content type. **NotPaused**: The device was last reported to not have any pause on this content type. |
+|**QualityDeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.
**<0**: A value below 0 indicates the policy is disabled. **0**: A value of 0 indicates the policy is enabled, but the deferral period is 0 days. **1+**: A value of 1 and above indicates the deferral setting, in days. |
+|**QualityPauseDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |**Deprecated**. This provides the count of days left in a pause period.|
+|**QualityPauseState** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Quality Updates.
**Expired**: The pause period has expired. **NotConfigured**: Pause is not configured.**Paused**: The device was last reported to be pausing this content type.**NotPaused**: The device was last reported to not have any pause on this content type. |
+|**NeedAttentionStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Indicates any reason a device needs attention; if empty, there are no [Device Issues](https://docs.microsoft.com/windows/deployment/update/update-compliance-need-attention#device-issues) for this device. |
+|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
+|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
+|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
+|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
+|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
+|**OSCurrentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Current` |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, as well as the latest Quality Update for that Feature Update. |
+|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
+|**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
+|**OSFeatureUpdateStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Feature Update. |
+|**OSQualityUpdateStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Quality Update (for its Feature Update). |
+|**OSSecurityUpdateStatus**|[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Quality Update **that is classified as containing security fixes**. |
+|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
+|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
+|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
new file mode 100644
index 0000000000..6aa934c711
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
@@ -0,0 +1,34 @@
+---
+title: Update Compliance Schema - WUDOAggregatedStatus
+ms.reviewer:
+manager: laurawi
+description: WUDOAggregatedStatus schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# WUDOAggregatedStatus
+
+WUDOAggregatedStatus records provide information, across all devices, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), over the past 28 days.
+
+These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference).
+
+|Field |Type |Example |Description |
+|-|-|-|-|
+|**DeviceCount** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`9999` |Total number of devices in this aggregated record. |
+|**BWOptPercent28Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 28-day basis. |
+|**BWOptPercent7Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 7-day basis. |
+|**BytesFromCDN** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization.|
+|**BytesFromGroupPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
+|**BytesFromIntPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
+|**BytesFromPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
+|**ContentType** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded.|
+|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this device. |
+|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace.|
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
new file mode 100644
index 0000000000..7a9adf27cd
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@@ -0,0 +1,57 @@
+---
+title: Update Compliance Schema - WUDOStatus
+ms.reviewer:
+manager: laurawi
+description: WUDOStatus schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# WUDOStatus
+
+> [!NOTE]
+> Currently all location-based fields are not working properly. This is a known issue.
+
+WUDOStatus records provide information, for a single device, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), and other information to create more detailed reports and splice on certain common characteristics.
+
+These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference).
+
+|Field |Type |Example |Description |
+|-|-|-|-|
+|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
+|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
+|**City** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Approximate city device was in while downloading content, based on IP Address. |
+|**Country** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Approximate country device was in while downloading content, based on IP Address. |
+|**ISP** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The Internet Service Provider estimation. |
+|**BWOptPercent28Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 28-day basis. |
+|**BWOptPercent7Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 7-day basis. |
+|**BytesFromCDN** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization. |
+|**BytesFromGroupPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
+|**BytesFromIntPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
+|**BytesFromPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
+|**ContentDownloadMode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)**@JAIME** configuration for this content. |
+|**ContentType** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded. |
+|**DOStatusDescription** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |A short description of DO's status, if any. |
+|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this device. |
+|**DownloadModeSrc** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Default` |The source of the DownloadMode configuration. |
+|**GroupID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The DO Group ID. |
+|**NoPeersCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) | |The number of peers this device interacted with. |
+|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
+|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
+|**PeerEligibleTransfers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |Total number of eligible transfers by Peers. |
+|**PeeringStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`On` |The DO Peering Status |
+|**PeersCannotConnectCount**|[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device was unable to connect to. |
+|**PeersSuccessCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device successfully connected to. |
+|**PeersUnknownCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers for which there is an unknown relation. |
+|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |
+|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
+|**TotalTimeForDownload** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`0:00:00` |The total time it took to download the content. |
+|**TotalTransfers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The total number of data transfers to download this content. |
+
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
new file mode 100644
index 0000000000..2be2ac0e78
--- /dev/null
+++ b/windows/deployment/update/update-compliance-schema.md
@@ -0,0 +1,29 @@
+---
+title: Update Compliance Data Schema
+ms.reviewer:
+manager: laurawi
+description: an overview of Update Compliance data schema
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: deploy
+audience: itpro
+itproauthor: jaimeo
+author: jaimeo
+ms.author: jaimeo
+ms.collection: M365-analytics
+ms.topic: article
+---
+
+# Update Compliance Schema
+
+When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](https://docs.microsoft.com/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
+
+The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-queries).
+
+|Table |Category |Description |
+|--|--|--|
+|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. |
+|[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. |
+|[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. |
+|[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). |
+|[**WUDOAggregatedStatus**](update-compliance-schema-wudoaggregatedstatus.md) |Delivery Optimization record |This table aggregates all individual WUDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to Delivery Optimization. |
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index f6f30a2709..67cc9067ac 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -22,49 +22,4 @@ The **Overall Security Update Status** blade provides a visualization of devices
The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows 10, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization.
-The various deployment states reported by devices are as follows:
-
-## Deployment status
-Deployment status summarizes detailed status into higher-level states to get a quick sense of the status the given device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported deployment status.
-
-|Deployment status |Description |
-|---------|---------|
-|Failed | The device encountered a failure during the update process. Note that due to latency, devices reporting this status may have since retried the update. |
-|Progress stalled | The device started the update process, but no progress has been reported in the last 7 days. |
-|Deferred | The device is currently deferring the update process due to Windows Update for Business policies. |
-|In progress | The device has begun the updating process for this update. This status appears if the device is in any stage of the update process including and after download, but before completing the update. If no progress has been reported in the last 7 days, devices will move to **Progress stalled**.** |
-|Update completed | The device has completed the update process. |
-|Update paused | The device is prevented from being offered the update due to updates being paused on the device. |
-|Unknown | No record is available for this device relative to this update. This is a normal status if an update has recently been released or if the device does not use Windows Update. |
-
-
-## Detailed status
-Detailed status provides a detailed stage-level representation of where in the update process the device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported detailed status.
-
-
-|Detailed status |Description |
-|---------|---------|
-|Scheduled in next X days | The device is currently deferring the update with Windows Update for Business policies but will be offered the update within the next X days. |
-|Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
-|Update deferred | The device is currently deferring the update with Windows Update for Business policies. |
-|Update paused | The device is prevented from being offered the update due to updates being paused on the device. |
-|Update offered | The device has been offered the update by Windows Update but has not yet begun to download it. |
-|Download started | The device has begun downloading the update. |
-|Download succeeded | The device has finished downloading the update but has not yet begun installing the update. |
-|Install started | The device has begun installing the update. |
-|PreInstall task passed | The device has passed checks prior to beginning the rest of the installation process after a restart. |
-|Reboot required | The device requires a restart to install the update, but one has not yet been scheduled. |
-|Reboot pending | The device is pending a restart to install the update. |
-|Reboot initiated | The device reports "Reboot initiated" just before actually restarting specifically to apply the update. |
-|Commit | The device, after a restart, is committing changes relevant to the update. |
-|Finalize succeeded | The device has finished final tasks after a restart to apply the update. |
-|Update successful | The device has successfully applied the update. |
-|Cancelled | The update was canceled at some point in the update process. |
-|Uninstalled | The update was successfully uninstalled from the device. |
-|Rollback | The update failed to apply during the update process, causing the device to roll back changes and revert to the previous update. |
-
-
-
-
-
The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section.
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 3f9b6fbcbb..47ea2040ed 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -21,14 +21,13 @@ In this section you'll learn how to use Update Compliance to monitor your device
Update Compliance:
-- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
-- Reports when devices have issues related to updates that need attention.
-- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
+- Provides detailed deployment monitoring for Windows 10 Feature and Quality updates.
+- Reports when devices need attention due to issues related to update deployment.
- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
## The Update Compliance tile
-After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
+After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you'll see this tile:
@@ -48,7 +47,7 @@ When you select this tile, you will be redirected to the Update Compliance works
-Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
+Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
@@ -84,9 +83,9 @@ This means you should generally expect to see new data device data every 24 hour
Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
See below for a few topics related to Log Analytics:
-* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
+* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
-* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
+* [Gain an overview of Log Analytics' alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
## Related topics
diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md
deleted file mode 100644
index 881410e578..0000000000
--- a/windows/deployment/update/update-compliance-wd-av-status.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Update Compliance - Windows Defender AV Status report
-ms.reviewer:
-manager: laurawi
-description: an overview of the Windows Defender AV Status report
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.pagetype: deploy
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.author: jaimeo
-ms.collection: M365-analytics
-ms.topic: article
----
-
-# Windows Defender AV Status
-
-
-> [!IMPORTANT]
-> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
-
-
-
-The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection – this percentage only considers devices using Windows Defender Antivirus.
-
-> [!NOTE]
-> Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx).
-
-## Windows Defender AV Status sections
-The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query.
-
-The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation.
-
-Here are some important terms to consider when using the Windows Defender AV Status section of Update Compliance:
-* **Signature out of date** devices are devices with a signature older than 14 days.
-* **No real-time protection** devices are devices that are using Windows Defender AV but have turned off real-time protection.
-* **Recently disappeared** devices are devices that were previously seen by Windows Defender AV and are no longer seen in the past 7 days.
-* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This could be due to a number of reasons, including a full disk, network error, operation aborted, etc. Manual intervention might be needed from IT team.
-* **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared.
-
-## Windows Defender data latency
-Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.
-
-## Related topics
-
-- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 2486006471..0e9f6ba908 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -52,7 +52,7 @@ You can control when updates are applied, for example by deferring when an updat
Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.
-- Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
+- Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
- Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.
diff --git a/windows/deployment/windows-autopilot/images/csp2.png b/windows/deployment/windows-autopilot/images/csp2.png
index cf095b831c..06cc80fe95 100644
Binary files a/windows/deployment/windows-autopilot/images/csp2.png and b/windows/deployment/windows-autopilot/images/csp2.png differ
diff --git a/windows/deployment/windows-autopilot/images/csp3a.png b/windows/deployment/windows-autopilot/images/csp3a.png
new file mode 100644
index 0000000000..3fb1291370
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/csp3a.png differ
diff --git a/windows/deployment/windows-autopilot/images/csp3b.png b/windows/deployment/windows-autopilot/images/csp3b.png
new file mode 100644
index 0000000000..c2034c1ebc
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/csp3b.png differ
diff --git a/windows/deployment/windows-autopilot/images/csp4.png b/windows/deployment/windows-autopilot/images/csp4.png
index 608128e5ab..ddada725b2 100644
Binary files a/windows/deployment/windows-autopilot/images/csp4.png and b/windows/deployment/windows-autopilot/images/csp4.png differ
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..cb93b03921 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -45,11 +45,15 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
- Select the checkbox indicating whether or not you want delegated admin rights:
- - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+ - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Admin Center or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
- Send the template above to the customer via email.
-2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
+2. Customer with global administrator privileges in Microsoft Admin Center clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following Microsoft 365 admin center page:
- 
+ 
+
+ The image above is what the customer will see if they requested delegated admin rights (DAP). Note that the page says what Admin roles are being requested. If the customer did not request delegated admin rights they would see the following page:
+
+ 
> [!NOTE]
> A user without global admin privileges who clicks the link will see a message similar to the following:
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
index ce948dbf85..d15ec0f74b 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -10,8 +10,8 @@ ms.localizationpriority: high
audience: ITPro
author: medgarmedgar
ms.author: v-medgar
-manager: sanashar
-ms.date: 9/10/2019
+manager: robsize
+ms.date: 3/25/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server
@@ -23,10 +23,6 @@ ms.date: 9/10/2019
This article describes the network connections that Windows 10 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](https://docs.microsoft.com/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
-Note: The 1903 settings in the Windows Restricted Traffic Limited Functionality Baseline package are applicable to 1909 Windows Enterprise devices.
-
-Note: If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied to in order re-restrict the device. Also, egress traffic may occur during the period leading up to the re-applications of the Restricted Traffic Limited Functionality Baseline settings.
-
>[!IMPORTANT]
>- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
> - CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
@@ -35,6 +31,9 @@ Note: If a user executes the "Reset this PC" command (Settings -> Update & Secur
>- To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.
>- The **Get Help** and **Give us Feedback** links in Windows may no longer work after applying some or all of the MDM/CSP settings.
+>[!Warning]
+>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings. If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required.
+
For more information on Microsoft Intune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/intune/).
For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services).
@@ -143,8 +142,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. [Defender/AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
1. [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)**
1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)**
- 1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)**
- 1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
+ 1. Windows Defender SmartScreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender SmartScreen. **Set to 0 (zero)**
+ 1. Windows Defender SmartScreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
1. [Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
1. **Windows Spotlight** - [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight). Disable Windows Spotlight. **Set to 0 (zero)**
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 70e294409e..03b72907ac 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -11,10 +11,10 @@ ms.localizationpriority: high
audience: ITPro
author: medgarmedgar
ms.author: v-medgar
-manager: sanashar
+manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 9/17/2019
+ms.date: 3/25/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services
@@ -36,6 +36,12 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
> - It is recommended that you restart a device after making configuration changes to it.
> - The **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
+>[!Note]
+>Regarding the Windows Restricted Traffic Limited Functionality Baseline, the 1903 settings (folder) are applicable to 1909 Windows >Enterprise devices. There were no additional settings required for the 1909 release.
+
+>[!Warning]
+>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option (or the >"Remove Everything" option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order >re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline >settings.
+
To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index e40d27f3d0..6c12907b28 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -151,8 +151,8 @@ function CheckExemption($_ModName)
}
-function CheckFailedDriver($_ModName, $CIStats)''
-{''
+function CheckFailedDriver($_ModName, $CIStats)
+{
Log "Module: " $_ModName.Trim()
if(CheckExemption($_ModName.Trim()) - eq 1)
{
@@ -959,7 +959,7 @@ function PrintToolVersion
LogAndConsole ""
LogAndConsole "###########################################################################"
LogAndConsole ""
- LogAndConsole "Readiness Tool Version 3.7 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
+ LogAndConsole "Readiness Tool Version 3.7.1 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
LogAndConsole ""
LogAndConsole "###########################################################################"
LogAndConsole ""
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 54e4021adc..4a5e2492fe 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -154,6 +154,9 @@ These procedures configure NTFS and share permissions on the web server to allow
9. In the **Advanced Sharing** dialog box, click **OK**.
+> [!Tip]
+> Make sure that users can access **\\\Server FQDN\sharename**.
