From 2859cd9c4379b5a68c5bc647bc55a49bd889b583 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 4 Jun 2019 17:46:36 +0500
Subject: [PATCH 01/42] Update mandatory-user-profile.md

---
 windows/client-management/mandatory-user-profile.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index b5519bc436..f6d8cf0fa0 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -42,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor
 | Windows 8 | Windows Server 2012 | v3 |
 | Windows 8.1 | Windows Server 2012 R2 | v4 |
 | Windows 10, versions 1507 and 1511 | N/A | v5 |
-| Windows 10, versions 1607, 1703, 1709, 1803, and 1809 |  Windows Server 2016 | v6 |
+| Windows 10, versions 1607, 1703, 1709, 1803, 1809 and 1903 |  Windows Server 2016 and Windows Server 2019 | v6 |
 
 For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
 

From 961eddd3a662b960f8a363dcf00a13d2fd655873 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 20 Jun 2019 23:53:07 +0530
Subject: [PATCH 02/42] group policy settings  is available in win 10 pro

I just added extra line,  because i have applied group policy settings  in windows 10 pro and enterprise.
Thanking you
---
 windows/client-management/mandatory-user-profile.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 1ac82401a1..209ce29ab3 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -150,6 +150,8 @@ When a user is configured with a mandatory profile, Windows 10 starts as though
 | Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png)  | ![not supported](images/crossmark.png)  |
 | Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) |
 
+Note Above Group Policy settings can be Applied in windows 10 professional edition
+
 
 
 

From 97f60314768647c0470497549e446e24ed057dcf Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Fri, 21 Jun 2019 12:39:37 +0530
Subject: [PATCH 03/42] i editted

I placed one line and I made it display black
---
 devices/hololens/hololens-insider.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index bb56182d56..508c84d18c 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -19,6 +19,7 @@ Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get
 
  
 <span id="get-insider" />
+
 ## How do I install the Insider builds? 
  
 On a device running the Windows 10 April 2018 Update, go to <strong>Settings -&gt; Update &amp; Security -&gt; Windows Insider Program</strong> and select <strong>Get started</strong>. Link the account you used to register as a Windows Insider. 

From de7d931403ebac7d19c79314fa30084eb3d75daf Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 27 Jun 2019 15:28:20 +0530
Subject: [PATCH 04/42] Update
 windows/client-management/mandatory-user-profile.md

accepted

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 windows/client-management/mandatory-user-profile.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 209ce29ab3..4d60582822 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -150,7 +150,8 @@ When a user is configured with a mandatory profile, Windows 10 starts as though
 | Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png)  | ![not supported](images/crossmark.png)  |
 | Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ![supported](images/checkmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) | ![not supported](images/crossmark.png) |
 
-Note Above Group Policy settings can be Applied in windows 10 professional edition
+> [!Note]
+> The Group Policy settings above can be applied in Windows 10 Professional edition.
 
 
 

From 3082572164096da42988d4b4323e5ae73f86148c Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 27 Jun 2019 15:29:10 +0530
Subject: [PATCH 05/42] Update
 windows/client-management/mandatory-user-profile.md

accepted

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 windows/client-management/mandatory-user-profile.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 4d60582822..5a8350654b 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -157,7 +157,6 @@ When a user is configured with a mandatory profile, Windows 10 starts as though
 
 
 
-
 ## Related topics
 
 - [Manage Windows 10 Start layout and taskbar options](/windows/configuration/windows-10-start-layout-options-and-policies)

From 1a48dc7953f50dd6f8d1707afb7b96ac1b1ea025 Mon Sep 17 00:00:00 2001
From: Deland-Han <delhan@microsoft.com>
Date: Mon, 1 Jul 2019 09:42:41 +0800
Subject: [PATCH 06/42] update

---
 windows/deployment/mbr-to-gpt.md | 48 ++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index c0786ab2ce..568b71cc11 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -399,7 +399,55 @@ DISKPART> list disk
 In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
 
