diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index f8f2090d66..91081ca4d6 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -981,6 +981,11 @@
"redirect_document_id": false
},
{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",
+"redirect_document_id": true
+},
+{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table",
"redirect_document_id": true
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index c336f03247..c4141688d8 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -1,6 +1,6 @@
---
-title: Deploy Microsoft Edge kiosk mode
-description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
+title: Deploy Microsoft Edge Legacy kiosk mode
+description: Microsoft Edge Legacy kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge Legacy kiosk mode, you must configure Microsoft Edge Legacy as an application in assigned access.
ms.assetid:
ms.reviewer:
audience: itpro
@@ -11,20 +11,24 @@ ms.prod: edge
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
-ms.date: 10/29/2018
+ms.date: 01/17/2020
---
-# Deploy Microsoft Edge kiosk mode
+# Deploy Microsoft Edge Legacy kiosk mode
->Applies to: Microsoft Edge on Windows 10, version 1809
+>Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
>Professional, Enterprise, and Education
> [!NOTE]
-> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
-In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode.
+In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
-In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access. You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service.
+In this topic, you'll learn:
+
+- How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
+- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
+- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.
At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support.
@@ -33,7 +37,7 @@ At the end of this topic, you can find a list of [supported policies](#supported
>**Policy** = Configure kiosk mode (ConfigureKioskMode)
-Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
+Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image)
@@ -44,15 +48,17 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
- Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down).
-### Important things to remember before getting started
+### Important things to note before getting started
-- The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks.
+- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.
-- Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
+- The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.
+
+- Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
- Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more.
-- No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).Learn more about assigned access:
+- No matter which configuration type you choose, you must set up Microsoft Edge Legacy in assigned access; otherwise, Microsoft Edge Legacy ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).
Learn more about assigned access:
- [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
@@ -65,46 +71,58 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)]
-## Set up Microsoft Edge kiosk mode
+## Set up Microsoft Edge Legacy kiosk mode
-Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode:
+Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:
- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service.
-- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
+- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
### Prerequisites
-- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
+- Microsoft Edge Legacy on Windows 10, version 1809 (Professional, Enterprise, and Education).
+
+- See [Setup required for Microsoft Edge Legacy kiosk mode](#setup-required-for-microsoft-edge-legacy-kiosk-mode).
- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.
-- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:
+- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:
```
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
```
+### Setup required for Microsoft Edge Legacy kiosk mode
+
+When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.
+
+To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:
+
+- If you plan to install Microsoft Edge Stable channel, want to allow it to be installed, or it is already installed on your kiosk device set the Microsoft Edge [Allow Microsoft Edge Side by Side browser experience](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#allowsxs) policy to **Enabled**.
+- To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge [Allow installation default](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#installdefault) policy for Stable channel or consider using the [Blocker toolkit](https://docs.microsoft.com/DeployEdge/microsoft-edge-blocker-toolkit) to disable automatic delivery of Microsoft Edge.
+
+> [!NOTE]
+> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).
### Use Windows Settings
Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.
-
1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**.
2. On the **Set up a kiosk** page, click **Get started**.
3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**.
-4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**.
+4. On the **Choose a kiosk app** page, select **Microsoft Edge Legacy** and then click **Next**.
-5. Select how Microsoft Edge displays when running in kiosk mode:
+5. Select how Microsoft Edge Legacy displays when running in kiosk mode:
- - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
+ - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.
- - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data.
+ - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.
6. Select **Next**.
@@ -124,42 +142,42 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
- User your new kiosk device.
OR
-- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
+- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge Legacy**.
---
### Use Microsoft Intune or other MDM service
-With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
+With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
>[!IMPORTANT]
>If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
-2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
+2. Configure the following MDM settings to setup Microsoft Edge Legacy kiosk mode on the kiosk device and then restart the device.
| | |
|---|---|
- | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
 | Configure the display mode for Microsoft Edge as a kiosk app.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
**Data type:** Integer
**Allowed values:**
- **Single-app kiosk experience**
- **0** - Digital signage and interactive display
- **1** - InPrivate Public browsing
- **Multi-app kiosk experience**
- **0** - Normal Microsoft Edge running in assigned access
- **1** - InPrivate public browsing with other apps
|
- | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)** | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
**Data type:** Integer
**Allowed values:**
- **0** - No idle timer
- **1-1440 (5 minutes is the default)** - Set reset on idle timer
|
- | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)** | Set one or more start pages, URLs, to load when Microsoft Edge launches.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
**Data type:** String
**Allowed values:**
Enter one or more URLs, for example,
\\ |
+ | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)** | Configure the display mode for Microsoft Edge Legacy as a kiosk app.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
**Data type:** Integer
**Allowed values:**
- **Single-app kiosk experience**
- **0** - Digital signage and interactive display
- **1** - InPrivate Public browsing
- **Multi-app kiosk experience**
- **0** - Normal Microsoft Edge Legacy running in assigned access
- **1** - InPrivate public browsing with other apps
|
+ | **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)** | Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
**Data type:** Integer
**Allowed values:**
- **0** - No idle timer
- **1-1440 (5 minutes is the default)** - Set reset on idle timer
|
+ | **[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)** | Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
**Data type:** String
**Allowed values:**
Enter one or more URLs, for example,
\\ |
| **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)** | Configure how the Home Button behaves.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
**Data type:** Integer
**Allowed values:**
- **0 (default)** - Not configured. Show home button, and load the default Start page.
- **1** - Enabled. Show home button and load New Tab page
- **2** - Enabled. Show home button & set a specific page.
- **3** - Enabled. Hide the home button.
|
| **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)** | If you set ConfigureHomeButton to 2, configure the home button URL.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
**Data type:** String
**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**
 | Set a custom URL for the New Tab page.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
**Data type:** String
**Allowed values:** Enter a URL, for example, https://www.msn.com |
-**_Congratulations!_**
You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
+**_Congratulations!_**
You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.
-**_What's next?_**
Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode.
+**_What's next?_**
Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge Legacy kiosk mode.
---
## Supported policies for kiosk mode
-Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
+Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
Make sure to check with your provider for instructions.
@@ -236,10 +254,11 @@ Make sure to check with your provider for instructions.
---
## Feature comparison of kiosk mode and kiosk browser app
-In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
+
+In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
-| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** |
+| **Feature** | **Microsoft Edge Legacy kiosk mode** | **Microsoft Kiosk browser app** |
|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
| Print support |  |  |
| Multi-tab support |  |  |
@@ -261,9 +280,6 @@ To prevent access to unwanted websites on your kiosk device, use Windows Defende
## Provide feedback or get support
-To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
+To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
-
-
-
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index c2812cb730..28a0957588 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -186,3 +186,6 @@
### [IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md)
### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
+## KB Troubleshoot
+### [Clear the Internet Explorer cache from a command line](kb-support/clear-ie-cache-from-command-line.md)
+### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md)
diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
new file mode 100644
index 0000000000..27232c758a
--- /dev/null
+++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
@@ -0,0 +1,137 @@
+---
+title: Clear the Internet Explorer cache from a command line
+description: Introduces command-line commands and a sample batch file for clearing the IE cache.
+audience: ITPro
+manager: msmets
+author: ramakoni1
+ms.author: ramakoni
+ms.reviewer: ramakoni, DEV_Triage
+ms.prod: internet-explorer
+ms.technology:
+ms.topic: troubleshooting
+ms.custom: CI=111020
+ms.localizationpriority: Normal
+# localization_priority: medium
+# ms.translationtype: MT
+ms.date: 01/22/2020
+---
+# How to clear Internet Explorer cache by using the command line
+
+This article outlines the procedure to clear the Internet Explorer cache by using the command line.
+
+## Command line commands to clear browser cache
+
+1. Delete history from the Low folder
+ `del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah`
+
+2. Delete history
+ `RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1`
+
+3. Delete cookies
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2`
+
+4. Delete temporary internet files
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8`
+
+5. Delete form data
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16`
+
+6. Delete stored passwords
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32`
+
+7. Delete all
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255`
+
+8. Delete files and settings stored by add-ons
+ `InetCpl.cpl,ClearMyTracksByProcess 4351`
+
+If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions:
+`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9`
+
+Command to reset Internet Explorer settings:
+`Rundll32.exe inetcpl.cpl ResetIEtoDefaults`
+
+## Sample batch file to clear Internet Explorer cache files
+
+A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from [https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip](https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip).
+
+The batch file offers the following options:
+
+- Delete Non-trusted web History (low-level hidden cleanup)
+- Delete History
+- Delete Cookies
+- Delete Temporary Internet Files
+- Delete Form Data
+- Delete Stored Passwords
+- Delete All
+- Delete All "Also delete files and settings stored by add-ons"
+- Delete IE10 and IE9 Temporary Internet Files
+- Resets IE Settings
+- EXIT
+
+**Contents of the batch file**
+
+```console
+@echo off
+:: AxelR Test Batch
+:: tested on Windows 8 + IE10, Windows7 + IE9
+
+:home
+cls
+COLOR 00
+echo Delete IE History
+echo Please select the task you wish to run.
+echo Pick one:
+echo.
+echo 1. Delete Non-trusted web History(low level hidden clean up)
+echo 2. Delete History
+echo 3. Delete Cookies
+echo 4. Delete Temporary Internet Files
+echo 5. Delete Form Data
+echo 6. Delete Stored Passwords
+echo 7. Delete All
+echo 8. Delete All "Also delete files and settings stored by add-ons"
+echo 9. Delete IE10 and 9 Temporary Internet Files
+echo 10. Reset IE Settings
+echo 77. EXIT
+:choice
+Echo Hit a number [1-10] and press enter.
+set /P CH=[1-10]
+
+if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah
+if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
+if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
+if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
+if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
+if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
+if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
+if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
+if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9
+if "%CH%"=="10" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults
+if "%CH%"=="77" goto quit
+
+%x%
+
+goto Home
+
+::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media
+::that are saved for faster viewing.
+::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by
+::websites to save preferences such as login information.
+::History > Delete history - To delete the history of the websites you have visited.
+::Form data > Delete forms - To delete all the saved information that you have typed into
+::forms.
+::Passwords > Delete passwords - To delete all the passwords that are automatically filled in
+::when you log on to a website that you've previously visited.
+::Delete all - To delete all of these listed items in one operation.
+
+::enter below in search/run to see Low history dir if exists
+::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low
+
+::Delete all low (untrusted history) very hidden
+::this will clean any unlocked files under the dir and not delete the dir structure
+::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah
+
+goto Home
+:quit
+```
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
new file mode 100644
index 0000000000..18643175f9
--- /dev/null
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
@@ -0,0 +1,222 @@
+---
+title: IE and Microsoft Edge FAQ for IT Pros
+description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
+audience: ITPro
+manager: msmets
+author: ramakoni1
+ms.author: ramakoni
+ms.reviewer: ramakoni, DEV_Triage
+ms.prod: internet-explorer
+ms.technology:
+ms.topic: troubleshooting
+ms.custom: CI=111020
+ms.localizationpriority: Normal
+# localization_priority: medium
+# ms.translationtype: MT
+ms.date: 01/22/2020
+---
+# Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
+
+## Cookie-related questions
+
+### What is a cookie?
+
+An HTTP cookie (the web cookie or browser cookie) is a small piece of data that a server sends to the user's web browser. The web browser may store the cookie and return it to the server together with the next request. For example, a cookie might be used to indicate whether two requests come from the same browser in order to allow the user to remain logged-in. The cookie records stateful information for the stateless HTTP protocol.
+
+### How does Internet Explorer handle cookies?
+
+For more information about how Internet Explorer handles cookies, see the following articles:
+
+- [Beware Cookie Sharing in Cross-Zone Scenarios](https://blogs.msdn.microsoft.com/ieinternals/2011/03/10/beware-cookie-sharing-in-cross-zone-scenarios/)
+- [A Quick Look at P3P](https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/)
+- [Internet Explorer Cookie Internals FAQ](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/)
+- [Privacy Beyond Blocking Cookies](https://blogs.msdn.microsoft.com/ie/2008/08/25/privacy-beyond-blocking-cookies-bringing-awareness-to-third-party-content/)
+- [Description of Cookies](https://support.microsoft.com/help/260971/description-of-cookies)
+
+### Where does Internet Explorer store cookies?
+
+To see where Internet Explorer stores its cookies, follow these steps:
+
+1. Start File Explorer.
+2. Select **Views** \> **Change folder and search options**.
+3. In the **Folder Options** dialog box, select **View**.
+4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**.
+5. Clear **Hide protected operation system files (Recommended)**.
+6. Select **Apply**.
+7. Select **OK**.
+
+The following are the folder locations where the cookies are stored:
+
+**In Windows 10**
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCache
+
+**In Windows 8 and Windows 8.1**
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCookies
+
+**In Windows 7**
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies\Low
+
+### What is the per-domain cookie limit?
+
+Since the June 2018 cumulative updates for Internet Explorer and Microsoft Edge, the per-domain cookie limit is increased from 50 to 180 for both browsers. The cookies vary by path. So, if the same cookie is set for the same domain but for different paths, it's essentially a new cookie.
+
+There's still a 5 Kilobytes (KB) limit on the size of the cookie header that is sent out. This limit can cause some cookies to be lost after they exceed that value.
+
+The JavaScript limitation was updated to 10 KB from 4 KB.
+
+For more information, see [Internet Explorer Cookie Internals (FAQ)](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/).
+
+#### Additional information about cookie limits
+
+**What does the Cookie RFC allow?**
+RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following:
+
+- At least 300 cookies total
+- At least 20 cookies per unique host or domain name
+
+For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer.
+
+### Cookie size limit per domain
+
+Some browsers also limit the amount of space that any one domain can use for cookies. This means that if your browser sets a limit of 4,096 bytes per domain for cookies, 4,096 bytes is the maximum available space in that domain even though you can set up to 180 cookies.
+
+## Proxy Auto Configuration (PAC)-related questions
+
+### Is an example Proxy Auto Configuration (PAC) file available?
+
+Here is a simple PAC file:
+
+```vb
+function FindProxyForURL(url, host)
+{
+ return "PROXY proxyserver:portnumber";
+}
+```
+
+> [!NOTE]
+> The previous PAC always returns the **proxyserver:portnumber** proxy.