+
#### Disable Caching
1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
2. Right-click the **cdp** folder and click **Properties**. Click the **Sharing** tab. Click **Advanced Sharing**.
@@ -325,6 +328,9 @@ Sign-in a workstation with access equivalent to a _domain user_.
14. Click **Save**
15. Sign-out of the Azure portal.
+> [!IMPORTANT]
+> For more details about the actual experience after everything has been configured, please see [Windows Hello for Business and Authentication](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication).
+
## Section Review
> [!div class="checklist"]
> * Configure Internet Information Services to host CRL distribution point
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index c7b2eca8b7..9c4dba47c8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -122,11 +122,9 @@ Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.co
>
> If you have one of these subscriptions or licenses, skip the Azure MFA Adapter section.
-#### Azure MFA Provider
-If your organization uses Azure MFA on a per-consumption model (no licenses), then review the [Create a Multifactor Authentication Provider](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-auth-provider) section to create an Azure MFA Authentication provider and associate it with your Azure tenant.
#### Configure Azure MFA Settings
-Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings. Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
+Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
#### Azure MFA User States
After you have completed configuring your Azure MFA settings, you want to review [How to require two-step verification for a user](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index 0977f9b6a8..314df80eac 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -37,7 +37,7 @@ You are ready to configure device registration for your hybrid environment. Hybr
## Configure Azure for Device Registration
Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD.
-To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-setup/)
+To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-setup/).
Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-manual) page. In the **Configuration steps** section, identify your configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.
@@ -49,7 +49,7 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory
## Follow the Windows Hello for Business hybrid key trust deployment guide
1. [Overview](hello-hybrid-cert-trust.md)
2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md)
-3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
+3. [New Installation Baseline](hello-hybrid-key-new-install.md)
4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
5. Configure Azure Device Registration (*You are here*)
6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 016bf3f7d8..97c87a6d14 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -102,8 +102,8 @@ Organizations using older directory synchronization technology, such as DirSync
-## Federation with Azure ##
-You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) or [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later.
+## Federation with Azure
+You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/whatis-phs) or [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later.
> [!div class="checklist"]
> * Non-federated environments
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index 8b5a188647..3fc752f3ca 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -53,7 +53,7 @@ This table provides info about the most common problems you might encounter whil
|
|
| WIP is designed for use by a single user per device. |
- A secondary user on a device might experience app compat issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. |
+ A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user’s content can be revoked during the unenrollment process. |
We recommend only having one user per managed device. |
@@ -121,17 +121,25 @@ This table provides info about the most common problems you might encounter whil
| Only enlightened apps can be managed without device enrollment
|
- If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. |
+ If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. |
If all apps need to be managed, enroll the device for MDM.
|
- By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can't access it.
|
+ By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.
|
Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.
|
If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
|
+
+ | Microsoft Office Outlook offline data files (PST and OST files) are not marked as Work files, and are therefore not protected.
+ |
+ If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.
+ |
+ It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually.
+ |
+
> [!NOTE]
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 7cb66960c1..0ef906a2b3 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -172,17 +172,7 @@ You can try any of the processes included in these scenarios, but you should foc
-
- | Stop Google Drive from syncing WIP protected files and folders. |
-
-
- - In silent configuration, add Google Drive to Protected Apps and set it to Deny. This way, Google Drive will not sync WIP protected files and folders.
- - Google Drive details
- Publisher=O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US
- File=GOOGLEDRIVESYNC.EXE
-
- |
-
+
>[!NOTE]
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index af1e439587..cc66e6e688 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -6,101 +6,340 @@
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Preview features](microsoft-defender-atp/preview.md)
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
+### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
-## [Deployment strategy](microsoft-defender-atp/deployment-strategy.md)
+## [Plan deployment](microsoft-defender-atp/deployment-strategy.md)
## [Deployment guide]()
### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
-
### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
-
-### [Phase 2: Setup](microsoft-defender-atp/production-deployment.md)
-
+### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
## [Security administration]()
-### [Threat & Vulnerability Management overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
-### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
-### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
-### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
-### [Configuration score](microsoft-defender-atp/configuration-score.md)
-### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
-### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
-### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
-### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
-### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
+### [Threat & Vulnerability Management]()
+#### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
+#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
+#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
+#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
+#### [Configuration score](microsoft-defender-atp/configuration-score.md)
+#### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
+#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
+#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
+#### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
+#### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
+
+### [Attack surface reduction]()
+#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
+#### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
+#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
+#### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
+
+
+#### [Attack surface reduction controls]()
+##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
+##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
+##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
+
+#### [Hardware-based isolation]()
+##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
+##### [Hardware-based isolation evaluation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+
+##### [Application isolation]()
+###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
+###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
+###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+
+##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+###### [Audit Application control policies](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
+
+##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
+
+##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
+
+
+#### [Device control]()
+##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
+
+##### [Device Guard]()
+###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+#### [Exploit protection]()
+##### [Protect devices from exploits](microsoft-defender-atp/exploit-protection.md)
+##### [Exploit protection evaluation](microsoft-defender-atp/evaluate-exploit-protection.md)
+#### [Network protection]()
+##### [Protect your network](microsoft-defender-atp/network-protection.md)
+##### [Network protection evaluation](microsoft-defender-atp/evaluate-network-protection.md)
+
+
+#### [Web protection]()
+##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
+##### [Web threat protection]()
+###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
+###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
+###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
+##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
+
+#### [Controlled folder access]()
+##### [Protect folders](microsoft-defender-atp/controlled-folders.md)
+##### [Controlled folder access evaluation](microsoft-defender-atp/evaluate-controlled-folder-access.md)
+
+
+
+#### [Network firewall]()
+##### [Network firewall overview](windows-firewall/windows-firewall-with-advanced-security.md)
+##### [Network firewall evaluation](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
+
+### [Next-generation protection]()
+#### [Next-generation protection overview](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
+#### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+
+#### [Configure next-generation protection]()
+##### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+
+##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+###### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
+###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+
+##### [Configure behavioral, heuristic, and real-time protection]()
+###### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+
+##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
+
+##### [Antivirus compatibility]()
+###### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
+
+##### [Deploy, manage updates, and report on antivirus]()
+###### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
+
+###### [Report on antivirus protection]()
+####### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
+
+###### [Manage updates and apply baselines]()
+####### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+####### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
+####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
+####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
+####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
+####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+##### [Customize, initiate, and review the results of scans and remediation]()
+###### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+###### [Configure and validate exclusions in antivirus scans]()
+####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
+###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+
+##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+
+##### [Manage antivirus in your business]()
+###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+##### [Manage scans and remediation]()
+###### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+###### [Configure and validate exclusions in antivirus scans]()
+####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
+###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+
+##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+
+##### [Manage next-generation protection in your business]()
+###### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md)
+###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+
+#### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
+#### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md)
+
+
+### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
+#### [What's New](microsoft-defender-atp/mac-whatsnew.md)
+
+#### [Deploy]()
+##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
+##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
+##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
+##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
+#### [Update](microsoft-defender-atp/mac-updates.md)
+
+#### [Configure]()
+##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
+##### [Set preferences](microsoft-defender-atp/mac-preferences.md)
+##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
+
+#### [Troubleshoot]()
+##### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)
+##### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
+##### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
+##### [Troubleshoot license issues](microsoft-defender-atp/mac-support-license.md)
+
+#### [Privacy](microsoft-defender-atp/mac-privacy.md)
+#### [Resources](microsoft-defender-atp/mac-resources.md)
+
+
+### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
+#### [What's New](microsoft-defender-atp/linux-whatsnew.md)
+#### [Deploy]()
+##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
+##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
+##### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md)
+
+#### [Update](microsoft-defender-atp/linux-updates.md)
+
+
+#### [Configure]()
+##### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md)
+##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
+##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
+
+#### [Troubleshoot]()
+##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)
+##### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md)
+##### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)
+
+
+#### [Resources](microsoft-defender-atp/linux-resources.md)
+
+### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
+
## [Security operations]()
-### [Portal overview](microsoft-defender-atp/portal-overview.md)
-### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
-### [Incidents queue]()
-#### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
-#### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
-#### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
-### [Alerts queue]()
-#### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
-#### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
-#### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
-#### [Investigate files](microsoft-defender-atp/investigate-files.md)
-#### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
-#### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
-#### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
-##### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
-#### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+### [Endpoint detection and response]()
+#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
+#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
+#### [Incidents queue]()
+##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
+##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
+##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
+
+#### [Alerts queue]()
+##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+##### [Investigate files](microsoft-defender-atp/investigate-files.md)
+##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+###### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
+##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+
+#### [Machines list]()
+##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
+##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+
+#### [Take response actions]()
+##### [Take response actions on a machine]()
+###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
+###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
+###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
+###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
+###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
+###### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
+
+##### [Take response actions on a file]()
+###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
+###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
+###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
+###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
+###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
+###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
-### [Machines list]()
-#### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
-#### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
+##### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
-### [Take response actions]()
-#### [Take response actions on a machine]()
-##### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
-##### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
-##### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
-##### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
-##### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
-##### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
-##### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
-##### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
-##### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
-##### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
-
-#### [Take response actions on a file]()
-##### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
-##### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-##### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
-##### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-##### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
-##### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
-##### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
-##### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-##### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
-##### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
-##### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
-
-### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
-#### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
+#### [Investigate entities using Live response]()
+##### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
+##### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
-### [Investigate entities using Live response]()
-#### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
-#### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
-### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
+
+
+##### [Shadow protection?](windows-defender-antivirus/shadow-protection.md)
+
+#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
+
+#### [Reporting]()
+##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
+##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
+##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
+#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
+
+
+#### [Custom detections]()
+##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
+##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
+
+
+
+
+
+
+### [Automated investigation and response]()
+#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
@@ -128,17 +367,13 @@
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
-### [Reporting]()
-#### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
-#### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
-#### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
-#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
+### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
+
+
+
-### [Custom detections]()
-#### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
-#### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
@@ -174,171 +409,6 @@
#### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
#### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
-### [Manage capabilities]()
-
-#### [Configure attack surface reduction]()
-##### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
-
-#### [Hardware-based isolation]()
-##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
-
-##### [Application isolation]()
-###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
-###### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-
-##### [Device control]()
-###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
-
-###### [Device Guard]()
-####### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-
-####### [Memory integrity]()
-######## [Understand memory integrity](device-guard/memory-integrity.md)
-######## [Hardware qualifications](device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-######## [Enable HVCI](device-guard/enable-virtualization-based-protection-of-code-integrity.md)
-
-##### [Exploit protection]()
-###### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
-###### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md)
-###### [Import/export configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
-
-##### [Network protection](microsoft-defender-atp/enable-network-protection.md)
-##### [Controlled folder access](microsoft-defender-atp/enable-controlled-folders.md)
-
-##### [Attack surface reduction controls]()
-###### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
-###### [Customize attack surface reduction](microsoft-defender-atp/customize-attack-surface-reduction.md)
-
-##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
-
-#### [Configure next-generation protection]()
-##### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
-
-##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
-###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
-###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
-###### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
-###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
-###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-
-##### [Configure behavioral, heuristic, and real-time protection]()
-###### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
-###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
-
-##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
-
-##### [Antivirus compatibility]()
-###### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
-###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
-
-##### [Deploy, manage updates, and report on antivirus]()
-###### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
-###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
-####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
-
-###### [Report on antivirus protection]()
-####### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
-####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
-
-###### [Manage updates and apply baselines]()
-####### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
-####### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
-####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
-####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
-####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
-####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
-
-##### [Customize, initiate, and review the results of scans and remediation]()
-###### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-
-###### [Configure and validate exclusions in antivirus scans]()
-####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-
-###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-
-##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
-##### [Manage antivirus in your business]()
-###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
-##### [Manage scans and remediation]()
-###### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
-
-###### [Configure and validate exclusions in antivirus scans]()
-####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
-####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
-####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
-
-###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
-
-##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
-###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
-###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
-###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
-###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
-###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-
-##### [Manage next-generation protection in your business]()
-###### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md)
-###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-
-#### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
-##### [What's New](microsoft-defender-atp/mac-whatsnew.md)
-##### [Deploy]()
-###### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
-###### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
-###### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
-###### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
-##### [Update](microsoft-defender-atp/mac-updates.md)
-##### [Configure]()
-###### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
-###### [Set preferences](microsoft-defender-atp/mac-preferences.md)
-###### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
-##### [Troubleshoot]()
-###### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)
-###### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
-###### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
-###### [Troubleshoot license issues](microsoft-defender-atp/mac-support-license.md)
-##### [Privacy](microsoft-defender-atp/mac-privacy.md)
-##### [Resources](microsoft-defender-atp/mac-resources.md)
-
-
-#### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
-##### [Deploy]()
-###### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
-###### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
-###### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md)
-##### [Update](microsoft-defender-atp/linux-updates.md)
-##### [Configure]()
-###### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
-###### [Set preferences](microsoft-defender-atp/linux-preferences.md)
-##### [Resources](microsoft-defender-atp/linux-resources.md)
-
-
-#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
-
### [Configure portal settings]()
#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
#### [General]()
@@ -376,51 +446,7 @@
-
-
## Reference
-### [Capabilities]()
-#### [Threat & Vulnerability Management]()
-##### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
-##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
-
-#### [Attack surface reduction]()
-##### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
-##### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
-##### [Hardware-based isolation]()
-###### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
-###### [Application isolation]()
-####### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
-####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
-
-###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
-
-##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-##### [Exploit protection](microsoft-defender-atp/exploit-protection.md)
-##### [Network protection](microsoft-defender-atp/network-protection.md)
-
-##### [Web protection]()
-###### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
-###### [Web threat protection]()
-####### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
-####### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
-####### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
-###### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
-
-##### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
-##### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
-##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
-
-#### [Next-generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-##### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
-##### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md)
-
-
-#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
-##### [Shadow protection](windows-defender-antivirus/shadow-protection.md)
-
-#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
-
### [Management and APIs]()
#### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
@@ -591,28 +617,9 @@
### [Information protection in Windows overview]()
#### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
-#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
-
-
-### [Evaluate Microsoft Defender ATP]()
-#### [Attack surface reduction and next-generation capability evaluation]()
-##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
-##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-##### [Exploit protection](microsoft-defender-atp/evaluate-exploit-protection.md)
-##### [Network Protection](microsoft-defender-atp/evaluate-network-protection.md)
-##### [Controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
-##### [Attack surface reduction](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
-##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
-
-
### [Access the Microsoft Defender ATP Community Center](microsoft-defender-atp/community.md)
-
-
-
### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
@@ -696,6 +703,9 @@
#### [Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
#### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
+### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
+#### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
+#### [Windows Sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
index e88b1b13e8..725e9d2023 100644
--- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
@@ -42,7 +42,7 @@ The following tables provide more information about the hardware, firmware, and
| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. |
| Firmware: **Secure firmware update process** | UEFI firmware must support secure firmware update found under the System.Fundamentals.Firmware.UEFISecureBoot requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Systems download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
| Software: **HVCI compatible drivers** | See the Filter.Driver.DeviceGuard.DriverCompatibility requirement in the [Windows Hardware Compatibility Specifications for Windows 10, version 1809 and Windows Server 2019 - Filter driver download](https://go.microsoft.com/fwlink/?linkid=2027110). You can find previous versions of the Windows Hardware Compatibility Program Specifications and Policies [here](https://docs.microsoft.com/windows-hardware/design/compatibility/whcp-specifications-policies). | [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
-| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
+| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Pro, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise
Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. Only virtualization-based protection of code integrity is supported in this configuration.
| Support for VBS and for management features that simplify configuration of Windows Defender Device Guard. |
> **Important** The following tables list additional qualifications for improved security. You can use Windows Defender Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Windows Defender Device Guard can provide.