 
+## Known issue 
 
+### MBR2GPT.exe cannot run in Windows PE
+
+When you start a Windows 10, version 1903-based computer in the Windows Preinstallation Environment (Windows PE), you encounter the following issues:
+
+**Issue 1** When you run the MBR2GPT.exe command, the process exits without converting the drive.
+
+**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool.
+
+**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a System Center Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
+
+#### Cause
+
+This issue occurs because in Windows 10, version 1903 and later versions, MBR2GPT.exe requires access to the ReAgent.dll file. However, this dll file and its associated libraries are currently not included in the Windows PE boot image for Windows 10, version 1903 and later.
+
+#### Workaround
+
+To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps:
+
+1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
+
+2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM.
+
+   For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
+   
+   **Command 1:**
+   ```cmd
+   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32"
+   ```
+   This command copies three files:
+
+   * ReAgent.admx
+   * ReAgent.dll
+   * ReAgent.xml
+   
+   **Command 2:**
+   ```cmd
+   copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgnet*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
+   ```   
+   This command copies two files:
+   * ReAgent.adml
+   * ReAgent.dll.mui
+
+   >![Note]  
+   >If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language.
+   
+3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
+ 
 
 ## Related topics
 

From 802edac6bfc9d6d310a19c29a8f63893722a12fc Mon Sep 17 00:00:00 2001
From: Kartikay Sharma <44971599+SharmaKartikay@users.noreply.github.com>
Date: Mon, 1 Jul 2019 16:50:49 +0100
Subject: [PATCH 07/42] Updated Info on TPM 2.0 with Legacy \ CSM Mode.

The info on the page lacks the complete info and this had led customer open a support cases with us where Bitlocker does not work when they have TPM 2.0 in legacy Mode. This Note will help readers get a complete rationale.
---
 .../information-protection/tpm/tpm-recommendations.md         | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index c808dfe356..b058f905a9 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -70,7 +70,9 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 -   While TPM 1.2 parts are discrete silicon components which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a single semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s) - and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC.
 
 > [!NOTE]
-> TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
+> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.
+
+> Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt) before changing the BIOS mode which will prepare the OS and the disk to support UEFI.
 
 ## Discrete, Integrated or Firmware TPM?
 

From 7beac6235d26812009bd72e7b9cb1a36e215cab6 Mon Sep 17 00:00:00 2001
From: Richard Zhang <zhangrupo2003@hotmail.com>
Date: Mon, 1 Jul 2019 10:58:39 -0700
Subject: [PATCH 08/42] update appv SQL server support

---
 .../app-v/appv-supported-configurations.md                   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 1618dde95c..cdf2a4782e 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -51,11 +51,12 @@ The following table lists the SQL Server versions that the App-V Management data
 
 |SQL Server version|Service pack|System architecture|
 |---|---|---|
+|Microsoft SQL Server 2017||32-bit or 64-bit|
+|Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
 |Microsoft SQL Server 2014||32-bit or 64-bit|
 |Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
 |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
 
-
 ### Publishing server operating system requirements
 
 The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
@@ -86,6 +87,8 @@ The following table lists the SQL Server versions that are supported for the App
 
 |SQL Server version|Service pack|System architecture|
 |---|---|---|
+|Microsoft SQL Server 2017||32-bit or 64-bit|
+|Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
 |Microsoft SQL Server 2014||32-bit or 64-bit|
 |Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
 |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|

From 50690211442a80f0f1f5a808018c51da1f613bc7 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 2 Jul 2019 10:46:34 +0500
Subject: [PATCH 09/42] Update waas-configure-wufb.md

update BranchReadinessLevel info
---
 windows/deployment/update/waas-configure-wufb.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 2ca9caa0b5..4960481076 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -220,7 +220,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | GPO Key |	Key type | Value |
 | --- | --- | --- |
-| BranchReadinessLevel	| REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
+| BranchReadinessLevel	| REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
 | DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: don’t defer quality updates | 
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
 | PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
@@ -234,7 +234,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | MDM Key | Key type | Value |
 | --- | --- | --- |
-| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
+| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
 | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
 | PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |

From 566b2bc2df771638f73db4156d39504c537e25a8 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 2 Jul 2019 17:19:39 +0500
Subject: [PATCH 10/42] Update existing-devices.md

---
 windows/deployment/windows-autopilot/existing-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index 3d3883c068..4da38ccbe4 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -212,7 +212,7 @@ See the following examples.
    - Click **Next**.
 
      >[!NOTE]
-     >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices.
+     >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined and hybrid AAD joined devices.
 
 7. On the Include Updates page, choose one of the three available options. This selection is optional.
 8. On the Install applications page, add applications if desired. This is optional.

From 3e8aaf940d88703130efe83641f8e4a8afc35a86 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Wed, 3 Jul 2019 14:17:40 +0200
Subject: [PATCH 11/42] Update attack-surface-reduction-exploit-guard.md

Removed contradicting statement.
---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index ac87bbc9ed..19de72a575 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -147,7 +147,7 @@ GUID: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
 
 Malware often uses JavaScript and VBScript scripts to launch other malicious apps. 
 
