Merged master

windows/security/identity-protection/access-control/active-directory-security-groups.md

@@ -79,8 +79,8 @@ Groups are characterized by a scope that identifies the extent to which the grou
 
 -   Domain Local
 
-**Note**  
-In addition to these three scopes, the default groups in the **Builtin** container have a group scope of Builtin Local. This group scope and group type cannot be changed.
+> [!NOTE]
+> In addition to these three scopes, the default groups in the **Builtin** container have a group scope of Builtin Local. This group scope and group type cannot be changed.
 
  
 
@@ -111,8 +111,8 @@ The following table lists the three group scopes and more information about each
 <td><p>Accounts from any domain in the same forest</p>
 <p>Global groups from any domain in the same forest</p>
 <p>Other Universal groups from any domain in the same forest</p></td>
-<td><p>Can be converted to Domain Local scope</p>
-<p>Can be converted to Global scope if the group is not a member of any other Universal groups</p></td>
+<td><p>Can be converted to Domain Local scope if the group is not a member of any other Universal groups</p>
+<p>Can be converted to Global scope if the group does not contain any other Universal groups</p></td>
 <td><p>On any domain in the same forest or trusting forests</p></td>
 <td><p>Other Universal groups in the same forest</p>
 <p>Domain Local groups in the same forest or trusting forests</p>
@@ -620,8 +620,8 @@ Members of the Account Operators group cannot manage the Administrator user acco
 
 The Account Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-By default, this built-in group has no members, and it can create and manage users and groups in the domain, including its own membership and that of the Server Operators group. This group is considered a service administrator group because it can modify Server Operators, which in turn can modify domain controller settings. As a best practice, leave the membership of this group empty, and do not use it for any delegated administration. This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> By default, this built-in group has no members, and it can create and manage users and groups in the domain, including its own membership and that of the Server Operators group. This group is considered a service administrator group because it can modify Server Operators, which in turn can modify domain controller settings. As a best practice, leave the membership of this group empty, and do not use it for any delegated administration. This group cannot be renamed, deleted, or moved.
 
  
 
@@ -686,8 +686,8 @@ Members of the Administrators group have complete and unrestricted access to the
 
 The Administrators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-The Administrators group has built-in capabilities that give its members full control over the system. This group cannot be renamed, deleted, or moved. This built-in group controls access to all the domain controllers in its domain, and it can change the membership of all administrative groups.
+> [!NOTE]
+> The Administrators group has built-in capabilities that give its members full control over the system. This group cannot be renamed, deleted, or moved. This built-in group controls access to all the domain controllers in its domain, and it can change the membership of all administrative groups.
 
 Membership can be modified by members of the following groups: the default service Administrators, Domain Admins in the domain, or Enterprise Admins. This group has the special privilege to take ownership of any object in the directory or any resource on a domain controller. This account is considered a service administrator group because its members have full access to the domain controllers in the domain.
 
@@ -2056,8 +2056,8 @@ When a member of the Guests group signs out, the entire profile is deleted. This
 
 Computer Configuration\\Administrative Templates\\System\\User Profiles
 
-**Note**  
-A Guest account is a default member of the Guests security group. People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account.
+> [!NOTE]
+> A Guest account is a default member of the Guests security group. People who do not have an actual account in the domain can use the Guest account. A user whose account is disabled (but not deleted) can also use the Guest account.
 
 The Guest account does not require a password. You can set rights and permissions for the Guest account as in any user account. By default, the Guest account is a member of the built-in Guests group and the Domain Guests global group, which allows a user to sign in to a domain. The Guest account is disabled by default, and we recommend that it stay disabled.
 
@@ -2125,8 +2125,8 @@ This security group has not changed since Windows Server 2008.
 
 Members of the Hyper-V Administrators group have complete and unrestricted access to all the features in Hyper-V. Adding members to this group helps reduce the number of members required in the Administrators group, and further separates access.
 
-**Note**  
-Prior to Windows Server 2012, access to features in Hyper-V was controlled in part by membership in the Administrators group.
+> [!NOTE]
+> Prior to Windows Server 2012, access to features in Hyper-V was controlled in part by membership in the Administrators group.
 
  
 
@@ -2252,8 +2252,8 @@ Members of the Incoming Forest Trust Builders group can create incoming, one-way
 
 To make this determination, the Windows security system computes a trust path between the domain controller for the server that receives the request and a domain controller in the domain of the requesting account. A secured channel extends to other Active Directory domains through interdomain trust relationships. This secured channel is used to obtain and verify security information, including security identifiers (SIDs) for users and groups.
 
-**Note**  
-This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
+> [!NOTE]
+> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
  
 
@@ -2261,8 +2261,8 @@ For more information, see [How Domain and Forest Trusts Work: Domain and Forest
 
 The Incoming Forest Trust Builders group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This group cannot be renamed, deleted, or moved.
 
  
 
@@ -2359,17 +2359,15 @@ Members of the Network Configuration Operators group can have the following admi
 
 -   Enter the PIN unblock key (PUK) for mobile broadband devices that support a SIM card.
 
-**Note**  
-This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
+> [!NOTE]
+> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
  
-
 The Network Configuration Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This group cannot be renamed, deleted, or moved.
 
- 
 
 This security group has not changed since Windows Server 2008.
 
@@ -2434,26 +2432,23 @@ Members of the Performance Log Users group can manage performance counters, logs
 
 -   Can create and modify Data Collector Sets after the group is assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right.
 
-    **Warning**  
-    If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
+    > [!WARNING]
+    > If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
 
-     
 
 -   Cannot use the Windows Kernel Trace event provider in Data Collector Sets.
 
 For members of the Performance Log Users group to initiate data logging or modify Data Collector Sets, the group must first be assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right. To assign this user right, use the Local Security Policy snap-in in Microsoft Management Console.
 
-**Note**  
-This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
+> [!NOTE]
+> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
  
-
 The Performance Log Users group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-This account cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This account cannot be renamed, deleted, or moved.
 
- 
 
 This security group has not changed since Windows Server 2008.
 
@@ -2524,13 +2519,13 @@ Specifically, members of this security group:
 
 -   Cannot create or modify Data Collector Sets.
 
-    **Warning**  
-    You cannot configure a Data Collector Set to run as a member of the Performance Monitor Users group.
+    > [!WARNING]
+    > You cannot configure a Data Collector Set to run as a member of the Performance Monitor Users group.
 
      
 
-**Note**  
-This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group cannot be renamed, deleted, or moved.
 
