Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

store-for-business/TOC.md

@@ -24,6 +24,7 @@
 ### [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md)
 ### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md)
 ### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md)
+### [Working with solutin providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md)
 ## [Device Guard signing portal](device-guard-signing-portal.md)
 ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
 ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)

store-for-business/work-with-partner-microsoft-store-business.md

@@ -0,0 +1,79 @@
+---
+title: Work with solution providers in Microsoft Store for Business and Education (Windows 10)
+description: You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school.
+keywords: partner, solution provider
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+ms.author: TrudyHa
+ms.topic: conceptual
+ms.date: 10/12/2018
+---
+
+# Working with solution providers in Microsoft Store for Business
+
+You can work with Microsoft-certified solution providers to purchase and manage products and services for your organization or school. There's a few steps involved in getting the things set up. 
+
+The process goes like this:
+- Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business. 
+- Solution providers send a request from Partner center to customers to become their solution provider.
+- Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
+- Customers can manage setting for the relationship with Partner in Microsoft Store for Business. 
+
+## What can a solution provider do for my organization or school?
+
+There are several ways that a solution provider can work with you. Solution providers will choose one of these when they send their request to work as a partner with you.
+
+| Solution provider function | Description | 
+| ------ | ------------------- | 
+| Reseller | Solution providers sell Microsoft products to your organization or school. |
+| Delegated administrator | Solution provider manages products and services for your organization or school. In Azure Active Directory (AD), the Partner will be a Global Administrator for tenant. This allows them to manage services like creating user accounts, assigning and managing licenses, and password resets. |
+| Reseller & delegated administrator | This is a team of two solution providers. You'll receive one partner invitation, but there will be two Solution providers listed on the request. One will sell products, and the other will manage them for you. |
+| Partner | You can give your solution provider a user account in your tenant, and they work on your behalf with other Microsoft services. |
+| Microsoft Products & Services Agreement (MPSA) partner | If you've worked with multiple solution providers through the MPSA program, you can allow partners to see purchases made by each other. |
+| OEM PC partner | Solution providers can upload device IDs for PCs that you're [managing with Autopilot](https://docs.microsoft.com/microsoft-store/add-profile-to-devices).   |
+| Line-of-business (LOB) partner | Solution providers can develop, submit, and manage LOB apps specific for your organization or school. |
+
+##  Find a solution provider
+
+You can find partner in Microsoft Store for Business and Education. 
+
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Find a solution provider**.
+
+    ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-find-partner.png)
+
+3. Refine the list, or search for a solution provider. 
+
+    ![Image shows Find a solution provider option in Microsoft Store for Business.](images/msfb-provider-list.png)
+
+4. When you find a solution provider you're interested in working with, click **Contact**.
+5. Complete and send the form.
+
+The solution provider will get in touch with you. You'll have a chance to learn more about them. If you decide to work with the solution provider, they will send you an email invitation from Partner Center. 
+
+## Work with a solution provider
+
+Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
+
+**To accept a solution provider invitation**
+1. **Follow email link** - You'll receive an email with a link accept the solution provider invitation. The link will take you to Microsoft Store for Business or Education.
+2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider. 
+  
+## Delegate admin privileges
+
+Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad). 
+
+If you don't want to delegate admin privileges to the solution provider, you'll need to cancel the invitation instead of accepting it. 
+
+If you delegate admin privileges to a solution provider, you can remove that later. 
+
+**To remove delegate admin privileges**
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com/).
+2. Select **Partner**
+3. Choose the Partner you want to manage.
+4. Select **Remove Delegated Permissions**. 
+
+The solution provider will still be able to work with you, for example, as a Reseller. 

windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: justinha
 ms.localizationpriority: medium
-ms.date: 10/10/2018
+ms.date: 10/12/2018
 ---
 
 # How Windows Information Protection protects files with a sensitivity label 
@@ -76,7 +76,9 @@ The PDF file doesn't need any work context beyond the sensitivity label.
 - Windows 10, version 1809
 - [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
 - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
-- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
+- WIP policy needs to be applied to endpoint devices by using [Intune](create-wip-policy-using-intune-azure.md) or [System Center Configuration Manager (SCCM)](overview-create-wip-policy-sccm.md).
+
+
 
 
 

windows/security/threat-protection/TOC.md

@@ -465,6 +465,7 @@
 ##### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md)
 ##### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md)
 ###### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md)
+###### [How to list XML elements in <EventData>](auditing/how-to-list-xml-elements-in-eventdata.md)
 
 ###### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md)
 ####### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md)

windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md

@@ -0,0 +1,84 @@
+---
+title: How to get a list of XML elements in <EventData> (Windows 10)
+description: This reference topic for the IT professional explains how to use PowerShell to get a list of XML elements that can appear in <EventData>.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: tedhardyMSFT
+ms.date: 10/12/2018
+---
+
+# How to get a list of XML elements in <EventData>
+
+**Applies to**
+-   Windows 10
+
+Since the Security log uses a manifest, you can get all of the event schema from the workstation.
+
+Run the following from an elevated PowerShell prompt:
+
+```powershell
+$secEvents = get-winevent -listprovider "microsoft-windows-security-auditing"
+```
+
+The .events property is a collection of all of the events listed in the manifest on the local machine.
+
+For each event, there is a .Template property for the XML template used for the event properties (if there are any).
+
+For example:
+
+```powershell
+PS C:\WINDOWS\system32> $SecEvents.events[100]
+
+
+Id          : 4734
+Version     : 0
+LogLink     : System.Diagnostics.Eventing.Reader.EventLogLink
+Level       : System.Diagnostics.Eventing.Reader.EventLevel
+Opcode      : System.Diagnostics.Eventing.Reader.EventOpcode
+Task        : System.Diagnostics.Eventing.Reader.EventTask
+Keywords    : {}
+Template    : <template xmlns="http://schemas.microsoft.com/win/2004/08/events">
+                <data name="TargetUserName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="TargetDomainName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="TargetSid" inType="win:SID" outType="xs:string"/>
+                <data name="SubjectUserSid" inType="win:SID" outType="xs:string"/>
+                <data name="SubjectUserName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="SubjectDomainName" inType="win:UnicodeString" outType="xs:string"/>
+                <data name="SubjectLogonId" inType="win:HexInt64" outType="win:HexInt64"/>
+                <data name="PrivilegeList" inType="win:UnicodeString" outType="xs:string"/>
+              </template>
+
+Description : A security-enabled local group was deleted.
+
+              Subject:
+                Security ID:            %4
+                Account Name:           %5
+                Account Domain:         %6
+                Logon ID:               %7
+
+              Group:
+                Security ID:            %3
+                Group Name:             %1
+                Group Domain:           %2
+
+              Additional Information:
+                Privileges:             %8
+
+
+
+PS C:\WINDOWS\system32> $SecEvents.events[100].Template
+<template xmlns="http://schemas.microsoft.com/win/2004/08/events">
+  <data name="TargetUserName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="TargetDomainName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="TargetSid" inType="win:SID" outType="xs:string"/>
+  <data name="SubjectUserSid" inType="win:SID" outType="xs:string"/>
+  <data name="SubjectUserName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="SubjectDomainName" inType="win:UnicodeString" outType="xs:string"/>
+  <data name="SubjectLogonId" inType="win:HexInt64" outType="win:HexInt64"/>
+  <data name="PrivilegeList" inType="win:UnicodeString" outType="xs:string"/>
+</template>
+
+```