-Malware written in JavaScript or VBS often acts as a downloader to fetch and launch additional native payload from the Internet. This rule prevents scripts from launching downloaded content, helping to prevent malicious use of the scripts to spread malware and infect machines. This isn't a common line-of-business use, but line-of-business applications sometimes use scripts to download and launch installers. You can exclude scripts so they're allowed to run.
+Malware written in JavaScript or VBS often acts as a downloader to fetch and launch additional native payload from the Internet. This rule prevents scripts from launching downloaded content, helping to prevent malicious use of the scripts to spread malware and infect machines. This isn't a common line-of-business use, but line-of-business applications sometimes use scripts to download and launch installers. 
 
 >[!IMPORTANT]
 >File and folder exclusions don't apply to this attack surface reduction rule.

From 6f768e2360b52b7d3f8b709d5554d8914906238d Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Wed, 3 Jul 2019 16:23:56 +0200
Subject: [PATCH 12/42] Update attack-surface-reduction-exploit-guard.md

Added example query.
---
 .../attack-surface-reduction-exploit-guard.md       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index ac87bbc9ed..23084d3586 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -45,6 +45,19 @@ Triggered rules display a notification on the device. You can [customize the not
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
+## Review attack surface reduction events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
+
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+
+Here is an example query: 
+
+```
+MiscEvents
+| where ActionType startswith 'Asr'
+```
+
 ## Review attack surface reduction events in Windows Event Viewer
 
 You can review the Windows event log to view events that are created when attack surface reduction rules fire:

From d474a6dd01114c8fbd7a0c480c023d060a00023a Mon Sep 17 00:00:00 2001
From: Reece Peacock <49645174+Reeced40@users.noreply.github.com>
Date: Thu, 4 Jul 2019 15:58:41 +0200
Subject: [PATCH 13/42] Update exploit-protection-exploit-guard.md

Added a review section.
---
 .../exploit-protection-exploit-guard.md             | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index c5ee205c10..1d60f79a68 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -45,6 +45,19 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http
 >[!WARNING]
 >Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
 
+## Review exploit protection events in the Windows Defender ATP Security Center
+
+Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
+
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings would affect your environment if they were enabled.
+
+Here is an example query:
+
+```
+MiscEvents
+| where ActionType startswith 'ExploitGuard' and ActionType !contains 'NetworkProtection'
+```
+
 ## Review exploit protection events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app:

From 79b163924611b8dd132779a2d8cadd26c51e8960 Mon Sep 17 00:00:00 2001
From: Malin De Silva <malindesilva@live.com>
Date: Fri, 5 Jul 2019 10:50:42 +0530
Subject: [PATCH 14/42] Fixed TerminateOnHeapError to TerminateOnError

---
 .../customize-exploit-protection.md                             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index 0e744a0011..f6197a0a67 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -227,7 +227,7 @@ Data Execution Prevention (DEP) | System and app-level |   DEP,   EmulateAtlThun
 Force randomization for images (Mandatory ASLR) | System and app-level |   ForceRelocateImages  | Audit not available
 Randomize memory allocations (Bottom-Up ASLR) | System and app-level |   BottomUp,   HighEntropy  | Audit not available
 Validate exception chains (SEHOP) | System and app-level |   SEHOP,   SEHOPTelemetry  | Audit not available
-Validate heap integrity | System and app-level |   TerminateOnHeapError  | Audit not available
+Validate heap integrity | System and app-level |   TerminateOnError  | Audit not available
 Arbitrary code guard (ACG) | App-level only |   DynamicCode  |   AuditDynamicCode 
 Block low integrity images | App-level only |   BlockLowLabel  |   AuditImageLoad 
 Block remote images | App-level only |   BlockRemoteImages  | Audit not available 

From 96f132bac503ea21f739e1d563e4bb2148d14764 Mon Sep 17 00:00:00 2001
From: Malin De Silva <malindesilva@live.com>
Date: Fri, 5 Jul 2019 13:35:57 +0530
Subject: [PATCH 15/42] Added the example query

---
 .../network-protection-exploit-guard.md                    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index d211891329..e4fccb655d 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -51,6 +51,13 @@ Microsoft Defender ATP provides detailed reporting into events and blocks as par
 
 You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
 
+Here is an example query 
+
+```
+MiscEvents
+| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
+```
+
 ## Review network protection events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain:

From fb89394f0e901f3f9bb711bf134dcd5e93f17a9c Mon Sep 17 00:00:00 2001
From: Reece Peacock <49645174+Reeced40@users.noreply.github.com>
Date: Fri, 5 Jul 2019 10:11:06 +0200
Subject: [PATCH 16/42] Update windows-analytics-get-started.md

Changed wording.
---
 windows/deployment/update/windows-analytics-get-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index b3903e691b..f176c2d5a9 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -135,7 +135,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your
 
 See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.
 