  
 
@@ -2590,15 +2585,13 @@ This security group has not changed since Windows Server 2008.
 </table>
 
  
-
 ### <a href="" id="bkmk-pre-ws2kcompataccess"></a>Pre–Windows 2000 Compatible Access
 
 Members of the Pre–Windows 2000 Compatible Access group have Read access for all users and groups in the domain. This group is provided for backward compatibility for computers running Windows NT 4.0 and earlier. By default, the special identity group, Everyone, is a member of this group. Add users to this group only if they are running Windows NT 4.0 or earlier.
 
-**Warning**  
-This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
+> [!WARNING]
+> This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
 
- 
 
 The Pre–Windows 2000 Compatible Access group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
@@ -3243,8 +3236,8 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 Computers that are members of the Replicator group support file replication in a domain. Windows Server operating systems use the File Replication service (FRS) to replicate system policies and logon scripts stored in the System Volume (SYSVOL). Each domain controller keeps a copy of SYSVOL for network clients to access. FRS can also replicate data for the Distributed File System (DFS), synchronizing the content of each member in a replica set as defined by DFS. FRS can copy and maintain shared files and folders on multiple servers simultaneously. When changes occur, content is synchronized immediately within sites and by a schedule between sites.
 
-**Important**  
-In Windows Server 2008 R2, FRS cannot be used for replicating DFS folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of a SYSVOL shared resource in a domain that uses FRS for replicating the SYSVOL shared resource between domain controllers.
+> [!WARNING]
+> In Windows Server 2008 R2, FRS cannot be used for replicating DFS folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of a SYSVOL shared resource in a domain that uses FRS for replicating the SYSVOL shared resource between domain controllers.
 
 However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL shared resource. The DFS Replication service is a replacement for FRS, and it can be used to replicate the contents of a SYSVOL shared resource, DFS folders, and other custom (non-SYSVOL) data. You should migrate all non-SYSVOL FRS replica sets to DFS Replication. For more information, see:
 
@@ -3489,8 +3482,8 @@ For more information about this security group, see [Terminal Services License S
 
 The Terminal Server License Servers group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This group cannot be renamed, deleted, or moved.
 
  
 
@@ -3624,11 +3617,10 @@ Members of this group have access to the computed token GroupsGlobalAndUniversal
 
 The Windows Authorization Access group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
 
-**Note**  
-This group cannot be renamed, deleted, or moved.
+> [!NOTE]
+> This group cannot be renamed, deleted, or moved.
 
  
-
 This security group has not changed since Windows Server 2008.
 
 <table>
@@ -3704,8 +3696,8 @@ The WinRMRemoteWMIUsers\_ group applies to versions of the Windows Server operat
 
 In Windows Server 2012, the Access Denied Assistance functionality adds the Authenticated Users group to the local WinRMRemoteWMIUsers\_\_ group. Therefore, when the Access Denied Assistance functionality is enabled, all authenticated users who have Read permissions to the file share can view the file share permissions.
 
-**Note**  
-The WinRMRemoteWMIUsers\_ group allows running Windows PowerShell commands remotely whereas the [Remote Management Users](#bkmk-remotemanagementusers) group is generally used to allow users to manage servers by using the Server Manager console.
+> [!NOTE]
+> The WinRMRemoteWMIUsers\_ group allows running Windows PowerShell commands remotely whereas the [Remote Management Users](#bkmk-remotemanagementusers) group is generally used to allow users to manage servers by using the Server Manager console.
 
  
 

windows/security/identity-protection/credential-guard/credential-guard-requirements.md

@@ -31,7 +31,7 @@ For Windows Defender Credential Guard to provide protection, the computers you a
 To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Windows Defender Credential Guard uses:
 - Support for Virtualization-based security (required)
 - Secure boot (required)
-- TPM 1.2 or 2.0 (preferred - provides binding to hardware), either discrete or firmware 
+- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware 
 - UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)
 
 The Virtualization-based security requires:

windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md

@@ -40,7 +40,9 @@ Hybrid Windows Hello for Business needs two directories: on-premises Active Dire
 
 A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription.  The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
 
-You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.  However, the key trust deployment needs an ***adequate*** number of Windows Server 2016 or later domain controllers at each site where users authenticate using Windows Hello for Business.  Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
+You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.  
+If using the key trust deployment model, you MUST ensure that you have adequate (1 or more, depending on your authentication load) Windows Server 2016 or later Domain Controllers in each Active Directory site where users will be authenticating for Windows Hello for Business.  
+Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
 > [!NOTE]
 >There was an issue with key trust authentication on Windows Server 2019. If you are planning to use Windows Server 2019 domain controllers refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044) to fix this issue.

windows/security/information-protection/TOC.md

@@ -38,7 +38,7 @@
 
 ## [Encrypted Hard Drive](encrypted-hard-drive.md)
 
-## [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)
+## [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)
 
 ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
 ### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md)

windows/security/information-protection/index.md

@@ -22,7 +22,7 @@ Learn more about how to secure documents and other data across your organization
 |-|-|
 | [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
 | [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
-| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
+| [Kernel DMA Protection](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to PCI accessible ports, such as Thunderbolt™ 3 ports. |
 | [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
 | [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
 | [Trusted Platform Module](tpm/trusted-platform-module-top-node.md)| Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys.  |

windows/security/information-protection/windows-information-protection/limitations-with-wip.md

@@ -133,9 +133,14 @@ This table provides info about the most common problems you might encounter whil
         </td>
       </tr>
     <tr>
-        <td>By design, OneNote only supports WIP protected notebooks stored on enterprise-managed SharePoint (OneDrive for Business).  Onenote does not support local WIP protected notebooks.</td>
-        <td>OneNote might encounter an error such as "This notebook contains protected content from your organization, which can't be viewed or synced. Please change the file ownership to Personal, or contact your IT administrator." Supported notebooks (OneDrive for Business) should be shown in File Explorer as links and open with your associated browser. Unsupported notebooks would show as folders or .one files (with a OneNote icon)</td>
-        <td>If unsupported files won't open in the browser, then they are 'stuck' in the old local format - incompatible with WIP or viewing online. We recommend that you create a new notebook and copy the contents from the existing notebook into the new one. In OneNote desktop, File > New > OnedDive - company name notebook and create a new one. Then within OneNote, copy over the old 'local' sections into this new notebook to ensure they get upgraded to the modern format. Hold Ctrl + drag and drop the sections into the notebook. Holding Ctrl will copy sections rather than move them,  preserving the old sections as backup copies. Wait for the new notebook to finish syncing to OneDrive for business.</td>    
+        <td>OneNote notebooks on OneDrive for Business must be properly configured to work with WIP.</td>
+        <td>OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it.</td>
+        <td>"OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps:
+1. Close the notebook in OneNote.
+2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop.
+3. Copy the notebook folder and Paste it back into the OneDrive for Business folder.
+
+Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut.  Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the “Open in app” button.</td>    
     </tr>
     <tr>
         <td>Microsoft Office Outlook offline data files (PST and OST files) are not marked as <strong>Work</strong> files, and are therefore not protected.