+
+For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
+
+**Third-party information disclaimer**
+The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
+
+### How to improve performance by using PAC scripts
+
+- [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/help/315810/browser-is-slow-to-respond-when-you-use-an-automatic-configuration-scr)
+- [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/)
+
+## Other questions
+
+### How to set home and start pages in Microsoft Edge and allow user editing
+
+For more information, see the following blog article:
+
+[How do I set the home page in Microsoft Edge?](https://blogs.msdn.microsoft.com/askie/2017/10/04/how-do-i-set-the-home-page-in-edge/)
+
+### How to add sites to the Enterprise Mode (EMIE) site list
+
+For more information about how to add sites to an EMIE list, see [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool).
+
+### What is Content Security Policy (CSP)?
+
+By using [Content Security Policy](https://docs.microsoft.com/microsoft-edge/dev-guide/security/content-security-policy), you create an allow list of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
+
+Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
+
+CSP2 makes these scenarios easier to manage by adding support for nonces and hashes for script and style resources. A nonce is a cryptographically strong random value that is generated on each page load that appears in both the CSP policy and in the script tags on the page. Using nonces can help minimize the need to maintain a list of allowed source URL values while also allowing trusted scripts that are declared in script elements to run.
+
+For more information, see the following articles:
+
+- [Introducing support for Content Security Policy Level 2](https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/)
+- [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
+
+### Where to find Internet Explorer security zones registry entries
+
+Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
+
+This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
+
+The default Zone Keys are stored in the following locations:
+
+- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+
+### Why don't HTML5 videos play in Internet Explorer 11?
+
+To play HTML5 videos in the Internet Zone, use the default settings or make sure that the registry key value of **2701** under **Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3** is set to **0**.
+
+- 0 (the default value): Allow
+- 3: Disallow
+
+This key is read by the **URLACTION\_ALLOW\_AUDIO\_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone.
+
+For more information, see [Unable to play HTML5 Videos in IE](https://blogs.msdn.microsoft.com/askie/2014/12/31/unable-to-play-html5-videos-in-ie/).
+
+For Windows 10 N and Windows KN editions, you must also download the feature pack that is discussed in [Media feature pack for Windows 10 N and Windows 10 KN editions](https://support.microsoft.com/help/3010081/media-feature-pack-for-windows-10-n-and-windows-10-kn-editions).
+
+For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running)
+
+### What is the Enterprise Mode Site List Portal?
+
+This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
+
+### What is Enterprise Mode Feature?
+
+For more information about this topic, see [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode).
+
+### Where can I obtain a list of HTTP Status codes?
+
+For information about this list, see [HTTP Status Codes](https://docs.microsoft.com/windows/win32/winhttp/http-status-codes).
+
+### What is end of support for Internet Explorer 11?
+
+Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
+
+For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
+
+### How to configure TLS (SSL) for Internet Explorer
+
+For more information about how to configure TLS/SSL for Internet Explorer, see [Group Policy Setting to configure TLS/SSL](https://gpsearch.azurewebsites.net/#380).
+
+### What is Site to Zone?
+
+Site to Zone usually refers to one of the following:
+
+**Site to Zone Assignment List**
+This is a Group Policy policy setting that can be used to add sites to the various security zones.
+
+The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones:
+
+- Intranet zone
+- Trusted Sites zone
+- Internet zone
+- Restricted Sites zone
+
+If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site.
+
+**Site to Zone Mapping**
+Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list:
+
+- HKEY\_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
+- HKEY\_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
+
+**Site to Zone Assignment List policy**
+This policy setting is available for both Computer Configuration and User Configuration:
+
+- Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+- User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+
+**References**
+[How to configure Internet Explorer security zone sites using group polices](https://blogs.msdn.microsoft.com/askie/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices/)
+
+### What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
+
+For more information about these settings and limits, see [Connectivity Enhancements in Windows Internet Explorer 8](https://docs.microsoft.com/previous-versions/cc304129(v=vs.85)).
+
+### What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting?
+
+The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server.
+
+For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](https://blogs.msdn.microsoft.com/jpsanders/2009/06/29/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer/).
diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
index cbabc6e3fa..7dfc7994bc 100644
--- a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
+++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
@@ -93,7 +93,7 @@ Internet Connectivity |Device does have Internet connectivity |Device does not h
HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store |
Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? |
Proxy Address | | |If configured, returns proxy address. |
-Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. |
+Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. |
#### Environment
diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
index 2513abc0f9..87ae58a8b0 100644
--- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
+++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
@@ -30,7 +30,7 @@ Although the deployment and management of Surface devices is fundamentally the s
## Updating Surface device drivers and firmware
-For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
+For devices that receive updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
> [!NOTE]
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index 1b1216cd8d..d04ad089fc 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -33,9 +33,6 @@ The primary concern when selecting an Ethernet adapter is how that adapter will
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
-> [!NOTE]
-> PXE boot is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
-
The following Ethernet devices are supported for network boot with Surface devices:
- Surface USB-C to Ethernet and USB 3.0 Adapter
diff --git a/devices/surface/images/fig1-downloads-msi.png b/devices/surface/images/fig1-downloads-msi.png
new file mode 100644
index 0000000000..4d8b1410ff
Binary files /dev/null and b/devices/surface/images/fig1-downloads-msi.png differ
diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md
index 7f470ab3ac..8bb23669ef 100644
--- a/devices/surface/manage-surface-driver-and-firmware-updates.md
+++ b/devices/surface/manage-surface-driver-and-firmware-updates.md
@@ -17,45 +17,40 @@ ms.audience: itpro
ms.date: 10/21/2019
---
-# Manage Surface driver and firmware updates
+# Manage and deploy Surface driver and firmware updates
+
-This article describes the available options that you can use to manage firmware and driver updates for Surface devices including Surface Pro 3 and later.
-
-To see a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
-
-On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This design allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience for receiving the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always be appropriate for organizations and businesses. In cases where you strictly manage updates or when you deploy a new operating system to a Surface device, automatic updates from Windows Update may not be appropriate.
-
-## Methods for deploying firmware
-
-Windows Update automatically provides firmware for computers that receive updates directly from Microsoft. However, in environments where Windows Server Update Services (WSUS) manages updates, Windows Update cannot update the firmware. For managed environments, there are a number of options you can use to deploy firmware updates.
-
-### Windows Update
-
-The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
-
-Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives updates from Windows Update downloads each update independently from Microsoft instead of accessing a central location. These operations increase demand on Internet connectivity and bandwidth. Additionally, such updates are not subjected to testing or review by administrators.
-
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 4: Configure Group Policy Settings for Automatic Updates](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates).
-
-### Windows Installer Package
-
-Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
-
-For instructions on how to deploy updates by using Endpoint Configuration Manager (formerly System Center Configuration Manager), refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
+How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distributing updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network.
> [!NOTE]
-> You can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
+
+While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for maintaining the stability of your production environment and enabling users to stay productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals.
-### Microsoft System Center Configuration Manager
+## Central update management in commercial environments
-Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
+Microsoft has streamlined tools for managing devices – including driver and firmware updates -- into a single unified experience called [Microsoft Endpoint Manager admin center](https://devicemanagement.microsoft.com/) accessed from devicemanagement.microsoft.com.
-## Considerations when deploying updates and operating systems together
+### Manage updates with Endpoint Configuration Manager and Intune
-The process of deploying firmware updates during an operating system deployment is straightforward. You can import the firmware and driver pack into either System Center Configuration Manager or MDT, and use them to deploy a fully updated environment to a target Surface device, complete with firmware. For a complete step-by-step guide to using MDT to deploy Windows to a Surface device, see [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](deploy-windows-10-to-surface-devices-with-mdt.md).
+Endpoint Configuration Manager (formerly System Center Configuration Manager) allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
+
+For detailed steps, see the following resources:
-> [!IMPORTANT]
-> Select the correct MSI file for each specific device and its operating system. For more information, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager)
+- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
+- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
+
+
+### Manage updates with Microsoft Deployment Toolkit
+
+Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
+
+For detailed steps, see the following resources:
+
+- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
**WindowsPE and Surface firmware and drivers**
@@ -63,3 +58,93 @@ System Center Configuration Manager and MDT both use the Windows Preinstallation
## Supported devices
Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
+
+
+## Managing firmware with DFCI
+With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see:
+
+
+- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+
+## Best practices for update deployment processes
+
+To maintain a stable environment and keep users productive, it’s strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
+
+## Downloadable Surface update packages
+
+Specific versions of Windows 10 have separate .msi files, each containing all required cumulative driver and firmware updates for Surface devices. Update packages may include some or all of the following components:
+
+- Wi-Fi and LTE
+- Video
+- Solid state drive
+- System aggregator module (SAM)
+- Battery
+- Keyboard controller
+- Embedded controller (EC)
+- Management engine (ME)
+- Unified extensible firmware interface (UEFI)
+
+
+### Downloading .msi files
+1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center.
+2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3. msi**.
+
+ 
+
+*Figure 1. Downloading Surface updates*
+
+
+### Surface .msi naming convention
+Since August 2019, .msi files have used the following naming convention:
+
+- *Product*_*Windows release*_*Windows build number*_*Version number*_*Revision of version number (typically zero)*.
+
+**Example**
+
+- SurfacePro6_Win10_18362_19.073.44195_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 18362
+- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows:
+ - **Year:** 19 (2019)
+ - **Month and week:** 073 (third week of July)
+ - **Minute of the month:** 44195
+- **Revision of version:** 0 (first release of this version)
+
+### Legacy Surface .msi naming convention
+Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number.
+ ****
+**Example**
+
+- SurfacePro6_Win10_16299_1900307_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 16299
+- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows:
+ - **Year:** 19 (2019)
+ - **Number of release:** 003 (third release of the year)
+ - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
+- **Revision of version:** 0 (first release of this version)
+
+
+
+## Learn more
+
+- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware)
+- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/en-sg/help/4098906/manage-surface-driver-updates-in-configuration-manager)
+- [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
+- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
+- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
+- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates)
+
diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md
index 26e145c547..c5869a15d4 100644
--- a/devices/surface/surface-pro-arm-app-management.md
+++ b/devices/surface/surface-pro-arm-app-management.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
-ms.date: 11/20/2019
+ms.date: 1/22/2020
ms.reviewer: jessko
manager: dansimp
ms.audience: itpro
@@ -124,7 +124,7 @@ The following tables show the availability of selected key features on Surface P
| Deployment | Surface Pro 7 | Surface Pro X | Notes |
| --------------------------------------- | ------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| Windows Autopilot | Yes | Yes | |
-| Support for Network Boot (PXE) | Yes | Yes | |
+| Support for Network Boot (PXE) | Yes | No | |
| Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. |
| WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. |
| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. |
diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md
index d8e8d0fc89..f2d0494b7f 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-installation.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md
@@ -335,7 +335,7 @@ The MBAM agent will be unable to post any updates to the database if connectivit
User: SYSTEM
Computer: TESTLABS.CONTOSO.COM
Description:
- An error occured while applying MBAM policies.
+ An error occurred while applying MBAM policies.
Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\
Error code:
0x803D0010
@@ -352,7 +352,7 @@ The MBAM agent will be unable to post any updates to the database if connectivit
User: SYSTEM
Computer: TESTLABS.CONTOSO.COM
Description:
- An error occured while applying MBAM policies.
+ An error occurred while applying MBAM policies.
Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\
Error code:
0x803D0006
@@ -420,7 +420,7 @@ The MBAM services may be unable to connect to the database server because of a n
Computer: MBAM2-Admin.contoso.com
Description:
Event code: 100001
- Event message: SQL error occured
+ Event message: SQL error occurred
Event time: 7/11/2013 6:16:34 PM
Event time (UTC): 7/11/2013 12:46:34 PM
Event ID: 6615fb8eb9d54e778b933d5bb7ca91ed
@@ -552,7 +552,7 @@ Review the activity in the service trace log for any error or warning entries. B
XXXXXXXXXXX
- AddUpdateVolume: While executing sql transaction for add volume to store exception occured Key Recovery Data Store processing error: Violation of UNIQUE KEY constraint 'UniqueRecoveryKeyId'. Cannot insert duplicate key in object 'RecoveryAndHardwareCore.Keys'. The duplicate key value is (8637036e-b379-4798-bd9e-5a0b36296de3).
+ AddUpdateVolume: While executing sql transaction for add volume to store exception occurred Key Recovery Data Store processing error: Violation of UNIQUE KEY constraint 'UniqueRecoveryKeyId'. Cannot insert duplicate key in object 'RecoveryAndHardwareCore.Keys'. The duplicate key value is (8637036e-b379-4798-bd9e-5a0b36296de3).
diff --git a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
index 665b8f08a0..d501b3826f 100644
--- a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
@@ -81,7 +81,7 @@ When you install updates to Windows XP, make sure that you remain on the version
Although it is optional, we recommend that you install the following update for [hotfix KB972435](https://go.microsoft.com/fwlink/?LinkId=201077) (https://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
**Note**
-The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
+The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
index 06b7cfbe45..e2ebe0a01f 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
@@ -29,7 +29,7 @@ If you are using System Center Configuration Manager 2007 SP2 and your MED-V wor
The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
-The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
+The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
diff --git a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
index 0ec14a0a96..5dfe7451d7 100644
--- a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
@@ -29,7 +29,7 @@ If you are using System Center Configuration Manager 2007 SP2 and your MED-V wor
The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
-The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
+The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index c4591652a5..8bedac1205 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1806,7 +1806,7 @@ The content below are the latest versions of the DDF files:
4
- This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.
+ This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index c93fe4da96..15b21d0197 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -957,7 +957,7 @@ The XML below is for Windows 10, version 1803.
- Number of days after last sucessful sync to unenroll
+ Number of days after last successful sync to unenroll
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 1fe417dd0f..ab13935f66 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -89,7 +89,7 @@ The following diagram shows the EnterpriseAppVManagement configuration service p
- SYNC\_ERR\_PUBLISH\_GROUP_PACKAGES (3) - Publish group packages failed during publish.
- SYNC\_ERR\_UNPUBLISH_PACKAGES (4) - Unpublish packages failed during publish.