-After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about 1-2 weeks after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
+After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about a few hours after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
 
 ## Deploy additional optional settings
 

From f332a83a7ba29a611ee5b651d117542e4131c338 Mon Sep 17 00:00:00 2001
From: Reece Peacock <49645174+Reeced40@users.noreply.github.com>
Date: Fri, 5 Jul 2019 11:07:26 +0200
Subject: [PATCH 17/42] Update windows-analytics-get-started.md

---
 windows/deployment/update/windows-analytics-get-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index f176c2d5a9..2d29a75aa1 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -135,7 +135,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your
 
 See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.
 
-After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about a few hours after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
+After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in a few hours after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
 
 ## Deploy additional optional settings
 

From cba79d297dfe8f17255630eb74321c9802bb3f1d Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Sat, 6 Jul 2019 10:46:24 +0200
Subject: [PATCH 18/42] Update
 deploy-windows-defender-application-control-policies-using-intune.md

Added link to article.
---
 ...ndows-defender-application-control-policies-using-intune.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index 1f0c64f9c3..61a3e06b58 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -14,6 +14,9 @@ author: dansimp
 ms.date: 05/17/2018
 ---
 
+> [!NOTE]
+> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). 
+
 # Deploy Windows Defender Application Control policies by using Microsoft Intune
 
 **Applies to:**

From ef330ecd69e8039702edff57dc381e49613a2a39 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Sun, 7 Jul 2019 13:08:31 +0200
Subject: [PATCH 19/42] Update
 windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 23084d3586..5630ada92e 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -49,7 +49,7 @@ For information about configuring attack surface reduction rules, see [Enable at
 
 Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings could affect your environment.
 
 Here is an example query: 
 

From 60c33cb4aa3363f61dad704e0a39a2955d30f7bb Mon Sep 17 00:00:00 2001
From: Reece Peacock <49645174+Reeced40@users.noreply.github.com>
Date: Sun, 7 Jul 2019 14:42:51 +0200
Subject: [PATCH 20/42] Update
 windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 .../exploit-protection-exploit-guard.md                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index 1d60f79a68..dc31cb9a38 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -49,7 +49,7 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http
 
 Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings would affect your environment if they were enabled.
+You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings could affect your environment.
 
 Here is an example query:
 

From d78b2a855a76d213ce6403ca226c43836268f1d0 Mon Sep 17 00:00:00 2001
From: brianreidc7 <31985319+brianreidc7@users.noreply.github.com>
Date: Mon, 8 Jul 2019 09:55:59 +0100
Subject: [PATCH 21/42] Clarification on update year of release

Without this change, need to click link to see year of release
---
 .../microsoft-defender-atp/onboard-downlevel.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
index bec39c02a1..1d8fa91df1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md
@@ -57,7 +57,7 @@ The following steps are required to enable this integration:
 
 ### Before you begin
 Review the following details to verify minimum system requirements:
-- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
+- Install the [February 2018 monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
   
   >[!NOTE]
   >Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro. 

From aeb16491cf3550f5a1a541bbef42a0041af3b0e8 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 8 Jul 2019 09:39:43 -0700
Subject: [PATCH 22/42] Update attack-surface-reduction-exploit-guard.md

changing "Windows Defender ATP" to "Microsoft Defender ATP"
---
 .../attack-surface-reduction-exploit-guard.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 5630ada92e..89e37b7f6d 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -45,9 +45,9 @@ Triggered rules display a notification on the device. You can [customize the not
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
-## Review attack surface reduction events in the Windows Defender ATP Security Center
+## Review attack surface reduction events in the Microsoft Defender ATP Security Center
 
-Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
+Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 
 You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how controlled folder access settings could affect your environment.
 

From 459671132805999b373c65ad9d963b9f85650471 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greg.lindsay@microsoft.com>
Date: Mon, 8 Jul 2019 16:32:41 -0700
Subject: [PATCH 23/42] Update existing-devices.md

---
 windows/deployment/windows-autopilot/existing-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index 4da38ccbe4..a053db3c32 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -212,7 +212,7 @@ See the following examples.
    - Click **Next**.
 