windows/security/threat-protection/TOC.md

@@ -248,6 +248,18 @@
 #### [Privacy](microsoft-defender-atp/linux-privacy.md)
 #### [Resources](microsoft-defender-atp/linux-resources.md)
 
+
+### [Microsoft Defender Advanced Threat Protection for Android]()
+#### [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp/microsoft-defender-atp-android.md)
+
+#### [Deploy]()
+##### [Deploy Microsoft Defender ATP for Android with Microsoft Intune](microsoft-defender-atp/android-intune.md)
+
+#### [Configure]()
+##### [Configure Microsoft Defender ATP for Android features](microsoft-defender-atp/android-configure.md)
+
+
+
 ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
 
 ## [Security operations]()

windows/security/threat-protection/intelligence/TOC.md

@@ -2,10 +2,6 @@
 
 ## [Understand malware & other threats](understanding-malware.md)
 
-### [Prevent malware infection](prevent-malware-infection.md)
-
-### [Malware names](malware-naming.md)
-
 ### [Coin miners](coinminer-malware.md)
 
 ### [Exploits and exploit kits](exploits-malware.md)
@@ -30,6 +26,10 @@
 
 ### [Worms](worms-malware.md)
 
+## [Prevent malware infection](prevent-malware-infection.md)
+
+## [Malware naming convention](malware-naming.md)
+
 ## [How Microsoft identifies malware and PUA](criteria.md)
 
 ## [Submit files for analysis](submission-guide.md)

windows/security/threat-protection/intelligence/index.md

@@ -15,9 +15,11 @@ ms.topic: conceptual
 ---
 # Security intelligence
 
-Here you will find information about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs
+Here you will find information about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs.
 
 * [Understand malware & other threats](understanding-malware.md)
+* [Prevent malware infection](prevent-malware-infection.md)
+* [Malware naming convention](malware-naming.md)
 * [How Microsoft identifies malware and PUA](criteria.md)
 * [Submit files for analysis](submission-guide.md)
 * [Safety Scanner download](safety-scanner-download.md)

windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md

@@ -50,6 +50,7 @@ The following table summarizes what happens with Microsoft Defender Antivirus wh
 If you are Using Windows Server, version 1803 and Windows 2019, you can enable passive mode by setting this registry key:
 - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
 - Name: ForceDefenderPassiveMode
+- Type: REG_DWORD
 - Value: 1
 
 See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server-2016.md) for key differences and management options for Windows Server installations.

windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md

@@ -28,10 +28,11 @@ Settings that were previously part of the Windows Defender client and main Windo
 
 > [!IMPORTANT]
 > Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
+>
 > If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
-
+>
 > It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
-
+>
 > This will significantly lower the protection of your device and could lead to malware infection.
 
 See the [Windows Security article](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app.
@@ -108,7 +109,8 @@ This section describes how to perform some of the most common tasks when reviewi
 4. Toggle the **Real-time protection** switch to **On**.
 
     > [!NOTE]
-    > If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.  
+    > If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
+    >
     > If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md).
 
 <a id="exclusions"></a>
@@ -165,4 +167,4 @@ To learn more, see:
 
 ## Related articles
 
-- [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)
+- [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)

windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md

@@ -30,7 +30,7 @@ For a list of the cmdlets and their functions and available parameters, see the
 PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software.
 
 > [!NOTE]
-> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), or [Microsoft Defender Antivirus Group Policy ADMX templates](https://www.microsoft.com/download/100591).
+> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr), [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), or [Microsoft Defender Antivirus Group Policy ADMX templates](https://www.microsoft.com/download/101445).
 
 Changes made with PowerShell will affect local settings on the endpoint where the changes are deployed or made. This means that deployments of policy with Group Policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune can overwrite changes made with PowerShell.
 

windows/security/threat-protection/microsoft-defender-atp/android-configure.md

@@ -0,0 +1,50 @@
+---
+title: Configure Microsoft Defender ATP for Android features
+ms.reviewer:
+description: Describes how to configure Microsoft Defender ATP for Android 
+keywords: microsoft, defender, atp, android, configuration
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Configure Microsoft Defender ATP for Android features
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+## Conditional Access with Microsoft Defender ATP for Android  
+Microsoft Defender ATP for Android along with Microsoft Intune and Azure Active
+Directory enables enforcing Device compliance and Conditional Access policies
+based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense
+(MTD) solution that you can deploy to leverage this capability via Intune.
+
+For more infomation on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
+Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+
+
+## Configure custom indicators  
+
+>[!NOTE]
+> Microsoft Defender ATP for Android only supports creating custom indicators for IP addresses and URLs/domains.
+
+Microsoft Defender ATP for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
+
+## Configure web protection
+Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
+
+For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+
+## Related topics
+- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
+- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)

