Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs

windows/application-management/sideload-apps-in-windows-10.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
-ms.date: 04/19/2017
+ms.date: 05/20/2019
 ---
 
 # Sideload LOB apps in Windows 10
@@ -48,10 +48,16 @@ And here's what you'll need to do:
 ## How do I sideload an app on desktop
 You can sideload apps on managed or unmanaged devices.
 
+>[!IMPORTANT]
+> To install an app on Windows 10, in addition to following [these procedures](https://docs.microsoft.com/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package.
+
+
 **To turn on sideloading for managed devices**
 
 -   Deploy an enterprise policy.
 
+
+
 **To turn on sideloading for unmanaged devices**
 
 1.  Open **Settings**.

windows/client-management/mdm/cm-cellularentries-csp.md

@@ -183,6 +183,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
 <p style="margin-left: 20px"> Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
 
 -   Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
+-   LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
 -   MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
 -   IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
 -   SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -107,20 +107,27 @@ Requirements:
 - Enterprise AD must be integrated with Azure AD.
 - Ensure that PCs belong to same computer group.
 
-1.	Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
-    >[!Note] 
-    >If you do not see the policy, it may be caused because you don’t have the ADMX installed for Windows 10, version 1803. To fix the issue, follow these steps:        
-    >   1. Download [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)
-](https://www.microsoft.com/en-us/download/details.aspx?id=56880).
-    >   2. Install the package on the Primary Domain Controller.
-    >   3. Navigate to the folder **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**.
-    >   4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
-    >   5. Restart the Primary Domain Controller for the policy to be available.
+>[!IMPORTANT] 
+>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:        
+>   1. Download:  
+>   1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or  
+>   1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576).
+>   2. Install the package on the Primary Domain Controller (PDC).
+>   3. Navigate, depending on the version to the folder:
+>   1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or  
+>   1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
+>   4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
+>   5. Restart the Primary Domain Controller for the policy to be available.
+>   This procedure will work for any future version as well.
 
+1.	Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
 2.	Create a Security Group for the PCs.
 3.	Link the GPO.
 4.	Filter using Security Groups.
-5.	Enforce  a GPO link
+5.	Enforce a GPO link.
+
+>[!NOTE]
+> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903).
 
 ### Related topics
 
@@ -129,3 +136,8 @@ Requirements:
 - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx)
 - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx)
 - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx)
+
+### Useful Links
+- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880)
+- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)
+ 

windows/client-management/mdm/policy-csp-windowslogon.md

@@ -407,8 +407,8 @@ ADMX Info:
 <!--/ADMXMapped-->
 <!--SupportedValues-->
 Supported values:  
--   false - disabled
--   true  - enabled
+-   0 - disabled
+-   1 - enabled
 <!--/SupportedValues-->
 <!--Example-->
 
@@ -556,4 +556,4 @@ Footnotes:
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in Windows 10, version 1809.
--   6 - Added in Windows 10, version 1903.
+-   6 - Added in Windows 10, version 1903.

windows/security/identity-protection/access-control/special-identities.md

@@ -149,7 +149,7 @@ Any user who accesses the system through a sign-in process has the Authenticated
 </tr>
 <tr class="odd">
 <td><p>Default Location in Active Directory</p></td>
-<td><p>cn=WellKnown Security Principals, cn=Configuration, dc=&lt;forestRootDomain&gt;</p></td>
+<td><p>cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=&lt;forestRootDomain&gt;</p></td>
 </tr>
 <tr class="even">
 <td><p>Default User Rights</p></td>

windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md

@@ -43,7 +43,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
 
 The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
 
-User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
+User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
 

windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md

@@ -37,7 +37,10 @@ You can control the following attributes about the folder that you'd like to be
 
 
 **Folders**<br>
-You can specify a folder and its subfolders to be skipped. You can use wild cards so that all files under the directory is skipped by the automated investigation. 
+You can specify a folder and its subfolders to be skipped. 
+
+> [!NOTE]
+> Wild cards are not yet supported.
 
 **Extensions**<br>
 You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.