      >[!NOTE]
-     >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined and hybrid AAD joined devices.
+     >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices.
 
 7. On the Include Updates page, choose one of the three available options. This selection is optional.
 8. On the Install applications page, add applications if desired. This is optional.

From 0c635cc936d94d3cfaa09508b140fbbfd4261c5e Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 9 Jul 2019 06:04:21 +0200
Subject: [PATCH 24/42] Update
 windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 89e37b7f6d..07d023ebd2 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -45,7 +45,7 @@ Triggered rules display a notification on the device. You can [customize the not
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
-## Review attack surface reduction events in the Microsoft Defender ATP Security Center
+## Review attack surface reduction events in the Microsoft Security Center
 
 Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 

From 19902e5d9a8b66ef1732024b69d27120d8d8dc00 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 9 Jul 2019 06:08:01 +0200
Subject: [PATCH 25/42] Update attack-surface-reduction-exploit-guard.md

---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 07d023ebd2..89e37b7f6d 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -45,7 +45,7 @@ Triggered rules display a notification on the device. You can [customize the not
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
-## Review attack surface reduction events in the Microsoft Security Center
+## Review attack surface reduction events in the Microsoft Defender ATP Security Center
 
 Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 

From 278d0260a1cb2503b903f81d05b32801d4554c57 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 9 Jul 2019 06:16:38 +0200
Subject: [PATCH 26/42] Update attack-surface-reduction-exploit-guard.md

---
 .../attack-surface-reduction-exploit-guard.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 89e37b7f6d..07d023ebd2 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -45,7 +45,7 @@ Triggered rules display a notification on the device. You can [customize the not
 
 For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 
-## Review attack surface reduction events in the Microsoft Defender ATP Security Center
+## Review attack surface reduction events in the Microsoft Security Center
 
 Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 

From 6dc8f9d6a00210cfae031f4a066c218474aeaef9 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Tue, 9 Jul 2019 15:13:45 +0200
Subject: [PATCH 27/42] Update security-policy-settings.md

Added link.
---
 .../security-policy-settings/security-policy-settings.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index ea05d79cc2..a6ae751c35 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -305,7 +305,7 @@ At the level of each organizational unit in the Active Directory hierarchy, one,
 
 This order means that the local Group Policy Object is processed first, and Group Policy Objects that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites the earlier Group Policy Objects.
 
-This is the default processing order and administrators can specify exceptions to this order. A Group Policy Object that is linked to a site, domain, or organizational unit (not a local Group Policy Object) can be set to **Enforced** with respect to that site, domain, or organizational unit, so that none of its policy settings can be overridden. At any site, domain, or organizational unit, you can mark Group Policy inheritance selectively as **Block Inheritance**. Group Policy Object links that are set to **Enforced** are always applied, however, and they cannot be blocked.
+This is the default processing order and administrators can specify exceptions to this order. A Group Policy Object that is linked to a site, domain, or organizational unit (not a local Group Policy Object) can be set to **Enforced** with respect to that site, domain, or organizational unit, so that none of its policy settings can be overridden. At any site, domain, or organizational unit, you can mark Group Policy inheritance selectively as **Block Inheritance**. Group Policy Object links that are set to **Enforced** are always applied, however, and they cannot be blocked. For more information see [Group Policy Basics – Part 2: Understanding Which GPOs to Apply](https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/15/group-policy-basics-part-2-understanding-which-gpos-to-apply/).
 
 ### <a href="" id="bkmk-secpolprocessing"></a>Security settings policy processing
 

From 4bdeabf849c2c25009228ec68b9ce2404ada2360 Mon Sep 17 00:00:00 2001
From: Bradley Hooten <8869121+bhooten@users.noreply.github.com>
Date: Tue, 9 Jul 2019 11:45:42 -0400
Subject: [PATCH 28/42] Update wcd-admxingestion.md

Corrected file type from ADXM to ADMX on line 54 and added preceding line break to activate markdown formatting on line 77
---
 windows/configuration/wcd/wcd-admxingestion.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index 830319f0f7..4f71f13ace 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -51,7 +51,7 @@ In **ConfigADMXInstalledPolicy**, you provide a policy setting and value for tha
 
 ## ConfigOperations
 
-Use **ConfigOperations** to import an ADXM file or policies from an ADMX file.
+Use **ConfigOperations** to import an ADMX file or policies from an ADMX file.
 