@@ -75,6 +75,6 @@ The following tables describe additional hardware and firmware qualifications, a
| Protections for Improved Security | Description | Security benefits |
|---------------------------------------------|----------------------------------------------------|------|
-| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
• PE sections need to be page-aligned in memory (not required for in non-volitile storage).
• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
• No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
+| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.
• UEFI runtime service must meet these requirements:
• Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
• PE sections need to be page-aligned in memory (not required for in non-volitile storage).
• The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
• All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
• No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.
Please also note the following:
• Do not use sections that are both writeable and executable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. |
| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. |
diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
index 0c3ce01531..be304c5715 100644
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@@ -30,13 +30,19 @@ Windows Defender Antivirus is the [next generation protection](https://www.youtu
**Download the latest transparency report: [Examining industry test results, November 2019](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)**
-### AV-TEST: Protection score of 6.0/6.0 in the latest test
+### AV-TEST: Protection score of 5.5/6.0 in the latest test
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The following scores are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
-- July — August 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2019/microsoft-windows-defender-antivirus-4.18-193215/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp) **Latest**
+- January - February 2020 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2020/microsoft-windows-defender-antivirus-4.18-200614/) **Latest**
- Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 13,889 malware samples used. This industry-leading antivirus solution has consistently achieved a perfect Protection score in all AV-TEST cycles in the past 14 months.
+ Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, with 21,008 malware samples used.
+
+- November - December 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2019/microsoft-windows-defender-antivirus-4.18-195015/)
+
+- September - October 2019 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2019/microsoft-windows-defender-antivirus-4.18-194115/)
+
+- July — August 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2019/microsoft-windows-defender-antivirus-4.18-193215/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)
- May — June 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2019/microsoft-windows-defender-antivirus-4.18-192415/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3Esbl)
@@ -52,9 +58,11 @@ The AV-TEST Product Review and Certification Report tests on three categories: p
Business Security Test consists of three main parts: the Real-World Protection Test that mimics online malware attacks, the Malware Protection Test where the malware enters the system from outside the internet (for example by USB), and the Performance Test that looks at the impact on the system's performance.
-- Business Security Test 2019 (August — September): [Real-World Protection Rate 99.9%](https://www.av-comparatives.org/tests/business-security-test-august-september-2019-factsheet/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp) **Latest**
+- Business Security Test 2019 (August — November): [Real-World Protection Rate 99.6%](https://www.av-comparatives.org/tests/business-security-test-2019-august-november/) **Latest**
- Windows Defender Antivirus has scored consistently high in Real-World Protection Rates over the past year, with 99.9% in the latest test.
+ Windows Defender Antivirus has scored consistently high in Real-World Protection Rates over the past year, with 99.6% in the latest test.
+
+- Business Security Test 2019 Factsheet (August — September): [Real-World Protection Rate 99.9%](https://www.av-comparatives.org/tests/business-security-test-august-september-2019-factsheet/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)
- Business Security Test 2019 (March — June): [Real-World Protection Rate 99.9%](https://www.av-comparatives.org/tests/business-security-test-2019-march-june/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3Esbl)
@@ -66,9 +74,11 @@ Business Security Test consists of three main parts: the Real-World Protection T
SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
-- Enterprise Endpoint Protection July — September 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/jul-sep-2019-enterprise.pdf) **pdf** | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)
+- Enterprise Endpoint Protection October — December 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/oct-dec-2019-enterprise.pdf) **pdf**
- Microsoft's next-gen protection was named one of the leading products, stopping all targeted attacks and all but one public threat.
+ Microsoft's next-gen protection was named one of the leading products, stopping all targeted attacks and all but two public threats.
+
+- Enterprise Endpoint Protection July — September 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/jul-sep-2019-enterprise.pdf) **pdf** | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4kagp)
- Enterprise Endpoint Protection April — June 2019: [AAA award](https://selabs.uk/download/enterprise/epp/2019/apr-jun-2019-enterprise.pdf) **pdf** | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3Esbl)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index 7ce887afa8..7209a654db 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# Advanced hunting query best practices
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
index 9134afc574..8956d5c3a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
index 82bc19d642..53faa19f58 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceFileEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
index fe1f719c73..b9c338f0c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceImageLoadEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
index f05d8d0382..e51b88cf9a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceInfo
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index 689d68d6e6..9814bdbe14 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceLogonEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
index fb91c21fd2..17ba4f7f0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceNetworkEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
index ba7cf147bf..2e84b08364 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceNetworkInfo
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
index 7b656947ec..6fdba4c948 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceProcessEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
index 8dfc835e93..c0b36b2df8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# DeviceRegistryEvents
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index 337c1fafca..3570732cf5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# Learn the advanced hunting query language
@@ -32,64 +31,87 @@ Advanced hunting is based on the [Kusto query language](https://docs.microsoft.c
In Microsoft Defender Security Center, go to **Advanced hunting** to run your first query. Use the following example:
```kusto
-// Finds PowerShell execution events that could involve a download.
-DeviceProcessEvents
+// Finds PowerShell execution events that could involve a download
+union DeviceProcessEvents, DeviceNetworkEvents
| where Timestamp > ago(7d)
-| where FileName in ("powershell.exe", "POWERSHELL.EXE", "powershell_ise.exe", "POWERSHELL_ISE.EXE")
-| where ProcessCommandLine has "Net.WebClient"
- or ProcessCommandLine has "DownloadFile"
- or ProcessCommandLine has "Invoke-WebRequest"
- or ProcessCommandLine has "Invoke-Shellcode"
- or ProcessCommandLine contains "http:"
-| project Timestamp, DeviceName, InitiatingProcessFileName, FileName, ProcessCommandLine
+// Pivoting on PowerShell processes
+| where FileName in~ ("powershell.exe", "powershell_ise.exe")
+// Suspicious commands
+| where ProcessCommandLine has_any("WebClient",
+ "DownloadFile",
+ "DownloadData",
+ "DownloadString",
+ "WebRequest",
+ "Shellcode",
+ "http",
+ "https")
+| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine,
+FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType
| top 100 by Timestamp
```
This is how it will look like in advanced hunting.
-
+
-### Describe the query and specify the table to search
-The query starts with a short comment describing what it is for. This helps if you later decide to save your query and share it with others in your organization.
+
+### Describe the query and specify the tables to search
+A short comment has been added to the beginning of the query to describe what it is for. This helps if you later decide to save the query and share it with others in your organization.
```kusto
-// Finds PowerShell execution events that could involve a download.
-DeviceProcessEvents
+// Finds PowerShell execution events that could involve a download
```
-The query itself will typically start with a table name followed by a series of elements started by a pipe (`|`). In this example, we start by adding with the table name `DeviceProcessEvents` and add piped elements as needed.
+The query itself will typically start with a table name followed by a series of elements started by a pipe (`|`). In this example, we start by creating a union of two tables, `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed.
+```kusto
+union DeviceProcessEvents, DeviceNetworkEvents
+```
### Set the time range
-The first piped element is a time filter scoped within the previous seven days. Keeping the time range as narrow as possible ensures that queries perform well, return manageable results, and don't time out.
+The first piped element is a time filter scoped to the previous seven days. Keeping the time range as narrow as possible ensures that queries perform well, return manageable results, and don't time out.
```kusto
| where Timestamp > ago(7d)
```
-### Search for specific executable files
-The time range is immediately followed by a search for files representing the PowerShell application.
-```kusto
-| where FileName in ("powershell.exe", "POWERSHELL.EXE", "powershell_ise.exe", "POWERSHELL_ISE.EXE")
+### Check specific processes
+The time range is immediately followed by a search for process file names representing the PowerShell application.
+
```
-### Search for specific command lines
-Afterwards, the query looks for command lines that are typically used with PowerShell to download files.
-
-```kusto
-| where ProcessCommandLine has "Net.WebClient"
- or ProcessCommandLine has "DownloadFile"
- or ProcessCommandLine has "Invoke-WebRequest"
- or ProcessCommandLine has "Invoke-Shellcode"
- or ProcessCommandLine contains "http:"
+// Pivoting on PowerShell processes
+| where FileName in~ ("powershell.exe", "powershell_ise.exe")
```
-### Select result columns and length
-Now that your query clearly identifies the data you want to locate, you can add elements that define what the results look like. `project` returns specific columns and `top` limits the number of results, making the results well-formatted and reasonably large and easy to process.
+
+### Search for specific command strings
+Afterwards, the query looks for strings in command lines that are typically used to download files using PowerShell.
```kusto
-| project Timestamp, DeviceName, InitiatingProcessFileName, FileName, ProcessCommandLine
+// Suspicious commands
+| where ProcessCommandLine has_any("WebClient",
+ "DownloadFile",
+ "DownloadData",
+ "DownloadString",
+ "WebRequest",
+ "Shellcode",
+ "http",
+ "https")
+```
+
+### Customize result columns and length
+Now that your query clearly identifies the data you want to locate, you can add elements that define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process.
+
+```kusto
+| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine,
+FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType
| top 100 by Timestamp
```
-Click **Run query** to see the results. You can expand the screen view so you can focus on your hunting query and the results.
+Click **Run query** to see the results. Select the expand icon at the top right of the query editor to focus on your hunting query and the results.
+
+
+
+>[!TIP]
+>You can view query results as charts and quickly adjust filters. For guidance, [read about working with query results](advanced-hunting-query-results.md)
## Learn common query operators for advanced hunting
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index b24bb4db00..de3d5741a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
---
# Use shared queries in advanced hunting
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index 9d9bea3f59..6255da37f0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -15,7 +15,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 04/24/2018
+ms.date: 03/27/2020
---
# View and organize the Microsoft Defender Advanced Threat Protection Alerts queue
@@ -27,6 +27,9 @@ ms.date: 04/24/2018
The **Alerts queue** shows a list of alerts that were flagged from machines in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view, with the most recent alerts showing at the top of the list, helping you see the most recent alerts first.
+>[!NOTE]
+>The alerts queue is significantly reduced with automated investigation and remediation, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. When an alert contains a supported entity for automated investigation (for example, a file) in a machine that has a supported operating system for it, an automated investigation and remediation can start. For more information on automated investigations, see [Overview of Automated investigations](automated-investigations.md).
+
There are several options you can choose from to customize the alerts queue view.
On the top navigation you can:
@@ -45,10 +48,10 @@ You can apply the following filters to limit the list of alerts and get a more f
Alert severity | Description
:---|:---
-High (Red) | Threats often associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines.
-Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
-Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
-Informational (Grey) | Informational alerts are those that might not be considered harmful to the network but might be good to keep track of.
+High (Red) | Alerts commonly seen associated with advanced persistent threats (APT). These alerts indicate a high risk due to the severity of damage they can inflict on machines. Some examples of these are credential theft tools activities, ransomware activities not associated with any group, tampering with security sensors, or any malicious activities indicative of a human adversary.
+Medium (Orange) | Alerts from endpoint detection and response post-breach behaviors that might be a part of an advanced persistent threat (APT). This includes observed behaviors typical of attack stages, anomalous registry change, execution of suspicious files, and so forth. Although some might be part of internal security testing, it requires investigation as it might also be a part of an advanced attack.
+Low (Yellow) | Alerts on threats associated with prevalent malware, hack-tools, non-malware hack tools, such as running exploration commands, clearing logs, etc., that often do not indicate an advanced threat targeting the organization. It could also come from an isolated security tool testing by a user in your organization.
+Informational (Grey) | Alerts that might not be considered harmful to the network but can drive organizational security awareness on potential security issues.
#### Understanding alert severity
It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
index 8d2f79fd76..7dfd283a11 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
@@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
-ms.date: 10/15/2018
ms.reviewer:
manager: dansimp
ms.custom: asr
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 828455927c..f1b9737820 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -101,7 +101,7 @@ The following sections describe each of the 15 attack surface reduction rules. T
[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | 01443614-cd74-433a-b99e-2ecdc07bfc25 | Supported
[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | c1db55ab-c21a-4637-bb3f-a12568109d35 | Supported
[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 | Supported
-[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | d1e49aac-8f56-4280-b9ba-993a6d77406c | Not supported
+[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | d1e49aac-8f56-4280-b9ba-993a6d77406c | Supported
[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | Supported
[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | 26190899-1602-49e8-8b27-eb1d0a1ce869 | Supported
[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c | Supported
@@ -273,9 +273,6 @@ GUID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
This rule blocks processes created through [PsExec](https://docs.microsoft.com/sysinternals/downloads/psexec) and [WMI](https://docs.microsoft.com/windows/win32/wmisdk/about-wmi) from running. Both PsExec and WMI can remotely execute code, so there is a risk of malware abusing this functionality for command and control purposes, or to spread an infection throughout an organization's network.
-> [!IMPORTANT]
-> File and folder exclusions do not apply to this attack surface reduction rule.
-
> [!WARNING]
> Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr) because this rule blocks WMI commands the Configuration Manager client uses to function correctly.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
index d40085138f..06bd8455af 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
@@ -25,7 +25,7 @@ ms.topic: conceptual
>[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
-Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects the collective security configuration state of your machines across the following categories:
+Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your machines across the following categories:
- Application
- Operating system
@@ -33,7 +33,7 @@ Your Configuration score is visible in the [Threat & Vulnerability Management da
- Accounts
- Security controls
-A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks.
+Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
## How it works
@@ -43,35 +43,31 @@ A higher configuration score means your endpoints are more resilient from cybers
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
-- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction) by remediating the misconfiguration
+- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
- Collect and monitor changes of security control configuration state from all assets
-From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
-
## Improve your security configuration
-You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
+You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
-1. From the Configuration score card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md), select **Security controls**. The [**Security recommendations**](tvm-security-recommendation.md) page opens to shows the list of recommendations related to security controls.
+1. From the Configuration score card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
-3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
+3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
- >.
-
- You will see a confirmation message that the remediation task has been created.
+4. **Submit request**. You will see a confirmation message that the remediation task has been created.
>
-4. Save your CSV file.
+5. Save your CSV file.
-5. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
+6. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
-6. Review the machine **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
+7. Review the **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
@@ -86,17 +82,14 @@ You can improve your security configuration when you remediate issues from the s
## Related topics
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
-- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
-- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
-- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index f810639c75..4654624800 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -38,8 +38,8 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
- Transparent proxy
- Web Proxy Auto-discovery Protocol (WPAD)
-> [!NOTE]
-> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+ > [!NOTE]
+ > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
- Manual static proxy configuration:
- Registry based configuration
@@ -120,6 +120,16 @@ United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.bl
If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+### Log analytics agent requirements
+
+The information below list the proxy and firewall configuration information required to communicate with Log Analytics agent (often referred to as Microsoft Monitoring Agent) for the previous versions of Windows such as Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
+
+|Agent Resource|Ports |Direction |Bypass HTTPS inspection|
+|------|---------|--------|--------|
+|*.ods.opinsights.azure.com |Port 443 |Outbound|Yes |
+|*.oms.opinsights.azure.com |Port 443 |Outbound|Yes |
+|*.blob.core.windows.net |Port 443 |Outbound|Yes |
+
## Microsoft Defender ATP service backend IP range
If your network devices don't support the URLs added to an "allow" list in the prior section, you can use the following information.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index 75e7f8f006..371aa16ecd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -25,7 +25,7 @@ ms.topic: article
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server, version 1803
-- Windows Server, 2019
+- Windows Server, 2019 and later
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
@@ -38,7 +38,7 @@ The service supports the onboarding of the following servers:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server, version 1803
-- Windows Server 2019
+- Windows Server 2019 and later
For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
@@ -113,7 +113,7 @@ The following steps are required to enable this integration:
On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
- [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
-3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings).
+3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](configure-proxy-internet.md).
Once completed, you should see onboarded servers in the portal within an hour.
@@ -153,11 +153,13 @@ Support for Windows Server, version 1803 and Windows 2019 provides deeper insigh
b. Run the following PowerShell command to verify that the passive mode was configured:
- ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
+ ```PowerShell
+ Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}
+ ```
c. Confirm that a recent event containing the passive mode event is found:
- 
+ 
3. Run the following command to check if Windows Defender AV is installed:
@@ -172,8 +174,8 @@ Microsoft Defender ATP integrates with Azure Security Center to provide a compre
The following capabilities are included in this integration:
- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
-> [!NOTE]
-> Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
+ > [!NOTE]
+ > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016.
- Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-expand.png b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-expand.png
new file mode 100644
index 0000000000..7ef27c4d87
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-expand.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example-2.png b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example-2.png
new file mode 100644
index 0000000000..f72fa6a68d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example-2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example.PNG
deleted file mode 100644
index 57337cd9ab..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/advanced-hunting-query-example.PNG and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cve-detection-logic.png b/windows/security/threat-protection/microsoft-defender-atp/images/cve-detection-logic.png
new file mode 100644
index 0000000000..f3fabfe3ba
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cve-detection-logic.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/eos-upcoming-eos.png b/windows/security/threat-protection/microsoft-defender-atp/images/eos-upcoming-eos.png
new file mode 100644
index 0000000000..270a3502c5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/eos-upcoming-eos.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/remediation_swupdatefilter.png b/windows/security/threat-protection/microsoft-defender-atp/images/remediation_swupdatefilter.png
deleted file mode 100644
index a0f5f3e295..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/remediation_swupdatefilter.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/software-drilldown-eos.png b/windows/security/threat-protection/microsoft-defender-atp/images/software-drilldown-eos.png
new file mode 100644
index 0000000000..b3893cd5ec
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/software-drilldown-eos.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-discovered-vulnerabilities.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-discovered-vulnerabilities.png
new file mode 100644
index 0000000000..4659dcc51f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-discovered-vulnerabilities.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software.png
deleted file mode 100644
index 3ef800afac..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software500.png
new file mode 100644
index 0000000000..d78ed19c8d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software500.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weaknesses-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weaknesses-overview.png
new file mode 100644
index 0000000000..dc677108ac
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-weaknesses-overview.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_flyout.png
deleted file mode 100644
index 7d83e1545d..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_flyout.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machineslist.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machineslist.png
deleted file mode 100644
index ea9e800b94..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_machineslist.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_request_remediation.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm_request_remediation.png
deleted file mode 100644
index ec4fa8bc44..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm_request_remediation.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/version-eos-date.png b/windows/security/threat-protection/microsoft-defender-atp/images/version-eos-date.png
new file mode 100644
index 0000000000..731fa3bcf4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/version-eos-date.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/windows-server-drilldown.png b/windows/security/threat-protection/microsoft-defender-atp/images/windows-server-drilldown.png
new file mode 100644
index 0000000000..72a97b7f26
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/windows-server-drilldown.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
new file mode 100644
index 0000000000..ef0797f456
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
@@ -0,0 +1,118 @@
+---
+title: Configure and validate exclusions for Microsoft Defender ATP for Linux
+description: Provide and validate exclusions for Microsoft Defender ATP for Linux. Exclusions can be set for files, folders, and processes.
+keywords: microsoft, defender, atp, linux, exclusions, scans, antivirus
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Configure and validate exclusions for Microsoft Defender ATP for Linux
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
+
+This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring.
+
+> [!IMPORTANT]
+> The exclusions described in this article don't apply to other Microsoft Defender ATP for Linux capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
+
+You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender ATP for Linux scans.
+
+Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Microsoft Defender ATP for Linux.
+
+> [!WARNING]
+> Defining exclusions lowers the protection offered by Microsoft Defender ATP for Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
+
+## Supported exclusion types
+
+The follow table shows the exclusion types supported by Microsoft Defender ATP for Linux.
+
+Exclusion | Definition | Examples
+---|---|---
+File extension | All files with the extension, anywhere on the machine | `.test`
+File | A specific file identified by the full path | `/var/log/test.log`
`/var/log/*.log`
`/var/log/install.?.log`
+Folder | All files under the specified folder | `/var/log/`
`/var/*/`
+Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`
`cat`
`c?t`
+
+File, folder, and process exclusions support the following wildcards:
+
+Wildcard | Description | Example | Matches
+---|---|---|---
+\* | Matches any number of any characters including none | `/var/\*/\*.log` | `/var/log/system.log`
+? | Matches any single character | `file?.log` | `file1.log`
`file2.log`
+
+## How to configure the list of exclusions
+
+### From the management console
+
+For more information on how to configure exclusions from Puppet, Ansible, or another management console, see [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
+
+### From the command line
+
+Run the following command to see the available switches for managing exclusions:
+
+```bash
+$ mdatp --exclusion
+```
+
+Examples:
+
+- Add an exclusion for a file extension:
+
+ ```bash
+ $ mdatp --exclusion --add-extension .txt
+ Configuration updated successfully
+ ```
+
+- Add an exclusion for a file:
+
+ ```bash
+ $ mdatp --exclusion --add-folder /var/log/dummy.log
+ Configuration updated successfully
+ ```
+
+- Add an exclusion for a folder:
+
+ ```bash
+ $ mdatp --exclusion --add-folder /var/log/
+ Configuration updated successfully
+ ```
+
+- Add an exclusion for a process:
+
+ ```bash
+ $ mdatp --exclusion --add-process cat
+ Configuration updated successfully
+ ```
+
+## Validate exclusions lists with the EICAR test file
+
+You can validate that your exclusion lists are working by using `curl` to download a test file.
+
+In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path.
+
+```bash
+$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
+```
+
+If Microsoft Defender ATP for Linux reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).
+
+If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command:
+
+```bash
+echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt
+```
+
+You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
index b344a91976..373d409cfd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@@ -79,7 +79,7 @@ Download the onboarding package from Microsoft Defender Security Center:
## Create Ansible YAML files
-Create subtask or role files that contribute to an actual task. First create the `copy_onboarding_pkg.yml` file under the `/etc/ansible/roles` directory:
+Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory:
- Copy the onboarding package to all client machines:
@@ -158,7 +158,7 @@ Create subtask or role files that contribute to an actual task. First create the
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
- id: BC528686B50D79E339D3721CEB3E94ADBE1229C
+ id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft yum repository for MDATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
index c2505dae33..0ac647a0b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md
@@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
---
-# Configuring Microsoft Defender ATP for static proxy discovery
+# Configure Microsoft Defender ATP for Linux for static proxy discovery
**Applies to:**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
new file mode 100644
index 0000000000..d34c004a38
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
@@ -0,0 +1,91 @@
+---
+title: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux
+ms.reviewer:
+description: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux
+keywords: microsoft, defender, atp, linux, cloud, connectivity, communication
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
+
+## Run the connectivity test
+
+To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line:
+
+```bash
+$ mdatp --connectivity-test
+```
+
+If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall.
+
+## Troubleshooting steps for environments without proxy or with transparent proxy
+
+To test that a connection is not blocked in an environment without a proxy or with a transparent proxy, run the following command in the terminal:
+
+```bash
+curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+```
+
+The output from this command should be similar to:
+
+```
+OK https://x.cp.wd.microsoft.com/api/report
+OK https://cdn.x.cp.wd.microsoft.com/ping
+```
+
+## Troubleshooting steps for environments with static proxy
+
+> [!WARNING]
+> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used.
+>
+> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception.
+
+If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port:
+
+```bash
+$ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+```
+
+Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands.
+
+To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading `#` is removed to uncomment the following line from `/lib/systemd/system/mdatp.service`:
+
+```bash
+#Environment="HTTPS_PROXY=http://address:port"
+```
+
+Also ensure that the correct static proxy address is filled in to replace `address:port`.
+
+If this file is correct, try running the following command in the terminal to reload Microsoft Defender ATP for Linux and propagate the setting:
+
+```bash
+$ sudo systemctl daemon-reload; sudo systemctl restart mdatp
+```
+
+Upon success, attempt another connectivity test from the command line:
+
+```bash
+$ mdatp --connectivity-test
+```
+
+If the problem persists, contact customer support.
+
+## Resources
+
+- For more information about how to configure the product to use a static proxy, see [Configure Microsoft Defender ATP for static proxy discovery](linux-static-proxy-configuration.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
new file mode 100644
index 0000000000..0982c630fa
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
@@ -0,0 +1,121 @@
+---
+title: Troubleshoot installation issues for Microsoft Defender ATP for Linux
+ms.reviewer:
+description: Troubleshoot installation issues for Microsoft Defender ATP for Linux
+keywords: microsoft, defender, atp, linux, installation
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Troubleshoot installation issues for Microsoft Defender ATP for Linux
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
+
+## Verify if installation succeeded
+
+An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using:
+```bash
+$ sudo journalctl | grep 'microsoft-mdatp' > installation.log
+$ grep 'postinstall end' installation.log
+
+microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
+```
+An output from the previous command with correct date and time of installation indicates success.
+
+Also check the [Client configuration](linux-install-manually.md#client-configuration) to verify the health of the product and detect the EICAR text file.
+
+## Installation failed
+
+Check if the mdatp service is running
+```bash
+$ systemctl status mdatp
+
+● mdatp.service - Microsoft Defender ATP
+ Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
+ Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
+ Main PID: 1966 (wdavdaemon)
+ Tasks: 105 (limit: 4915)
+ CGroup: /system.slice/mdatp.service
+ ├─1966 /opt/microsoft/mdatp/sbin/wdavdaemon
+ ├─1967 /opt/microsoft/mdatp/sbin/wdavdaemon
+ └─1968 /opt/microsoft/mdatp/sbin/wdavdaemon
+```
+
+## Steps to troubleshoot if mdatp service isn't running
+
+1. Check if “mdatp” user exists:
+```bash
+$ id “mdatp”
+```
+If there’s no output, run
+```bash
+$ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
+```
+
+2. Try enabling and restarting the service using:
+```bash
+$ sudo systemctl enable mdatp
+$ sudo systemctl restart mdatp
+```
+
+3. If mdatp.service isn't found upon running the previous command, run
+```bash
+$ sudo cp /opt/microsoft/mdatp/conf/mdatp.service
+
+where is
+/lib/systemd/system for Ubuntu and Debian distributions
+/usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES
+```
+and then rerun step 2.
+
+4. If the above steps don’t work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
+Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
+
+5. Ensure that the daemon has executable permission.
+```bash
+$ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
+
+-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
+```
+If the daemon doesn't have executable permissions, make it executable using:
+```bash
+$ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
+```
+and retry running step 2.
+
+6. Ensure that the file system containing wdavdaemon isn't mounted with “noexec”.
+
+## If mdatp service is running, but EICAR text file detection doesn't work
+
+1. Check the file system type using:
+```bash
+$ findmnt -T
+```
+Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
+
+## Command-line tool “mdatp” isn't working
+
+1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
+```bash
+$ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
+```
+and try again.
+
+If none of the above steps help, collect the diagnostic logs:
+```bash
+$ sudo mdatp --diagnostic --create
+```
+Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
new file mode 100644
index 0000000000..55da60a602
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md
@@ -0,0 +1,82 @@
+---
+title: Troubleshoot performance issues for Microsoft Defender ATP for Linux
+description: Troubleshoot performance issues in Microsoft Defender ATP for Linux.
+keywords: microsoft, defender, atp, linux, performance
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Troubleshoot performance issues for Microsoft Defender ATP for Linux
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md)
+
+This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Linux.
+
+Real-time protection (RTP) is a feature of Microsoft Defender ATP for Linux that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
+
+Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender ATP for Linux. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender ATP for Linux.
+
+The following steps can be used to troubleshoot and mitigate these issues:
+
+1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Linux is contributing to the performance issues.