windows/security/threat-protection/microsoft-defender-atp/android-intune.md

@@ -0,0 +1,294 @@
+---
+title: Deploy Microsoft Defender ATP for Android with Microsoft Intune
+ms.reviewer:
+description: Describes how to deploy Microsoft Defender ATP for Android with Microsoft Intune
+keywords: microsoft, defender, atp, android, installation, deploy, uninstallation,
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Deploy Microsoft Defender ATP for Android with Microsoft Intune 
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+This topic describes deploying Microsoft Defender ATP for Android on Intune
+Company Portal enrolled devices. For more information about Intune device enrollment, see  [Enroll your
+device](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/aka.ms/enrollAndroid).
+
+
+> [!NOTE]
+> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes. <br>
+> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+
+## Deploy on Device Administrator enrolled devices
+
+**Deploy Microsoft Defender ATP for Android on Intune Company Portal - Device
+Administrator enrolled devices**
+
+This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. Upgrade from the Preview APK to the GA version on Google Play would be supported.
+
+### Download the onboarding package
+
+Download the onboarding package from Microsoft Defender Security Center.
+
+1. In [Microsoft Defender Security
+Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com), go to **Settings** \> **Machine Management** \> **Onboarding**.
+
+2. In the first drop-down, select **Android** as the Operating system.
+
+3. Select **Download Onboarding package** and save the downloaded .APK file.
+
+    ![Image of onboarding package page](images/onboarding_package_1.png)
+
+### Add as Line of Business (LOB) App
+
+The downloaded Microsoft Defender ATP for Android onboarding package. It is a
+.APK file can be deployed to user groups as a Line of Business app during the
+preview from Microsoft Endpoint Manager Admin Center.
+
+1. In [Microsoft Endpoint Manager admin
+center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
+**Android Apps** \> **Add \> Line-of-business app** and click **Select**.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/eba67e1a3adfec2c77c35a34cb030fba.png)
+
+
+2. On the **Add app** page and in the *App Information* section, click **Select
+add package file** and then click the ![Icon](images/1a62eac0222a9ba3c2fd62744bece76e.png) icon and select the MDATP Universal APK file that was downloaded from the *Download Onboarding package* step.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/e78d36e06495c2f70eb14230de6f7429.png)
+
+
+3. Select **OK**.
+
+4. In the *App Information* section that comes up, enter the **Publisher** as
+Microsoft. Other fields are optional and then select **Next**.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/190a979ec5b6a8f57c9067fe1304cda8.png)
+
+5. In the *Assignments* section, go to the **Required** section and select **Add
+group.** You can then choose the user group(s) that you would like to target
+Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
+
+    >[!NOTE]
+    >The selected user group should consist of Intune enrolled users.
+
+      ![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png)
+
+
+6. In the **Review+Create** section, verify that all the information entered is
+correct and then select **Create**.
+
+    In a few moments, the Microsoft Defender ATP app would be created successfully,
+and a notification would show up at the top-right corner of the page.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png)
+
+
+7. In the app information page that is displayed, in the **Monitor** section,
+select **Device install status** to verify that the device installation has
+completed successfully.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png)
+
+
+During Public Preview, to **update** Microsoft Defender ATP for Android deployed
+as a Line of Business app, download the latest APK. Following the steps in
+*Download the onboarding package* section and follow instructions on how to [update
+a Line of Business
+App](https://docs.microsoft.com/mem/intune/apps/lob-apps-android#step-5-update-a-line-of-business-app).
+
+### Complete onboarding and check status
+
+1. Once Microsoft Defender ATP for Android has been installed on the device, you'll see the app icon.
+
+    ![Icon on mobile device](images/7cf9311ad676ec5142002a4d0c2323ca.jpg)
+
+2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
+to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
+
+3. Upon successful onboarding, the device will start showing up on the Devices
+list in Microsoft Defender Security Center.
+
+    ![Image of device in Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+
+## Deploy on Android Enterprise enrolled devices
+
+Microsoft Defender ATP for Android supports Android Enterprise enrolled devices.
+
+For more information on the enrollment options supported by Intune, see 
+[Enrollment
+Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
+
+As Microsoft Defender ATP for Android is deployed via managed Google Play,
+updates to the app are automatic via Google Play.
+
+Currently only Work Profile, Fully Managed devices are supported for deployment.
+
+
+>[!NOTE]
+>During Public Preview, to access Microsoft Defender ATP in your managed Google Play, contact [atpm@microsoft.com](mailto:atpm@microsoft.com) with the organization ID of your managed Google Play for next steps. This can be found under the **Admin Settings** of [managed Google Play](https://play.google.com/work/).<br>
+> At General Availability (GA), Microsoft Defender ATP for Android will be available as a public app. Upgrades from preview to GA version will be supported.
+
+## Add Microsoft Defender ATP for Android as a managed Google Play app
+
+After receiving a confirmation e-mail from Microsoft that your managed Google
+Play organization ID has been approved, follow the steps below to add Microsoft
+Defender ATP app into your managed Google Play.
+
+1. In [Microsoft Endpoint Manager admin
+center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
+**Android Apps** \> **Add** and select **managed Google Play app**.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png)
+
+
+2. On your managed Google Play page that loads subsequently, go to the search
+box and lookup **Microsoft Defender.** Your search should display the Microsoft
+Defender ATP app in your Managed Google Play. Click on the Microsoft Defender
+ATP app from the Apps search result.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png)
+
+3. In the App description page that comes up next, you should be able to see app
+details on Microsoft Defender ATP. Review the information on the page and then
+select **Approve**.
+
+    ![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
+
+
+4. You should now be presented with the permissions that Microsoft Defender ATP
+obtains for it to work. Review them and then select **Approve**.
+
+    ![A screenshot of Microsoft Defender ATP preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
+
+
+5. You'll be presented with the Approval settings page. The page confirms
+your preference to handle new app permissions that Microsoft Defender ATP for
+Android might ask. Review the choices and select your preferred option. Select
+**Done**.
+
+    By default, managed Google Play selects *Keep approved when app requests new
+permissions*
+
+   ![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
+
+
+6. After the permissions handling selection is made, select **Sync** to sync
+Microsoft Defender ATP to your apps list.
+
+    ![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
+
+
+7. The sync will complete in a few minutes.
+
+    ![Image of Android app](images/9fc07ffc150171f169dc6e57fe6f1c74.png)
+
+8. Select the **Refresh** button in the Android apps screen and Microsoft
+Defender ATP should be visible in the apps list.
+
+    ![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
+
+
+9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
+
+    a. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/android-mem.png)
+
+    b. In the **Create app configuration policy** page, enter the following details:
+        - Name: Microsoft Defender ATP.
+        - Choose **Android Enterprise** as platform.
+        - Choose **Work Profile only** as Profile Type.
+        - Click **Select App**, choose **Microsoft Defender ATP**, select **OK** and then **Next**.
+    
+    ![Image of create app configuration policy page](images/android-create-app.png)
+
+    c. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions 
+    - External storage (read)
+    - External storage (write)
+
+    Then select **OK**.
+
+    ![Image of create app configuration policy](images/android-create-app-config.png)
+
+    
+    d. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
+
+     ![Image of create app configuration policy](images/android-auto-grant.png)
+
+
+    e. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app. 
+
+    ![Image of create app configuration policy](images/android-select-group.png)
+    
+
+     f. In the **Review + Create** page that comes up next, review all the information and then select **Create**. <br>
+    
+    The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
+
+    ![Image of create app configuration policy](images/android-review-create.png)
+
+
+
+10. Select **Microsoft Defender ATP** app in the list \> **Properties** \>
+**Assignments** \> **Edit**.
+
+    ![Image of list of apps](images/9336bbd778cff5e666328bb3db7c76fd.png)
+
+
+11. Assign the app as a *Required* app to a user group. It is automatically installed in the *work profile* during the next sync of
+the device via Company Portal app. This assignment can be done by navigating to
+the *Required* section \> **Add group,** selecting the user group and click
+**Select**.
+
+    ![Image of edit application page](images/ea06643280075f16265a596fb9a96042.png)
+
+
+12. In the **Edit Application** page, review all the information that was entered
+above. Then select **Review + Save** and then **Save** again to commence
+assignment.
+
+## Complete onboarding and check status
+
+1. Confirm the installation status of Microsoft Defender ATP for Android by
+clicking on the **Device Install Status**. Verif that the device is
+displayed here.
+
+    ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)
+
+
+2. On the device, you can confirm the same by going to the **work profile** and
+confirm that Microsoft Defender ATP is available.
+
+    ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png)
+
+3. When the app is installed, open the app and accept the permissions
+and then your onboarding should be successful.
+
+    ![Image of mobile device with Microsoft Defender ATP app](images/23c125534852dcef09b8e37c98e82148.png)
+
+4. At this stage the device is successfully onboarded onto Microsoft Defender
+ATP for Android. You can verify this on the [Microsoft Defender Security
+Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com)
+by navigating to the **Devices** page.
+
+    ![Image of Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+
+
+## Related topics
+- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
+- [Configure Microsoft Defender ATP for Android features](android-configure.md)

