From 0f16e19e30716f1e5f905222612f327c06f389cf Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Fri, 12 Oct 2018 14:59:58 -0700
Subject: [PATCH 01/14] First attempt at adding new note

---
 windows/client-management/mdm/bitlocker-csp.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 5925f48358..7fa03fcf50 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -844,6 +844,9 @@ The following diagram shows the BitLocker configuration service provider in tree
 </Replace>
 ```
 
+>[!NOTE]
+>When the warning prompt is disabled, the recovery key is backed up to your AAD account. When the warning prompt is allowed, the user can select where to back up the recovery key for an OS drive, but for a Fixed drive we choose where the recovery key will be backed up. The endpoint for a Fixed drive's backup is a user account chossen in the order of AD first, then AAD, and finally the User's personal One-Drive (One-Drive is only applicable to MDM/MAM). Encryption will wait until one of these three locations backs up successfully.
+
 <a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**  
 Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
 

From cc0b50c454adf8be717d44eff8643f59271fc054 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Fri, 12 Oct 2018 16:31:17 -0700
Subject: [PATCH 02/14] Editorial changes for readability in note

---
 windows/client-management/mdm/bitlocker-csp.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7fa03fcf50..7e8ef47de3 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -845,7 +845,14 @@ The following diagram shows the BitLocker configuration service provider in tree
 ```
 
 >[!NOTE]
->When the warning prompt is disabled, the recovery key is backed up to your AAD account. When the warning prompt is allowed, the user can select where to back up the recovery key for an OS drive, but for a Fixed drive we choose where the recovery key will be backed up. The endpoint for a Fixed drive's backup is a user account chossen in the order of AD first, then AAD, and finally the User's personal One-Drive (One-Drive is only applicable to MDM/MAM). Encryption will wait until one of these three locations backs up successfully.
+>When you disable the warning prompt, the recovery key will back up to your AAD account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed drive we choose the endpoint for the recovery key's backup.
+>
+>The endpoint for a Fixed drive's backup is a user account chosen in following order:
+  >1. AD
+  >2. AAD
+  >3. The user's personal OneDrive (MDM/MAM only).
+>
+>Encryption will wait until one of these three locations backs up successfully.
 
 <a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**  
 Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.

From f0a9470e01f87e776b4c79ad47485dbc0acdf4de Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Wed, 17 Oct 2018 16:02:24 -0700
Subject: [PATCH 03/14] Fixed note as per Justin and Rahul's edits

---
 windows/client-management/mdm/bitlocker-csp.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7e8ef47de3..7c8a1baa76 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -845,11 +845,11 @@ The following diagram shows the BitLocker configuration service provider in tree
 ```
 
 >[!NOTE]
->When you disable the warning prompt, the recovery key will back up to your AAD account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed drive we choose the endpoint for the recovery key's backup.
+>When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed data drive we choose the endpoint for the recovery key's backup.
 >
 >The endpoint for a Fixed drive's backup is a user account chosen in following order:
-  >1. AD
-  >2. AAD
+  >1. Active Directory Domain Services
+  >2. Azure AD
   >3. The user's personal OneDrive (MDM/MAM only).
 >
 >Encryption will wait until one of these three locations backs up successfully.

From ae0fe556c75a72b388f8b56c3822dec848d242d3 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Mon, 22 Oct 2018 09:17:09 -0700
Subject: [PATCH 04/14] Editorial changes

---
 windows/client-management/mdm/bitlocker-csp.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7c8a1baa76..d9b1790f1a 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -847,9 +847,9 @@ The following diagram shows the BitLocker configuration service provider in tree
 >[!NOTE]
 >When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed data drive we choose the endpoint for the recovery key's backup.
 >
->The endpoint for a Fixed drive's backup is a user account chosen in following order:
-  >1. Active Directory Domain Services
-  >2. Azure AD
+>The endpoint for a Fixed drive's backup is chosen in the following order:
+  >1. The user's Active Directory Domain Services account.
+  >2. The user's Azure Active Directory account.
   >3. The user's personal OneDrive (MDM/MAM only).
 >
 >Encryption will wait until one of these three locations backs up successfully.

From a0054772f9c643ac19b9ae2809aea165014ea5ca Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Mon, 22 Oct 2018 11:31:29 -0700
Subject: [PATCH 05/14] Updated as per Justin's instructions

---
 windows/client-management/mdm/bitlocker-csp.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index d9b1790f1a..18fa4af15b 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -847,10 +847,9 @@ The following diagram shows the BitLocker configuration service provider in tree
 >[!NOTE]
 >When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed data drive we choose the endpoint for the recovery key's backup.
 >
->The endpoint for a Fixed drive's backup is chosen in the following order:
-  >1. The user's Active Directory Domain Services account.
-  >2. The user's Azure Active Directory account.
-  >3. The user's personal OneDrive (MDM/MAM only).
+>The endpoint for a fixed data drive's backup is chosen in the following order:
+  >1. The user's Windows Server Active Directory Domain Services account.
+  >2. The user's personal OneDrive (MDM/MAM only).
 >
 >Encryption will wait until one of these three locations backs up successfully.
 

From 108d06bc1070061f0b53c74d27de616a2a1c35b6 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Mon, 22 Oct 2018 14:25:06 -0700
Subject: [PATCH 06/14] Updated as per Rahul's feedback

---
 windows/client-management/mdm/bitlocker-csp.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 18fa4af15b..0fba87098e 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -845,11 +845,12 @@ The following diagram shows the BitLocker configuration service provider in tree
 ```
 