- SYNC\_ERR\_NEW_POLICY_WRITE (5) - New policy write failed during publish.
-- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occured during publish.
+- SYNC\_ERR\_MULTIPLE\_DURING_PUBLISH (6) - Multiple non-fatal errors occurred during publish.
Value type is string. Supported operation is Get.
diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md
index 186d34e8ec..ea77470ed5 100644
--- a/windows/configuration/wcd/wcd-calling.md
+++ b/windows/configuration/wcd/wcd-calling.md
@@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
-ms.localizationpriority: medium
+ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
@@ -57,7 +57,7 @@ See [Dialer codes to launch diagnostic applications](https://docs.microsoft.com/
## PerSimSettings
-Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, select **Add**, and then configure the folowing settings.
+Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, select **Add**, and then configure the following settings.
### Critical
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index cd4f1c3e5b..e43658fdb5 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -25,6 +25,10 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with
>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
+>[!IMPORTANT]
+>An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
+>Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled".
+
## Firmware-embedded activation key
To determine if the computer has a firmware-embedded activation key, type the following command at an elevated Windows PowerShell prompt
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index b1a4515898..03899e149e 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -111,11 +111,7 @@ If you want to automate enabling the TPM chip as part of the deployment process,
### Add tools from Dell
-The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named *cctk.exe*. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:
-
-```dos
-cctk.exe --tpm=on --valsetuppwd=Password1234
-```
+[Dell Comnmand | Configure](https://www.dell.com/support/article/us/en/04/sln311302/dell-command-configure) provides a Command Line Interface and a Graphical User Interface.
### Add tools from HP
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index ed046d6920..7168d9029e 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -194,7 +194,7 @@ Disconnect all peripheral devices that are connected to the system, except for t
Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
-
The rollback log is located in the C:$Windows.~BT\Sources\Panther folder. An example analysis is shown below. This example is not representative of all cases:
+
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index c6118f8f14..76b181f82a 100644
--- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -21,7 +21,10 @@ ms.topic: article
- Windows 10
-The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process.
+The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Configuration Manager task sequence to completely automate the process.
+
+>[!IMPORTANT]
+>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must removed from a device before performing an in-place upgrade to Windows 10.
## Proof-of-concept environment
diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 2a7e01c1d8..ee85dd816a 100644
--- a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
-audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
ms.topic: article
---
@@ -24,7 +25,7 @@ The simplest path to upgrade PCs that are currently running Windows 7, Windows
## Proof-of-concept environment
-For the purposes of this topic, we will use four machines: DC01, MDT01, and PC0001. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0001 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+For the purposes of this topic, we will use three machines: DC01, MDT01, and PC0001. DC01 is a domain controller and MDT01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0001 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index 4d7af27528..4c5f020f92 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -21,7 +21,7 @@ ms.topic: article
**Applies to**
-- Windows 10
+- Windows 10
Before deploying a device using Windows Autopilot, the device must be registered with the Windows Autopilot deployment service. Ideally, this would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
@@ -41,7 +41,7 @@ Windows Autopilot does not require delegated administrator permissions when esta
## Automatic registration of existing devices
-If an existing device is already running Windows 10 version 1703 or later and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardware ID (also known as a hardware hash). Once it has that, it can automatically register the device with Windows Autopilot.
+If an existing device is already running a supported version of Windows 10 semi-annual channel and enrolled in an MDM service such an Intune, that MDM service can ask the device for the hardware ID (also known as a hardware hash). Once it has that, it can automatically register the device with Windows Autopilot.
For instructions on how to do this with Microsoft Intune, see [Create an Autopilot deployment profile](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-deployment-profile) documentation describing the "Convert all targeted devices to Autopilot" setting.
@@ -53,7 +53,7 @@ To perform manual registration of a device, you must first capture its hardware
## Device identification
-To define a device to the Windows Autopilot deployment service, a unique hardware ID for the device needs to be captured and uploaded to the service. While this step is ideally done by the hardware vendor (OEM, reseller, or distributor), automatically associating the device with an organization, it is also possible to do this through a harvesting process that collects the device from within a running Windows 10 version 1703 or later installation.
+To define a device to the Windows Autopilot deployment service, a unique hardware ID for the device needs to be captured and uploaded to the service. While this step is ideally done by the hardware vendor (OEM, reseller, or distributor), automatically associating the device with an organization, it is also possible to do this through a harvesting process that collects the device from within a running Windows 10 installation.
The hardware ID, also commonly referred to as a hardware hash, contains several details about the device, including its manufacturer, model, device serial number, hard drive serial number, and many other attributes that can be used to uniquely identify that device.
@@ -61,14 +61,14 @@ Note that the hardware hash also contains details about when it was generated, s
### Collecting the hardware ID from existing devices using System Center Configuration Manager
-Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file.
+Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file.
> [!Note]
> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
### Collecting the hardware ID from existing devices using PowerShell
-The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running Windows 10 version 1703 or later. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
+The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running a supported version of Windows 10 semi-annual channel. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo).
To use this script, you can download it from the PowerShell Gallery and run it on each computer, or you can install it directly from the PowerShell Gallery. To install it directly and capture the hardware hash from the local computer, use the following commands from an elevated Windows PowerShell prompt:
@@ -103,7 +103,7 @@ Once the hardware IDs have been captured from existing devices, they can be uplo
- [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa). This is typically used by small and medium businesses (SMBs) who manage their devices using Microsoft 365 Business.
- [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles). You might already be using MSfB to manage your apps and settings.
-A summary of each platform's capabilities is provided below.
+A summary of each platform's capabilities is provided below.
->*Microsoft recommended platform to use
+>1Microsoft recommended platform to use
+>2Intune license required
+>3Feature capabilities are limited
+>4To be retired
+
+Also see the following topics for more information about device IDs:
+- [Device identification](#device-identification)
+- [Windows Autopilot device guidelines](https://docs.microsoft.com/windows/deployment/windows-autopilot/autopilot-device-guidelines)
+- [Add devices to a customer account](https://docs.microsoft.com/partner-center/autopilot)
+
## Summary
@@ -162,4 +171,4 @@ When deploying new devices using Windows Autopilot, the following steps are requ
## Other configuration settings
-- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started.
+- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
index 63f327622a..43ac6da548 100644
--- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
+++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
@@ -36,7 +36,8 @@ The following additional best practices ensure that devices can easily be provis
## Software best practice guidelines for Windows Autopilot
-- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers and Office 365 Pro Plus Retail (C2R).
+- The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers.
+- You can preinstall your licensed version of Office, such as [Office 365 ProPlus](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
- Unless explicitly requested by the customer, no other preinstalled software should be included.
- Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed.
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
index e2ac992f75..e7ff819f7d 100644
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ b/windows/deployment/windows-autopilot/autopilot-faq.md
@@ -45,10 +45,10 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
| Question | Answer |
| --- | --- |
| What changes need to be made in the factory OS image for customer configuration settings? |No changes are required on the factory floor to enable Windows Autopilot deployment. |
-| What version of the OA3 tool meets Windows Autopilot deployment requirements? | Windows Autopilot can work with any version of the OA3 tool. We recommend using Windows 10, version 1703 and above to generate the 4K hardware hash. |
-| At the time of placing an order, do customers need to be state whether they want it with or without Windows Autopilot options? | Yes, if they want Windows Autopilot, they will want Windows 10, version 1703 or later versions. Also, they will want to receive the CSV file or have the file upload (that is, registration) completed on their behalf. |
+| What version of the OA3 tool meets Windows Autopilot deployment requirements? | Windows Autopilot can work with any version of the OA3 tool. We recommend using a supported version of Windows 10 semi-annual channel to generate the 4K hardware hash. |
+| At the time of placing an order, do customers need to be state whether they want it with or without Windows Autopilot options? | Yes, if they want Windows Autopilot, they will want a supported version of Windows 10 semi-annual channel. Also, they will want to receive the CSV file or have the file upload (that is, registration) completed on their behalf. |
| Does the OEM need to manage or collect any custom imaging files from customers and perform any image uploads to Microsoft? | No change, OEMs just send the CBRs as usual to Microsoft. No images are sent to Microsoft to enable Windows Autopilot. Windows Autopilot only customizes OOBE and allows policy configurations (disables admin account, for example). |
-| Are there any customer impacts to upgrading from Windows 8 to Windows 10? | The devices must have Windows 10, version 1703 or later to enroll in Windows Autopilot deployment. Otherwise, there are no impacts. |
+| Are there any customer impacts to upgrading from Windows 8 to Windows 10? | The devices must be running a supported version of Windows 10 semi-annual channel to enroll in Windows Autopilot deployment. Otherwise, there are no impacts. |
| Will there be any change to the existing CBR with 4K hardware hash? | No. |
| What new information needs to be sent from the OEM to Microsoft? | Nothing, unless the OEM opts to register the device on the customer’s behalf, in which case they would upload the device ID using a CSV file into Microsoft Partner Center, or use the OEM Direct API. |
| Is there a contract or amendment for an OEM to participate in Windows Autopilot Deployment? | No. |
@@ -67,9 +67,9 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
| Question | Answer |
| --- | --- |
-| Must every hardware hash submitted by the OEM contain the SMBIOS UUID (universally unique identifier), MAC (media access control) address, and unique disk serial number (if using Windows 10, version 1703 and above OEM Activation 3.0 tool)? | Yes. Since Windows Autopilot is based on the ability to uniquely identify devices applying for cloud configuration, it is critical to submit hardware hashes that meet the outlined requirement. |
+| Must every hardware hash submitted by the OEM contain the SMBIOS UUID (universally unique identifier), MAC (media access control) address, and unique disk serial number (if using Windows 10 OEM Activation 3.0 tool)? | Yes. Since Windows Autopilot is based on the ability to uniquely identify devices applying for cloud configuration, it is critical to submit hardware hashes that meet the outlined requirement. |
| What is the reason for needing the SMBIOS UUID, MAC Address, and Disk Serial Number in the hardware hash details? | For creating the hardware hash, these are the fields that are needed to identify a device, as parts of the device are added or removed. Since we don’t have a unique identifier for Windows devices, this is the best logic to identify a device. |
-| What is difference between OA3 hardware hash, 4K hardware hash, and Windows Autopilot hardware hash? | None. They’re different names for the same thing. The Windows 10, 1703 version of the OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using a non-1703 version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
+| What is difference between OA3 hardware hash, 4K hardware hash, and Windows Autopilot hardware hash? | None. They’re different names for the same thing. The OA3 tool output is called the OA3 Hash, which is 4K in size, which is usable for the Windows Autopilot deployment scenario. Note: When using an older, unsupported Windows version OA3Tool, you get a different sized Hash, which may not be used for Windows Autopilot deployment. |
| What is the thought around parts replacement and repair for the NIC (network interface controller) and Disk? Will the hardware hash become invalid? | Yes. If you replace parts, you need to gather the new hardware hash, though it depends on what is replaced, and the characteristics of the parts. For example, if you replace the TPM or motherboard, it’s a new device and you must have new hardware hash. If you replace one network card, it’s probably not a new device, and the device will function with the old hardware hash. However, as a best practice, you should assume the old hardware hash is invalid and get a new hardware hash after any hardware changes. This is recommended anytime you replace parts. |
## Motherboard replacement
@@ -131,10 +131,8 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
|Question|Answer
|------------------|-----------------|
-|If I wipe the machine and restart, will I still receive Windows Autopilot?|Yes, if the device is still registered for Windows Autopilot and is running Windows 10, version 1703 7B and above releases, it will receive the Windows Autopilot experience.|
-|Can I harvest the device fingerprint on existing machines?|Yes, if the device is running Windows 10, version 1703 and above, you can harvest device fingerprints for registration. There are no plans to backport the functionality to previous releases and no way to harvest them on pre-Windows 10, version 1703 devices that have not been updated to Windows 10, version 1703.|
-|What is Windows 10, version 1703 7B and why does it matter?| Windows 10, version 1703 7B is a Windows 10, version 1703 image bundled with cumulative updates. To receive Autopilot, clients must run Windows 10, version 1703 7B or later. These cumulative updates contain a critical fix for Autopilot. Consider the following:
Windows Autopilot will not apply its profiles to the machine unless Azure AD credentials match the expected Azure AD tenant. For the Windows 10, version 1703 release, it was assumed that would be determined by the domain name, so the domain name used to register (for example contoso.com) should match the domain name used to sign in (for example user@contoso.com). But what happens if your tenant has multiple domains (for example us.contoso.com, or fr.contoso.com)? Since these domain names do not match, the device will not be configured for Autopilot. However, both domains are part of the same Azure AD tenant, and as such it was determined the matching scheme was not useful. This was improved upon by making use of the tenant ID. By using the tenant ID, you can determine that if the user signs into a domain with a tenant matching the one they registered with, you can safely consider this to be a match. The fix for this problem already exists in Windows 10, version 1709 and was backported into the Windows 10, version 1703 7B release.