 1. Enter an app name, and then click **Add**. 
 
@@ -72,8 +72,8 @@ Use **ConfigOperations** to import an ADXM file or policies from an ADMX file.
     
 5. Repeat for each ADMX, or set of ADMX policies, that you want to add, and then configure [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) for each one.
 
+<span id="convert"/>
 
-<span id="convert" />
 ## Convert multi-line to single line
 
 Use the following PowerShell cmdlet to remove carriage returns and line feeds from a multi-line file to create a single-line file that you can paste in **AdmxFileUid**.

From 70cb094ccd2c70759a57994135e8ec57a4158957 Mon Sep 17 00:00:00 2001
From: jaimeo <jaimeo@microsoft.com>
Date: Tue, 9 Jul 2019 10:29:01 -0700
Subject: [PATCH 29/42] Update windows-analytics-get-started.md

I just changed it to "1-2 days" myself (per PM confirmation).
---
 windows/deployment/update/windows-analytics-get-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index 2d29a75aa1..4d6ce2368c 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -135,7 +135,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your
 
 See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.
 
-After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in a few hours after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
+After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics within 1-2 days after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
 
 ## Deploy additional optional settings
 

From acbac83974fe82c230e8c43e051bf45622786cae Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 10 Jul 2019 08:41:05 +0500
Subject: [PATCH 30/42] Update policy-csp-localpoliciessecurityoptions.md

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md  | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 2f36d9f2b4..c9b7ebd663 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1567,10 +1567,10 @@ GP Info:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
 	<td></td>
 	<td></td>
 </tr>
@@ -1587,6 +1587,11 @@ GP Info:
 
 <!--/Scope-->
 <!--Description-->
+
+> [!WARNING]
+> Starting in the version 1803 of Windows, this policy is deprecated.
+
+
 Microsoft network server: Amount of idle time required before suspending a session
 
 This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.

From 1142abb947b97f6fde7a055d6f4868531e44f845 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 10 Jul 2019 08:46:25 +0500
Subject: [PATCH 31/42] Update policy-csp-localpoliciessecurityoptions.md

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md               | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index c9b7ebd663..fdbfd9d148 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1591,7 +1591,6 @@ GP Info:
 > [!WARNING]
 > Starting in the version 1803 of Windows, this policy is deprecated.
 
-
 Microsoft network server: Amount of idle time required before suspending a session
 
 This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.

From cc216c99b3cad991101cc7fe7c54a77e38b77856 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 10 Jul 2019 10:22:06 +0530
Subject: [PATCH 32/42] Update devices/hololens/hololens-insider.md

accepted

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 devices/hololens/hololens-insider.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 508c84d18c..18e1924895 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -16,7 +16,6 @@ manager: dansimp
 
 Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. 
  
-
  
 <span id="get-insider" />
 

From e7c57c66e6bc160cdc19084fbe7b5f7cc5191273 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 10 Jul 2019 10:22:33 +0530
Subject: [PATCH 33/42] Update devices/hololens/hololens-insider.md

accepted

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 devices/hololens/hololens-insider.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 18e1924895..e8564699c3 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -17,7 +17,6 @@ manager: dansimp
 Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. 
  
  
-<span id="get-insider" />
 
 ## How do I install the Insider builds? 
  

From d701daeab211cb70c75335daa2fa2b0ed862f248 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 10 Jul 2019 10:23:13 +0530
Subject: [PATCH 34/42] Update devices/hololens/hololens-insider.md

accepted

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 devices/hololens/hololens-insider.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index e8564699c3..44ac72d50b 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -17,7 +17,6 @@ manager: dansimp
 Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. 
  
  
-
 ## How do I install the Insider builds? 
  
 On a device running the Windows 10 April 2018 Update, go to <strong>Settings -&gt; Update &amp; Security -&gt; Windows Insider Program</strong> and select <strong>Get started</strong>. Link the account you used to register as a Windows Insider. 

From bac1bdacfda57d58c57f0395814b9ae0db0b2479 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 10 Jul 2019 10:24:31 +0530
Subject: [PATCH 35/42] Update devices/hololens/hololens-insider.md

accepted

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 devices/hololens/hololens-insider.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 44ac72d50b..5eaf9ad296 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -16,7 +16,6 @@ manager: dansimp
 
 Welcome to the latest Insider Preview builds for HoloLens!  It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. 
  
- 
 ## How do I install the Insider builds? 
  
 On a device running the Windows 10 April 2018 Update, go to <strong>Settings -&gt; Update &amp; Security -&gt; Windows Insider Program</strong> and select <strong>Get started</strong>. Link the account you used to register as a Windows Insider. 