 >[!NOTE]
->When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user can select where to back up the recovery key for an OS drive, but for a fixed data drive we choose the endpoint for the recovery key's backup.
+>When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt for a fixed data drive, we choose the endpoint for the recovery key's backup.
 >
 >The endpoint for a fixed data drive's backup is chosen in the following order:
   >1. The user's Windows Server Active Directory Domain Services account.
-  >2. The user's personal OneDrive (MDM/MAM only).
+  >2. The user's Azure Active Directory account.
+  >3. The user's personal OneDrive (MDM/MAM only).
 >
 >Encryption will wait until one of these three locations backs up successfully.
 
@@ -863,7 +864,7 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol
                      
 If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
 
-The expected values for this policy are: 
+The expected values for this policy are:
 
 - 1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
 - 0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy will not try to enable encryption on any drive.

From acab448eb9fa4a1b84190cee7a406e4794f1bb71 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Mon, 12 Nov 2018 10:22:41 -0800
Subject: [PATCH 07/14] Updates as per comments

---
 windows/client-management/mdm/bitlocker-csp.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 6fec0b5f65..89db97d978 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -795,7 +795,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 
 <a href="" id="allowwarningforotherdiskencryption"></a>**AllowWarningForOtherDiskEncryption**  
 
-<p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines.</p>
+<p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceENcryption policy is set to 1.</p>
 
 > [!Important]  
 > Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview) for value 0.
@@ -845,7 +845,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 ```
 
 >[!NOTE]
->When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt for a fixed data drive, we choose the endpoint for the recovery key's backup.
+>When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who recieves the prompt can select where to back up the OS drive's recovery key.
 >
 >The endpoint for a fixed data drive's backup is chosen in the following order:
   >1. The user's Windows Server Active Directory Domain Services account.

From ba5cbdc59bbef5093ffabd11a0294d8c005d79a3 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Mon, 19 Nov 2018 16:24:15 -0800
Subject: [PATCH 08/14] Edited as per Derek Adam's instructions.

---
 windows/client-management/mdm/bitlocker-csp.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 89db97d978..622d8f2908 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -795,13 +795,13 @@ The following diagram shows the BitLocker configuration service provider in tree
 
 <a href="" id="allowwarningforotherdiskencryption"></a>**AllowWarningForOtherDiskEncryption**  
 
-<p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceENcryption policy is set to 1.</p>
+<p style="margin-left: 20px">Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.</p>
 
 > [!Important]  
-> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview) for value 0.
+> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview).
 
 > [!Warning]
-> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows.
+> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
 
 <table>
 <tr>
@@ -845,7 +845,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 ```
 
 >[!NOTE]
->When you disable the warning prompt, the recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who recieves the prompt can select where to back up the OS drive's recovery key.
+>When you disable the warning prompt, the OS drive's recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who receives the prompt can select where to back up the OS drive's recovery key.
 >
 >The endpoint for a fixed data drive's backup is chosen in the following order:
   >1. The user's Windows Server Active Directory Domain Services account.

From 12a7064820d4577e1bf09a09479bf2615a65dbee Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Wed, 5 Dec 2018 16:19:51 -0800
Subject: [PATCH 09/14] Changes signed off by Rahul Muthoo and change history
 updated.

---
 windows/client-management/mdm/bitlocker-csp.md            | 2 +-
 .../mdm/new-in-windows-mdm-enrollment-management.md       | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 622d8f2908..86d1066e28 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/31/2018
+ms.date: 12/05/2018
 ---
 
 # BitLocker CSP
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index cf0794e951..bff764ba5b 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 09/20/2018
+ms.date: 12/05/2018
 ---
 
 # What's new in MDM enrollment and management
@@ -1760,6 +1760,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### December 2018
+
+|New or updated topic | Description|
+|--- | ---|
+|[BitLocker CSP](bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.|
+
 ### September 2018
 
 |New or updated topic | Description|

From 9a83b04de698ba302d6982dd93c64f3f936eef09 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Wed, 5 Dec 2018 16:20:24 -0800
Subject: [PATCH 10/14] Updated metadata dates.