**Key takeaways**: When using pre-Windows 10, version 1703 7B clients the user’s domain must match the domain they registered with. This functionality is found in Windows 10 version 1709 clients using build >= 16215, and Windows 10, version 1703 clients >= 7B. |
-|What is the impact of not updating to 7B?|See the detailed scenario described directly above.|
+|If I wipe the machine and restart, will I still receive Windows Autopilot?|Yes, if the device is still registered for Windows Autopilot and is running a supported version of Windows 10 semi-annual channel, it will receive the Windows Autopilot experience.|
+|Can I harvest the device fingerprint on existing machines?|Yes, if the device is running a supported version of Windows 10 semi-annual channel, you can harvest device fingerprints for registration. There are no plans to backport the functionality to legacy releases and no way to harvest them on devices running unsupported versions of Windows.|
|Is Windows Autopilot supported on other SKUs, for example, Surface Hub, HoloLens, Windows Mobile.|No, Windows Autopilot isn’t supported on other SKUs.|
|Does Windows Autopilot work after MBR or image reinstallation?|Yes.|
| Can machines that have reimaged a few times go through Autopilot? What does the error message "This user is not authorized to enroll" mean? Error code 801c0003. |There are limits to the number of devices a particular Azure AD user can enroll in Azure AD, as well as the number of devices that are supported per user in Intune. (These are configurable but not infinite.) You’ll run into this frequently if you reuse the devices, or even if you roll back to previous virtual machine snapshots.|
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 42b356bd61..516142c42a 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -39,7 +39,7 @@ The following video provides an overview of the process:
## Prerequisites
These are the things you'll need to complete this lab:
-| Windows 10 installation media | Windows 10 Professional or Enterprise (ISO file), version 1703 or later is required. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise. |
+| Windows 10 installation media | Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise. |
| Internet access | If you are behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet. |
| Hyper-V or a physical device running Windows 10 | The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V. |
| A Premium Intune account | This guide will describe how to obtain a free 30-day trial premium account that can be used to complete the lab. |
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
index 63437b2ab3..f58d814409 100644
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -80,9 +80,9 @@ On Windows 10 version 1709 and above, information about the Autopilot profile se
| TenantMatched | This will be set to 1 if the tenant ID of the user matches the tenant ID that the device was registered with. If this is 0, the user would be shown an error and forced to start over. |
| CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
-### Windows 10 version 1703 and above
+### Windows 10 semi-annual channel supported versions
-On Windows 10 version 1703 and above, ETW tracing can be used to capture detailed information from Autopilot and related components. The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools. See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
+On devices running a [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel, ETW tracing can be used to capture detailed information from Autopilot and related components. The resulting ETW trace files can then be viewed using the Windows Performance Analyzer or similar tools. See [the advanced troubleshooting blog](https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-300400/) for more information.
## Troubleshooting Azure AD Join issues
@@ -106,7 +106,7 @@ When a profile is downloaded depends on the version of Windows 10 that is runnin
| Windows 10 version | Profile download behavior |
| --- | --- |
-| 1703 and 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
+| 1709 | The profile is downloaded after the OOBE network connection page. This page is not displayed when using a wired connection. In this case, the profile is downloaded just prior to the EULA screen. |
| 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index 1b234651ad..b93eba2709 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -27,7 +27,7 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur
## Software requirements
-- Windows 10 version 1703 (semi-annual channel) or higher is required.
+- A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel is required. Windows 10 Enterprise 2019 long-term servicing channel (LTSC) is also supported.
- The following editions are supported:
- Windows 10 Pro
- Windows 10 Pro Education
@@ -36,6 +36,9 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur
- Windows 10 Education
- Windows 10 Enterprise 2019 LTSC
+>[!NOTE]
+>Procedures for deploying Windows Autopilot might refer to specific products and versions. The inclusion of these products in this content doesn't imply an extension of support for a version that is beyond its support lifecycle. Windows Autopilot does not support products that are beyond their support lifecycle. For more information, see [Microsoft Lifecycle Policy](https://go.microsoft.com/fwlink/p/?LinkId=208270).
+
## Networking requirements
Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index 7079e66d14..a7e2877f3a 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -58,7 +58,7 @@ From the IT pro's perspective, the only interaction required from the end user i
## Requirements
-Windows 10 version 1703 or higher is required to use Windows Autopilot. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
+A [supported version](https://docs.microsoft.com/windows/release-information/) of Windows 10 semi-annual channel is required to use Windows Autopilot. Windows 10 Enterprise LTSC 2019 is also supported. See [Windows Autopilot requirements](windows-autopilot-requirements.md) for detailed information on software, configuration, network, and licensing requirements.
## Related topics
diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml
index 404538ea70..829cea21b4 100644
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
See details > | OS Build 14393.2608
November 13, 2018
KB4467691 | Resolved External
| January 23, 2020
02:08 PM PT |
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 14393.3206
September 23, 2019
KB4522010 | Resolved
KB4519998 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 14393.3204
September 10, 2019
KB4516044 | Resolved
| September 17, 2019
04:47 PM PT |
Apps and scripts using the NetQueryDisplayInformation API may fail with error
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details > | OS Build 14393.3053
June 18, 2019
KB4503294 | Resolved
KB4516044 | September 10, 2019
10:00 AM PT |
@@ -40,8 +41,6 @@ sections:
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details > | OS Build 14393.3144
August 13, 2019
KB4512517 | Resolved
KB4512495 | August 17, 2019
02:00 PM PT |
Internet Explorer 11 and apps using the WebBrowser control may fail to render
JavaScript may fail to render as expected in IE11 and in apps using JavaScript or the WebBrowser control.
See details > | OS Build 14393.3085
July 09, 2019
KB4507460 | Resolved
KB4512517 | August 13, 2019
10:00 AM PT |
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.
See details > | OS Build 14393.3025
June 11, 2019
KB4503267 | Resolved External
| August 09, 2019
07:03 PM PT |
- SCVMM cannot enumerate and manage logical switches deployed on the host
System Center Virtual Machine Manager cannot enumerate and manage logical switches deployed on managed hosts.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Resolved
KB4507459 | July 16, 2019
10:00 AM PT |
- Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)
See details > | OS Build 14393.2941
April 25, 2019
KB4493473 | Resolved
KB4507459 | July 16, 2019
10:00 AM PT |
"
@@ -85,20 +84,11 @@ sections:
"
-- title: June 2019
-- items:
- - type: markdown
- text: "
- | Details | Originating update | Status | History |
- Some applications may fail to run as expected on clients of AD FS 2016Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.
Affected platforms: - Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.
Back to top | OS Build 14393.2941
April 25, 2019
KB4493473 | Resolved
KB4507459 | Resolved:
July 16, 2019
10:00 AM PT
Opened:
June 04, 2019
05:55 PM PT |
-
- "
-
- title: November 2018
- items:
- type: markdown
text: "
| Details | Originating update | Status | History |
- SCVMM cannot enumerate and manage logical switches deployed on the hostFor hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host after installing KB4467684.
Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.
Affected platforms: - Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.
Back to top | OS Build 14393.2639
November 27, 2018
KB4467684 | Resolved
KB4507459 | Resolved:
July 16, 2019
10:00 AM PT
Opened:
November 27, 2018
10:00 AM PT |
+ Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAMAfter installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
Affected platforms: - Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.
If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.
Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.
Back to top | OS Build 14393.2608
November 13, 2018
KB4467691 | Resolved External
| Last updated:
January 23, 2020
02:08 PM PT
Opened:
November 13, 2018
10:00 AM PT |
"
diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml
index 92e479f7e8..82bf0df89e 100644
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
KB4534318 | January 23, 2020
02:00 PM PT |
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 16299.1392
September 23, 2019
KB4522012 | Resolved
KB4520004 | October 08, 2019
10:00 AM PT |
IME may become unresponsive or have High CPU usage
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
| September 19, 2019
04:08 PM PT |
Domain connected devices that use MIT Kerberos realms will not start up
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details > | OS Build 16299.1296
July 16, 2019
KB4507465 | Resolved
KB4512516 | August 13, 2019
10:00 AM PT |
@@ -48,6 +49,15 @@ sections:
"
+- title: October 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534318.
Back to top | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
KB4534318 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
+
+ "
+
- title: September 2019
- items:
- type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml
index 378576d142..bdf3c62854 100644
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
KB4534308 | January 23, 2020
02:00 PM PT |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17134.950
August 13, 2019
KB4512501 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17134.829
June 11, 2019
KB4503286 | Resolved
KB4519978 | October 15, 2019
10:00 AM PT |
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | OS Build 17134.1009
September 23, 2019
KB4522014 | Resolved
KB4520008 | October 08, 2019
10:00 AM PT |
@@ -51,6 +52,15 @@ sections:
"
+- title: October 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534308.
Back to top | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
KB4534308 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
+
+ "
+
- title: September 2019
- items:
- type: markdown
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index 82cba46203..d113831f80 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
KB4534321 | January 23, 2020
02:00 PM PT |
Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.
See details > | OS Build 17763.832
October 15, 2019
KB4520062 | Resolved
KB4523205 | November 12, 2019
10:00 AM PT |
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.
See details > | OS Build 17763.678
August 13, 2019
KB4511553 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
Startup to a black screen after installing updates
Your device may startup to a black screen during the first logon after installing updates.
See details > | OS Build 17763.557
June 11, 2019
KB4503327 | Resolved
KB4520062 | October 15, 2019
10:00 AM PT |
@@ -57,6 +58,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534321.
Back to top | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
KB4534321 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
Microsoft Defender Advanced Threat Protection might stop runningAfter installing the optional non-security update ( KB4520062), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer on MsSense.exe.
Note Microsoft Windows Defender Antivirus is not affected by this issue.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4523205.
Back to top | OS Build 17763.832
October 15, 2019
KB4520062 | Resolved
KB4523205 | Resolved:
November 12, 2019
10:00 AM PT
Opened:
October 17, 2019
05:14 PM PT |
"
diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
index 7401114369..9856117a73 100644
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Resolved
| January 23, 2020
02:08 PM PT |
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516048 | Resolved
KB4519976 | October 08, 2019
10:00 AM PT |
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.
See details > | August 13, 2019
KB4512506 | Resolved
KB4516048 | September 24, 2019
10:00 AM PT |
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed
See details > | August 13, 2019
KB4512506 | Resolved External
| August 27, 2019
02:29 PM PT |
@@ -49,6 +50,15 @@ sections:
"
+- title: November 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Resolved
| Resolved:
January 23, 2020
02:08 PM PT
Opened:
November 15, 2019
05:59 PM PT |
+
+ "
+
- title: September 2019
- items:
- type: markdown
diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
index 18fc3ff189..8f891fdf1a 100644
--- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
+++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Resolved
| January 23, 2020
02:08 PM PT |
Issues manually installing updates by double-clicking the .msu file
You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.
See details > | September 10, 2019
KB4474419 | Resolved
KB4474419 | September 23, 2019
10:00 AM PT |
Intermittent issues when printing
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details > | September 24, 2019
KB4516030 | Resolved
KB4520002 | October 08, 2019
10:00 AM PT |
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details > | June 11, 2019
KB4503273 | Resolved
KB4512499 | August 17, 2019
02:00 PM PT |
@@ -47,6 +48,15 @@ sections:
"
+- title: November 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Resolved
| Resolved:
January 23, 2020
02:08 PM PT
Opened:
November 15, 2019
05:59 PM PT |
+
+ "
+
- title: September 2019
- items:
- type: markdown
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index d38454e785..4a3d572494 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -60,9 +60,9 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
+ Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
See details > | OS Build 14393.2608
November 13, 2018
KB4467691 | Resolved External
| January 23, 2020
02:08 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | OS Build 14393.3274
October 08, 2019
KB4519998 | Mitigated External
| November 05, 2019
03:36 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 14393.2724
January 08, 2019
KB4480961 | Mitigated
| April 25, 2019
02:00 PM PT |
- Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
See details > | OS Build 14393.2608
November 13, 2018
KB4467691 | Mitigated
| February 19, 2019
10:00 AM PT |
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
"
@@ -97,7 +97,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAMAfter installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
Affected platforms: - Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.
If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.
Next steps: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.
Back to top | OS Build 14393.2608
November 13, 2018
KB4467691 | Mitigated
| Last updated:
February 19, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PT |
+ Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAMAfter installing KB4467691, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.
Affected platforms: - Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2016
Workaround: Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.
If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.
Resolution: Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.
Back to top | OS Build 14393.2608
November 13, 2018
KB4467691 | Resolved External
| Last updated:
January 23, 2020
02:08 PM PT
Opened:
November 13, 2018
10:00 AM PT |
Cluster service may fail if the minimum password length is set to greater than 14After installing KB4467684, the cluster service may fail to start with the error \"2245 (NERR_PasswordTooShort)\" if the Group Policy \"Minimum Password Length\" is configured with greater than 14 characters.
Affected platforms: - Client: Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
- Server: Windows Server 2016
Workaround: Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| Last updated:
April 25, 2019
02:00 PM PT
Opened:
November 27, 2018
10:00 AM PT |
"
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index af729c8f0f..47169eb98d 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Mitigated
| November 12, 2019
08:05 AM PT |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
KB4534318 | January 23, 2020
02:00 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | OS Build 16299.1451
October 08, 2019
KB4520004 | Mitigated External
| November 05, 2019
03:36 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 16299.904
January 08, 2019
KB4480978 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -87,7 +87,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 16299.1387
September 10, 2019
KB4516066 | Mitigated
| Last updated:
November 12, 2019
08:05 AM PT
Opened:
October 29, 2019
05:15 PM PT |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534318.
Back to top | OS Build 16299.1387
September 10, 2019
KB4516066 | Resolved
KB4534318 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index 397f577291..9f10885c6c 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -64,7 +64,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17134.1006
September 10, 2019
KB4516058 | Mitigated
| November 12, 2019
08:05 AM PT |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
KB4534308 | January 23, 2020
02:00 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | OS Build 17134.1069
October 08, 2019
KB4520008 | Mitigated External
| November 05, 2019
03:36 PM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 17134.523
January 08, 2019
KB4480966 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -91,7 +91,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17134.1006
September 10, 2019
KB4516058 | Mitigated
| Last updated:
November 12, 2019
08:05 AM PT
Opened:
October 29, 2019
05:15 PM PT |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534308.
Back to top | OS Build 17134.1006
September 10, 2019
KB4516058 | Resolved
KB4534308 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 51ee30b209..2e9516660f 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -64,7 +64,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17763.737
September 10, 2019
KB4512578 | Mitigated
| November 12, 2019
08:05 AM PT |
+ Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details > | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
KB4534321 | January 23, 2020
02:00 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | OS Build 17763.805
October 08, 2019
KB4519338 | Mitigated External
| November 05, 2019
03:36 PM PT |
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"
See details > | OS Build 17763.437
April 09, 2019
KB4493509 | Mitigated
| May 03, 2019
10:59 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| April 09, 2019
10:00 AM PT |
@@ -92,7 +92,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 17763.737
September 10, 2019
KB4512578 | Mitigated
| Last updated:
November 12, 2019
08:05 AM PT
Opened:
October 29, 2019
05:15 PM PT |
+ | Unable to create local users in Chinese, Japanese and Korean during device setup When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.
Note This issue does not affect using a Microsoft Account during OOBE.
Affected platforms: - Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
- Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4534321.
