diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 23af32db6d..30ea7597a4 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -6,6 +6,11 @@
"redirect_document_id": true
},
{
+"source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
+"redirect_document_id": true
+},
+{
"source_path": "windows/security/threat-protection/windows-defender-application-control.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
"redirect_document_id": true
@@ -441,11 +446,6 @@
"redirect_document_id": true
},
{
-"source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
-"redirect_document_id": true
-},
-{
"source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control",
"redirect_document_id": true
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 2c32a5805b..caf4a7f2c0 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -75,6 +75,9 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
+>[!IMPORTANT]
+>To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection.
+
Once Autopilot Reset is triggered, the reset process starts.
After reset, the device:
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 1077c1abbe..4e93c9b375 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -127,10 +127,10 @@ There are a variety of steps you can take to begin the process of modernizing de
- [Co-management for Windows 10 devices](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-overview)
- [Prepare Windows 10 devices for co-management](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-prepare)
- [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-switch-workloads)
-- [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-dashboard)
+- [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-dashboard)
- ## Related topics
+## Related topics
- [What is Intune?](https://docs.microsoft.com/en-us/intune/introduction-intune)
- [Windows 10 Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider)
-- [Configuration service Providers](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference)
+- [Windows 10 Configuration service Providers](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference)
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index e424e88106..e380c4b6bf 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 04/24/2018
+ms.date: 04/30/2018
---
# AppLocker CSP
@@ -159,17 +159,16 @@ Each of the previous nodes contains one or more of the following leaf nodes:
Here is a sample certutil invocation:
```
-certutil -encode WinSiPolicy.p7b WinSiPolicy.txt
+certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
```
-Use only the data enclosed in the BEGIN CERTIFIFCATE and END CERTIFICATE section. Ensure that you have removed all line breaks before passing the data to the CSP node.
An alternative to using certutil would be to use the following PowerShell invocation:
```
[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path ))
```
-If you are using Hybrid MDM management with System Center Configuration Manager please ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.
+If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.
Data type is string. Supported operations are Get, Add, Delete, and Replace.
diff --git a/windows/deployment/images/AV-status-by-computer.png b/windows/deployment/images/AV-status-by-computer.png
new file mode 100644
index 0000000000..bfae9a3a44
Binary files /dev/null and b/windows/deployment/images/AV-status-by-computer.png differ
diff --git a/windows/deployment/images/spectre-meltdown-prod-closeup.png b/windows/deployment/images/spectre-meltdown-prod-closeup.png
new file mode 100644
index 0000000000..c873521feb
Binary files /dev/null and b/windows/deployment/images/spectre-meltdown-prod-closeup.png differ
diff --git a/windows/deployment/images/win-security-update-status-by-computer.png b/windows/deployment/images/win-security-update-status-by-computer.png
new file mode 100644
index 0000000000..720ae898be
Binary files /dev/null and b/windows/deployment/images/win-security-update-status-by-computer.png differ
diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
index 5594afcec8..d3f4fb87fd 100644
--- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
+++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
@@ -2,17 +2,52 @@
title: Upgrade Readiness - Additional insights
description: Explains additional features of Upgrade Readiness.
ms.prod: w10
-author: greg-lindsay
-ms.date: 10/26/2017
+author: jaimeo
+ms.date: 04/03/2018
---
# Upgrade Readiness - Additional insights
This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
+- [Spectre and Meltdown protections](#spectre-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities.
- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer.
- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
+## Spectre and Meltdown protection status
+Microsoft has published guidance for IT Pros that outlines the steps you can take to improve protection against the hardware vulnerabilities known as "Spectre" and "Meltdown." See [Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities](https://go.microsoft.com/fwlink/?linkid=867468) for details about the vulnerabilities and steps you can take.
+
+Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities:
+- Verify that you are running a supported antivirus application.
+- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates.
+- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s).
+
+Upgrade Readiness reports on status of your devices in these three areas.
+
+
+
+>[!IMPORTANT]
+>To provide these blades with data, ensure that your devices can reach the endpoint **http://adl.windows.com**. (See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) for more about necessary endpoints and how to whitelist them.)
+
+### Anti-virus status blade
+This blade helps you determine if your devices' anti-virus solution is compatible with the latest Windows operating system updates. It shows the number of devices that have an anti-virus solution with no known issues, issues reported, or an unknown status for a particular Windows security update. In the following example, an anti-virus solution that has no known issues with the January 3, 2018 Windows update is installed on about 2,800 devices.