windows/security/threat-protection/microsoft-defender-atp/android-terms.md

@@ -0,0 +1,229 @@
+---
+title: Microsoft Defender ATP for Android Application license terms
+ms.reviewer:
+description: Describes the Microsoft Defender ATP for Android license terms
+keywords: microsoft, defender, atp, android,license, terms, application, use, installation, service, feedback, scope, 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+hideEdit: true
+---
+
+# Microsoft Defender ATP for Android application license terms
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER ATP
+
+These license terms ("Terms") are an agreement between Microsoft Corporation (or
+based on where you live, one of its affiliates) and you. Please read them. They
+apply to the application named above. These Terms also apply to any Microsoft
+
+-   updates,
+
+-   supplements,
+
+-   Internet-based services, and
+
+-   support services
+
+for this application, unless other terms accompany those items. If so, those
+terms apply.
+
+**BY USING THE APPLICATION, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM,
+DO NOT USE THE APPLICATION.**
+
+**If you comply with these Terms, you have the perpetual rights below.**
+
+1.  **INSTALLATION AND USE RIGHTS.**
+
+    1.  **Installation and Use.** You may install and use any number of copies
+        of this application on Android enabled device or devices which you own
+        or control. You may use this application with your company's valid
+        subscription of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) or
+        an online service that includes MDATP functionalities.
+
+    2.  **Updates.** Updates or upgrades to MDATP may be required for full
+        functionality. Some functionality may not be available in all countries.
+
+    3.  **Third Party Programs.** The application may include third party
+        programs that Microsoft, not the third party, licenses to you under this
+        agreement. Notices, if any, for the third-party program are included for
+        your information only.
+
+2.  **INTERNET ACCESS MAY BE REQUIRED.** You may incur charges related to
+    Internet access, data transfer and other services per the terms of the data
+    service plan and any other agreement you have with your network operator due
+    to use of the application. You are solely responsible for any network
+    operator charges.
+
+3.  **INTERNET-BASED SERVICES.** Microsoft provides Internet-based services with
+    the application. It may change or cancel them at any time.
+
+    1.  Consent for Internet-Based or Wireless Services. The application may
+        connect to Internet-based wireless services. Your use of the application
+        operates as your consent to the transmission of standard device
+        information (including but not limited to technical information about
+        your device, system and application software, and peripherals) for
+        Internet-based or wireless services. If other terms are provided in
+        connection with your use of the services, those terms also apply.
+
+        -   Data. Some online services require, or may be enhanced by, the
+            installation of local software like this one. At your, or your
+            admin's direction, this software may send data from a device to or
+            from an online service.
+
+        -   Usage Data. Microsoft automatically collects usage and performance
+            data over the internet. This data will be used to provide and
+            improve Microsoft products and services and enhance your experience.
+            You may limit or control collection of some usage and performance
+            data through your device settings. Doing so may disrupt your use of
+            certain features of the application. For additional information on
+            Microsoft's data collection and use, see the [Online Services
+            Terms](https://go.microsoft.com/fwlink/?linkid=2106777).
+
+    2.  Misuse of Internet-based Services. You may not use any Internet-based
+        service in any way that could harm it or impair anyone else's use of it
+        or the wireless network. You may not use the service to try to gain
+        unauthorized access to any service, data, account or network by any
+        means.
+
+4.  **FEEDBACK.** If you give feedback about the application to Microsoft, you
+    give to Microsoft, without charge, the right to use, share and commercialize
+    your feedback in any way and for any purpose. You also give to third
+    parties, without charge, any patent rights needed for their products,
+    technologies and services to use or interface with any specific parts of a
+    Microsoft software or service that includes the feedback. You will not give
+    feedback that is subject to a license that requires Microsoft to license its
+    software or documentation to third parties because we include your feedback
+    in them. These rights survive this agreement.
+
+5.  **SCOPE OF LICENSE.** The application is licensed, not sold. This agreement
+    only gives you some rights to use the application. Microsoft reserves all
+    other rights. Unless applicable law gives you more rights despite this
+    limitation, you may use the application only as expressly permitted in this
+    agreement. In doing so, you must comply with any technical limitations in
+    the application that only allow you to use it in certain ways. You may not
+
+    -   work around any technical limitations in the application;
+
+    -   reverse engineer, decompile or disassemble the application, except and
+        only to the extent that applicable law expressly permits, despite this
+        limitation;
+
+    -   make more copies of the application than specified in this agreement or
+        allowed by applicable law, despite this limitation;
+
+    -   publish the application for others to copy;
+
+    -   rent, lease or lend the application; or
+
+    -   transfer the application or this agreement to any third party.
+
+6.  **EXPORT RESTRICTIONS.** The application is subject to United States export
+    laws and regulations. You must comply with all domestic and international
+    export laws and regulations that apply to the application. These laws
+    include restrictions on destinations, end users and end use. For additional
+    information,
+    see<65>[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
+
+7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
+    provide support services for it. If you have any issues or questions about
+    your use of this application, including questions about your company's
+    privacy policy, please contact your company's admin. Do not contact the
+    application store, your network operator, device manufacturer, or Microsoft.
+    The application store provider has no obligation to furnish support or
+    maintenance with respect to the application.
+
+8.  **APPLICATION STORE.**
+
+    1.  If you obtain the application through an application store (e.g., Google
+        Play), please review the applicable application store terms to ensure
+        your download and use of the application complies with such terms.
+        Please note that these Terms are between you and Microsoft and not with
+        the application store.
+
+    2.  The respective application store provider and its subsidiaries are third
+        party beneficiaries of these Terms, and upon your acceptance of these
+        Terms, the application store provider(s) will have the right to directly
+        enforce and rely upon any provision of these Terms that grants them a
+        benefit or rights.
+
+9.  **TRADEMARK NOTICES.** Microsoft, Microsoft Defender ATP, MDATP, and
+    Microsoft 365 are registered or common-law trademarks of Microsoft
+    Corporation in the United States and/or other countries.
+
+10. **ENTIRE AGREEMENT.** This agreement and the terms for supplements, updates,
+    Internet-based services, and support services that you use are the entire
+    agreement for the application and support services.
+
+11. **APPLICABLE LAW.**
+
+    1.  **United States.** If you acquired the application in the United States,
+        Washington state law governs the interpretation of this agreement and
+        applies to claims for breach of it, regardless of conflict of laws
+        principles. The laws of the state where you live govern all other
+        claims, including claims under state consumer protection laws, unfair
+        competition laws, and in tort.
+
+    2.  **Outside the United States.** If you acquired the application in any
+        other country, the laws of that country apply.
+
+12. **LEGAL EFFECT.** This agreement describes certain legal rights. You may
+    have other rights under the laws of your country. You may also have rights
+    with respect to the party from whom you acquired the application. This
+    agreement does not change your rights under the laws of your country if the
+    laws of your country do not permit it to do so.
+
+13. **DISCLAIMER OF WARRANTY. THE APPLICATION IS LICENSED "AS-IS." "WITH ALL
+    FAULTS," AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND
+    WIRELESS CARRIERS OVER WHOSE NETWORK THE APPLICATION IS DISTRIBUTED, AND
+    EACH OF OUR RESPECTIVE AFFILIATES, AND SUPPLIERS ("COVERED PARTIES") GIVE NO
+    EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS UNDER OR IN RELATION TO THE
+    APPLICATION. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+    APPLICATION IS WITH YOU. SHOULD THE APPLICATION BE DEFECTIVE, YOU ASSUME THE
+    ENTIRE COST OF ALL NECESSARY SERVICING OR REPAIR. YOU MAY HAVE ADDITIONAL
+    CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO
+    THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, COVERED PARTIES EXCLUDE THE
+    IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+    NON-INFRINGEMENT.**
+
+    **FOR AUSTRALIA - YOU HAVE STATUTORY GUARANTEES UNDER THE AUSTRALIAN CONSUMER LAW AND NOTHING IN THESE TERMS IS INTENDED TO AFFECT THOSE RIGHTS.**
+
+14.  **LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. TO THE EXTENT NOT
+    PROHIBITED BY LAW, YOU CAN RECOVER FROM MICROSOFT ONLY DIRECT DAMAGES UP TO
+    ONE U.S. DOLLAR (\$1.00). YOU AGREE NOT TO SEEK TO RECOVER ANY OTHER
+    DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR
+    INCIDENTAL DAMAGES FROM ANY COVERED PARTIES.**
+
+This limitation applies to:
+
+-   anything related to the application, services, content (including code) on
+    third party Internet sites, or third party programs; and
+
+-   claims for breach of contract, warranty, guarantee or condition; consumer
+    protection; deception; unfair competition; strict liability, negligence,
+    misrepresentation, omission, trespass or other tort; violation of statute or
+    regulation; or unjust enrichment; all to the extent permitted by applicable
+    law.
+
+It also applies even if:
+
+a.  Repair, replacement or refund for the application does not fully compensate
+    you for any losses; or
+
+b.  Covered Parties knew or should have known about the possibility of the
+    damages.
+
+The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md