From 45387aba81f1ae001be1435aab3c854087f22df4 Mon Sep 17 00:00:00 2001
From: Reece Peacock <49645174+Reeced40@users.noreply.github.com>
Date: Wed, 10 Jul 2019 09:57:38 +0200
Subject: [PATCH 36/42] Update exploit-protection-exploit-guard.md

---
 .../exploit-protection-exploit-guard.md                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
index dc31cb9a38..d701915788 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@@ -45,9 +45,9 @@ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](http
 >[!WARNING]
 >Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
 
-## Review exploit protection events in the Windows Defender ATP Security Center
+## Review exploit protection events in the Microsoft Security Center
 
-Windows Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
+Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
 
 You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings could affect your environment.
 

From 6bac6d08f50ac1b6c2d89599fd77520acba2eb3b Mon Sep 17 00:00:00 2001
From: eavena <eravena@microsoft.com>
Date: Wed, 10 Jul 2019 11:53:58 -0700
Subject: [PATCH 37/42] Update fileless-threats.md

---
 .../threat-protection/intelligence/fileless-threats.md    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md
index 546e5f5d36..6e0e5385e8 100644
--- a/windows/security/threat-protection/intelligence/fileless-threats.md
+++ b/windows/security/threat-protection/intelligence/fileless-threats.md
@@ -1,8 +1,8 @@
 ---
 title: Fileless threats
 ms.reviewer: 
-description: Learn about fileless threats, its categories, and how it runs
-keywords: fileless, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP
+description: Learn about the categories of fileless threats and malware that "live off the land"
+keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next generation protection
 ms.prod: w10
 ms.mktglfcycl: secure
 ms.sitesec: library
@@ -18,9 +18,9 @@ search.appverid: met150
 
 # Fileless threats
 
-What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The term is used broadly; it's also used to describe malware families that do rely on files to operate.
+What exactly are fileless threats? The term "fileless" suggests that a threat does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition for fileless malware. The term is used broadly; it's also used to describe malware families that do rely on files to operate.
 
-Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form or another.
+Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form.
 
 For clarity, fileless threats are grouped into different categories.
 

From 46c47d40acfbf6d889ef99a4e1d87dbef69d5ca3 Mon Sep 17 00:00:00 2001
From: Joyce Y <47188252+mypil@users.noreply.github.com>
Date: Thu, 11 Jul 2019 21:21:11 +0800
Subject: [PATCH 38/42] fixed malformed URL link for Ping in line 58

Closes #4381
---
 .../windows-defender-antivirus/microsoft-defender-atp-mac.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index 0510dc864b..a6f396b5c1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -55,7 +55,7 @@ The following table lists the services and their associated URLs that your netwo
 | -------------- | ------------------------------------ | -------------------------------------------------------------------- |
 | ATP            | Advanced threat protection service   | [https://x.cp.wd.microsoft.com](https://x.cp.wd.microsoft.com), [https://cdn.x.cp.wd.microsoft.com](https://cdn.x.cp.wd.microsoft.com) |
 
-To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping]([https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
+To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
 
 If you prefer the command line, you can also check the connection by running the following command in Terminal:
 

From 2bf4552958f58a8ae0712d1db4243572ef00830a Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <martyavedon@gmail.com>
Date: Thu, 11 Jul 2019 15:32:57 -0400
Subject: [PATCH 39/42] Fixes #4398

There was a typo, repeating the word "have" in an appropriate place

> In section 18.11:
> In the Email area, you can choose which apps have can access and send email.
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index fe82aa66b7..a53d72a967 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1142,7 +1142,7 @@ To turn off **Let apps access my call history**:
 
 ### <a href="" id="bkmk-priv-email"></a>18.11 Email
 
-In the **Email** area, you can choose which apps have can access and send email.
+In the **Email** area, you can choose which apps have access and can send email.
 