+
+
+
+### Security update status blade
+This blade indicates whether a Windows security update that includes Spectre- or Meltdown-related fixes (January 3, 2018 or later) has been installed, as well as whether specific fixes have been disabled. Though protections are enabled by default on devices running Windows (but not Windows Server) operating systems, some IT administrators might choose to disable specific protections. In the following example, about 4,300 devices have a Windows security update that includes Spectre or Meltdown protections installed, and those protections are enabled.
+
+
+
+>[!IMPORTANT]
+>If you are seeing computers with statuses of either “Unknown – action may be required” or “Installed, but mitigation status unknown,” it is likely that you need to whitelist the **http://adl.windows.com** endpoint.
+
+### Firmware update status blade
+This blade reports the number of devices that have installed a firmware update that includes Spectre or Meltdown protections. The blade might report a large number of blank, “unknown”, or “to be determined” statuses at first. As CPU information is provided by partners, the blade will automatically update with no further action required on your part.
+
+
+
+
## Site discovery
The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
@@ -20,7 +55,7 @@ The site discovery feature in Upgrade Readiness provides an inventory of web sit
> [!NOTE]
> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
-[In order to use site discovery, a separate opt-in is required; see Enrolling]
+In order to use site discovery, a separate opt-in is required; see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
### Review most active sites
@@ -52,4 +87,4 @@ Office add-ins provides a list of the Microsoft Office add-ins in your environme
## Related topics
-[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-deployment-workflow.md b/windows/deployment/windows-10-deployment-workflow.md
deleted file mode 100644
index 5ac7695ecb..0000000000
--- a/windows/deployment/windows-10-deployment-workflow.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: Windows 10 deployment workflow
-description: Scenarios, methods, tools, and requirements for deploying Windows 10.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-ms.pagetype: deploy
-ms.sitesec: library
-author: greg-lindsay
-ms.date: 12/4/2017
----
-
-# Windows 10 deployment workflow
-
diff --git a/windows/hub/index.md b/windows/hub/index.md
index aada436128..adbc774252 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -18,13 +18,15 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
-> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false]
+
+## Check out [what's new in Windows 10, version 1803](/windows/whats-new/whats-new-windows-10-version-1803).
-
+
What's New?
|
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 28b4ca2adc..9069e4634e 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -27,6 +27,9 @@ To avoid the automatic encryption of data, developers can enlighten apps by addi
We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps.
+>[!IMPORTANT]
+>After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
+
>[!Note]
>For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/en-us/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 044e461c43..48b97409e8 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -509,6 +509,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
index e7ab3c4b24..68e5de567f 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
@@ -420,6 +420,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
index a874b50962..1286383620 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
@@ -555,6 +555,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 64ba93e280..ab62ce51f4 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -23,6 +23,9 @@ We've come up with a list of suggested testing scenarios that you can use to tes
## Testing scenarios
You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
+>[!IMPORTANT]
+>If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
+
| Scenario |
@@ -152,7 +155,7 @@ You can try any of the processes included in these scenarios, but you should foc
Unenroll client devices from WIP. |
- - Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
The device should be removed and all of the enterprise content for that managed account should be gone.
Important
On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
+ - Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
The device should be removed and all of the enterprise content for that managed account should be gone.
Important
On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.
|
diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md
index 74d83b5a3d..acf6a4685d 100644
--- a/windows/security/threat-protection/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/get-support-for-security-baselines.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.author: sagaudre
author: brianlic-msft
-ms.date: 10/23/2017
+ms.date: 05/01/2018
---
# Get Support
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 28676d4b1b..2f18f211ed 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.author: sagaudre
author: brianlic-msft
-ms.date: 02/16/2018
+ms.date: 05/01/2018
---
# Microsoft Security Compliance Toolkit 1.0
@@ -22,8 +22,9 @@ The SCT enables administrators to effectively manage their enterprise’s Group
The Security Compliance Toolkit consists of:
- Windows 10 Security Baselines
+ - Windows 10 Version 1803 (April 2018 Update)
- Windows 10 Version 1709 (Fall Creators Update)
- - Windows 10 Version 1703 (Creators Update)
+ - Windows 10 Version 1703 (Creators Update)
- Windows 10 Version 1607 (Anniversary Update)
- Windows 10 Version 1511 (November Update)
- Windows 10 Version 1507
@@ -40,7 +41,7 @@ The Security Compliance Toolkit consists of:
- Local Group Policy Object (LGPO) tool
-You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions.