@@ -125,6 +125,8 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
 ## Power BI dashboard samples in GitHub
 For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates).
 
+## Sample reports
+View the Microsoft Defender ATP Power BI report samples. For more information, see [Browse code samples](https://docs.microsoft.com/samples/browse/?products=mdatp).
 
 
 ## Related topic

windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md

@@ -399,7 +399,7 @@ GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b`
 
 ## Related topics
 
-- [Attack surface reduction FAQ](attack-surface-reduction.md)
+- [Attack surface reduction FAQ](attack-surface-reduction-faq.md)
 
 - [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
 

windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md

@@ -93,22 +93,31 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 3.  In the next field, provide enough information to give the Microsoft Threat Experts enough context to start the investigation.
   
 4. Enter the email address that you'd like to use to correspond with Microsoft Threat Experts.
+
+> [!NOTE]
+> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. 
+
+Watch this video for a quick overview of the Microsoft Services Hub.
+
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f] 
+
+
    
 ## Sample investigation topics that you can consult with Microsoft Threat Experts
 
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
-- We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
+- We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
 - I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
-**Possible device compromise**
-- Can you help answer why we see “Unknown process observed?” This is seen quite frequently on many devices. We appreciate any input to clarify whether this is related to malicious activity.
+**Possible machine compromise**
+- Can you help answer why we see “Unknown process observed?” This message or alert is seen frequently on many devices. We appreciate any input to clarify whether this message or alert is related to malicious activity.
 - Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]?
 
 **Threat intelligence details**
-- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
-- I recently saw a [social media reference e.g., Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
+- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
+- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?
@@ -127,7 +136,7 @@ Response from Microsoft Threat Experts varies according to your inquiry. They wi
 - Investigation requires more time   
 - Initial information was enough to conclude the investigation 
 
-It is crucial to respond in a timely manner to keep the investigation moving. 
+It is crucial to respond in quickly to keep the investigation moving. 
 
 ## Related topic
 - [Microsoft Threat Experts overview](microsoft-threat-experts.md)

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -85,9 +85,9 @@ You'll need to take the following steps if you choose to onboard servers through
 Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
 
 The following steps are required to enable this integration:
-- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie)
+- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie).
 
-- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
+- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting.
 