 To turn off **Let apps access and send email**:
 

From 568900cedfa24fe1d2e82190feb9786fac5d375f Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <martyavedon@gmail.com>
Date: Thu, 11 Jul 2019 15:46:09 -0400
Subject: [PATCH 40/42] Fixes #4397

The command examples included the Terminal user's name, instead of simply stating  the command

> Remove "mavel-mojave:wdavconfig testuser$" from the commands

Also removed a file path, since it was particular to the user account of whoever tested the command & revised the language a little describing backups.
---
 .../microsoft-defender-atp-mac-resources.md              | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
index 59485467ff..5c90d72b3d 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md
@@ -31,7 +31,7 @@ If you can reproduce a problem, please increase the logging level, run the syste
 1. Increase logging level:
 
    ```bash
-   mavel-mojave:~ testuser$ mdatp --log-level verbose
+   mdatp --log-level verbose
    Creating connection to daemon
    Connection established
    Operation succeeded
@@ -39,19 +39,18 @@ If you can reproduce a problem, please increase the logging level, run the syste
 
 2. Reproduce the problem
 
-3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The command will print out location with generated zip file.
+3. Run `mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds.
 
    ```bash
-   mavel-mojave:~ testuser$ mdatp --diagnostic --create
+   mdatp --diagnostic --create
    Creating connection to daemon
    Connection established
-   "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
    ```
 
 4. Restore logging level:
 
    ```bash
-   mavel-mojave:~ testuser$ mdatp --log-level info
+   mdatp --log-level info
    Creating connection to daemon
    Connection established
    Operation succeeded

From 50f7d394eda4200e83cc64fa9614f05027907045 Mon Sep 17 00:00:00 2001
From: Marty Hernandez Avedon <martyavedon@gmail.com>
Date: Thu, 11 Jul 2019 16:04:19 -0400
Subject: [PATCH 41/42] Fixes #4396

The command examples included the whole Terminal prompt, not just the command

> Can you remove the terminal (BASH) prompt text from your commands. When you click copy and then paste into Terminal (BASH) the commands do not work because of the "mavel-mojave:~ testuser$" text in them.
---
 ...icrosoft-defender-atp-mac-install-manually.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
index 5b0a86a447..73f3bdc5e1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
@@ -48,7 +48,7 @@ Download the installation and onboarding packages from Windows Defender Security
     Extract the contents of the .zip files:
   
     ```bash
-   mavel-macmini:Downloads test$ ls -l
+    ls -l
     total 721152
     -rw-r--r--  1 test  staff       6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
     -rw-r--r--  1 test  staff  354531845 Mar 13 08:57 wdav.pkg
@@ -92,7 +92,7 @@ If you did not enable Microsoft's driver during installation, then the applicati
 You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available:
 
 ```bash
-mavel-mojave:~ testuser$ mdatp --health
+mdatp --health
 ...
 realTimeProtectionAvailable             : false
 realTimeProtectionEnabled               : true
@@ -112,7 +112,7 @@ In this case, you need to perform the following steps to enable Real-Time Protec
 
 1. In Terminal, attempt to install the driver. (The operation will fail)
     ```bash
-    mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext
+    sudo kextutil /Library/Extensions/wdavkext.kext
     Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
     Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
     Diagnostics for /Library/Extensions/wdavkext.kext:
@@ -125,13 +125,13 @@ In this case, you need to perform the following steps to enable Real-Time Protec
 4. In Terminal, install the driver again. This time the operation will succeed:
 
 ```bash
-mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext
+sudo kextutil /Library/Extensions/wdavkext.kext
 ```
 
 The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available:
 
 ```bash
-mavel-mojave:~ testuser$ mdatp --health
+mdatp --health
 ...
 realTimeProtectionAvailable             : true
 realTimeProtectionEnabled               : true
@@ -145,20 +145,20 @@ realTimeProtectionEnabled               : true
     The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
 
     ```bash
-    mavel-mojave:wdavconfig testuser$ mdatp --health orgId
+    mdatp --health orgId
     ```
 
 2. Install the configuration file on a client machine:
 
     ```bash
-    mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
+    python WindowsDefenderATPOnboarding.py
     Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
     ```
 
 3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
 
     ```bash
-    mavel-mojave:wdavconfig testuser$ mdatp --health orgId
+    mdatp --health orgId
     E6875323-A6C0-4C60-87AD-114BBE7439B8
     ```
 

From 583bb0cc8fc618aadaa1b48c652359e3d08519df Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 12 Jul 2019 09:30:28 +0500
Subject: [PATCH 42/42] Update policy-csp-localpoliciessecurityoptions.md

---
 .../mdm/policy-csp-localpoliciessecurityoptions.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index fdbfd9d148..ec391230a3 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1589,7 +1589,7 @@ GP Info:
 <!--Description-->
 
 > [!WARNING]
-> Starting in the version 1803 of Windows, this policy is deprecated.
+> Starting in Windows 10, version 1803, this policy is deprecated.
 
 Microsoft network server: Amount of idle time required before suspending a session