Back to top | OS Build 17763.737
September 10, 2019
KB4512578 | Resolved
KB4534321 | Resolved:
January 23, 2020
02:00 PM PT
Opened:
October 29, 2019
05:15 PM PT |
"
diff --git a/windows/release-information/status-windows-10-1909.yml b/windows/release-information/status-windows-10-1909.yml
index 61f2073d2e..36288e57f2 100644
--- a/windows/release-information/status-windows-10-1909.yml
+++ b/windows/release-information/status-windows-10-1909.yml
@@ -21,7 +21,7 @@ sections:
Find information on known issues and the status of the rollout for Windows 10, version 1909 and Windows Server, version 1909. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
-Current status as of December 5, 2019: Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel. Beginning today, we will slowly start the phased process to automatically initiate a feature update for devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. We are starting this rollout process several months in advance of the end of service date to provide adequate time for a smooth update process.
For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post. Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.
+ | Current status as of January 21, 2020: Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel. We are starting the next phase in our controlled approach to automatically initiate a feature update for an increased number of devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. Our rollout process starts several months in advance of the end of service date to provide adequate time for a smooth update process.
For information on how users running Windows 10, version 1903 can update to Windows 10, version 1909 in a new, streamlined way, see this post. Note follow @WindowsUpdate on Twitter to find out when new content is published to the release information dashboard.
|
"
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index 574e1ff814..f88f58ac4c 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -60,7 +60,8 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Mitigated
| November 15, 2019
05:59 PM PT |
+ Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.
See details > | January 14, 2020
KB4534310 | Mitigated
| January 24, 2020
09:15 AM PT |
+ MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Resolved
| January 23, 2020
02:08 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | October 08, 2019
KB4519976 | Mitigated External
| November 05, 2019
03:36 PM PT |
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.
See details > | August 13, 2019
KB4512506 | Mitigated
| August 17, 2019
12:59 PM PT |
@@ -73,12 +74,21 @@ sections:
"
+- title: January 2020
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ Custom wallpaper displays as blackAfter installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following: - Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
- Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available in mid-February for organizations who have purchased Windows 7 Extended Security Updates (ESU).
Back to top | January 14, 2020
KB4534310 | Mitigated
| Last updated:
January 24, 2020
09:15 AM PT
Opened:
January 24, 2020
09:15 AM PT |
+
+ "
+
- title: November 2019
- items:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here.
Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Mitigated
| Last updated:
November 15, 2019
05:59 PM PT
Opened:
November 15, 2019
05:59 PM PT |
+ | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Resolved
| Resolved:
January 23, 2020
02:08 PM PT
Opened:
November 15, 2019
05:59 PM PT |
TLS connections might fail or timeoutUpdates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption ( RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events: - \"The request was aborted: Could not create SSL/TLS secure Channel\"
- SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Back to top | October 08, 2019
KB4519976 | Mitigated External
| Last updated:
November 05, 2019
03:36 PM PT
Opened:
November 05, 2019
03:36 PM PT |
"
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index 0a5c7ee17d..2ea115dab7 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -60,7 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
- MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Mitigated
| November 15, 2019
05:59 PM PT |
+ MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.
See details > |
| Resolved
| January 23, 2020
02:08 PM PT |
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.
See details > | October 08, 2019
KB4520002 | Mitigated External
| November 05, 2019
03:36 PM PT |
"
@@ -77,7 +77,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: You can manually install the November 2019 update for Windows Malicious Software Removal Tool (MSRT) by downloading it here for 32-bit x86-based devices or here for 64-bit x64-based devices. If you are using WSUS or Configuration Manager, guidance can be found here.
Next steps: This issue has been mitigated on the server side and MSRT will no longer offered to affected platforms. We are working on a resolution and estimate a solution will be available in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Mitigated
| Last updated:
November 15, 2019
05:59 PM PT
Opened:
November 15, 2019
05:59 PM PT |
+ | MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109. WUAHandler 14/11/2019 16:33:23 980 (0x03D4)\". Note All Configuration Manager information also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.
Affected platforms: - Client: Windows 7 SP1
- Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).
Back to top |
| Resolved
| Resolved:
January 23, 2020
02:08 PM PT
Opened:
November 15, 2019
05:59 PM PT |
TLS connections might fail or timeoutUpdates for Windows released October 8, 2019 or later provide protections, tracked by CVE-2019-1318, against an attack that could allow unauthorized access to information or data within TLS connections. This type of attack is known as a man-in-the-middle exploit. Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption ( RFC 7627). Lack of RFC support might cause one or more of the following errors or logged events: - \"The request was aborted: Could not create SSL/TLS secure Channel\"
- SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Next Steps: Connections between two devices running any supported version of Windows should not have this issue when fully updated. There is no update for Windows needed for this issue. These changes are required to address a security issue and security compliance. For information, see KB4528489.
Back to top | October 08, 2019
KB4520002 | Mitigated External
| Last updated:
November 05, 2019
03:36 PM PT
Opened:
November 05, 2019
03:36 PM PT |
"
diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml
index ee042491ec..671d2a1748 100644
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@@ -50,6 +50,7 @@ sections:
text: "
| Message | Date |
+ January 2020 Windows \"C\" optional release is available.
The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release. | January 23, 2020
12:00 PM PT |
Windows 7 has reached end of support
| January 15, 2020
10:00 AM PT |
Take action: January 2020 security update available for all supported versions of Windows
The January 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate. | January 14, 2020
08:00 AM PT |
Advisory: Windows CryptoAPI certificate validation vulnerability
On January 14, 2020, Microsoft released security updates to address an elliptic-curve cryptography (ECC) certificate validation issue in the Windows CryptoAPI. This vulnerability applies to all versions of the Windows 10 operating system, client and server. While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to all of your Windows 10 devices with priority. Here is what you need to know: - If you are running a supported version of Windows 10 and have automatic updates enabled, you are automatically protected and do not need to take any further action.
- If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply those updates to your Windows 10 devices and servers as soon as possible.
| January 14, 2020
08:00 AM PT |
diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md
index 50958f0314..c712073a39 100644
--- a/windows/security/identity-protection/access-control/active-directory-accounts.md
+++ b/windows/security/identity-protection/access-control/active-directory-accounts.md
@@ -334,7 +334,7 @@ A strong password is assigned to the KRBTGT and trust accounts automatically. Li
Resetting the password requires you either to be a member of the Domain Admins group, or to have been delegated with the appropriate authority. In addition, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
-After you reset the KRBTGT password, ensure that event ID 6 in the (Kerberos) Key-Distribution-Center event source is written to the System event log.
+After you reset the KRBTGT password, ensure that event ID 9 in the (Kerberos) Key-Distribution-Center event source is written to the System event log.
### Security considerations
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 68102f6e49..d0124ff8cf 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -78,9 +78,6 @@ Applications may cause performance issues when they attempt to hook the isolated
Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard.
-See this video: [Credentials Protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
-
-
## Security considerations
All computers that meet baseline protections for hardware, firmware, and software can use Windows Defender Credential Guard.
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index f1d56f5bb0..3e982143da 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -36,18 +36,6 @@ Windows Hello addresses the following problems with passwords:
## Prerequisites
-> [!Important]
-> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model..
-> **Requirements:**
-> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
->
-> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
-> **Requirements:**
-> Reset from settings - Windows 10, version 1703, Professional
-> Reset above lock screen - Windows 10, version 1709, Professional
-> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
-
### Cloud Only Deployment
* Windows 10, version 1511 or later
@@ -75,6 +63,18 @@ The table shows the minimum requirements for each deployment. For key trust in a
| Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect |
| Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
+> [!Important]
+> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.
+> **Requirements:**
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>
+> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.
+> **Requirements:**
+> Reset from settings - Windows 10, version 1703, Professional
+> Reset above lock screen - Windows 10, version 1709, Professional
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
### On-premises Deployments
The table shows the minimum requirements for each deployment.
diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
index 5b2d65942a..116ddd8e14 100644
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@@ -47,7 +47,7 @@ Microsoft information protection technologies include:
## How WIP protects sensitivity labels with endpoint data loss prevention
You can create and manage [sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) in the Microsoft 365 compliance center.
-When you create a sensitivity label, you can specify that endpoint data loss prevention applies to content with that label.
+When you [create a sensitivity label](https://docs.microsoft.com/microsoft-365/compliance/create-sensitivity-labels), you can specify that endpoint data loss prevention applies to content with that label.
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 3e55222065..6bd34daec8 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -114,7 +114,7 @@
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]()
##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
-##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md)
+##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
@@ -153,6 +153,15 @@
### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
+
+## [Deployment guide]()
+### [Product brief](microsoft-defender-atp/product-brief.md)
+### [Prepare deployment](microsoft-defender-atp/prepare-deployment.md)
+### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
+### [Production deployment](microsoft-defender-atp/production-deployment.md)
+### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
+
+
## [Get started]()
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
similarity index 78%
rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
index c7fd28fc75..50d1242878 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
@@ -1,7 +1,7 @@
---
-title: AlertEvents table in the advanced hunting schema
-description: Learn about alert generation events in the AlertEvents table of the advanced hunting schema
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category
+title: DeviceAlertEvents table in the advanced hunting schema
+description: Learn about alert generation events in the DeviceAlertEvents table of the advanced hunting schema
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -15,10 +15,10 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/08/2019
+ms.date: 01/22/2020
---
-# AlertEvents
+# DeviceAlertEvents
**Applies to:**
@@ -26,7 +26,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
+The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
index e12b58d2c7..f386c93d96 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
@@ -39,7 +39,7 @@ For information on other tables in the advanced hunting schema, see [the advance
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
| `IsSigned` | boolean | Indicates whether the file is signed |
-| `SignatureType` | string | Indicates whether signature information was read as embedded | content in the file itself or read from an external catalog file |
+| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file |
| `Signer` | string | Information about the signer of the file |
| `SignerHash` | string | Unique hash value identifying the signer |
| `Issuer` | string | Information about the issuing certificate authority (CA) |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
index d57a965bcf..fe1f719c73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
@@ -26,7 +26,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-The `DeviceImageLoadEvents table` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
+The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index 8eb7542ce5..6e13b372ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -37,7 +37,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| Table name | Description |
|------------|-------------|
-| **[AlertEvents](advanced-hunting-alertevents-table.md)** | Alerts on Microsoft Defender Security Center |
+| **[DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)** | Alerts on Microsoft Defender Security Center |
| **[DeviceInfo](advanced-hunting-deviceinfo-table.md)** | Machine information, including OS information |
| **[DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md)** | Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains |
| **[DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md)** | Process creation and related events |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md
index 9efd108ce9..5af1cfe1f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md
@@ -28,7 +28,7 @@ ms.date: 11/12/2019
[!include[Prerelease information](../../includes/prerelease.md)]
-The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
new file mode 100644
index 0000000000..30e6e789bd
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md
@@ -0,0 +1,60 @@
+---
+title: Helpful Microsoft Defender Advanced Threat Protection resources
+description: Access helpful resources such as links to blogs and other resources related to Microsoft Defender Advanced Threat Protection
+keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Helpful Microsoft Defender Advanced Threat Protection resources
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Access helpful resources such as links to blogs and other resources related to Microsoft Defender Advanced Threat Protection.