 
 ### Turn on Server monitoring from the Microsoft Defender Security Center portal
@@ -156,6 +156,7 @@ Support for Windows Server, provide deeper insight into activities happening on
     1. Set the following registry entry:
        - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
        - Name: ForceDefenderPassiveMode
+       - Type: REG_DWORD
        - Value: 1
 
     1. Run the following PowerShell command to verify that the passive mode was configured:
@@ -185,7 +186,7 @@ The following capabilities are included in this integration:
     > Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
 
 - Servers monitored by  Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers.  In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
-- Server investigation -  Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
+- Server investigation -  Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
 
 > [!IMPORTANT]
 > - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created. The Microsoft Defender ATP data is stored in Europe by default.
@@ -233,7 +234,7 @@ To offboard the server, you can use either of the following methods:
 
 2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`:
 
-    ```
+    ```powershell
     # Load agent scripting object
     $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
     # Remove OMS Workspace

windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md

@@ -259,18 +259,29 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 | **Data type** | String |
 | **Possible values** | none <br/> safe (default) <br/> all |
 
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default) <br/> false |
+
 ## Recommended configuration profile
 
 To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
 
 The following configuration profile will:
 
-- Enable real-time protection (RTP).
+- Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
-  - **Potentially unwanted applications (PUA)** are blocked.
-  - **Archive bombs** (file with a high compression rate) are audited to the product logs.
-- Enable cloud-delivered protection.
-- Enable automatic sample submission at `safe` level.
+  - **Potentially unwanted applications (PUA)** are blocked
+  - **Archive bombs** (file with a high compression rate) are audited to the product logs
+- Enable automatic security intelligence updates
+- Enable cloud-delivered protection
+- Enable automatic sample submission at `safe` level
 
 ### Sample profile
 
@@ -290,6 +301,7 @@ The following configuration profile will:
       ]
    },
    "cloudService":{
+      "automaticDefinitionUpdateEnabled":true,
       "automaticSampleSubmissionConsent":"safe",
       "enabled":true
    }
@@ -350,7 +362,8 @@ The following configuration profile contains entries for all settings described
    "cloudService":{
       "enabled":true,
       "diagnosticLevel":"optional",
-      "automaticSampleSubmissionConsent":"safe"
+      "automaticSampleSubmissionConsent":"safe",
+      "automaticDefinitionUpdateEnabled":true
    }
 }
 ```

windows/security/threat-protection/microsoft-defender-atp/linux-resources.md

@@ -110,3 +110,12 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
   - Computer model
   - Processor architecture
   - Whether the device is a virtual machine
+
+### Known issues
+
+- Logged on users do not appear in the Microsoft Defender Security Center portal.
+- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
+
+    ```bash
+    $ sudo SUSEConnect --status-text
+    ```

windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md

@@ -50,7 +50,7 @@ File, folder, and process exclusions support the following wildcards:
 
 Wildcard | Description | Example | Matches | Does not match
 ---|---|---|---|---
-\* |	Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/\*/\*.log` | `/var/log/system.log` | `/var/log/nested/system.log`
+\* |	Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/*/*.log` | `/var/log/system.log` | `/var/log/nested/system.log`
 ? | Matches any single character | `file?.log` | `file1.log`<br/>`file2.log` | `file123.log`
 
 ## How to configure the list of exclusions

windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md

@@ -277,6 +277,16 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 | **Data type** | Boolean |
 | **Possible values** | true (default) <br/> false |
 
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default) <br/> false |
+
 ### User interface preferences
 
 Manage the preferences for the user interface of Microsoft Defender ATP for Mac.
@@ -358,6 +368,7 @@ The following configuration profile (or, in case of JAMF, a property list that c
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
   - **Archive bombs** (file with a high compression rate) are audited to Microsoft Defender ATP logs
+- Enable automatic security intelligence updates
 - Enable cloud-delivered protection
 - Enable automatic sample submission
 
@@ -394,6 +405,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
         <true/>
         <key>automaticSampleSubmission</key>
         <true/>
+        <key>automaticDefinitionUpdateEnabled</key>
+        <true/>
     </dict>
 </dict>
 </plist>
@@ -471,6 +484,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
                     <true/>
                     <key>automaticSampleSubmission</key>
                     <true/>
+                    <key>automaticDefinitionUpdateEnabled</key>
+                    <true/>
                 </dict>
             </dict>
         </array>
@@ -563,6 +578,8 @@ The following templates contain entries for all settings described in this docum
         <string>optional</string>
         <key>automaticSampleSubmission</key>
         <true/>
+        <key>automaticDefinitionUpdateEnabled</key>
+        <true/>
     </dict>
     <key>edr</key>
     <dict>
@@ -701,6 +718,8 @@ The following templates contain entries for all settings described in this docum
                     <string>optional</string>
                     <key>automaticSampleSubmission</key>
                     <true/>
+                    <key>automaticDefinitionUpdateEnabled</key>
+                    <true/>
                 </dict>
                 <key>edr</key>
                 <dict>

windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md

@@ -148,7 +148,7 @@ It's important to understand the following prerequisites prior to creating indic
 
 5. Review the details in the Summary tab, then click **Save**.
 
-## Create indicators for certificates (preview)
+## Create indicators for certificates
 
 You can create indicators for certificates. Some common use cases include:
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md

@@ -0,0 +1,100 @@
+---
+title: Microsoft Defender ATP for Android
+ms.reviewer:
+description: Describes how to install and use Microsoft Defender ATP for Android
+keywords: microsoft, defender, atp, android, installation, deploy, uninstallation, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Microsoft Defender Advanced Threat Protection for Android
+
+> [!IMPORTANT]
+> **PUBLIC PREVIEW EDITION**
+> 
+> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
+> 
+> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
+> 
+> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
+
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android.
+
+> [!CAUTION]
+> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Android is likely to cause performance problems and unpredictable system errors.
+
+
+
+## How to install Microsoft Defender ATP for Android
+
+### Prerequisites
+
+-   **For end users**
+
+    -   Microsoft Defender ATP license assigned to the end user(s) of the app.
+
+    -   Intune Company Portal app can be downloaded from [Google
+        Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
+        and is available on the Android device.
+
+        -   Additionally, device(s) can be
+            [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal)
+            via the Intune Company Portal app to enforce Intune device compliance
+            policies. This requires the end user to be assigned a Microsoft Intune license.
+
+    -   For more information on how to assign licenses, see [Assign licenses to
+        users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign).
+        
+
+-   **For Administrators**
+
+    -   Access to the Microsoft Defender Security Center portal.
+
+        > [!NOTE]
+        > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender ATP for Android. Currently only enrolled devices are supported for enforcing Microsoft Defender ATP for Android related device compliance policies in Intune. 
+
+    -   Access [Microsoft Endpoint Manager admin
+        center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the
+        app to enrolled user groups in your organization.
+
+### System Requirements
+
+-   Android devices running Android 6.0 and above.
+-   Intune Company Portal app is downloaded from [Google
+    Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
+    and installed. Device enrollment is required for Intune device compliance policies to be enforced.
+
+### Installation instructions
+
+Microsoft Defender ATP for Android supports installation on both modes of
+enrolled devices - the legacy Device Administrator and Android Enterprise modes
+
+Deployment of Microsoft Defender ATP for Android is via Microsoft Intune (MDM).
+For more information, see [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md).
+
+
+> [!NOTE]
+> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes. <br>
+> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+
+## How to Configure Microsoft Defender ATP for Android
+
+Guidance on how to configure Microsoft Defender ATP for Android features is available in [Configure Microsoft Defender ATP for Android features](android-configure.md).
+
+
+
+## Related topics
+- [Deploy Microsoft Defender ATP for with Microsoft Intune](android-intune.md)
+- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md

@@ -20,20 +20,7 @@ ms.topic: conceptual
 
 # Microsoft Defender ATP for Linux
 
-> [!IMPORTANT]
-> **PUBLIC PREVIEW EDITION**
-> 
-> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
-> 
-> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
-> 
-> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
-
-This topic describes how to install, configure, update, and use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux.
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4q3yP]
-
-<p></p>
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Linux.
 
 > [!CAUTION]
 > Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
@@ -46,16 +33,6 @@ This topic describes how to install, configure, update, and use Microsoft Defend
 - Beginner-level experience in Linux and BASH scripting
 - Administrative privileges on the device (in case of manual deployment)
 
-### Known issues
-
-- Logged on users do not appear in the ATP portal.
-- Running the product on CentOS / RHEL / Oracle Linux 7.0 or 7.1 with kernel versions lower than 3.10.0-327 can result in hanging the operating system. We recommend that you upgrade to version 7.2 or newer.
-- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
-
-    ```bash
-    $ sudo SUSEConnect --status-text
-    ```
-
 ### Installation instructions
 
 There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
@@ -108,8 +85,6 @@ If you experience any installation failures, refer to [Troubleshooting installat
   - `vfat`
   - `xfs`
 
-  More file system types will be added in the future.
-
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
 ### Network connections

windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md

@@ -65,5 +65,13 @@ The option to **Consult a threat expert** is available in several places in the
 - <i>**File page actions menu**</i><BR>
 ![Screenshot of MTE-EOD file page action menu option](images/mte-eod-file.png)
 
+> [!NOTE]
+> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. 
+
+Watch this video for a quick overview of the Microsoft Services Hub.
+
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f] 
+
+   
 ## Related topic
 - [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)

windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md

@@ -92,7 +92,11 @@ Devices on your network must be running one of these editions.
 The hardware requirements for Microsoft Defender ATP on devices is the same as those for the supported editions.
 
 > [!NOTE]
-> Devices running mobile versions of Windows are not supported.
+> Machines running mobile versions of Windows are not supported.
+>
+> Virtual Machines running Windows 10 Enterprise 2016 LTSC (which is based on Windows 10, version 1607) may encounter performance issues if run on non-Microsoft virtualization platforms.
+>
+> For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 (which is based on Windows 10, version 1809) or later.
 
 
 ### Other supported operating systems

windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md

@@ -33,7 +33,7 @@ Windows Server 2016 and earlier or Windows 8.1 and earlier.
 > - An OMS gateway server cannot be used as proxy for disconnected Windows 10 or Windows Server 2019 devices when configured via 'TelemetryProxyServer' registry or GPO.
 > - For Windows 10 or Windows Server 2019 - while you may use TelemetryProxyServer, it must point to a standard proxy device or appliance.
 > - In addition, Windows 10 or Windows Server 2019 in disconnected environments must be able to update Certificate Trust Lists offline via an internal file or web server.
-> - For more information about updating CTLs offline, see (Configure a file or web server to download the CTL files)[https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)#configure-a-file-or-web-server-to-download-the-ctl-files].
+> - For more information about updating CTLs offline, see [Configure a file or web server to download the CTL files](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)#configure-a-file-or-web-server-to-download-the-ctl-files).
 
 For more information about onboarding methods, see the following articles:
 - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel)

windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md

@@ -29,7 +29,7 @@ Submits or Updates new [Indicator](ti-indicator.md) entity.
 
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
-2. There is a limit of 5,000 active indicators per tenant. 
+2. There is a limit of 15,000 active indicators per tenant. 
 
 
 ## Permissions
@@ -102,4 +102,4 @@ Content-type: application/json
 ```
 