+
+ If your device is not managed by your organization, real-time protection can be disabled from the command line:
+
+ ```bash
+ $ mdatp --config realTimeProtectionEnabled false
+ ```
+
+ If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
+
+2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux.
+
+ > [!NOTE]
+ > This feature is available in version 100.90.70 or newer.
+
+ This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
+
+ ```bash
+ $ mdatp config real_time_protection_statistics_enabled on
+ ```
+
+ This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
+
+ ```bash
+ $ mdatp health
+ ```
+
+ Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it:
+
+ ```bash
+ $ mdatp --config realTimeProtectionEnabled true
+ ```
+
+ To collect current statistics, run:
+
+ ```bash
+ $ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file
+ ```
+
+ The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md).
+
+ > [!NOTE]
+ > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted.
+
+3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers.
+
+4. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
+
+ See [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md) for details.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
new file mode 100644
index 0000000000..9ebc453a7a
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md
@@ -0,0 +1,27 @@
+---
+title: What's new in Microsoft Defender Advanced Threat Protection for Linux
+description: List of major changes for Microsoft Defender ATP for Linux.
+keywords: microsoft, defender, atp, linux, whatsnew, release
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: security
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# What's new in Microsoft Defender Advanced Threat Protection for Linux
+
+## 100.90.70
+
+- Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types)
+- Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool
+- Improvements to make the package installation more robust
+- Performance improvements & bug fixes
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
index 4a410131e3..7e0983fb5f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md
@@ -41,10 +41,10 @@ The follow table shows the exclusion types supported by Microsoft Defender ATP f
Exclusion | Definition | Examples
---|---|---
-File extension | All files with the extension, anywhere on the machine | .test
-File | A specific file identified by the full path | /var/log/test.log
-Folder | All files under the specified folder | /var/log/
-Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat
+File extension | All files with the extension, anywhere on the machine | `.test`
+File | A specific file identified by the full path | `/var/log/test.log`
+Folder | All files under the specified folder | `/var/log/`
+Process | A specific process (specified either by the full path or file name) and all files opened by it | `/bin/cat`
`cat`
## How to configure the list of exclusions
@@ -64,7 +64,7 @@ Select the type of exclusion that you wish to add and follow the prompts.
You can validate that your exclusion lists are working by using `curl` to download a test file.
-In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path.
+In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path.
```bash
$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
@@ -72,7 +72,7 @@ $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt
If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html).
-If you do not have internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command:
+If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command:
```bash
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index d23525631d..57fde3cc75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -26,6 +26,13 @@ ms.topic: conceptual
>
> If you have previously whitelisted the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
+## 100.90.27
+
+- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender ATP for Mac that is different from the system-wide update channel
+- New product icon
+- Other user experience improvements
+- Bug fixes
+
## 100.86.92
- Improvements around compatibility with Time Machine
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index ae1856f3eb..ed7b91f290 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -122,7 +122,7 @@ It's important to understand the following prerequisites prior to creating indic
>[!IMPORTANT]
> Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
-> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS):
+> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE:
>- IP is supported for all three protocols
>- Encrypted URLs (full path) can only be blocked on first party browsers
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index 38477041ca..14e534cd2c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -70,6 +70,8 @@ In general you need to take the following steps:
- [Deploy using Puppet configuration management tool](linux-install-with-puppet.md)
- [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
+If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender ATP for Linux](linux-support-install.md).
+
### System requirements
- Supported Linux server distributions and versions:
@@ -103,10 +105,10 @@ The following table lists the services and their associated URLs that your netwo
| Service location | DNS record |
| ---------------------------------------- | ----------------------- |
-| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
*.blob.core.windows.net
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com |
-| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com |
-| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com |
-| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com |
+| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com |
+| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com
usseu1northprod.blob.core.windows.net
usseu1westprod.blob.core.windows.net |
+| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com
ussuk1southprod.blob.core.windows.net
ussuk1westprod.blob.core.windows.net |
+| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net
ussus1westprod.blob.core.windows.net |
> [!NOTE]
> For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server)
@@ -117,25 +119,7 @@ Microsoft Defender ATP can discover a proxy server by using the following discov
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
-## Validating cloud connectivity
-
-To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
-
-If you prefer the command line, you can also check the connection by running the following command in Terminal:
-
-```bash
-$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
-```
-
-The output from this command should be similar to the following:
-
-> `OK https://x.cp.wd.microsoft.com/api/report`
-> `OK https://cdn.x.cp.wd.microsoft.com/ping`
-
-Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal:
-```bash
-$ mdatp --connectivity-test
-```
+For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page.
## How to update Microsoft Defender ATP for Linux
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
index fa9b382efb..d5135bbd1c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md
@@ -73,10 +73,10 @@ The following table lists the services and their associated URLs that your netwo
| Service location | DNS record |
| ---------------------------------------- | ----------------------- |
-| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
*.blob.core.windows.net
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com |
-| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com |
-| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com |
-| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com |
+| Common URLs for all locations | x.cp.wd.microsoft.com
cdn.x.cp.wd.microsoft.com
eu-cdn.x.cp.wd.microsoft.com
wu-cdn.x.cp.wd.microsoft.com
officecdn-microsoft-com.akamaized.net
crl.microsoft.com
events.data.microsoft.com |
+| European Union | europe.x.cp.wd.microsoft.com
eu-v20.events.data.microsoft.com
usseu1northprod.blob.core.windows.net
usseu1westprod.blob.core.windows.net |
+| United Kingdom | unitedkingdom.x.cp.wd.microsoft.com
uk-v20.events.data.microsoft.com
ussuk1southprod.blob.core.windows.net
ussuk1westprod.blob.core.windows.net |
+| United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net
ussus1westprod.blob.core.windows.net |
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Web Proxy Auto-discovery Protocol (WPAD)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 0f48e4e5e4..6b17eb0031 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -96,7 +96,7 @@ Ensure that your machines:
## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
@@ -104,10 +104,6 @@ Ensure that your machines:
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
-- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
-- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
-- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
-- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
- [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index 800d493402..5ac688bcec 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -28,23 +28,23 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink).
Microsoft Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions.
->[!IMPORTANT]
->This capability is currently in preview. You'll need to turn on the preview features to take advantage of this feature. For more information, see [Preview features](preview.md).
+> [!IMPORTANT]
+> This capability is currently in preview. You'll need to turn on the preview features to take advantage of this feature. For more information, see [Preview features](preview.md).
To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
- Configure and update System Center Endpoint Protection clients.
- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP as instructed below.
->[!TIP]
+> [!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
## Configure and update System Center Endpoint Protection clients
->[!IMPORTANT]
->This step is required only if your organization uses System Center Endpoint Protection (SCEP).
+> [!IMPORTANT]
+> This step is required only if your organization uses System Center Endpoint Protection (SCEP).
Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
@@ -59,16 +59,16 @@ The following steps are required to enable this integration:
Review the following details to verify minimum system requirements:
- Install the [February 2018 monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
- >[!NOTE]
- >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
+ > [!NOTE]
+ > Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
- Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
- Install either [.NET framework 4.5](https://www.microsoft.com/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
- >[!NOTE]
- >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
- >Don't install .NET framework 4.0.x, since it will negate the above installation.
+ > [!NOTE]
+ > Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
+ > Don't install .NET Framework 4.0.x, since it will negate the above installation.
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
@@ -93,29 +93,10 @@ Once completed, you should see onboarded endpoints in the portal within an hour.
### Configure proxy and Internet connectivity settings
- Each Windows endpoint must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-gateway).
-- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Microsoft Defender ATP service:
-
-Agent Resource | Ports
-:---|:---
-| *.oms.opinsights.azure.com | 443 |
-| *.blob.core.windows.net | 443 |
-| *.azure-automation.net | 443 |
-| *.ods.opinsights.azure.com | 443 |
-| winatp-gw-cus.microsoft.com | 443 |
-| winatp-gw-eus.microsoft.com | 443 |
-| winatp-gw-neu.microsoft.com | 443 |
-| winatp-gw-weu.microsoft.com | 443 |
-|winatp-gw-uks.microsoft.com | 443 |
-|winatp-gw-ukw.microsoft.com | 443 |
-
+- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that you [enable access to Microsoft Defender ATP service URLs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
## Offboard client endpoints
To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Microsoft Defender ATP.
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink)
-
-
-
-
-
+> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevele-belowfoldlink).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
index 2e8bae4127..3b7f738894 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md
@@ -1,5 +1,5 @@
---
-title: Onboard to the Micrsoft Defender ATP service
+title: Onboard to the Microsoft Defender ATP service
description:
keywords:
search.product: eADQiWindows 10XVcnh
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Onboard to the Micrsoft Defender ATP service
+# Onboard to the Microsoft Defender ATP service
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@@ -34,7 +34,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
-
Phase 2: Setup
+
Phase 2: Set up
|
@@ -184,11 +184,11 @@ Before the systems can be onboarded into the workspace, the deployment scripts n
Edit the InstallMMA.cmd with a text editor, such as notepad and update the
following lines and save the file:
- 
+ 
Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file:
- 
+ 
Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating
Systems:
@@ -257,15 +257,15 @@ MMA for enrollment into the workspace.
9. Set Run to **Hidden**.
-10. Set **Program can run** to **Whether or not a user is logged on**.
+10. Set **Program can run** to **Whether or not a user is logged on**.
-11. Click **Next**.
+11. Click **Next**.
-12. Set the **Maximum allowed run time** to 720.
+12. Set the **Maximum allowed run time** to 720.
-13. Click **Next**.
+13. Click **Next**.
- 
+ 
14. Verify the configuration, then click **Next**.
@@ -275,12 +275,12 @@ MMA for enrollment into the workspace.
16. Click **Close**.
-17. In the Microsoft Endpoint Configuration Manager console, right-click the Microsoft Defender ATP
+17. In the Microsoft Endpoint Configuration Manager console, right-click the Microsoft Defender ATP
Onboarding Package just created and select **Deploy**.
18. On the right panel select the appropriate collection.
-19. Click **OK**.
+19. Click **OK**.
## Next generation protection
Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
@@ -318,7 +318,7 @@ needs on how Antivirus is configured.
-3. Right-click on the newly created antimalware policy and select **Deploy** .
+3. Right-click on the newly created antimalware policy and select **Deploy**.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
index 4c4cf5edcf..261734d68b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
@@ -32,12 +32,10 @@ Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously col
The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
-## In this section
-Topic | Description
-:---|:---
-[Security operations dashboard](security-operations-dashboard.md) | Explore a high level overview of detections, highlighting where response actions are needed.
-[Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) | View and organize the incidents queue, and manage and investigate alerts.
-[Alerts queue](alerts-queue.md) | View and organize the machine alerts queue, and manage and investigate alerts.
-[Machines list](machines-view-overview.md) | Investigate machines with generated alerts and search for specific events over time.
-[Take response actions](response-actions.md) | Learn about the available response actions and apply them to machines and files.
+## Related topics
+- [Security operations dashboard](security-operations-dashboard.md)
+- [Incidents queue](view-incidents-queue.md)
+- [Alerts queue](alerts-queue.md)
+- [Machines list](machines-view-overview.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
index bf5f352335..2436a0642e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -38,7 +38,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
|
-
Phase 2: Setup
+
Phase 2: Set up
|
@@ -180,5 +180,5 @@ how the endpoint security suite should be enabled.
## Next step
|||
|:-------|:-----|
-|
[Phase 2: Setup](production-deployment.md) | Setup Microsoft Defender ATP deployment
+|
[Phase 2: Setup](production-deployment.md) | Set up Microsoft Defender ATP deployment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
index 5ee99f304a..4fabe73b03 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -1,5 +1,5 @@
---
-title: Setup Microsoft Defender ATP deployment
+title: Set up Microsoft Defender ATP deployment
description:
keywords:
search.product: eADQiWindows 10XVcnh
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Setup Microsoft Defender ATP deployment
+# Set up Microsoft Defender ATP deployment
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@@ -36,7 +36,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
|
-
Phase 2: Setup
+
Phase 2: Set up
|
@@ -48,7 +48,7 @@ Deploying Microsoft Defender ATP is a three-phase process:
-You are currently in the setup phase.
+You are currently in the set up phase.
In this deployment scenario, you'll be guided through the steps on:
- Licensing validation
@@ -69,9 +69,9 @@ Checking for the license state and whether it got properly provisioned, can be d
1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
- - On the screen you will see all the provisioned licenses and their current **Status**.
+ On the screen you will see all the provisioned licenses and their current **Status**.
- 
+ 
## Cloud Service Provider validation
@@ -88,7 +88,7 @@ To gain access into which licenses are provisioned to your company, and to check
## Tenant Configuration
-When accessing [Microsoft Defender Security Center](https://securitycenter.windows.com/) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client machine.
+When accessing [Microsoft Defender Security Center](https://securitycenter.windows.com/) for the first time there will be a set up wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client machine.
1. From a web browser, navigate to .
@@ -103,7 +103,7 @@ When accessing [Microsoft Defender Security Center](https://securitycenter.windo
4. Set up preferences.
- **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU or UK. You cannot change the location after this setup and Microsoft will not transfer the data from the specified geolocation.
+ **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation.
**Data retention** - The default is 6 months.
@@ -160,11 +160,8 @@ services if a computer is not permitted to connect to the Internet. The static
proxy is configurable through Group Policy (GP). The group policy can be found
under:
-- Administrative Templates \> Windows Components \> Data Collection and
- Preview Builds \> Configure Authenticated Proxy usage for the Connected User
- Experience and Telemetry Service
-
- - Set it to **Enabled** and select **Disable Authenticated Proxy usage**
+ - Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service
+ - Set it to **Enabled** and select **Disable Authenticated Proxy usage**
1. Open the Group Policy Management Console.
2. Create a policy or edit an existing policy based off the organizational practices.
@@ -261,4 +258,4 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
## Next step
|||
|:-------|:-----|
-|
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them
\ No newline at end of file
+|
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index f31d2e82a4..8464786570 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -27,6 +27,16 @@ ms.topic: article
[!include[Prerelease information](../../includes/prerelease.md)]
+## APIs
+
+Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
+
+- [Machine APIs](machine.md)
+- [Recommendation APIs](vulnerability.md)
+- [Score APIs](score.md)
+- [Software APIs](software.md)
+- [Vulnerability APIs](vulnerability.md)
+
## Use advanced hunting query to search for machines with High active alerts or critical CVE public exploit
1. Go to **Advanced hunting** from the left-hand navigation pane of the Microsoft Defender Security Center.
@@ -67,18 +77,24 @@ To find software or software versions which have reached end-of-support:
+### List of versions and dates
+
+To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps:
+
+1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected.