+
+## Endpoint protection platform
+- [Top scoring in industry
+ tests](https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests)
+
+- [Inside out: Get to know the advanced technologies at the core of Microsoft
+ Defender ATP next generation
+ protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/)
+
+- [Protecting disconnected devices with Microsoft Defender
+ ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341)
+
+- [Tamper protection in Microsoft Defender
+ ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
+
+## Endpoint Detection Response
+
+- [Incident response at your fingertips with Microsoft Defender ATP live
+ response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894)
+
+## Threat Vulnerability Management
+
+- [Microsoft Defender ATP Threat & Vulnerability Management now publicly
+ available!](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977)
+
+## Operational
+
+- [The Golden Hour remake - Defining metrics for a successful security
+ operations](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/The-Golden-Hour-remake-Defining-metrics-for-a-successful/ba-p/782014)
+
+- [Microsoft Defender ATP Evaluation lab is now available in public preview
+ ](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-Evaluation-lab-is-now-available-in-public/ba-p/770271)
+
+- [How automation brings value to your security
+ teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/09833d16df7f37eda97ea1d5009b651a.png b/windows/security/threat-protection/microsoft-defender-atp/images/09833d16df7f37eda97ea1d5009b651a.png
new file mode 100644
index 0000000000..abea5e0e79
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/09833d16df7f37eda97ea1d5009b651a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0a6536f2c4024c08709cac8fcf800060.png b/windows/security/threat-protection/microsoft-defender-atp/images/0a6536f2c4024c08709cac8fcf800060.png
new file mode 100644
index 0000000000..6ecfd587f2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0a6536f2c4024c08709cac8fcf800060.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0ccfe3e803be4b56c668b220b51da7f7.png b/windows/security/threat-protection/microsoft-defender-atp/images/0ccfe3e803be4b56c668b220b51da7f7.png
new file mode 100644
index 0000000000..03b88ba1b1
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0ccfe3e803be4b56c668b220b51da7f7.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/112a19b825f4e7b60795ffbd1be52fa9.png b/windows/security/threat-protection/microsoft-defender-atp/images/112a19b825f4e7b60795ffbd1be52fa9.png
new file mode 100644
index 0000000000..0fd52ae187
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/112a19b825f4e7b60795ffbd1be52fa9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/13201b477bc9a9ae0020814915fe80cc.png b/windows/security/threat-protection/microsoft-defender-atp/images/13201b477bc9a9ae0020814915fe80cc.png
new file mode 100644
index 0000000000..f09c0502a5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/13201b477bc9a9ae0020814915fe80cc.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1566ad81bae3d714cc9e0d47575a8cbd.png b/windows/security/threat-protection/microsoft-defender-atp/images/1566ad81bae3d714cc9e0d47575a8cbd.png
new file mode 100644
index 0000000000..a28b8fdac5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1566ad81bae3d714cc9e0d47575a8cbd.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1b9f85316170cfe24b46330afa8517d5.png b/windows/security/threat-protection/microsoft-defender-atp/images/1b9f85316170cfe24b46330afa8517d5.png
new file mode 100644
index 0000000000..dd1e768536
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1b9f85316170cfe24b46330afa8517d5.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1c3795a91872940f0850bcd1619d6d17.png b/windows/security/threat-protection/microsoft-defender-atp/images/1c3795a91872940f0850bcd1619d6d17.png
new file mode 100644
index 0000000000..c15c6bfbd5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1c3795a91872940f0850bcd1619d6d17.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1e439168370e6821083f2c0e91cfabef.png b/windows/security/threat-protection/microsoft-defender-atp/images/1e439168370e6821083f2c0e91cfabef.png
new file mode 100644
index 0000000000..ce5171fa8b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1e439168370e6821083f2c0e91cfabef.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2177e2b9b72a444243acd770e7017457.png b/windows/security/threat-protection/microsoft-defender-atp/images/2177e2b9b72a444243acd770e7017457.png
new file mode 100644
index 0000000000..db6b6881f4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2177e2b9b72a444243acd770e7017457.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/227f249bcb6e7f29c4d43aa1ffaccd20.png b/windows/security/threat-protection/microsoft-defender-atp/images/227f249bcb6e7f29c4d43aa1ffaccd20.png
new file mode 100644
index 0000000000..2576c45c77
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/227f249bcb6e7f29c4d43aa1ffaccd20.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/24bfb16ed561cbb468bd8ce51130ca9d.png b/windows/security/threat-protection/microsoft-defender-atp/images/24bfb16ed561cbb468bd8ce51130ca9d.png
new file mode 100644
index 0000000000..ccba2cefda
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/24bfb16ed561cbb468bd8ce51130ca9d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/262a41839704d6da2bbd72ed6b4a826a.png b/windows/security/threat-protection/microsoft-defender-atp/images/262a41839704d6da2bbd72ed6b4a826a.png
new file mode 100644
index 0000000000..d9e4d196b0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/262a41839704d6da2bbd72ed6b4a826a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/26efa2711bca78f6b6d73712f86b5bd9.png b/windows/security/threat-protection/microsoft-defender-atp/images/26efa2711bca78f6b6d73712f86b5bd9.png
new file mode 100644
index 0000000000..79fb39ee6c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/26efa2711bca78f6b6d73712f86b5bd9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2c7f9d05a2ebd19607cc76b6933b945b.png b/windows/security/threat-protection/microsoft-defender-atp/images/2c7f9d05a2ebd19607cc76b6933b945b.png
new file mode 100644
index 0000000000..9418fb64f3
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2c7f9d05a2ebd19607cc76b6933b945b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/33f08a38f2f4dd12a364f8eac95e8c6b.png b/windows/security/threat-protection/microsoft-defender-atp/images/33f08a38f2f4dd12a364f8eac95e8c6b.png
new file mode 100644
index 0000000000..52392e9097
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/33f08a38f2f4dd12a364f8eac95e8c6b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/36c7c2ed737f2f4b54918a4f20791d4b.png b/windows/security/threat-protection/microsoft-defender-atp/images/36c7c2ed737f2f4b54918a4f20791d4b.png
new file mode 100644
index 0000000000..a6947f5624
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/36c7c2ed737f2f4b54918a4f20791d4b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3876ca687391bfc0ce215d221c683970.png b/windows/security/threat-protection/microsoft-defender-atp/images/3876ca687391bfc0ce215d221c683970.png
new file mode 100644
index 0000000000..786273e269
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3876ca687391bfc0ce215d221c683970.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3a01c7970ce3ec977a35883c0a01f0a2.png b/windows/security/threat-protection/microsoft-defender-atp/images/3a01c7970ce3ec977a35883c0a01f0a2.png
new file mode 100644
index 0000000000..20f45112fc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3a01c7970ce3ec977a35883c0a01f0a2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3c1cf2e3df19509b198c084f264b410d.png b/windows/security/threat-protection/microsoft-defender-atp/images/3c1cf2e3df19509b198c084f264b410d.png
new file mode 100644
index 0000000000..b5a56d8ff7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3c1cf2e3df19509b198c084f264b410d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/41b9a023bc96364062c2041a8f5c344e.png b/windows/security/threat-protection/microsoft-defender-atp/images/41b9a023bc96364062c2041a8f5c344e.png
new file mode 100644
index 0000000000..85a0cce645
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/41b9a023bc96364062c2041a8f5c344e.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4a37f3687e6ff53a593d3670b1dad3aa.png b/windows/security/threat-protection/microsoft-defender-atp/images/4a37f3687e6ff53a593d3670b1dad3aa.png
new file mode 100644
index 0000000000..6aefd54b7b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4a37f3687e6ff53a593d3670b1dad3aa.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/5420a8790c550f39f189830775a6d4c9.png b/windows/security/threat-protection/microsoft-defender-atp/images/5420a8790c550f39f189830775a6d4c9.png
new file mode 100644
index 0000000000..3222b68426
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/5420a8790c550f39f189830775a6d4c9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/653db482c7ccaf31d06f29fb2aa24b7a.png b/windows/security/threat-protection/microsoft-defender-atp/images/653db482c7ccaf31d06f29fb2aa24b7a.png
new file mode 100644
index 0000000000..c38fa668f8
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/653db482c7ccaf31d06f29fb2aa24b7a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6d325a2f9a638337823e03ad5ca08651.png b/windows/security/threat-protection/microsoft-defender-atp/images/6d325a2f9a638337823e03ad5ca08651.png
new file mode 100644
index 0000000000..280bd8fe5a
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6d325a2f9a638337823e03ad5ca08651.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/728c10ef26042bbdbcd270b6343f1a8a.png b/windows/security/threat-protection/microsoft-defender-atp/images/728c10ef26042bbdbcd270b6343f1a8a.png
new file mode 100644
index 0000000000..6004368075
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/728c10ef26042bbdbcd270b6343f1a8a.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/80db725cdf6502f4579b7513e5e8ecd4.png b/windows/security/threat-protection/microsoft-defender-atp/images/80db725cdf6502f4579b7513e5e8ecd4.png
new file mode 100644
index 0000000000..982987eecc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/80db725cdf6502f4579b7513e5e8ecd4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8999dd697e3b495c04eb911f8b68a1ef.png b/windows/security/threat-protection/microsoft-defender-atp/images/8999dd697e3b495c04eb911f8b68a1ef.png
new file mode 100644
index 0000000000..d44ef55ea4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8999dd697e3b495c04eb911f8b68a1ef.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/91b738e4b97c4272fd6d438d8c2d5269.png b/windows/security/threat-protection/microsoft-defender-atp/images/91b738e4b97c4272fd6d438d8c2d5269.png
new file mode 100644
index 0000000000..04e48619f5
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/91b738e4b97c4272fd6d438d8c2d5269.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/945c9c5d66797037c3caeaa5c19f135c.png b/windows/security/threat-protection/microsoft-defender-atp/images/945c9c5d66797037c3caeaa5c19f135c.png
new file mode 100644
index 0000000000..7635b49f3e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/945c9c5d66797037c3caeaa5c19f135c.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/95d23a07c2c8bc79176788f28cef7557.png b/windows/security/threat-protection/microsoft-defender-atp/images/95d23a07c2c8bc79176788f28cef7557.png
new file mode 100644
index 0000000000..8e07f27524
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/95d23a07c2c8bc79176788f28cef7557.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9736e0358e86bc778ce1bd4c516adb8b.png b/windows/security/threat-protection/microsoft-defender-atp/images/9736e0358e86bc778ce1bd4c516adb8b.png
new file mode 100644
index 0000000000..a205159bcc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9736e0358e86bc778ce1bd4c516adb8b.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a22081b675da83e8f62a046ae6922b0d.png b/windows/security/threat-protection/microsoft-defender-atp/images/a22081b675da83e8f62a046ae6922b0d.png
new file mode 100644
index 0000000000..ea76ada5b0
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a22081b675da83e8f62a046ae6922b0d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a28afc02c1940d5220b233640364970c.png b/windows/security/threat-protection/microsoft-defender-atp/images/a28afc02c1940d5220b233640364970c.png
new file mode 100644
index 0000000000..ed201870fc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a28afc02c1940d5220b233640364970c.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a8b934dab2dbba289cf64fe30e0e8aa4.png b/windows/security/threat-protection/microsoft-defender-atp/images/a8b934dab2dbba289cf64fe30e0e8aa4.png
new file mode 100644
index 0000000000..c37385be18
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a8b934dab2dbba289cf64fe30e0e8aa4.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png b/windows/security/threat-protection/microsoft-defender-atp/images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png
new file mode 100644
index 0000000000..cce824fab2
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/adc17988b0984ca2aa3ff8f41ddacaf9.png b/windows/security/threat-protection/microsoft-defender-atp/images/adc17988b0984ca2aa3ff8f41ddacaf9.png
new file mode 100644
index 0000000000..82dee6a0cc
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/adc17988b0984ca2aa3ff8f41ddacaf9.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c039b2e05dba1ade6fb4512456380c9f.png b/windows/security/threat-protection/microsoft-defender-atp/images/c039b2e05dba1ade6fb4512456380c9f.png
new file mode 100644
index 0000000000..d829f21d90
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c039b2e05dba1ade6fb4512456380c9f.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cd7daeb392ad5a36f2d3a15d650f1e96.png b/windows/security/threat-protection/microsoft-defender-atp/images/cd7daeb392ad5a36f2d3a15d650f1e96.png
new file mode 100644
index 0000000000..94c9207f1e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cd7daeb392ad5a36f2d3a15d650f1e96.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cf5f3aa9ab4dafc99cac2571e9fba84e.png b/windows/security/threat-protection/microsoft-defender-atp/images/cf5f3aa9ab4dafc99cac2571e9fba84e.png
new file mode 100644
index 0000000000..a730ac1438
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cf5f3aa9ab4dafc99cac2571e9fba84e.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/d18e40c9e60aecf1f9a93065cb7567bd.png b/windows/security/threat-protection/microsoft-defender-atp/images/d18e40c9e60aecf1f9a93065cb7567bd.png
new file mode 100644
index 0000000000..51953de984
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/d18e40c9e60aecf1f9a93065cb7567bd.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/e156a7ef87ea6472d57a3dc594bf08c2.png b/windows/security/threat-protection/microsoft-defender-atp/images/e156a7ef87ea6472d57a3dc594bf08c2.png
new file mode 100644
index 0000000000..36d62a08a7
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/e156a7ef87ea6472d57a3dc594bf08c2.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f5508317cd8c7870627cb4726acd5f3d.png b/windows/security/threat-protection/microsoft-defender-atp/images/f5508317cd8c7870627cb4726acd5f3d.png
new file mode 100644
index 0000000000..b900487c3e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f5508317cd8c7870627cb4726acd5f3d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f91f406e6e0aae197a947d3b0e8b2d0d.png b/windows/security/threat-protection/microsoft-defender-atp/images/f91f406e6e0aae197a947d3b0e8b2d0d.png
new file mode 100644
index 0000000000..37a9e5ac2e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f91f406e6e0aae197a947d3b0e8b2d0d.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png
new file mode 100644
index 0000000000..6d49c8b659
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png
new file mode 100644
index 0000000000..39b714cdd4
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-platform.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-platform.png
new file mode 100644
index 0000000000..ad86ffd4aa
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-platform.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-addrule.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-addrule.png
new file mode 100644
index 0000000000..ecef165279
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-addrule.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-confirm.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-confirm.png
new file mode 100644
index 0000000000..fe2925eca1
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-confirm.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-device-collection.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-device-collection.png
new file mode 100644
index 0000000000..7e23f6385d
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-device-collection.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-policy.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-policy.png
new file mode 100644
index 0000000000..92acd79c2f
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-policy.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-criteria.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-criteria.png
new file mode 100644
index 0000000000..42c18d2b1c
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-criteria.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-device-collections.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-device-collections.png
new file mode 100644
index 0000000000..fd3d91a008
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-device-collections.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-direct-membership.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-direct-membership.png
new file mode 100644
index 0000000000..cac48b7605
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-direct-membership.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-limiting-collection.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-limiting-collection.png
new file mode 100644
index 0000000000..37fa96777b
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-limiting-collection.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-membership-rules.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-membership-rules.png
new file mode 100644
index 0000000000..22b6b6419e
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-membership-rules.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-policy-name.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-policy-name.png
new file mode 100644
index 0000000000..d1987ab4cb
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-policy-name.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-query-rule.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-query-rule.png
new file mode 100644
index 0000000000..ecef165279
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-query-rule.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/sccm-simple-value.png b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-simple-value.png
new file mode 100644
index 0000000000..78d20dc4ee
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/sccm-simple-value.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
index 4e7758c7da..88ac0b8be9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md
@@ -44,7 +44,7 @@ If you turn network protection off, users or apps will not be blocked from conne
If you do not configure it, network blocking will be turned off by default.
-For more information, see [Enable network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection).
+For more information, see [Enable network protection](enable-network-protection.md).
## Investigation impact
When network protection is turned on, you'll see that on a machine's timeline the IP address will keep representing the proxy, while the real target address shows up.
@@ -86,4 +86,3 @@ DeviceNetworkEvents
## Related topics
- [Applying network protection with GP - policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection)
-- [Protect your network](https://docs.microsoft.comwindows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
index ed62718fa4..e2674754d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@@ -123,6 +123,11 @@ It's important to understand the following prerequisites prior to creating indic
>[!IMPORTANT]
> Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
+> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS):
+> NOTE:
+>- IP is supported for all three protocols
+>- Encrypted URLs can only be blocked on first party browsers
+>- Full URL path blocks can be applied on the domain level and all unencrypted URLs
>[!NOTE]
>There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
new file mode 100644
index 0000000000..60c0833058
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md
@@ -0,0 +1,162 @@
+---
+title: Prepare Microsoft Defender ATP deployment
+description: Prepare stakeholder sign-off, timelines, environment considerations, and adoption order when deploying Microsoft Defender ATP
+keywords: deploy, prepare, stakeholder, timeline, environment, endpoint, server, management, adoption
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Prepare Microsoft Defender ATP deployment
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Stakeholders and Sign-off
+The following section serves to identify all the stakeholders that are involved
+in this project and need to sign-off, review, or stay informed. Add stakeholders
+to the table below as appropriate for your organization.