+You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/).
## What is the Policy Analyzer tool?
@@ -52,7 +53,7 @@ The Policy Analyzer is a utility for analyzing and comparing sets of Group Polic
Policy Analyzer lets you treat a set of GPOs as a single unit. This makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set.
-More information on the Policy Analyzer tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+More information on the Policy Analyzer tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
## What is the Local Group Policy Object (LGPO) tool?
@@ -62,4 +63,4 @@ LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files
It can export local policy to a GPO backup.
It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
-Documentation for the LGPO tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
\ No newline at end of file
+Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index 54a19e1f41..45adf2a6af 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -54,7 +54,9 @@ You can also [customize the message displayed on users' desktops](https://docs.m
When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
-The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files (such as JS, VBS, or macros) that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
+In Windows 10, version 1803, the Block at first sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+
+The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
index c4fb7fbc8c..a3b17974a0 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@@ -11,14 +11,14 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
---
# Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
**Applies to:**
-- Windows 10, version 1703
+- Windows 10, version 1703 and later
**Audience**
@@ -42,7 +42,7 @@ To understand how next-gen technologies shorten protection delivery time through
-Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI:
+Read the following blog posts for detailed protection stories involving cloud-protection and Microsoft AI:
- [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/)
- [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index 541ca154a0..6df6d94b98 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
---
# Windows Defender Antivirus in Windows 10 and Windows Server 2016
@@ -49,6 +49,12 @@ Some of the highlights of Windows Defender AV include:
>- Fast learning (including Block at first sight)
>- Potentially unwanted application blocking
+## What's new in Windows 10, version 1803
+
+- The [Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and ransomware recovery settings.
+
+
## What's new in Windows 10, version 1703
New features for Windows Defender AV in Windows 10, version 1703 include:
@@ -60,9 +66,6 @@ We've expanded this documentation library to cover end-to-end deployment, manage
- [Evaluation guide for Windows Defender AV](evaluate-windows-defender-antivirus.md)
- [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](deployment-vdi-windows-defender-antivirus.md)
-See the [In this library](#in-this-library) list at the end of this topic for links to each of the updated sections in this library.
-
-
## Minimum system requirements
diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
index fcf0420e4e..c26f399d5e 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@@ -76,7 +76,7 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De
## Common tasks
-This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the new Windows Defender Security Center app.
+This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Defender Security Center app.
> [!NOTE]
> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured.
@@ -142,8 +142,17 @@ This section describes how to perform some of the most common tasks when reviewi
4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
-
+
+**Set ransomware protection and recovery options**
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
+
+3. Click **Ransomware protection**.
+
+4. To change Controlled folder access settings, see [Protect important folders with Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard).
+
+5. To set up ransomware recovery options, click **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
index 01123916cd..c42df2d787 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
@@ -46,7 +46,7 @@ This topic describes how to customize the following settings of the Controlled f
- [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders)
>[!WARNING]
->Controlled folder access is a new technology that monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.
+>Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.
>
>This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact.
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
index dc24bce106..58ee13233a 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -22,7 +22,7 @@ ms.date: 04/30/2018
- Windows 10, version 1703 and later
-The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803 and later, this section also contains information and settings for ransomware protection and recovery, including Controlled folder access settings and sign in to Microsoft OneDrive. IT administrators and IT pros can get more information and documentation about configuration from the following:
+The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack. IT administrators and IT pros can get more information and documentation about configuration from the following:
- [Windows Defender Antivirus in the Windows Defender Security Center app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md)
- [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md
index 5f0da685dd..19059502a9 100644
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.author: sagaudre
author: brianlic-msft
-ms.date: 10/31/2017
+ms.date: 05/01/2018
---
# Windows Security Baselines
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index e246e4481c..d3cef79c21 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -21,7 +21,7 @@ The following 3-minute video summarizes some of the new features that are availa
-> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false]
## Deployment
@@ -221,7 +221,9 @@ Device Health’s new App Reliability reports enable you to see where app update
## Microsoft Edge
-iOS and Android versions of Edge are now available. Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
+iOS and Android versions of Edge are now available. For more information, see [Microsoft Edge Tips](https://microsoftedgetips.microsoft.com/en-us?source=firstrunwip).
+
+Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
## See Also