+
+ 
+
+2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
+
+ 
+
+3. Select one of the versions in the table to open. For example, version 3.5.2150.0. A flyout will appear with the end of support date.
+
+
+
After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
-## Use APIs
-
-Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
-
-- [Machine APIs](machine.md)
-- [Recommendation APIs](vulnerability.md)
-- [Score APIs](score.md)
-- [Software APIs](software.md)
-- [Vulnerability APIs](vulnerability.md)
-
## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
index 8e21eddb4d..d415db238d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
@@ -52,5 +52,14 @@ If while trying to take an action during a live response session, you encounter
4. Navigate to your TEMP folder.
5. Run the action you wanted to take on the copied file.
+## Slow live response sessions or delays during initial connections
+Live response leverages Microsoft Defender ATP sensor registration with WNS service in Windows.
+If you are having connectivity issues with live response, please confirm the following:
+1. `notify.windows.com` is not blocked in your environment. For more information see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+2. WpnService (Windows Push Notifications System Service) is not disabled.
+Please refer to the articles below to fully understand the WpnService service behavior and requirements:
+- [Windows Push Notification Services (WNS) overview](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview)
+- [Enterprise Firewall and Proxy Configurations to Support WNS Traffic](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config)
+- [Microsoft Push Notifications Service (MPNS) Public IP ranges](https://www.microsoft.com/en-us/download/details.aspx?id=44535)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 839193db64..e35d189282 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -85,8 +85,8 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
## Related topics
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
@@ -94,4 +94,5 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index f245ad4692..3078eee09f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -70,21 +70,16 @@ To lower your threat and vulnerability exposure, follow these steps.
6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
-
## Related topics
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Recommendation APIs](vulnerability.md)
-- [Machine APIs](machine.md)
-- [Score APIs](score.md)
-- [Software APIs](software.md)
-- [Vulnerability APIs](vulnerability.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index 6162539530..7dfa480444 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -26,61 +26,32 @@ ms.topic: conceptual
>[!NOTE]
>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
-After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
+After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
-## How remediation requests work
+## Navigate to the Remediation page
-When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
-
-The dashboard will show the status of your top remediation activities. Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
-
-## Accessing the remediation page
-
-You can access the remediation page in a few places in the portal:
-
-- Security recommendations flyout panel
-- Navigation menu
-- Top remediation activities in the dashboard
-
-### Security recommendation flyout page
-
-You'll see remediation options when you select one of the security recommendations in the [Security recommendations page](tvm-security-recommendation.md).
-
-1. From the flyout panel, you'll see the security recommendation details including next steps. Select **Remediation options**.
-2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**.
-3. Select a remediation due date.
-4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance.
-
->[!NOTE]
->If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.
-
-If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
+You can access the remediation page though the navigation menu, and top remediation activities in the dashboard.
### Navigation menu
-1. Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization.
-
- To see software which has reached end-of-support, select **Software uninstall** from the **Remediation type** filter. For specific software versions which have reached end-of-support, select **Software update** from the **Remediation type** filter. Select **In progress** then **Apply**.
-
-
-2. Select the remediation activity that you want to view.
+Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. Select the remediation activity that you want to view.
### Top remediation activities in the dashboard
-1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** card. The list is sorted and prioritized based on what is listed in the **Top security recommendations**.
-2. Select the remediation activity that you want to view.
+View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
+## Remediation activities
-## Exception options
+When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
+
+## Exceptions
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
-When you select a [security recommendation](tvm-security-recommendation.md), it opens a flyout screen with details and options for your next steps. Select **Exception options** to fill out the justification and context.
-
-
+[File for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md).
### Exception justification
@@ -131,18 +102,14 @@ The exception impact shows on both the Security recommendations page column and
## Related topics
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
-- [Security recommendation](tvm-security-recommendation.md)
+- [Security recommendations](tvm-security-recommendation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Recommendation APIs](vulnerability.md)
-- [Machine APIs](machine.md)
-- [Score APIs](score.md)
-- [Software APIs](software.md)
-- [Vulnerability APIs](vulnerability.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index d28353f90b..683aa6e7a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
[!include[Prerelease information](../../includes/prerelease.md)]
-Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendation helps shorten the time to mitigate or remediate vulnerabilities and drive compliance.
+Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance.
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
@@ -43,7 +43,11 @@ Each machine in the organization is scored based on three important factors to h
## Navigate to security recommendations
-You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page.
+You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management navigation menu, dashboard, software page, and machine page.
+
+### Navigation menu
+
+Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
### Top security recommendations in the Threat & Vulnerability Management dashboard
@@ -53,21 +57,17 @@ In a given day as a Security Administrator, you can take a look at the [Threat &
The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
-### Navigation menu
-
-Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
-
## Security recommendations overview
-You will be able to view the recommendation, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
+View recommendations, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
-The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what's on the left, which means an increase or decrease at the end of even a single machine will change the graph's color.
+The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green.
### Icons
-Useful icons also quickly calls your attention to -  possible active alerts
-  associated public exploits
-  recommendation insights
+Useful icons also quickly calls your attention to: -  possible active alerts
-  associated public exploits
-  recommendation insights
### Investigate
@@ -77,22 +77,22 @@ Select the security recommendation that you want to investigate or process.
From the flyout, you can do any of the following:
-- **Open software page** - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-life, and charts so you can see the exposure trend over time.
+- **Open software page** - Open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-support, and charts of the exposure trend over time.
- **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
-- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive.
+- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet.
>[!NOTE]
>When a change is made on a machine, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
## Request remediation
-The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT Administrators through the remediation request workflow. Security Administrators like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
+The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
### Enable Microsoft Intune connection
-To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
+To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**.
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
@@ -106,16 +106,18 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT
4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request.
+If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
+
>[!NOTE]
>If your request involves remediating more than 10,000 machines, we can only send 10,000 machines for remediation to Intune.
## File for exception
-With Threat & Vulnerability Management, you can create exceptions for recommendations, as an alternative to a remediation request.
+As an alternative to a remediation request, you can create exceptions for recommendations.
There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
-Exceptions can be created for both *Security update* and *Configuration change* recommendations.
+Exceptions can be created for both Security update and Configuration change recommendations.
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
@@ -127,10 +129,8 @@ When an exception is created for a recommendation, the recommendation is no long
> 
3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
-
-4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past).
-
+4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past).
## Report inaccuracy
@@ -149,21 +149,16 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
-
## Related topics
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
-- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
-- [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Recommendation APIs](vulnerability.md)
-- [Machine APIs](machine.md)
-- [Score APIs](score.md)
-- [Software APIs](software.md)
-- [Vulnerability APIs](vulnerability.md)
+- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index d9198f7ccc..d7cad2e5aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -45,7 +45,8 @@ Some of the above prerequisites might be different from the [Minimum requirement
## Related topics
-- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
+- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Security recommendations](tvm-security-recommendation.md)
@@ -53,4 +54,5 @@ Some of the above prerequisites might be different from the [Minimum requirement
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
+- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index de5dd35eec..37bfee2589 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -8,20 +8,20 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
+ms.author: ellevin
+author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 10/31/2019
---
# Weaknesses
+
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
@@ -29,6 +29,13 @@ Threat & Vulnerability Management leverages the same signals in Microsoft Defend
The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights.
+You can access the list of vulnerabilities in a few places in the portal:
+
+- Global search
+- Weaknesses option in the navigation menu
+- Top vulnerable software widget in the dashboard
+- Discovered vulnerabilities page in the machine page
+
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
@@ -36,80 +43,76 @@ The **Weaknesses** page lists down the vulnerabilities found in the infected sof
>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
+## Navigate to the Weaknesses page
-## Navigate through your organization's weaknesses page
-You can access the list of vulnerabilities in a few places in the portal:
-- Global search
-- Weaknesses option in the navigation menu
-- Top vulnerable software widget in the dashboard
-- Discovered vulnerabilities page in the machine page
+When new vulnerabilities are released, you can find out how many of your assets are exposed in the **Weaknesses** page of the Threat & Vulnerability Management navigation menu. If the **Exposed Machines** column shows 0, that means you are not at risk. If exposed machines exist, the next step is to remediate the vulnerabilities in those machines to reduce the risk to your assets and organization.
-*Vulnerabilities in global search*
-1. Click the global search drop-down menu.
-2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then click the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
-
-3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
+
- > [!NOTE]
- > To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
+### Breach and threat insights
-*Weaknesses page in the menu*
-1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization.
-2. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, dates when it was published and updated, related software, exploit kits available, vulnerability type, link to useful reference, and number of exposed machines which users can also export.
-
+You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
-*Top vulnerable software widget in the dashboard*
-1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
-
-2. Click the software that you want to investigate and it takes you to the software page. You will see the weaknesses found in your machine per severity level, in which machines are they installed, version distribution, and the corresponding security recommendation.
-3. Select the **Discovered vulnerabilities** tab.
-4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
-
-*Discovered vulnerabilities in the machine page*
-1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens.
-
-2. In the **Machines list** page, select the machine that you want to investigate.
-
-
A flyout pane opens with machine details and response action options.
-
-3. In the flyout pane, select **Open machine page**. A page opens with details and response options for the machine you want to investigate.
-
-4. Select **Discovered vulnerabilities**.
-5. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
-
-## How it works
-When new vulnerabilities are released, you would want to know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the **Weaknesses** page.
-
-If the **Exposed Machines** column shows 0, that means you are not at risk.
-
-If exposed machines exist, that means you need to remediate the vulnerabilities in those machines because they put the rest of your assets and your organization at risk.
-
-You can also see the related alert and threat insights in the **Threat** column.
-
-The breach insights icon is highlighted if there is a vulnerability found in your organization. Prioritize an investigation because it means there might be a breach in your organization.
+ >[!NOTE]
+ > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon and breach insight  icon.
+The breach insights icon is highlighted if there is a vulnerability found in your organization.
-The threat insights icons are highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has zero-day exploitation news, disclosures, or related security advisories.
+The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories.
- >[!NOTE]
- > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon and breach insight  icon.
+
+## Vulnerabilities in global search
+
+1. Go to the global search drop-down menu.
+2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
+
+3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
+
+To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
+
+## Top vulnerable software in the dashboard
+
+1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
+
+2. Select the software that you want to investigate to go a drill down page.
+3. Select the **Discovered vulnerabilities** tab.
+4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
+
+
+
+## Discover vulnerabilities in the machine page
+
+1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens.
+2. In the **Machines list** page, select the machine name that you want to investigate.
+
+3. The machine page will open with details and response options for the machine you want to investigate.
+4. Select **Discovered vulnerabilities**.
+
+5. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.
+
+### CVE Detection logic
+
+Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source.
+
+
+
## Report inaccuracy
You can report a false positive when you see any vague, inaccurate, missing, or already remediated vulnerability information in the machine page.
-1. Select the **Discovered vulnerabilities** tab.
+1. Select the **Discovered vulnerabilities** tab.
-2. Click **:** beside the vulnerability that you want to report about, and then select **Report inaccuracy**.
+2. Click **:** beside the vulnerability that you want to report about, and then select **Report inaccuracy**.
A flyout pane opens.
-3. From the flyout pane, select the inaccuracy category from the **Discovered vulnerability inaccuracy reason** drop-down menu.
+3. From the flyout pane, select the inaccuracy category from the **Discovered vulnerability inaccuracy reason** drop-down menu.
4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.
@@ -117,11 +120,10 @@ You can report a false positive when you see any vague, inaccurate, missing, or
5. Include your machine name for investigation context.
> [!NOTE]
- > You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context.
+ > You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context.
6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
-
## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index e55dfe29c0..a2a976d975 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -79,7 +79,8 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
7. Apply the configuration settings.
-After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created.
+> [!IMPORTANT]
+> After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created.
## Edit roles
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
index accf7f1ab2..07e009dc0e 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
@@ -28,6 +28,9 @@ Describes the best practices, location, values, management, and security conside
Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver (screen saver should be active on the destination machine). You can activate the screen saver by enabling the Group Policy **User Configuration\Administrative Templates\Control Panel\Personalization\Enable screen saver**. This policy setting allows you to control the locking time by using Group Policy.
+> [!NOTE]
+> If the **Interactive logon: Machine inactivity limit** security policy setting is configured, the device locks not only when inactive time exceeds the inactivity limit, but also when the screensaver activates or when the display turns off because of power settings.
+
### Possible values
The automatic lock of the device is set in elapsed seconds of inactivity, which can range from zero (0) to 599,940 seconds (166.65 hours).
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 10c52c2aba..bc096eac9e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -36,7 +36,7 @@ This article describes how to configure exclusion lists for the files and folde
Exclusion | Examples | Exclusion list
---|---|---
-Any file with a specific extension | All files with the `.test` extension, anywhere on the machine | Extension exclusions
+Any file with a specific extension | All files with the specified extension, anywhere on the machine.
Valid syntax: `.test` and `test` | Extension exclusions
Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions
A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions
A specific process | The executable file `c:\test\process.exe` | File and folder exclusions
@@ -292,4 +292,4 @@ You can also copy the string into a blank text file and attempt to save it with
- [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md)
- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
-- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)
\ No newline at end of file
+- [Configure Windows Defender Antivirus exclusions on Windows Server](configure-server-exclusions-windows-defender-antivirus.md)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index be5477b03f..a487d96a32 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
-ms.date: 01/09/2020
ms.reviewer:
manager: dansimp
ms.custom: nextgen
@@ -40,7 +39,7 @@ This article describes how to specify from where updates should be downloaded (t
## Fallback order
-Typically, you configure endpoints to individually download updates from a primary source followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used.
+Typically, you configure endpoints to individually download updates from a primary source followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used immediately.
When updates are published, some logic is applied to minimize the size of the update. In most cases, only the differences between the latest update and the update that is currently installed (this is referred to as the delta) on the device is downloaded and applied. However, the size of the delta depends on two main factors:
- The age of the last update on the device; and
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
index 5184c72aca..d444eaedc1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@@ -50,6 +50,7 @@ Only the main version is listed in the following table as reference information:
Month | Platform/Client | Engine
---|---|---
+Mar-2020 | 4.18.2003.x| 1.1.16900.x
Feb-2020 | - | 1.1.16800.x
Jan-2020 | 4.18.2001.x | 1.1.16700.x
Dec-2019 | - | - |
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 33827edea0..e09392cea5 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
-ms.reviewer:
+ms.reviewer:
manager: dansimp
---
@@ -25,13 +25,13 @@ manager: dansimp
## Overview
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
-- When endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, Windows Defender Antivirus automatically goes into disabled mode.
-- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real time protection and and threats are not remediated by Windows Defender Antivirus.)
+- When endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, Windows Defender Antivirus automatically goes into disabled mode.
+- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real time protection and threats are not remediated by Windows Defender Antivirus.)
- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [shadow protection (currently in private preview)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/shadow-protection), then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack.
## Antivirus and Microsoft Defender ATP
-The following table summarizes what happens with Windows Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP.
+The following table summarizes what happens with Windows Defender Antivirus when third-party antivirus products are used together or without Microsoft Defender ATP.
| Windows version | Antimalware protection offered by | Organization enrolled in Microsoft Defender ATP | Windows Defender Antivirus state |
@@ -47,19 +47,19 @@ The following table summarizes what happens with Windows Defender Antivirus when
(1) On Windows Server 2016 or 2019, Windows Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product. If you install a third-party antivirus product, you should [consider uninstalling Windows Defender Antivirus on Windows Server 2016 or 2019](windows-defender-antivirus-on-windows-server-2016.md#need-to-uninstall-windows-defender-antivirus) to prevent problems caused by having multiple antivirus products installed on a machine.
-If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
-- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
-- Name: ForceDefenderPassiveMode
+If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
+- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
+- Name: ForceDefenderPassiveMode
- Value: 1
See [Windows Defender Antivirus on Windows Server 2016 and 2019](windows-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.
->[!IMPORTANT]
->Windows Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019.
->
->In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager.
->
->Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
+> [!IMPORTANT]
+> Windows Defender Antivirus is only available on endpoints running Windows 10, Windows Server 2016, and Windows Server 2019.
+>
+> In Windows 8.1 and Windows Server 2012, enterprise-level endpoint antivirus protection is offered as [System Center Endpoint Protection](https://technet.microsoft.com/library/hh508760.aspx), which is managed through Microsoft Endpoint Configuration Manager.
+>
+> Windows Defender is also offered for [consumer devices on Windows 8.1 and Windows Server 2012](https://technet.microsoft.com/library/dn344918#BKMK_WindowsDefender), although it does not provide enterprise-level management (or an interface on Windows Server 2012 Server Core installations).
## Functionality and features available in each state
@@ -79,17 +79,17 @@ The following table summarizes the functionality and features that are available
## Keep the following points in mind
-If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
+If you are enrolled in Microsoft Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender Antivirus service](../microsoft-defender-atp/defender-compatibility.md) in order to properly monitor your devices and network for intrusion attempts and attacks.
When Windows Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
-
+
In passive and automatic disabled mode, you can still [manage updates for Windows Defender Antivirus](manage-updates-baselines-windows-defender-antivirus.md); however, you can't move Windows Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
If you uninstall the other product, and choose to use Windows Defender Antivirus to provide protection to your endpoints, Windows Defender Antivirus will automatically return to its normal active mode.
->[!WARNING]
->You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](windows-defender-security-center-antivirus.md).
-
+> [!WARNING]
+> You should not attempt to disable, stop, or modify any of the associated services used by Windows Defender Antivirus, Microsoft Defender ATP, or the Windows Security app. This includes the *wscsvc*, *SecurityHealthService*, *MsSense*, *Sense*, *WinDefend*, or *MsMpEng* services and process. Manually modifying these services can cause severe instability on your endpoints and open your network to infections and attacks. It can also cause problems when using third-party antivirus apps and how their information is displayed in the [Windows Security app](windows-defender-security-center-antivirus.md).
+
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
index e153eda8b0..b7d7885b7f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@@ -81,6 +81,9 @@ The following are examples of scenarios in which AppLocker can be used:
- Some computers in your organization are shared by people who have different software usage needs, and you need to protect specific apps.
- In addition to other measures, you need to control the access to sensitive data through app usage.
+> [!NOTE]
+> AppLocker is a defense-in-depth security feature and **not** a [security boundary](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](https://www.microsoft.com/msrc/windows-security-servicing-criteria) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+
AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
## Installing AppLocker
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 9e6f941382..e07be3cc57 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -27,7 +27,7 @@ ms.date: 02/28/2018
- Windows 10
- Windows Server 2016
-As you deploy Windows Defender Application Control (WDAC) (also part of Windows Defender Device Guard), you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate or an internal CA. If you have purchased a code signing certificate, you can skip this topic and instead follow other topics listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this, you will either need a publicly issued code signing certificate or an internal CA. If you have purchased a code signing certificate, you can skip this topic and instead follow other topics listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
If you have an internal CA, complete these steps to create a code signing certificate.
Only RSA algorithm is supported for the code signing certificate, and signatures must be PKCS 1.5 padded.
@@ -98,7 +98,7 @@ Now that the template is available to be issued, you must request one from the c
>[!NOTE]
>If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client.
-This certificate must be installed in the user’s personal store on the computer that will be signing the catalog files and code integrity policies. If the signing is going to be taking place on the computer on which you just requested the certificate, exporting the certificate to a .pfx file will not be required because it already exists in your personal store. If you are signing on another computer, you will need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps:
+This certificate must be installed in the user's personal store on the computer that will be signing the catalog files and code integrity policies. If the signing is going to be taking place on the computer on which you just requested the certificate, exporting the certificate to a .pfx file will not be required because it already exists in your personal store. If you are signing on another computer, you will need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps:
1. Right-click the certificate, point to **All Tasks**, and then click **Export**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 484dd83dc0..1ea8df15e9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -81,7 +81,7 @@ To create a catalog file, you use a tool called **Package Inspector**. You must
`PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName`
>[!NOTE]
->Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values.
+>Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries' hash values.
When finished, the files will be saved to your desktop. You can double-click the \*.cat file to see its contents, and you can view the \*.cdf file with a text editor.
@@ -95,16 +95,16 @@ Packages can fail for the following reasons:
- To diagnose whether USN journal size is the issue, after running through Package Inspector, click Start > install app > PackageInspector stop
- Get the value of the reg key at HKEY\_CURRENT\_USER/PackageInspectorRegistryKey/c: (this was the most recent USN when you ran PackageInspector start)
- `fsutil usn readjournal C: startusn=RegKeyValue > inspectedusn.txt`
- - ReadJournal command should throw an error if the older USNs don’t exist anymore due to overflow
+ - ReadJournal command should throw an error if the older USNs don't exist anymore due to overflow
- For USN Journal, log size can be expanded using: `fsutil usn createjournal` command with a new size and alloc delta. `Fsutil usn queryjournal` will give the current size and allocation delta, so using a multiple of that may help
- To diagnose whether Eventlog size is the issue, look at the Microsoft/Windows/CodeIntegrity/Operational log under Applications and Services logs in Event Viewer and ensure that there are entries present from when you began Package Inspector (You can use write time as a justification; if you started the install 2 hours ago and there are only entries from 30 minutes prior, the log is definitely too small)
- To increase Eventlog size, in Event Viewer you can right click the operational log, click properties, and then set new values (some multiple of what it was previously)
- Package files that change hash each time the package is installed
- Package Inspector is completely incompatible if files in the package (temporary or otherwise) change hash each time the package is installed. You can diagnose this by looking at the hash field in the 3077 block events when the package is failing in enforcement. If each time you attempt to run the package you get a new block event with a different hash, the package will not work with Package Inspector
-- Files with an invalid signature blob or otherwise “unhashable” files
+- Files with an invalid signature blob or otherwise "unhashable" files
- This issue arises when a file that has been signed is modified post signing in a way that invalidates the PE header and renders the file unable to be hashed by the Authenticode Spec.
- - WDAC uses Authenticode Hashes to validate files when they are running. If the file is unhashable via the authenticode SIP, there is no way to identify the file to allow it, regardless of if you attempt to add the file to the policy directly, or re-sign the file with a Package Inspector catalog (the signature is invalidated due to file being edited, file can’t be allowed by hash due to authenticode hashing algorithm rejecting it)
- - Recent versions of InstallShield packages that use custom actions can hit this. If the DLL input to the custom action was signed before being put through InstallShield, InstallShield adds tracking markers to the file (editing it post signature) which leaves the file in this “unhashable” state and renders the file unable to be allowed by Device Guard (regardless of if you try to allow directly by policy or resign with Package Inspector)
+ - WDAC uses Authenticode Hashes to validate files when they are running. If the file is unhashable via the authenticode SIP, there is no way to identify the file to allow it, regardless of if you attempt to add the file to the policy directly, or re-sign the file with a Package Inspector catalog (the signature is invalidated due to file being edited, file can't be allowed by hash due to authenticode hashing algorithm rejecting it)
+ - Recent versions of InstallShield packages that use custom actions can hit this. If the DLL input to the custom action was signed before being put through InstallShield, InstallShield adds tracking markers to the file (editing it post signature) which leaves the file in this "unhashable" state and renders the file unable to be allowed by Windows Defender (regardless of if you try to allow directly by policy or resign with Package Inspector)
## Catalog signing with SignTool.exe
@@ -124,7 +124,7 @@ To sign the existing catalog file, copy each of the following commands into an e
`$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"`
-2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user’s personal store.
+2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user's personal store.
3. Sign the catalog file with Signtool.exe:
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
index 5c089e58ac..1700437f22 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md
@@ -24,7 +24,7 @@ ms.date: 02/28/2018
- Windows 10
- Windows Server 2016
-WDAC policies can easily be deployed and managed with Group Policy. A Windows Defender Device Guard administrative template will be available in Windows Server 2016 that allows you to simplify deployment of Windows Defender Device Guard hardware-based security features and Windows Defender Application Control policies. The following procedure walks you through how to deploy a WDAC policy called **DeviceGuardPolicy.bin** to a test OU called *DG Enabled PCs* by using a GPO called **Contoso GPO Test**.
+WDAC policies can easily be deployed and managed with Group Policy. Windows Defender allows you to simplify deployment Windows Defender hardware-based security features and Windows Defender Application Control policies. The following procedure walks you through how to deploy a WDAC policy called **DeviceGuardPolicy.bin** to a test OU called *DG Enabled PCs* by using a GPO called **Contoso GPO Test**.
> [!NOTE]
> This walkthrough requires that you have previously created a WDAC policy and have a computer running Windows 10 on which to test a Group Policy deployment. For more information about how to create a WDAC policy, see [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md), earlier in this topic.
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 04a21aa98f..1fe1a3c6b0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -35,7 +35,7 @@ You should consider using WDAC as part of your organization's application contro
- You have deployed or plan to deploy the supported versions of Windows in your organization.
- You need improved control over the access to your organization's applications and the data your users access.
-- Your organization has a well-defined process for application management and deployed.
+- Your organization has a well-defined process for application management and deployment.
- You have resources to test policies against the organization's requirements.
- You have resources to involve Help Desk or to build a self-help process for end-user application access issues.
- The group's requirements for productivity, manageability, and security can be controlled by restrictive policies.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 76cec7912f..da33a878fe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -31,7 +31,7 @@ This topic covers guidelines for using code signing control classic Windows apps
## Reviewing your applications: application signing and catalog files
-Typically, WDAC policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a “catalog file” from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed.
+Typically, WDAC policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a "catalog file" from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed.
Catalog files can be very useful for unsigned LOB applications that cannot easily be given an embedded signature. However, catalogs need to be updated each time an application is updated. In contrast, with embedded signing, your WDAC policies typically do not have to be updated when an application is updated. For this reason, if code-signing is or can be included in your in-house application development process, it can simplify the management of WDAC (compared to using catalog signing).
@@ -45,7 +45,7 @@ To obtain signed applications or embed signatures in your in-house applications,
To use catalog signing, you can choose from the following options:
-- Use the Windows Defender Device Guard signing portal available in the Microsoft Store for Business and Education. The portal is a Microsoft web service that you can use to sign your Classic Windows applications. For more information, see [Device Guard signing](https://technet.microsoft.com/itpro/windows/manage/device-guard-signing-portal).
+- Use the Windows Defender signing portal available in the Microsoft Store for Business and Education. The portal is a Microsoft web service that you can use to sign your Classic Windows applications.
- Create your own catalog files, which are described in the next section.
@@ -53,12 +53,12 @@ To use catalog signing, you can choose from the following options:
Catalog files (which you can create in Windows 10 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application.
-Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries’ hash values are updated each time an application is updated, which requires the catalog file to be updated also.
+Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries' hash values are updated each time an application is updated, which requires the catalog file to be updated also.
After you have created and signed your catalog files, you can configure your WDAC policies to trust the signer or signing certificate of those files.
> [!NOTE]
-> Package Inspector only works on operating systems that support Windows Defender Device Guard, such as Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT.
+> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT.
For procedures for working with catalog files, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index 232b40eec6..9e0b0651d1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -29,20 +29,20 @@ This topic provides a roadmap for planning and getting started on the Windows De
1. Review requirements, especially hardware requirements for VBS.
-2. Group devices by degree of control needed. Do most devices fit neatly into a few categories, or are they scattered across all categories? Are users allowed to install any application or must they choose from a list? Are users allowed to use their own peripheral devices?
Deployment is simpler if everything is locked down in the same way, but meeting individual departments’ needs, and working with a wide variety of devices, may require a more complicated and flexible deployment.
+2. Group devices by degree of control needed. Do most devices fit neatly into a few categories, or are they scattered across all categories? Are users allowed to install any application or must they choose from a list? Are users allowed to use their own peripheral devices?
Deployment is simpler if everything is locked down in the same way, but meeting individual departments' needs, and working with a wide variety of devices, may require a more complicated and flexible deployment.
3. Review how much variety in software and hardware is needed by roles or departments. The following questions can help you clarify how many WDAC policies to create:
- How standardized is the hardware?
This can be relevant because of drivers. You could create a WDAC policy on hardware that uses a particular set of drivers, and if other drivers in your environment use the same signature, they would also be allowed to run. However, you might need to create several WDAC policies on different "reference" hardware, then merge the policies together, to ensure that the resulting policy recognizes all the drivers in your environment.
- - What software does each department or role need? Should they be able to install and run other departments’ software?
If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management.
+ - What software does each department or role need? Should they be able to install and run other departments' software?
If multiple departments are allowed to run the same list of software, you might be able to merge several WDAC policies to simplify management.
- Are there departments or roles where unique, restricted software is used?
If one department needs to run an application that no other department is allowed, it might require a separate WDAC policy. Similarly, if only one department must run an old version of an application (while other departments allow only the newer version), it might require a separate WDAC policy.