+
+- SO = Sign-off on this project
+
+- R = Review this project and provide input
+
+- I = Informed of this project
+
+| Name | Role | Action |
+|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|
+| Enter name and email | **Chief Information Security Officer (CISO)** *An executive representative who serves as sponsor inside the organization for the new technology deployment.* | SO |
+| Enter name and email | **Head of Cyber Defense Operations Center (CDOC)** *A representative from the CDOC team in charge of defining how this change is aligned with the processes in the customers security operations team.* | SO |
+| Enter name and email | **Security Architect** *A representative from the Security team in charge of defining how this change is aligned with the core Security architecture in the organization.* | R |
+| Enter name and email | **Workplace Architect** *A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization.* | R |
+| Enter name and email | **Security Analyst** *A representative from the CDOC team who can provide input on the detection capabilities, user experience and overall usefulness of this change from a security operations perspective.* | I |
+
+## Project Management
+
+### In Scope
+
+The following is in scope for this project:
+
+- Enabling Microsoft Defender ATP endpoint protection platform (EPP)
+ capabilities
+
+ - Next Generation Protection
+
+ - Attack Surface Reduction
+
+- Enabling Microsoft Defender ATP endpoint detection and response (EDR)
+ capabilities including automatic investigation and remediation
+
+- Enabling Microsoft Defender ATP threat and vulnerability management (TVM)
+- Use of System Center Configuration Manager to onboard endpoints into the service.
+
+### Out of scope
+
+The following are out of scope of this project:
+
+- Configuration of third-party solutions that might integrate with Microsoft
+ Defender ATP.
+
+- Penetration testing in production environment.
+
+## Environment
+
+
+This section is used to ensure your environment is deeply understood by the
+stakeholders which will help identify potential dependencies and/or changes
+required in technologies or processes.
+
+| What | Description |
+|---------------------------------------|-------------|
+| Endpoint count | |
+| Server count | |
+| Management engine | |
+| CDOC distribution | |
+| Security information and event (SIEM) | |
+
+
+## Role-based access control
+
+Microsoft recommends using the concept of least privileges. Microsoft Defender
+ATP leverages built-in roles within Azure Active Directory. Microsoft recommend
+[review the different roles that are
+available](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles-azure-portal)
+and choose the right one to solve your needs for each persona for this
+application. Some roles may need to be applied temporarily and removed after the
+deployment has been completed.
+
+| Personas | Roles | Azure AD Role (if required) | Assign to |
+|------------------------------|-------|-----------------------------|-----------|
+| Security Administrator | | | |
+| Security Analyst | | | |
+| Endpoint Administrator | | | |
+| Infrastructure Administrator | | | |
+| Business Owner/Stakeholder | | | |
+
+Microsoft recommends using [Privileged Identity
+Management](https://docs.microsoft.com/azure/active-directory/active-directory-privileged-identity-management-configure)
+to manage your roles to provide additional auditing, control, and access review
+for users with directory permissions.
+
+Microsoft Defender ATP supports two ways to manage permissions:
+
+- **Basic permissions management**: Set permissions to either full access or
+ read-only. In the case of basic permissions management users with Global
+ Administrator or Security Administrator role in Azure Active Directory have
+ full access while the Security reader role has read-only access.
+
+- **Role-based access control (RBAC)**: Set granular permissions by defining
+ roles, assigning Azure AD user groups to the roles, and granting the user
+ groups access to machine groups. For more information. see [Manage portal access using role-based access control](rbac.md).
+
+Microsoft recommends leveraging RBAC to ensure that only users that have a
+business justification can access Microsoft Defender ATP.
+
+You can find details on permission guidelines
+[here](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group).
+
+The following example table serves to identify the Cyber Defense Operations
+Center structure in your environment that will help you determine the RBAC
+structure required for your environment.
+
+| Tier | Description | Permission Required |
+|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
+| Tier 1 | **Local security operations team / IT team**
This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required. | |
+| Tier 2 | **Regional security operations team**
This team can see all the machines for their region and perform remediation actions. | View data |
+| Tier 3 | **Global security operations team**
This team consists of security experts and are authorized to see and perform all actions from the portal. | View data
Alerts investigation Active remediation actions
Alerts investigation Active remediation actions
Manage portal system settings
Manage security settings |
+
+
+
+## Adoption Order
+In many cases organizations will have existing endpoint security products in
+place. The bare minimum every organization should have is an antivirus solution. But in some cases an organization might also already implanted an EDR solution.
+Historically, replacing any security solution was time intensive and difficult
+to achieve due to the tight hooks into the application layer and infrastructure
+dependencies. However, because Microsoft Defender ATP is built into the
+operating system, replacing third-party solutions is easy to achieve.
+
+Choose which component of Microsoft Defender ATP to be used and remove the ones
+that do not apply. The table below indicates the Microsoft recommendation on the
+order on how the endpoint security suite should be enabled.
+
+| Component | Description | Adoption Order Rank |
+|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
+| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
+| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes: | 2 |
+| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 3 |
+| Threat & Vulnerability Management (TVM) | Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: | 4 |
+| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable |
+| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable |
+
+## Related topic
+- [Production deployment](production-deployment.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/product-brief.md b/windows/security/threat-protection/microsoft-defender-atp/product-brief.md
new file mode 100644
index 0000000000..2a83d109de
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/product-brief.md
@@ -0,0 +1,74 @@
+---
+title: Microsoft Defender Advanced Threat Protection product brief
+description: Learn about the Microsoft Defender Advanced Threat Protection capabilities and licensing requirements
+keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Microsoft Defender Advanced Threat Protection product brief
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+Microsoft Defender ATP is a platform designed to
+help enterprise networks prevent, detect, investigate, and respond to advanced
+threats.
+
+
+
+## Platform capabilities
+
+Capability | Description
+:---|:---
+**Threat and Vulnerability Management** | This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
+**Attack Surface Reduction** | The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
+**Next Generation Protection** | To further reinforce the security perimeter of the organizations network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
+**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
+**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
+**Microsoft Threat Experts** | Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+**Secure Score** | Microsoft Defender ATP includes a secure score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization.
+ **Advance Hunting** | Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in the organization.
+**Management and API** | Integrate Microsoft Defender Advanced Threat Protection into existing workflows.
+ **Microsoft Threat Protection** | Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to the organization. | |
+
+Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
+
+- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
+ collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
+
+
+- **Cloud security analytics**: Leveraging big-data, machine-learning, and
+ unique Microsoft optics across the Windows ecosystem,
+ enterprise cloud products (such as Office 365), and online assets, behavioral signals
+ are translated into insights, detections, and recommended responses
+ to advanced threats.
+
+- **Threat intelligence**: Generated by Microsoft hunters, security teams,
+ and augmented by threat intelligence provided by partners, threat
+ intelligence enables Microsoft Defender ATP to identify attacker
+ tools, techniques, and procedures, and generate alerts when these
+ are observed in collected sensor data.
+
+## Licensing requirements
+Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
+
+- Windows 10 Enterprise E5
+- Windows 10 Education A5
+- Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
+- Microsoft 365 A5 (M365 A5)
+
+## Related topic
+- [Prepare deployment](prepare-deployment.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
new file mode 100644
index 0000000000..4e93583820
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
@@ -0,0 +1,602 @@
+---
+title: Microsoft Defender ATP production deployment
+description:
+keywords:
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Microsoft Defender ATP production deployment
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Proper planning is the foundation of a successful deployment. In this deployment scenario, you'll be guided through the steps on:
+- Tenant configuration
+- Network configuration
+- Onboarding using System Center Configuration Manager
+- Endpoint detection and response
+- Next generation protection
+- Attack surface reduction
+
+>[!NOTE]
+>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of System Center Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
+
+## Tenant Configuration
+
+When accessing [Microsoft Defender Security Center](https://securitycenter.windows.com/) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Microsoft Defender ATP created. The easiest method is to perform these steps from a Windows 10 client machine.
+
+1. From a web browser, navigate to .
+
+ 
+
+2. If going through a TRIAL license, go to the link ()
+
+ Once the authorization step is completed, the **Welcome** screen will be displayed.
+3. Go through the authorization steps.
+
+ 
+
+4. Set up preferences.
+
+ **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU or UK. You cannot change the location after this setup and Microsoft will not transfer the data from the specified geolocation.
+
+ **Data retention** - The default is 6 months.
+
+ **Enable preview features** - The default is on, can be changed later.
+
+ 
+
+5. Select **Next**.
+
+ 
+
+6. Select **Continue**.
+
+
+## Network configuration
+If the organization does not require the endpoints to use a Proxy to access the
+Internet, skip this section.
+
+The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to
+report sensor data and communicate with the Microsoft Defender ATP service. The
+embedded Microsoft Defender ATP sensor runs in the system context using the
+LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP)
+to enable communication with the Microsoft Defender ATP cloud service. The
+WinHTTP configuration setting is independent of the Windows Internet (WinINet)
+internet browsing proxy settings and can only discover a proxy server by using
+the following discovery methods:
+
+**Auto-discovery methods:**
+
+- Transparent proxy
+
+- Web Proxy Auto-discovery Protocol (WPAD)
+
+If a Transparent proxy or WPAD has been implemented in the network topology,
+there is no need for special configuration settings. For more information on
+Microsoft Defender ATP URL exclusions in the proxy, see the
+Appendix section in this document for the URLs Whitelisting or on
+[Microsoft
+Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server).
+
+**Manual static proxy configuration:**
+
+- Registry based configuration
+
+- WinHTTP configured using netsh command
Suitable only for desktops in a
+ stable topology (for example: a desktop in a corporate network behind the
+ same proxy)
+
+### Configure the proxy server manually using a registry-based static proxy
+
+Configure a registry-based static proxy to allow only Microsoft Defender ATP
+sensor to report diagnostic data and communicate with Microsoft Defender ATP
+services if a computer is not permitted to connect to the Internet. The static
+proxy is configurable through Group Policy (GP). The group policy can be found
+under:
+
+- Administrative Templates \> Windows Components \> Data Collection and
+ Preview Builds \> Configure Authenticated Proxy usage for the Connected User
+ Experience and Telemetry Service
+
+ - Set it to **Enabled** and select**Disable Authenticated Proxy usage**
+
+1. Open the Group Policy Management Console.
+2. Create a policy or edit an existing policy based off the organizational practices.
+3. Edit the Group Policy and navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service**.
+ 
+
+4. Select **Enabled**.
+5. Select **Disable Authenticated Proxy usage**.
+
+6. Navigate to **Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure connected user experiences and telemetry**.
+ 
+7. Select **Enabled**.
+8. Enter the **Proxy Server Name**.
+
+The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`.
+
+The registry value `TelemetryProxyServer` takes the following string format:
+
+```text
+:
+```
+
+For example: 10.0.0.6:8080
+
+The registry value `DisableEnterpriseAuthProxy` should be set to 1.
+
+### Configure the proxy server manually using netsh command
+
+Use netsh to configure a system-wide static proxy.
+
+> [!NOTE]
+> - This will affect all applications including Windows services which use WinHTTP with default proxy.
+> - Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.
+
+1. Open an elevated command-line:
+
+ a. Go to **Start** and type **cmd**.
+
+ b. Right-click **Command prompt** and select **Run as administrator**.
+
+2. Enter the following command and press **Enter**:
+
+ ```PowerShell
+ netsh winhttp set proxy :
+ ```
+
+ For example: netsh winhttp set proxy 10.0.0.6:8080
+
+
+### Proxy Configuration for down-level machines
+
+Down-Level machines include Windows 7 SP1 and Windows 8.1 workstations as well
+as Windows Server 2008 R2, Windows Sever 2012, Windows Server 2012 R2, and
+versions of Windows Server 2016 prior to Windows Server CB 1803. These operating
+systems will have the proxy configured as part of the Microsoft Management Agent
+to handle communication from the endpoint to Azure. Refer to the
+Microsoft Management Agent Fast Deployment Guide for information on how a proxy
+is configured on these machines.
+
+### Proxy Service URLs
+URLs that include v20 in them are only needed if you have Windows 10, version
+1803 or later machines. For example, ```us-v20.events.data.microsoft.com``` is only
+needed if the machine is on Windows 10, version 1803 or later.
+
+ Service location | Microsoft.com DNS record
+-|-
+Common URLs for all locations | ```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com```
```notify.windows.com```
```settings-win.data.microsoft.com```
+European Union | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```usseu1northprod.blob.core.windows.net```
```usseu1westprod.blob.core.windows.net```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com```
```wseu1northprod.blob.core.windows.net```
```wseu1westprod.blob.core.windows.net```
+United Kingdom | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```ussuk1southprod.blob.core.windows.net```
```ussuk1westprod.blob.core.windows.net```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com```
```wsuk1southprod.blob.core.windows.net```
```wsuk1westprod.blob.core.windows.net```
+United States | ```us.vortex-win.data.microsoft.com```
```ussus1eastprod.blob.core.windows.net```
```ussus1westprod.blob.core.windows.net```
```ussus2eastprod.blob.core.windows.net```
```ussus2westprod.blob.core.windows.net```
```ussus3eastprod.blob.core.windows.net```
```ussus3westprod.blob.core.windows.net```
```ussus4eastprod.blob.core.windows.net```
```ussus4westprod.blob.core.windows.net```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com```
```wsus1eastprod.blob.core.windows.net```
```wsus1westprod.blob.core.windows.net```
```wsus2eastprod.blob.core.windows.net```
```wsus2westprod.blob.core.windows.net```
+
+
+If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+
+### Microsoft Defender ATP service backend IP range
+
+If you network devices don't support the URLs white-listed in the prior section, you can use the following information.
+
+Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:
+
+- \+\
+- \+\
+- \+\
+- \+\
+- \+\
+- \+\
+- \+\
+
+You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653).
+
+> [!NOTE]
+> As a cloud-based solution, the IP range can change. It's recommended you move to DNS resolving setting.
+
+## Onboarding using System Center Configuration Manager
+### Collection creation
+To onboard Windows 10 devices with System Center Configuration Manager, the
+deployment can target either and existing collection or a new collection can be
+created for testing. The onboarding like group policy or manual method does
+not install any agent on the system. Within the Configuration Manager console
+the onboarding process will be configured as part of the compliance settings
+within the console. Any system that receives this required configuration will
+maintain that configuration for as long as the Configuration Manager client
+continues to receive this policy from the management point. Follow the steps
+below to onboard systems with Configuration Manager.
