Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into FromPrivateRepo

.openpublishing.publish.config.json

@@ -321,22 +321,6 @@
       "build_entry_point": "docs",
       "template_folder": "_themes"
     },
-    {
-      "docset_name": "windows-known-issues",
-      "build_source_folder": "windows/known-issues",
-      "build_output_subfolder": "windows-known-issues",
-      "locale": "en-us",
-      "monikers": [],
-      "moniker_ranges": [],
-      "open_to_public_contributors": true,
-      "type_mapping": {
-        "Conceptual": "Content",
-        "ManagedReference": "Content",
-        "RestApi": "Content"
-      },
-      "build_entry_point": "docs",
-      "template_folder": "_themes"
-    },
     {
       "docset_name": "windows-manage",
       "build_source_folder": "windows/manage",

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -20,13 +20,14 @@ ms.topic: article
 
 **Applies to:**
 
+- Windows Server 2008 R2 SP1 
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
 - Windows Server, 2019
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-[!include[Prerelease information](prerelease.md)]
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)
 
@@ -34,6 +35,7 @@ ms.topic: article
 Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console.
 
 The service supports the onboarding of the following servers:
+- Windows Server 2008 R2 SP1 
 - Windows Server 2012 R2
 - Windows Server 2016
 - Windows Server, version 1803
@@ -42,9 +44,9 @@ The service supports the onboarding of the following servers:
 
 For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
 
-## Windows Server 2012 R2 and Windows Server 2016
+## Windows Server 2008 R2 SP1,  Windows Server 2012 R2 and Windows Server 2016
 
-There are two options to onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:
+There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP:
 
 - **Option 1**: Onboard through Azure Security Center
 - **Option 2**: Onboard through Microsoft Defender Security Center
@@ -52,19 +54,25 @@ There are two options to onboard Windows Server 2012 R2 and Windows Server 2016
 ### Option 1: Onboard servers through Azure Security Center
 1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
 
-2. Select Windows Server 2012 R2 and 2016 as the operating system.
+2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system.
 
 3. Click **Onboard Servers in Azure Security Center**. 
 
 4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
 
 ### Option 2: Onboard servers through Microsoft Defender Security Center
-You'll need to tak the following steps if you choose to onboard servers through Microsoft Defender Security Center. 
+You'll need to take the following steps if you choose to onboard servers through Microsoft Defender Security Center. 
 
-- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
+- For Windows Server 2008 R2 SP1, ensure that you fulfill the following requirements:
+    - Install the [February monthly update rollup](https://support.microsoft.com/en-us/help/4074598/windows-7-update-kb4074598)
+    - Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/en-us/help/3080149/update-for-customer-experience-and-diagnostic-telemetry)
+    - Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
+
+
+- For Windows Server 2008 R2 SP1 and Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
 
     >[!NOTE]
-    >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
+    >This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2.
 
 - Turn on server monitoring from Microsoft Defender Security Center.
 - If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multi Homing support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
@@ -219,7 +227,7 @@ To offboard the server, you can use either of the following methods:
 
    b. Select **Windows Server 2012 R2 and 2016** as the operating system and get your Workspace ID:
     
-      ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)
+   ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png)
 
 2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
 
@@ -237,4 +245,4 @@ To offboard the server, you can use either of the following methods:
 - [Onboard non-Windows machines](configure-endpoints-non-windows.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
 - [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
-- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)

windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

@@ -23,6 +23,10 @@ ms.topic: article
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+Create custom detection rules from [Advanced hunting](overview-hunting.md) queries to automatically check for threat indicators and generate alerts whenever these indicators are found.
+
+>[!NOTE]
+>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
 
 1.	In the navigation pane, select **Advanced hunting**.
 

windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md

@@ -57,6 +57,7 @@ For more information about licensing requirements for Microsoft Defender ATP pla
   - Windows 10 Pro
   - Windows 10 Pro Education
 - Windows server
+  - Windows Server 2008 R2 SP1
   - Windows Server 2012 R2
   - Windows Server 2016
   - Windows Server 2016, version 1803
@@ -86,7 +87,7 @@ When you run the onboarding wizard for the first time, you must choose where you
 > -   You cannot change your data storage location after the first-time setup.
 > -   Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data.
 
-<span id="telemetry-and-diagnostics-settings" />
+
 ### Diagnostic data settings
 You must ensure that the diagnostic data service is enabled on all the machines in your organization.
 By default, this service is enabled, but it&#39;s good practice to check to ensure that you&#39;ll get sensor data from them.

windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md

@@ -24,13 +24,16 @@ ms.topic: conceptual
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
+Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious events or emerging threats.
 
-This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. 
+This can be done by leveraging the power of [Advanced hunting](overview-hunting.md) through the creation of custom detection rules. 
 Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Microsoft Defender Security Center. These alerts will be treated like any other alert in the system.
 
 This capability is particularly useful for scenarios when you want to pro-actively prevent threats and be notified quickly of emerging threats.
 
+>[!NOTE]
+>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
+
 ## Related topic
 - [Create custom detection rules](custom-detection-rules.md)
 

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -42,6 +42,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 The following features are included in the preview release:
 
+- [Windows Server 2008 R2 SP1] <BR> You can now onboard Windows Server 2008 R2 SP1.
+
 - [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac) <BR> Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices.
 
 - [Live response](live-response.md)<BR> Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats – real-time.

windows/security/threat-protection/microsoft-defender-atp/user-roles.md

@@ -45,7 +45,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
             >[!NOTE]
             >This setting is only available in the Microsoft Defender ATP administrator (default) role. 
 
-		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
+		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
 
 		  - **Live response capabilities** - Users can take basic or advanced live response commands. <br>
 			- Basic commands allow users to:
@@ -90,4 +90,4 @@ After creating roles, you'll need to create a machine group and provide access t
 
 ## Related topic
 - [User basic permissions to access the portal](basic-permissions.md)
-- [Create and manage machine groups](machine-groups.md)
+- [Create and manage machine groups](machine-groups.md)