- Is there already a list of accepted applications?
A list of accepted applications can be used to help create a baseline WDAC policy.
As of Windows 10, version 1703, it might also be useful to have a list of plug-ins, add-ins, or modules that you want to allow only in a specific app (such as a line-of-business app). Similarly, it might be useful to have a list of plug-ins, add-ins, or modules that you want to block in a specific app (such as a browser).
- As part of a threat review process, have you reviewed systems for software that can load arbitrary DLLs or run code or scripts?
- In day-to-day operations, your organization’s security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies.
+ In day-to-day operations, your organization's security policy may allow certain applications, code, or scripts to run on your systems depending on their role and the context. However, if your security policy requires that you run only trusted applications, code, and scripts on your systems, you may decide to lock these systems down securely with Windows Defender Application Control policies.
Legitimate applications from trusted vendors provide valid functionality. However, an attacker could also potentially use that same functionality to run malicious executable code that could bypass WDAC.
@@ -70,7 +70,7 @@ This topic provides a roadmap for planning and getting started on the Windows De
## Known issues
-This section covers known issues with WDAC and Device Guard. Virtualization-based protection of code integrity may be incompatible with some devices and applications, which might cause unexpected failures, data loss, or a blue screen error (also called a stop error).
+This section covers known issues with WDAC. Virtualization-based protection of code integrity may be incompatible with some devices and applications, which might cause unexpected failures, data loss, or a blue screen error (also called a stop error).
Test this configuration in your lab before enabling it in production.
### MSI Installations are blocked by WDAC
diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
index 939db827c5..0dabbdb3b1 100644
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
@@ -1,6 +1,6 @@
---
title: Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
-description: A list of all available setttings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
+description: A list of all available settings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
ms.prod: w10
ms.mktglfcycl: explore
@@ -40,7 +40,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
| Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control |
Windows 10, version 1703 |
-This setting helps protect PCs by allowing users to install apps only from the Microsoft Store. Windows Defender SmartScreen must be enabled for this feature to work properly. If you enable this setting, your employees can only install apps from the Microsoft Store. If you disable this setting, your employees can install apps from anywhere, including as a download from the Internet. If you don't configure this setting, your employees can choose whether they can install from anywhere or only from Microsoft Store. |
+This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet. This setting does not protect against malicious content from USB devices, network shares or other non-internet sources. Important: Using a trustworthy browser helps ensure that these protections work as expected. |
Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreenWindows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen |
@@ -176,7 +176,7 @@ To better help you protect your organization, we recommend turning on and using
| Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files |
-Enable. Stops employees from ingnoring warning messages and continuing to download potentially malicious files. |
+Enable. Stops employees from ignoring warning messages and continuing to download potentially malicious files. |
| Administrative Templates\Windows Components\File Explorer\Configure Windows Defender SmartScreen |
@@ -199,7 +199,7 @@ To better help you protect your organization, we recommend turning on and using
| Browser/PreventSmartScreenPromptOverrideForFiles |
-1. Stops employees from ingnoring warning messages and continuing to download potentially malicious files. |
+1. Stops employees from ignoring warning messages and continuing to download potentially malicious files. |
| SmartScreen/EnableSmartScreenInShell |
diff --git a/windows/security/threat-protection/windows-sandbox/images/1-dynamic-host.png b/windows/security/threat-protection/windows-sandbox/images/1-dynamic-host.png
new file mode 100644
index 0000000000..ef004facab
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/1-dynamic-host.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/images/2-dynamic-working.png b/windows/security/threat-protection/windows-sandbox/images/2-dynamic-working.png
new file mode 100644
index 0000000000..8f94ffe396
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/2-dynamic-working.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/images/3-memory-sharing.png b/windows/security/threat-protection/windows-sandbox/images/3-memory-sharing.png
new file mode 100644
index 0000000000..bad3e1c0b3
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/3-memory-sharing.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/images/4-integrated-kernal.png b/windows/security/threat-protection/windows-sandbox/images/4-integrated-kernal.png
new file mode 100644
index 0000000000..fe3245e60a
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/4-integrated-kernal.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png b/windows/security/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
new file mode 100644
index 0000000000..ee8aa78bbc
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png b/windows/security/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
new file mode 100644
index 0000000000..94be89b74f
Binary files /dev/null and b/windows/security/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png differ
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
new file mode 100644
index 0000000000..db22ee475a
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -0,0 +1,62 @@
+---
+title: Windows Sandbox architecture
+description:
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection:
+ms.topic: article
+ms.localizationpriority:
+ms.date:
+ms.reviewer:
+---
+
+# Windows Sandbox architecture
+
+Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
+
+## Dynamically generated image
+
+Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Base Image technology leverages the copy of Windows already installed on the host.
+
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+
+Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
+
+
+
+## Memory management
+
+Traditional VMs apportion statically sized allocations of host memory. When resource needs change, classic VMs have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host to dynamically determine how host resources are allocated. This is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it can reclaim memory from the container much like it would with a process.
+
+
+
+## Memory sharing
+
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same physical pages as those of the binary when loaded on the host. Memory sharing between the host and the sandbox results in a smaller memory footprint when compared to traditional VMs, without compromising valuable host secrets.
+
+
+
+## Integrated kernel scheduler
+
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
+
+
+
+Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This means that the most important work will be prioritized, whether it's on the host or in the container.
+
+## WDDM GPU virtualization
+
+Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft works with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model used by Windows.
+
+This allows programs running inside the sandbox to compete for GPU resources with applications that are running on the host.
+
+
+
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
+
+## Battery pass-through
+
+Windows Sandbox is also aware of the host's battery state, which allows it to optimize its power consumption. This functionality is critical for technology that is used on laptops, where battery life is often critical.
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
new file mode 100644
index 0000000000..2ac125c33b
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -0,0 +1,216 @@
+---
+title: Windows Sandbox configuration
+description:
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection:
+ms.topic: article
+ms.localizationpriority:
+ms.date:
+ms.reviewer:
+---
+
+# Windows Sandbox configuration
+
+Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
+
+Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:
+
+**C:\Temp> MyConfigFile.wsb**
+
+ A configuration file enables the user to control the following aspects of Windows Sandbox:
+- **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use Windows Advanced Rasterization Platform (WARP).
+- **Networking**: Enable or disable network access within the sandbox.
+- **Mapped folders**: Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
+- **Logon command**: A command that's executed when Windows Sandbox starts.
+- **Audio input**: Shares the host's microphone input into the sandbox.
+- **Video input**: Shares the host's webcam input into the sandbox.
+- **Protected client**: Places increased security settings on the RDP session to the sandbox.
+- **Printer redirection**: Shares printers from the host into the sandbox.
+- **Clipboard redirection**: Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
+- **Memory in MB**: The amount of memory, in megabytes, to assign to the sandbox.
+
+**Keywords, values, and limits**
+
+**vGPU**: Enables or disables GPU sharing.
+
+`value`
+
+Supported values:
+- *Enable*: Enables vGPU support in the sandbox.
+- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which may be slower than virtualized GPU.
+- *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
+
+> [!NOTE]
+> Enabling virtualized GPU can potentially increase the attack surface of the sandbox.
+
+**Networking**: Enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
+
+`value`
+
+Supported values:
+- *Disable*: Disables networking in the sandbox.
+- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC.
+
+> [!NOTE]
+> Enabling networking can expose untrusted applications to the internal network.
+
+**Mapped folders**: An array of folders, each representing a location on the host machine that will be shared into the sandbox at the specified path. At this time, relative paths are not supported. If no path is specified, the folder will be mapped to the container user's desktop.
+
+```xml
+
+
+ absolute path to the host folder
+ absolute path to the sandbox folder
+ value
+
+
+ ...
+
+
+```
+
+*HostFolder*: Specifies the folder on the host machine to share into the sandbox. Note that the folder must already exist on the host, or the container will fail to start.
+
+*SandboxFolder*: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it will be created. If no sandbox folder is specified, the folder will be mapped to the container desktop.
+
+*ReadOnly*: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
+
+
+> [!NOTE]
+> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
+
+**Logon command**: Specifies a single command that will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
+
+```xml
+
+ command to be invoked
+
+```
+
+*Command*: A path to an executable or script inside the container that will be executed after login.
+
+> [!NOTE]
+> Although very simple commands will work (such as launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the *LogonCommand* directive.
+
+**Audio input**: Enables or disables audio input to the sandbox.
+
+`value`
+
+Supported values:
+- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may require this capability.
+- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
+
+> [!NOTE]
+> There may be security implications of exposing host audio input to the container.
+
+**Video input**: Enables or disables video input to the sandbox.
+
+`value`
+
+Supported values:
+- *Enable*: Enables video input in the sandbox.
+- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
+
+> [!NOTE]
+> There may be security implications of exposing host video input to the container.
+
+**Protected client**: Applies additional security settings to the sandbox Remote Desktop client, decreasing its attack surface.
+
+`value`
+
+Supported values:
+- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
+- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
+
+> [!NOTE]
+> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
+
+**Printer redirection**: Enables or disables printer sharing from the host into the sandbox.
+
+`value`
+
+Supported values:
+- *Enable*: Enables sharing of host printers into the sandbox.
+- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
+- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
+
+**Clipboard redirection**: Enables or disables sharing of the host clipboard with the sandbox.
+
+`value`
+
+Supported values:
+- *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox will be restricted.
+- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and sandbox are permitted under *Default*.
+
+**Memory in MB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
+
+`value`
+
+If the memory value specified is insufficient to boot a sandbox, it will be automatically increased to the required minimum amount.
+
+***Example 1***
+The following config file can be used to easily test downloaded files inside the sandbox. To achieve this, networking and vGPU are disabled, and the sandbox is allowed read-only access to the shared downloads folder. For convenience, the logon command opens the downloads folder inside the sandbox when it's started.
+
+*Downloads.wsb*
+
+```xml
+
+ Disable
+ Disable
+
+
+ C:\Users\Public\Downloads
+ C:\Users\WDAGUtilityAccount\Downloads
+ true
+
+
+
+ explorer.exe C:\users\WDAGUtilityAccount\Downloads
+
+
+```
+
+***Example 2***
+
+The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
+
+Two folders are mapped into the sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using Visual Studio Code.
+
+With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
+
+*VSCodeInstall.cmd*
+
+```console
+REM Download Visual Studio Code
+curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
+
+REM Install and run Visual Studio Code
+C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
+```
+
+*VSCode.wsb*
+
+```xml
+
+
+
+ C:\SandboxScripts
+ true
+
+
+ C:\CodingProjects
+ false
+
+
+
+ C:\Users\WDAGUtilityAccount\Desktop\SandboxScripts\VSCodeInstall.cmd
+
+
+```
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
new file mode 100644
index 0000000000..fa85062872
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -0,0 +1,61 @@
+---
+title: Windows Sandbox
+description:
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection:
+ms.topic: article
+ms.localizationpriority:
+ms.date:
+ms.reviewer:
+---
+
+# Windows Sandbox
+
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
+
+A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.
+
+Software and applications installed on the host aren't directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
+
+Windows Sandbox has the following properties:
+- **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
+- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
+- **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
+- **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
+- **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
+
+The following video provides an overview of Windows Sandbox.
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]
+
+
+## Prerequisites
+
+- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- AMD64 architecture
+- Virtualization capabilities enabled in BIOS
+- At least 4 GB of RAM (8 GB recommended)
+- At least 1 GB of free disk space (SSD recommended)
+- At least two CPU cores (four cores with hyperthreading recommended)
+
+## Installation
+
+1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or later.
+2. Enable virtualization on the machine.
+
+ - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
+ - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
**Set -VMProcessor -VMName \ -ExposeVirtualizationExtensions $true**
+1. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+
+ - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
+1. Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
+
+## Usage
+1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
+2. Run the executable file or installer inside the sandbox.
+3. When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
+4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index 81d06744df..d4412fe665 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -55,8 +55,8 @@ No. SCM supported only SCAP 1.0, which was not updated as SCAP evolved. The new
**Client Versions**
| Name | Build | Baseline Release Date | Security Tools |
-|---|---|---|---|
-|Windows 10 | [1709 (RS3)](https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft/) [1703 (RS2)](https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/) [1607 (RS1)](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/) [1511 (TH2)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/) [1507 (TH1)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update/)| October 2017 August 2017 October 2016 January 2016 January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| ---- | ----- | --------------------- | -------------- |
+| Windows 10 | [1809 (October 2018)](https://docs.microsoft.com/archive/blogs/secguide/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019)
[1803 (RS4)](https://docs.microsoft.com/archive/blogs/secguide/security-baseline-for-windows-10-v1803-redstone-4-draft)
[1709 (RS3)](https://blogs.technet.microsoft.com/secguide/2017/09/27/security-baseline-for-windows-10-fall-creators-update-v1709-draft/)
[1703 (RS2)](https://blogs.technet.microsoft.com/secguide/2017/08/30/security-baseline-for-windows-10-creators-update-v1703-final/)
[1607 (RS1)](https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/)
[1511 (TH2)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1511-threshold-2-final/)
[1507 (TH1)](https://blogs.technet.microsoft.com/secguide/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update/)| October 2018
March 2018
October 2017
August 2017
October 2016
January 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
Windows 8.1 |[9600 (April Update)](https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/)| October 2013| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
Windows 8 |[9200](https://technet.microsoft.com/library/jj916413.aspx) |October 2012| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx)|
Windows 7 |[7601 (SP1)](https://technet.microsoft.com/library/ee712767.aspx)| October 2009| [SCM 4.0](https://technet.microsoft.com/solutionaccelerators/cc835245.aspx) |
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index d944485086..32282b709b 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -27,6 +27,8 @@ The SCT enables administrators to effectively manage their enterprise’s Group
The Security Compliance Toolkit consists of:
- Windows 10 security baselines
+ - Windows 10 Version 1909 (November 2019 Update)
+ - Windows 10 Version 1903 (April 2019 Update)
- Windows 10 Version 1809 (October 2018 Update)
- Windows 10 Version 1803 (April 2018 Update)
- Windows 10 Version 1709 (Fall Creators Update)
@@ -41,7 +43,11 @@ The Security Compliance Toolkit consists of:
- Windows Server 2012 R2
- Microsoft Office security baseline
+ - Office 365 Pro Plus
- Office 2016
+
+- Microsoft Edge security baseline
+ - Edge Browser Version 80
- Tools
- Policy Analyzer tool
|