+
+1. In System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
+
+ 
+
+2. Right Click **Device Collection** and select **Create Device Collection**.
+
+ 
+
+3. Provide a **Name** and **Limiting Collection**, then select **Next**.
+
+ 
+
+4. Select **Add Rule** and choose **Query Rule**.
+
+ 
+
+5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
+
+ 
+
+6. Select **Criteria** and then choose the star icon.
+
+ 
+
+7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
+
+ 
+
+8. Select **Next** and **Close**.
+
+ 
+
+9. Select **Next**.
+
+ 
+
+After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
+
+## Endpoint detection and response
+### Windows 10
+From within the Microsoft Defender Security Center it is possible to download
+the '.onboarding' policy that can be used to create the policy in System Center Configuration
+Manager and deploy that policy to Windows 10 devices.
+
+1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
+
+
+
+2. Under Deployment method select the supported version of **System Center Configuration Manager**.
+
+ 
+
+3. Select **Download package**.
+
+ 
+
+4. Save the package to an accessible location.
+5. In System Center Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
+
+6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
+
+ 
+
+7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
+
+ 
+
+8. Click **Browse**.
+
+9. Navigate to the location of the downloaded file from step 4 above.
+
+ 
+
+10. Click **Next**.
+11. Configure the Agent with the appropriate samples (**None** or **All file types**).
+
+ 
+
+12. Select the appropriate telemetry (**Normal** or **Expedited**) then click **Next**.
+
+ 
+
+14. Verify the configuration, then click **Next**.
+
+ 
+
+15. Click **Close** when the Wizard completes.
+
+16. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP policy you just created and select **Deploy**.
+
+ 
+
+17. On the right panel, select the previously created collection and click **OK**.
+
+ 
+
+
+### Previous versions of Windows Client (Windows 7 and Windows 8.1)
+Follow the steps below to identify the Microsoft Defender ATP Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
+
+1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
+
+2. Under operating system choose **Windows 7 SP1 and 8.1**.
+
+ 
+
+3. Copy the **Workspace ID** and **Workspace Key** and save them. They will be used later in the process.
+
+Before the systems can be onboarded into the workspace, the deployment scripts need to be updated to contain the correct information. Failure to do so will result in the systems not being properly onboarded. Depending on the deployment method, this step may have already been completed.
+
+Edit the InstallMMA.cmd with a text editor, such as notepad and update the
+following lines and save the file:
+
+ 
+
+Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file:
+
+ 
+
+Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating
+Systems:
+
+- Server SKUs: Windows Server 2008 SP1 or Newer
+
+- Client SKUs: Windows 7 SP1 and later
+
+The MMA agent will need to be installed on Windows devices. To install the
+agent, some systems will need to download the [Update for customer experience
+and diagnostic
+telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
+in order to collect the data with MMA. These system versions include but may not
+be limited to:
+
+- Windows 8.1
+
+- Windows 7
+
+- Windows Server 2016
+
+- Windows Server 2012 R2
+
+- Windows Server 2008 R2
+
+Specifically, for Windows 7 SP1, the following patches must be installed:
+
+- Install
+ [KB4074598](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
+
+- Install either [.NET Framework
+ 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or
+ later) **or**
+ [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework).
+ Do not install both on the same system.
+
+To deploy the MMA with System Center Configuration Manager, follow the steps
+below to utilize the provided batch files to onboard the systems. The CMD file
+when executed, will require the system to copy files from a network share by the
+System, the System will install MMA, Install the DependencyAgent, and configure
+MMA for enrollment into the workspace.
+
+
+1. In System Center Configuration Manager console, navigate to **Software
+ Library**.
+
+2. Expand **Application Management**.
+
+3. Right-click **Packages** then select **Create Package**.
+
+4. Provide a Name for the package, then click **Next**
+
+ 
+
+5. Verify **Standard Program** is selected.
+
+ 
+
+6. Click **Next**.
+
+ 
+
+7. Enter a program name.
+
+8. Browse to the location of the InstallMMA.cmd.
+
+9. Set Run to **Hidden**.
+
+10. Set **Program can run** to **Whether or not a user is logged on**.
+
+11. Click **Next**.
+
+12. Set the **Maximum allowed run time** to 720.
+
+13. Click **Next**.
+
+ 
+
+14. Verify the configuration, then click **Next**.
+
+ 
+
+15. Click **Next**.
+
+16. Click **Close**.
+
+17. In the System Center Configuration Manager console, right-click the Microsoft Defender ATP
+ Onboarding Package just created and select **Deploy**.
+
+18. On the right panel select the appropriate collection.
+
+19. Click **OK**.
+
+## Next generation protection
+Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Antimalware Polices** and choose **Create Antimalware Policy**.
+
+ 
+
+2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence updates** and choose **OK**.
+
+ 
+
+ In certain industries or some select enterprise customers might have specific
+needs on how Antivirus is configured.
+
+
+ [Quick scan versus full scan and custom scan](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus#quick-scan-versus-full-scan-and-custom-scan)
+
+ For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework)
+
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+3. Right-click on the newly created antimalware policy and select **Deploy** .
+
+ 
+
+4. Target the new antimalware policy to your Windows 10 collection and click **OK**.
+
+ 
+
+After completing this task, you now have successfully configured Windows
+Defender Antivirus.
+
+## Attack Surface Reduction
+The attack surface reduction pillar of Microsoft Defender ATP includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit
+Protection. All these features provide an audit mode and a block mode. In audit mode there is no end user impact all it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step by step move security controls into block mode.
+
+To set ASR rules in Audit mode:
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+ 
+
+
+2. Select **Attack Surface Reduction**.
+
+
+3. Set rules to **Audit** and click **Next**.
+
+ 
+
+4. Confirm the new Exploit Guard policy by clicking on **Next**.
+
+ 
+
+
+5. Once the policy is created click **Close**.
+
+ 
+
+
+
+6. Right-click on the newly created policy and choose **Deploy**.
+
+ 
+
+7. Target the policy to the newly created Windows 10 collection and click **OK**.
+
+ 
+
+After completing this task, you now have successfully configured ASR rules in audit mode.
+
+Below are additional steps to verify whether ASR rules are correctly applied to
+endpoints. (This may take few minutes)
+
+
+1. From a web browser, navigate to .
+
+2. Select **Configuration management** from left side menu.
+
+ 
+
+3. Click **Go to attack surface management** in the Attack surface management panel.
+
+ 
+
+4. Click **Configuration** tab in Attack Surface reduction rules reports. It shows ASR rules configuration overview and ASR rules status on each devices.
+
+ 
+
+5. Click each device shows configuration details of ASR rules.
+
+ 
+
+See [Optimize ASR rule deployment and
+detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr) for more details.
+
+
+### To set Network Protection rules in Audit mode:
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+ 
+
+2. Select **Network protection**.
+
+3. Set the setting to **Audit** and click **Next**.
+
+ 
+
+4. Confirm the new Exploit Guard Policy by clicking **Next**.
+
+ 
+
+5. Once the policy is created click on **Close**.
+
+ 
+
+6. Right-click on the newly created policy and choose **Deploy**.
+
+ 
+
+7. Select the policy to the newly created Windows 10 collection and choose **OK**.
+
+ 
+
+After completing this task, you now have successfully configured Network
+Protection in audit mode.
+
+### To set Controlled Folder Access rules in Audit mode:
+
+1. In the System Center Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
+
+ 
+
+2. Select **Controlled folder access**.
+
+3. Set the configuration to **Audit** and click **Next**.
+
+ 
+
+4. Confirm the new Exploit Guard Policy by clicking on **Next**.
+
+ 
+
+5. Once the policy is created click on **Close**.
+
+ 
+
+6. Right-click on the newly created policy and choose **Deploy**.
+
+ 
+
+7. Target the policy to the newly created Windows 10 collection and click **OK**.
+
+ 
+
+After completing this task, you now have successfully configured Controlled folder access in audit mode.
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 55ffb2b7ca..5f9dcadac9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -174,7 +174,7 @@ DeviceTvmSoftwareInventoryVulnerabilities
| where IsExploitAvailable == 1 and CvssScore >= 7
| summarize NumOfVulnerabilities=dcount(CveId),
DeviceName=any(DeviceName) by DeviceId
-| join kind =inner(AlertEvents) on DeviceId
+| join kind =inner(DeviceAlertEvents) on DeviceId
| summarize NumOfVulnerabilities=any(NumOfVulnerabilities),
DeviceName=any(DeviceName) by DeviceId, AlertId
| project DeviceName, NumOfVulnerabilities, AlertId
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 662c116683..74b76d9984 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -34,6 +34,9 @@ You can use the Threat & Vulnerability Management capability in [Microsoft Defen
- Select remediation options, triage and track the remediation tasks
- Select exception options and track active exceptions
+> [!NOTE]
+> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score.
+
## Threat & Vulnerability Management in Microsoft Defender Security Center
When you open the portal, you’ll see the main areas of the capability:
@@ -66,9 +69,6 @@ Area | Description
**Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list to see the details in the **Remediation** page or click **Show more** to see the rest of the remediation activities, and active exceptions.
**Top exposed machines** | See the exposed machine names and their exposure level. You can click each machine name from the list and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. You can also click **Show more** to see the rest of the exposed machines list.
-> [!NOTE]
-> Machines with no alerts seen in the last 30 days do not count towards the exposure score of Threat & Vulnerability Management.
-
See [Microsoft Defender ATP icons](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal.
## Related topics
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 8d134aaa46..4c475c71c0 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -41,7 +41,10 @@ The Security Compliance Toolkit consists of:
- Windows Server 2012 R2
- Microsoft Office security baseline
- - Office365 ProPlus (Sept 2019)
+ - Office 365 ProPlus (Sept 2019)
+
+- Microsoft Edge security baseline
+ - Version 79
- Tools
- Policy Analyzer tool
diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index 4b9f7e599b..b777bb0066 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -99,6 +99,7 @@ Over time, new ways to manage security policy settings have been introduced, whi
+
## Using the Local Security Policy snap-in
@@ -135,7 +136,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
**To administer security policies by using the Security Compliance Manager**
-1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](http://blogs.technet.com/b/secguide/) blog.
+1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](https://blogs.technet.com/b/secguide/) blog.
2. Read the relevant security baseline documentation that is included in this tool.
3. Download and import the relevant security baselines. The installation process steps you through baseline selection.
4. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.
@@ -208,6 +209,7 @@ The following table lists the features of the Security Configuration Manager.
+
### Security Configuration and Analysis
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
index 85b7b015a3..6c817499da 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@@ -266,7 +266,7 @@ This section lists the exclusions that are delivered automatically when you inst
- %windir%\Ntds\ntds.pat
-- The AD DS transaction log files. The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files`
+- The AD DS transaction log files. The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path`
- %windir%\Ntds\EDB*.log
diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index a787ce0cd1..27e1b3252d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -219,7 +219,7 @@ Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securi
In addition, your security operations team can use hunting queries, such as the following:
-`AlertEvents | where Title == "Tamper Protection bypass"`
+`DeviceAlertEvents | where Title == "Tamper Protection bypass"`
[View information about tampering attempts](#view-information-about-tampering-attempts).
diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md
index 392bc3f8e3..57b00a8aa0 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md
@@ -1,7 +1,7 @@
---
title: Why you should use Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection
description: For best results, use Windows Defender Antivirus together with your other Microsoft offerings.
-keywords: windows defender, antivirus
+keywords: windows defender, antivirus, third party av
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 26bd6f527f..feb46cf416 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -83,11 +83,6 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the
| **Hash** | Specifies individual hash values for each discovered binary. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. |
| **FileName** | Specifies individual binary file names. Although the hash values for an application are modified when updated, the file names are typically not. This offers less specific security than the hash level but does not typically require a policy update when any binary is modified. |
| **FilePath** | Beginning with Windows 10 version 1903, this specifies rules that allow execution of binaries contained under specific file path locations. Additional information about FilePath level rules can be found below. |
-> [!NOTE]
-> Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md)
-
-| Rule level | Description |
-|----------- | ----------- |
| **SignedVersion** | This combines the publisher rule with a version number. This option allows anything from the specified publisher, with a version at or above the specified version number, to run. |
| **Publisher** | This is a combination of the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. This rule level allows organizations to trust a certificate from a major CA (such as Symantec), but only if the leaf certificate is from a specific company (such as Intel, for device drivers). |
| **FilePublisher** | This is a combination of the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
@@ -101,6 +96,9 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the
> [!NOTE]
> When you create WDAC policies with [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy), you can specify a primary file rule level by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+> [!NOTE]
+> WDAC only supports signer rules for RSA certificate signing keys with a maximum of 4096 bits.
+
## Example of file rule levels in use
For example, consider some IT professionals in a department that runs many servers. They decide they want their servers to run only software signed by the providers of their software and drivers, that is, the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run.
diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md
index a0a0ac2708..a043492918 100644
--- a/windows/whats-new/TOC.md
+++ b/windows/whats-new/TOC.md
@@ -4,6 +4,7 @@
## [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
-## [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
-## [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
-## [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
+## Previous versions
+### [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
+### [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
+### [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index bad28a358c..b7051cfee0 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -23,9 +23,6 @@ Windows 10 provides IT professionals with advanced protection against modern sec
- [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
- [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
-- [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
-- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
-- [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
## Learn more
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 4c6f69c1a2..cff1ffcf2c 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -70,10 +70,6 @@ But these protections can also be configured separately. And, unlike HVCI, code
### Next-gen protection
-#### Office 365 Ransomware Detection
-
-For Office 365 Home and Office 365 Personal subscribers, Ransomware Detection notifies you when your OneDrive files have been attacked and guides you through the process of restoring your files. For more information, see [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
-
### Endpoint detection and response
Endpoint detection and response is improved. Enterprise customers can now take advantage of the entire Windows security stack with Windows Defender Antivirus **detections** and Device Guard **blocks** being surfaced in the Windows Defender ATP portal.
|