 ## Related topic
-- [Manage indicators](manage-indicators.md)
+- [Manage indicators](manage-indicators.md)

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -36,7 +36,7 @@ For more information on new capabilities that are generally available, see [What
 
 ## Turn on preview features
 
-You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
+You'll have access to upcoming features that you can provide feedback on to help improve the overall experience before features are generally available.
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
@@ -47,13 +47,13 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 
 The following features are included in the preview release:
-- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
+- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md) <br> Microsoft Defender ATP now adds support for Android. Learn how to install, configure, and use Microsoft Defender ATP for Android.
 
 - [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates. 
 
 - [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) <br> Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux.
 
- - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os) <BR> Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. <BR> <BR> Secure Configuration Assessment (SCA) supports Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, and Windows Server 2019. See [Secure Configuration Assessment (SCA) for Windows Server now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/secure-configuration-assessment-sca-for-windows-server-now-in/ba-p/1243885) and [Reducing risk with new Threat & Vulnerability Management capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/reducing-risk-with-new-threat-amp-vulnerability-management/ba-p/978145) blogs for more information.
+ - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os) <BR> Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. <BR> <BR> Secure Configuration Assessment (SCA) supports Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, and Windows Server 2019.
 
 - [Threat & Vulnerability Management granular exploit details](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses) <BR> You can now see a comprehensive set of details on the vulnerabilities found in your device to give you informed decision on your next steps. The threat insights icon now shows more granular details, such as if the exploit is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has associated zero-day exploitation news, disclosures, or related security advisories.
  

windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md

@@ -24,8 +24,6 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
-
 Before you begin, ensure that you meet the following operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for.
 
 Operating system | Security assessment support

windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md

@@ -35,6 +35,11 @@ For more information preview features, see [Preview features](https://docs.micro
 > https://docs.microsoft.com/api/search/rss?search=%22Microsoft+Defender+ATP+as+well+as+security+features+in+Windows+10+and+Windows+Server.%22&locale=en-us
 > ```
 
+
+## June 2020
+- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
+
+
 ## April 2020
 
 - [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list) <BR>Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).

windows/security/threat-protection/security-policy-settings/minimum-password-length.md

@@ -26,16 +26,16 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0.
+The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
 
 ### Possible values
 
-- User-specified number of characters between 0 and 20
+- User-specified number of characters between 0 and 14
 - Not defined
 
 ### Best practices
 
-Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it is long enough to provide adequate security and still short enough for users to easily remember. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
+Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it is long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 is not supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
 
 Permitting short passwords reduces security because short passwords can be easily broken with tools that perform dictionary or brute force attacks against the passwords. Requiring very long passwords can result in mistyped passwords that might cause an account lockout and subsequently increase the volume of Help Desk calls.