---
 windows/client-management/mdm/bitlocker-csp.md                  | 2 +-
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 86d1066e28..7f0d5cd7d8 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2018
+ms.date: 12/06/2018
 ---
 
 # BitLocker CSP
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index bff764ba5b..4d9e65932e 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 12/05/2018
+ms.date: 12/06/2018
 ---
 
 # What's new in MDM enrollment and management

From 3712d96b6a06f903c51ffec556a6859d7bb7c9e7 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <helohr@microsoft.com>
Date: Thu, 6 Dec 2018 09:48:08 -0800
Subject: [PATCH 11/14] Editorial change for retrying build

---
 windows/client-management/mdm/bitlocker-csp.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7f0d5cd7d8..2e0b0840bd 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -8,7 +8,6 @@ ms.technology: windows
 author: MariciaAlforque
 ms.date: 12/06/2018
 ---
-
 # BitLocker CSP
 
 > [!WARNING]

From eb13c94e256589e5ad2f718d1f1e90b5054de8d9 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 6 Dec 2018 16:01:49 -0800
Subject: [PATCH 12/14] link

---
 ...anced-hunting-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
index a3ad4f5884..11646a76e2 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -59,7 +59,7 @@ To see a live example of these operators, run them as part of the **Get started*
 
 ## Access query language documentation
 
-For more information on the query language and supported operators, see [Query Language](https://docs.loganalytics.io/docs/Language-Reference/).
+For more information on the query language and supported operators, see  [Query Language](https://docs.microsoft.com/azure/log-analytics/query-language/query-language).
 
 ## Use exposed tables in Advanced hunting
 

From 7faf464fdac5b9758d9be951197d295130753943 Mon Sep 17 00:00:00 2001
From: Andy Liu <liandy@microsoft.com>
Date: Fri, 7 Dec 2018 13:50:33 +0000
Subject: [PATCH 13/14] Merged PR 12606: Updated EnterpriseModernAppManagement
 XAP info

Updated EnterpriseModernAppManagement XAP info
---
 .../mdm/enterprisemodernappmanagement-csp.md                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index cf28233abe..a4f77849fe 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -80,10 +80,10 @@ Query parameters:
     -   Bundle - returns installed bundle packages.
     -   Framework - returns installed framework packages.
     -   Resource - returns installed resources packages. Resources are either language, scale, or DirectX resources. They are parts of a bundle.
-    -   XAP - returns XAP package types.
+    -   XAP - returns XAP package types. This filter is not supported on devices other than Windows Mobile. 
     -   All - returns all package types.
 
-    If no value is specified, the combination of Main, Bundle, Framework, and XAP are returned.
+    If no value is specified, the combination of Main, Bundle, and Framework are returned.
 
 -   PackageFamilyName - specifies the name of a particular package. If you specify this parameter, it returns the Package Family name if the package contains this value.
 

From 6e382f0d9007c13fceb51efd92e58e8b11e0f523 Mon Sep 17 00:00:00 2001
From: Heidi Lohr <Heidi.Lohr@microsoft.com>
Date: Fri, 7 Dec 2018 13:51:10 +0000
Subject: [PATCH 14/14] Merged PR 11991: Updated Mobile device management index

- Added download link to MDM security baseline spreadsheet draft for Windows 10, version 1809 and Windows Server 2019
- Updated metadata date
---
 windows/client-management/mdm/index.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md
index 72b31a82e2..eb70f310ec 100644
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: jdeckerms
-ms.date: 09/12/2018
+ms.date: 10/09/2018
 ---
 
 # Mobile device management
@@ -23,12 +23,15 @@ There are two parts to the Windows 10 management component:
 -   The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
 -   The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
 
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers do not need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers do not need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://go.microsoft.com/fwlink/p/?LinkId=619347).
 
 ## MDM security baseline
 
 With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices.
 
+>[!NOTE]
+>Intune support for the MDM security baseline is coming soon.
+
 The MDM security baseline includes policies that cover the following areas:
 
 - Microsoft inbox security technology (not deprecated) such as Bitlocker, Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
@@ -38,7 +41,7 @@ The MDM security baseline includes policies that cover the following areas:
 - Legacy technology policies that offer alternative solutions with modern technology
 - And much more
 
-For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see [Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019](https://blogs.technet.microsoft.com/secguide/2018/10/01/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019/).
+For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see [MDM Security baseline (Preview) for Windows 10, version 1809](http://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip).