Merge branch 'main' into v-smandalika-5694287-B10

2025-05-12 13:27:23 +00:00 · 2022-02-24 11:32:07 +05:30 · 2022-02-24 11:32:07 +05:30 · b43f2b5b90
commit b43f2b5b90
parent 1b9cb9e4d7 d00702809e
18 changed files with 252 additions and 142 deletions
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -834,6 +834,9 @@ Value type is string.
 <!--/Description-->
 <!--SupportedValues-->
 > [!NOTE]
 > The check for recurrence is done in a case sensitive manner. For instance the value needs to be “Daily” instead of “daily”. The wrong case will cause SmartRetry to fail to execute.
 <!--/SupportedValues-->
 <!--Example-->
 Sample SyncML:
@ -853,7 +856,7 @@ Sample SyncML:
        </Meta> 
        <Data> 
          <ForceRestart StartDateTime="2018-03-28T22:21:52Z"  
-                        Recurrence="[none/daily/weekly/monthly]"  
+                        Recurrence="[None/Daily/Weekly/Monthly]"  
                        DayOfWeek=”1”  
                        DayOfMonth=”12”  
                        RunIfTaskIsMissed=”1”/> 
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -963,6 +963,11 @@ items:
          items: 
            - name: WindowsAdvancedThreatProtection DDF file
              href: windowsadvancedthreatprotection-ddf.md
        - name: WindowsAutoPilot CSP
          href: windowsautopilot-csp.md
          items: 
            - name: WindowsAutoPilot DDF file
              href: windowsautopilot-ddf-file.md
        - name: WindowsDefenderApplicationGuard CSP
          href: windowsdefenderapplicationguard-csp.md
          items: 
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@ -0,0 +1,29 @@
 ---
 title: WindowsAutoPilot CSP
 description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
 ms.assetid: E6BC6B0D-1F16-48A5-9AC4-76D69A7EDDA6
 ms.reviewer: 
 manager: dansimp
 ms.author: v-nsatapathy
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.date: 02/07/2022
 ---
 # WindowsAutoPilot CSP
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 The WindowsAutopilot CSP collects hardware information about a device and formats it into a BLOB. This BLOB is used as input for calling Windows Autopilot Service to mark a device as remediation required if the device underwent a hardware change that affects its ability to use Windows Autopilot.” with “The WindowsAutopilot CSP exposes Windows Autopilot related device information.” Because the CSP description should be more general/high level.
 **./Vendor/MSFT/WindowsAutopilot**
 Root node. Supported operation is Get.
 **HardwareMismatchRemediationData**
 Interior node. Supported operation is Get. Collects hardware information about a device and returns it as an encoded string. This string is used as input for calling Windows Autopilot Service to remediate a device if the device underwent a hardware change that affects its ability to use Windows Autopilot.
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@ -0,0 +1,76 @@
 ---
 title: WindowsAutoPilot DDF file
 description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutoPilot DDF file configuration service provider (CSP) .
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.date: 02/07/2022
 ms.reviewer: 
 manager: dansimp
 ---
 # WindowsAutoPilot DDF file
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 This topic shows the device description framework (DDF) for the **WindowsAutoPilot** configuration service provider. 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 ```xml
 <NodeName>WindowsAutopilot</NodeName>
        <Path>./Vendor/MSFT</Path>
        <DFProperties>
          <AccessType>
            <Get />
          </AccessType>
          <Description>These settings enable configuration of Windows Autopilot</Description>
          <DFFormat>
            <node />
          </DFFormat>
          <Occurrence>
            <One />
          </Occurrence>
          <Scope>
            <Permanent />
          </Scope>
          <DFType>
            <MIME>com.microsoft/1.0/MDM/WindowsAutopilot</MIME>
          </DFType>
          <Applicability>
            <OsBuildVersion>99.9.99999, 10.0.19041.1202, 10.0.19042.1202, 10.0.19043.1202</OsBuildVersion>
            <CspVersion>1.0</CspVersion>
          </Applicability>
          <ExposedTo>
            <Mdm />
          </ExposedTo>
        </DFProperties>
        <Node>
          <NodeName>HardwareMismatchRemediationData</NodeName>
          <DFProperties>
            <AccessType>
              <Get />
            </AccessType>
            <Description>This data is used to remediate Autopilot hardware mismatches.</Description>
            <DFFormat>
              <chr />
            </DFFormat>
            <Occurrence>
              <One />
            </Occurrence>
            <Scope>
              <Permanent />
            </Scope>
            <DFType>
              <MIME>text/plain</MIME>
            </DFType>
          </DFProperties>
        </Node>
      </Node>
    </MgmtTree>
  </cspDefinition>
 </identity>
 ```
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@ -39,10 +39,10 @@ Where applicable, each endpoint covered in this topic includes a link to specifi
 We used the following methodology to derive these network endpoints:
 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
-2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device).
+2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device).
 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory.
+5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory.
 6. All traffic was captured in our lab using an IPV4 network.  Therefore no IPV6 traffic is reported here.
 > [!NOTE]
@ -62,7 +62,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera
 The following endpoint is used for OneNote Live Tile.
 To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -71,7 +71,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 The following endpoints are used for Twitter updates.
 To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -81,7 +81,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 The following endpoint is used for Facebook updates.
 To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -90,7 +90,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office.
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -99,7 +99,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 The following endpoint is used for Candy Crush Saga updates.
 To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -108,7 +108,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 The following endpoint is used for by the Microsoft Wallet app.
 To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
-If you disable the Microsoft store, other Store apps cannot be installed or updated.
+If you disable the Microsoft store, other Store apps can't be installed or updated.
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 | Source process | Protocol | Destination |
@ -135,21 +135,21 @@ To turn off traffic for this endpoint [disable the Microsoft Store](manage-conne
 ## Cortana and Search
 The following endpoint is used to get images that are used for Microsoft Store suggestions.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 | searchui        | HTTPS | `store-images.s-microsoft.com` |
 The following endpoint is used to update Cortana greetings, tips, and Live Tiles.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 | backgroundtaskhost  | HTTPS   | `www.bing.com/client` |
 The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -164,11 +164,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Certificates
-The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
+The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses.
-Additionally, it is used to download certificates that are publicly known to be fraudulent.
+Additionally, it's used to download certificates that are publicly known to be fraudulent.
 These settings are critical for both Windows security and the overall security of the Internet.
-We do not recommend blocking this endpoint.
+We don't recommend blocking this endpoint.
 If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
 | Source process | Protocol | Destination |
@ -178,7 +178,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl
 ## Device authentication
 The following endpoint is used to authenticate a device.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device won't be authenticated.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -187,7 +187,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Device metadata
 The following endpoint is used to retrieve device metadata.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata won't be updated for the device.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -197,21 +197,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Diagnostic Data
 The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 | svchost |   | `cy2.vortex.data.microsoft.com.akadns.net` |
 The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 | svchost | HTTPS | `v10.vortex-win.data.microsoft.com/collect/v1` |
 The following endpoints are used by Windows Error Reporting.
-To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
+To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -240,7 +240,7 @@ To turn off traffic for this endpoint, disable the Windows License Manager Servi
 ## Location
 The following endpoint is used for location data.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps can't use location data.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -250,7 +250,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Maps
 The following endpoint is used to check for updates to maps that have been downloaded for offline use.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps won't be updated.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -259,7 +259,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Microsoft account
 The following endpoints are used for Microsoft accounts to sign in.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users can't sign in with Microsoft accounts.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -279,14 +279,14 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 |  |  HTTPS  | `*.wns.windows.com` |
 The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.
-To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
+To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 |  | HTTP   | `storecatalogrevocation.storequality.microsoft.com` |
 The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -294,7 +294,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 | backgroundtransferhost | HTTPS   | `store-images.microsoft.com` |
 The following endpoints are used to communicate with Microsoft Store.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -306,7 +306,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 ## Network Connection Status Indicator (NCSI)
 Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet, and the icon denoting the network status tray will show a warning.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -336,7 +336,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |:--------------:|:--------:|:------------|
 | system32\Auth.Host.exe | HTTPS | `outlook.office365.com` |
-The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
+The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -359,7 +359,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 | onedrive | HTTP \ HTTPS   | `g.live.com/1rewlive5skydrive/ODSUProduction` |
 The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
-To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.
+To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device won't be able to get OneDrive for Business app updates.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -390,7 +390,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Skype
-The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
+The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -401,14 +401,14 @@ The following endpoint is used to retrieve Skype configuration values. To turn o
 ## Windows Defender
 The following endpoint is used for Windows Defender when Cloud-based Protection is enabled.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service).
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device won't use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service).
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 |   |    | `wdcp.microsoft.com` |
 The following endpoints are used for Windows Defender definition updates.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions won't be updated.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -427,7 +427,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 ## Windows Spotlight
 The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, and suggested apps, Microsoft account notifications, and Windows tips.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight).
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight).
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -440,14 +440,14 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 ## Windows Update
 The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers.
-If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in redownloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.
+If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in redownloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
 | svchost  | HTTPS   | `*.prod.do.dsp.mp.microsoft.com` |
 The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device wón't be able to download updates for the operating system.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
@ -455,7 +455,7 @@ If you [turn off traffic for these endpoints](manage-connections-from-windows-op
 | svchost | HTTP  | `*.dl.delivery.mp.microsoft.com` |
 The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
-If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
+If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
 | Source process | Protocol | Destination |
 |:--------------:|:--------:|:------------|
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@ -72,7 +72,7 @@ The following issue affects the Java GSS API. See the following Oracle bug datab
 - [JDK-8161921: Windows Defender Credential Guard doesn't allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
-When Windows Defender Credential Guard is enabled on Windows, the Java GSS API won't authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and won't provide the TGT session key to applications regardless of registry key settings. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
+When Windows Defender Credential Guard is enabled on Windows, the Java GSS API won't authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and won't provide the TGT session key to applications regardless of registry key settings. For more information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
 The following issue affects Cisco AnyConnect Secure Mobility Client:
@ -106,7 +106,7 @@ For further technical information on LSAISO.exe, see the MSDN article: [Isolated
 See the following article on Citrix support for Secure Boot:
 - [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/)
-Windows Defender Credential Guard is not supported by either these products, products versions, computer systems, or Windows 10 versions:
+Windows Defender Credential Guard isn't supported by either these products, products versions, computer systems, or Windows 10 versions:
 - For Windows Defender Credential Guard on Windows with McAfee Encryption products, see:
  [Support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard on Windows with McAfee encryption products](https://kc.mcafee.com/corporate/index?page=content&id=KB86009)
@ -123,6 +123,6 @@ Windows Defender Credential Guard is not supported by either these products, pro
 - For Windows Defender Credential Guard on Windows with Symantec Endpoint Protection
  [Windows devices with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
-  This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
+  This isn't a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
  Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@ -2,7 +2,7 @@
 title: Enterprise Certificate Pinning
 ms.mktglfcycl: manage
 ms.sitesec: library
-description: Enterprise certificate pinning is a Windows feature for remembering, or “pinning” a root, issuing certificate authority, or end entity certificate to a given domain name.
+description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
 audience: ITPro
 author: dulcemontemayor
 ms.author: dansimp
@ -22,15 +22,15 @@ ms.reviewer:
 **Applies to**
 -   Windows 10
-Enterprise certificate pinning is a Windows feature for remembering, or “pinning,” a root issuing certificate authority or end entity certificate to a given domain name. 
+Enterprise certificate pinning is a Windows feature for remembering, or pinning a root issuing certificate authority or end entity certificate to a given domain name. 
 Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.
 > [!NOTE]
 > External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
-Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site’s server authentication certificate chain matches a restricted set of certificates. 
+Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site’s chain that authenticates servers matches a restricted set of certificates. 
 These restrictions are encapsulated in a Pin Rules Certificate Trust List (CTL) that is configured and deployed to Windows 10 computers. 
-Any site certificate triggering a name mismatch causes Windows to write an event to the CAPI2 event log and prevents the user from navigating to the web site using Microsoft Edge or Internet Explorer.
+Any site certificate that triggers a name mismatch causes Windows to write an event to the CAPI2 event log and prevents the user from navigating to the web site using Microsoft Edge or Internet Explorer.
 > [!NOTE]
 > Enterprise Certificate Pinning feature triggering doesn't cause clients other than Microsoft Edge or Internet Explorer to block the connection.
@ -80,9 +80,9 @@ For help with formatting Pin Rules, see [Representing a Date in XML](#representi
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-|  **Duration** or **NextUpdate** | Specifies when the Pin Rules will expire. Either is required. **NextUpdate** takes precedence if both are specified. <br>  **Duration**, represented as an XML TimeSpan data type, does not allow years and months. You represent the **NextUpdate** attribute as a XML DateTime data type in UTC.  | **Required?** Yes. At least one is required. |
+|  **Duration** or **NextUpdate** | Specifies when the Pin Rules will expire. Either is required. **NextUpdate** takes precedence if both are specified. <br>  **Duration**, represented as an XML TimeSpan data type, doesn't allow years and months. You represent the **NextUpdate** attribute as an XML DateTime data type in UTC.  | **Required?** Yes. At least one is required. |
-| **LogDuration** or **LogEndDate** | Configures auditing only to extend beyond the expiration of enforcing the Pin Rules. <br>  **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. <br>  You represent **LogDuration** as an XML TimeSpan data type, which does not allow years and months. <br>  If neither attribute is specified, auditing expiration uses **Duration** or **NextUpdate** attributes. | No. | 
+| **LogDuration** or **LogEndDate** | Configures auditing only to extend beyond the expiration of enforcing the Pin Rules. <br>  **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. <br>  You represent **LogDuration** as an XML TimeSpan data type, which doesn't allow years and months. <br>  If `none of the attributes are specified, auditing expiration uses **Duration** or **NextUpdate** attributes. | No. | 
-| **ListIdentifier** | Provides a friendly name for the list of pin rules. Windows does not use this attribute for certificate pinning enforcement, however it is included when the pin rules are converted to a certificate trust list (CTL). | No. |
+| **ListIdentifier** | Provides a friendly name for the list of pin rules. Windows doesn't use this attribute for certificate pinning enforcement; however, it's included when the pin rules are converted to a certificate trust list (CTL). | No. |
 #### PinRule Element    
@ -90,9 +90,9 @@ The **PinRule** element can have the following attributes.
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-| **Name**  | Uniquely identifies the **PinRule**. Windows uses this attribute to identify the element for a parsing error or for verbose output. The attribute is not included in the generated certificate trust list (CTL). | Yes.|
+| **Name**  | Uniquely identifies the **PinRule**. Windows uses this attribute to identify the element for a parsing error or for verbose output. The attribute isn't included in the generated certificate trust list (CTL). | Yes.|
-| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values: <br>- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. <br>- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate does not match the name of the site. This typically results in prompting the user before accessing the site. <br>- **None** - The default value.  No error is returned. You can use this setting to audit the pin rules without introducing any user friction. | No. |
+| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values: <br>- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. <br>- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate doesn't match the name of the site. This typically results in prompting the user before accessing the site. <br>- **None** - The default value.  No error is returned. You can use this setting to audit the pin rules without introducing any user friction. | No. |
-| **Log** | A Boolean value represent as string that equals **true** or **false**. By default, logging is enabled (**true**). | No. |
+| **Log** | A Boolean value represents a string that equals **true** or **false**. By default, logging is enabled (**true**). | No. |
 #### Certificate element 
@ -100,9 +100,9 @@ The **Certificate** element can have the following attributes.
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-| **File**  | Path to a file containing one or more certificates.  Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted.  All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory or Base64 must be present). |
+| **File**  | Path to a file containing one or more certificates.  Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted.  All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory, or Base64 must be present). |
-| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory or Base64 must be present). | 
+| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory, or Base64 must be present). | 
-| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule.  | Yes (File, Directory or Base64 must be present). |
+| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule.  | Yes (File, Directory, or Base64 must be present). |
 | **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.<br> If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
 #### Site element
@ -111,8 +111,8 @@ The **Site** element can have the following attributes.
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows: <br>- If the DNS name has a leading "*" it is removed. <br>- Non-ASCII DNS name are converted to ASCII Puny Code. <br>- Upper case ASCII characters are converted to lower case. <br>If the normalized name has a leading ".", then, wildcard left hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
+| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows: <br>- If the DNS name has a leading "*", it's removed. <br>- Non-ASCII DNS name is converted to ASCII Puny Code. <br>- Upper case ASCII characters are converted to lower case. <br>If the normalized name has a leading ".", then, wildcard left-hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
-| **AllSubdomains** | By default, wildcard left hand label matching is restricted to a single left hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.<br>For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
+| **AllSubdomains** | By default, wildcard left-hand label matching is restricted to a single left-hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.<br>For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
 ### Create a Pin Rules Certificate Trust List
@ -137,7 +137,7 @@ The same certificate(s) can occur in multiple **PinRule** elements.
 The same domain can occur in multiple **PinRule** elements. 
 Certutil coalesces these in the resultant pin rules certificate trust list. 
-Certutil.exe does not strictly enforce the XML schema definition. 
+Certutil.exe doesn't strictly enforce the XML schema definition. 
 It does perform the following to enable other tools to add/consume their own specific elements and attributes:
 - Skips elements before and after the **PinRules** element.
@ -154,7 +154,7 @@ certutil -generatePinRulesCTL certPinRules.xml pinrules.stl
 ### Applying Certificate Pinning Rules to a Reference Computer
 Now that your certificate pinning rules are in the certificate trust list format, you need to apply the settings to a reference computer as a prerequisite to deploying the setting to your enterprise. 
-To simplify the deployment configuration, it is best to apply your certificate pinning rules to a computer that has the Group Policy Management Console (GPMC) that is include in the Remote Server Administration Tools (RSAT). 
+To simplify the deployment configuration, it's best to apply your certificate pinning rules to a computer that has the Group Policy Management Console (GPMC) included in the Remote Server Administration Tools (RSAT). 
 Use **certutil.exe** to apply your certificate pinning rules to your reference computer using the **setreg** argument. 
 The **setreg** argument takes a secondary argument that determines the location of where certutil writes the certificate pining rules. 
@ -181,14 +181,14 @@ Certutil writes the binary information to the following registration location:
 ### Deploying Enterprise Pin Rule Settings using Group Policy
 You’ve successfully created a certificate pinning rules XML file. 
-From the XML file you have created a certificate pinning trust list file, and you have applied the contents of that file to your reference computer from which you can run the Group Policy Management Console. 
+From the XML file you've created a certificate pinning trust list file, and you've applied the contents of that file to your reference computer from which you can run the Group Policy Management Console. 
 Now you need to configure a Group Policy object to include the applied certificate pin rule settings and deploy it to your environment.
 Sign-in to the reference computer using domain administrator equivalent credentials.
 1.  Start the **Group Policy Management Console** (gpmc.msc)
 2.  In the navigation pane, expand the forest node and then expand the domain node.
-3.  Expand the node that has contains your Active Directory’s domain name
+3.  Expand the node that contains your Active Directory’s domain name
 4.  Select the **Group Policy objects** node.  Right-click the **Group Policy objects** node and click **New**.
 5.  In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
 6.  In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
@ -222,7 +222,7 @@ To assist in constructing certificate pinning rules, you can configure the **Pin
 ### Permission for the Pin Rule Log Folder
 The folder in which Windows writes the additional pin rule logs must have permissions so that all users and applications have full access. 
-You can run the following commands from an elevated command prompt to achieved the proper permissions. 
+You can run the following commands from an elevated command prompt to achieve the proper permissions. 
 ```code
 set PinRulesLogDir=c:\PinRulesLog
@ -242,13 +242,13 @@ Whenever an application verifies a TLS/SSL certificate chain that contains a ser
 - NoPinRules
    Didn’t match any site in the certificate pin rules.
-The output file name consists of the leading 8 ASCII hex digits of the root’s SHA1 thumbprint followed by the server name. 
+The output file name consists of the leading eight ASCII hex digits of the root’s SHA1 thumbprint followed by the server name. 
 For example:
 - D4DE20D0_xsi.outlook.com.p7b
 - DE28F4A4_www.yammer.com.p7b
-If there is either an enterprise certificate pin rule or Microsoft certificate pin rule mismatch, then Windows writes the .p7b file to the **MismatchPinRules** child folder. 
+If there's either an enterprise certificate pin rule or a Microsoft certificate pin rule mismatch, then Windows writes the .p7b file to the **MismatchPinRules** child folder. 
 If the pin rules have expired, then Windows writes the .p7b to the **ExpiredPinRules** child folder. 
 ## Representing a Date in XML
@ -270,7 +270,7 @@ However, be certain to append the uppercase “Z” to the end of the XML date s
 ## Converting an XML Date
-You can also use Windows PowerShell to validate convert an XML date into a human readable date to validate it’s the correct date.
+You can also use Windows PowerShell to validate and convert an XML date into a human readable date to validate it’s the correct date.
 ![Converting an XML date.](images/enterprise-certificate-pinning-converting-an-xml-date.png)
@ -284,7 +284,7 @@ You can use Windows PowerShell to properly format and validate durations (timesp
 ## Converting an XML Duration
-You can convert a XML formatted timespan into a timespan variable that you can read. 
+You can convert an XML formatted timespan into a timespan variable that you can read. 
 ![Converting an XML duration.](images/enterprise-certificate-pinning-converting-a-duration.png)
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@ -50,7 +50,7 @@ The following table lists the VPN settings and whether the setting can be config
 > [!NOTE] 
 > VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections, the general proxy settings are used.
-The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This node is useful for deploying profiles with features that are not yet supported by MDMs. You can get more examples in the [ProfileXML XSD](/windows/client-management/mdm/vpnv2-profile-xsd) article.
+The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This node is useful for deploying profiles with features that aren't yet supported by MDMs. You can get more examples in the [ProfileXML XSD](/windows/client-management/mdm/vpnv2-profile-xsd) article.
 ## Sample Native VPN profile
--- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
@ -30,11 +30,10 @@ sections:
        answer: |  
          BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer that is connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method.
-          To use Network Unlock you must also have a PIN configured for your computer. When your computer is not connected to the network you will need to provide the PIN to unlock it.
+          To use Network Unlock you must also have a PIN configured for your computer. When your computer isn't connected to the network you'll need to provide the PIN to unlock it.
          BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it.
-          Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is 
+          Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector, it will prompt you to enter your PIN. If the PIN isn't available, you'll need to use the recovery key to unlock the computer if it can't be connected to the network.
          not available you will need to use the recovery key to unlock the computer if it can not be connected to the network.
          For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
--- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@ -35,12 +35,12 @@ Domain administrators can create and deploy expression-based security audit poli
 | - | - |
 | [Monitor the central access policies that apply on a file server](monitor-the-central-access-policies-that-apply-on-a-file-server.md) | This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. Central access policies are created on a domain controller and then applied to file servers through Group Policy management. |
 | [Monitor the use of removable storage devices](monitor-the-use-of-removable-storage-devices.md) | This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects. |
-| [Monitor resource attribute definitions](monitor-resource-attribute-definitions.md)| This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.|
+| [Monitor resource attribute definitions](monitor-resource-attribute-definitions.md)| This topic for the IT professional describes how to monitor changes to resource attribute definitions when you're using advanced security auditing options to monitor dynamic access control objects.|
 | [Monitor central access policy and rule definitions](monitor-central-access-policy-and-rule-definitions.md) | This topic for the IT professional describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects. |
-| [Monitor user and device claims during sign-in](monitor-user-and-device-claims-during-sign-in.md)| This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects. |
+| [Monitor user and device claims during sign-in](monitor-user-and-device-claims-during-sign-in.md)| This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you're using advanced security auditing options to monitor dynamic access control objects. |
-| [Monitor the resource attributes on files and folders](monitor-the-resource-attributes-on-files-and-folders.md)| This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects. |
+| [Monitor the resource attributes on files and folders](monitor-the-resource-attributes-on-files-and-folders.md)| This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you're using advanced security auditing options to monitor dynamic access control objects. |
-| [Monitor the central access policies associated with files and folders](monitor-the-central-access-policies-associated-with-files-and-folders.md)| This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects. |
+| [Monitor the central access policies associated with files and folders](monitor-the-central-access-policies-associated-with-files-and-folders.md)| This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects. |
-| [Monitor claim types](monitor-claim-types.md) | This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.|
+| [Monitor claim types](monitor-claim-types.md) | This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you're using advanced security auditing options.|
 >**Important:**  This procedure can be configured on computers running any of the supported Windows operating systems. The other monitoring procedures can be configured only as part of a functioning dynamic access control deployment.
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@ -22,6 +22,6 @@ ms.technology: windows-sec
 Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. 
-There is no difference in security auditing support between 32-bit and 64-bit versions. 
+There's no difference in security auditing support between 32-bit and 64-bit versions. 
-Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features. 
+Windows editions that can't join a domain, such as Windows 10 Home edition, don't have access to these features. 
--- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
+++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md
@ -1,7 +1,7 @@
 ---
 title: Industry collaboration programs
 ms.reviewer: 
-description: Microsoft industry-wide anti-malware collaboration programs - Virus Information Alliance (VIA), Microsoft Virus Initiative (MVI), and Coordinated Malware Eradication (CME)
+description: There are various collaborative programs regarding Microsoft industry-wide anti-malware - Virus Information Alliance (VIA), Microsoft Virus Initiative (MVI), and Coordinated Malware Eradication (CME)
 keywords: security, malware, antivirus industry, anti-malware Industry, collaboration programs, alliances, Virus Information Alliance, Microsoft Virus Initiative, Coordinated Malware Eradication, WDSI, MMPC, Microsoft Malware Protection Center, partnerships
 ms.prod: m365-security
 ms.mktglfcycl: secure
@ -17,7 +17,7 @@ ms.technology: windows-sec
 ---
 # Industry collaboration programs
-Microsoft has several industry-wide collaboration programs with different objectives and requirements. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or help disrupting the malware ecosystem.
+There are various industry-wide collaboration programs with different objectives and requirements, provided by Microsoft. Enrolling in the right program can help you protect your customers, gain more insight into the current threat landscape, or help disrupting the malware ecosystem.
 ## Virus Information Alliance (VIA)
--- a/windows/security/threat-protection/intelligence/malware-naming.md
+++ b/windows/security/threat-protection/intelligence/malware-naming.md
@ -35,12 +35,12 @@ Describes what the malware does on your computer. Worms, viruses, trojans, backd
 * Constructor
 * DDoS
 * Exploit
-* Hacktool
+* HackTool
 * Joke
 * Misleading
 * MonitoringTool
 * Program
-* PWS
+* Personal Web Server (PWS)
 * Ransom
 * RemoteAccess
 * Rogue
@ -62,7 +62,7 @@ Describes what the malware does on your computer. Worms, viruses, trojans, backd
 ## Platforms
-Platforms indicate the operating system (such as Windows, masOS X, and Android) the malware is designed to work on. The platform is also used to indicate programming languages and file formats.
+Platforms guide the malware to its compatible operating system (such as Windows, masOS X, and Android). The platform's guidance is also used for programming languages and file formats.
 ### Operating systems
@ -144,7 +144,7 @@ Platforms indicate the operating system (such as Windows, masOS X, and Android)
 * MIME: MIME packets
 * Netware: Novell Netware files
 * QT: Quicktime files
-* SB: StarBasic (Staroffice XML) files
+* SB: StarBasic (StarOffice XML) files
 * SWF: Shockwave Flash files
 * TSQL: MS SQL server files
 * XML: XML files
@ -159,7 +159,7 @@ Used sequentially for every distinct version of a malware family. For example, t
 ## Suffixes
-Provides extra detail about the malware, including how it is used as part of a multicomponent threat. In the example above, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T.
+Provides extra detail about the malware, including how it's used as part of a multicomponent threat. In the preceding example, "!lnk" indicates that the threat component is a shortcut file used by Trojan:Win32/Reveton.T.
 * .dam: damaged malware
 * .dll: Dynamic Link Library component of a malware
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
@ -1,6 +1,6 @@
 ---
-title: Audit Audit the access of global system objects (Windows 10)
+title: Audit the access of global system objects (Windows 10)
-description: Describes the best practices, location, values, and security considerations for the Audit Audit the access of global system objects security policy setting.
+description: Describes the best practices, location, values, and security considerations for the audit of the access to global system objects security policy setting.
 ms.assetid: 20d40a79-ce89-45e6-9bb4-148f83958460
 ms.reviewer: 
 ms.author: dansimp
@ -29,11 +29,11 @@ Describes the best practices, location, values, and security considerations for
 If you enable this policy setting, a default system access control list (SACL) is applied when the device creates system objects such as mutexes, events, semaphores, and MS-DOS® devices. If you also enable the [Audit object access](../auditing/basic-audit-object-access.md) audit setting, access to these system objects is audited.
-Global system objects, also known as "base system objects" or "base named objects," are temporary kernel objects that have had names assigned to them by the application or system component that created them. These objects are most commonly used to synchronize multiple applications or multiple parts of a complex application. Because they have names, these objects are global in scope and, therefore, visible to all processes on the device. These objects all have a security descriptor; but typically, they do not have a NULL SACL. If you enable this policy setting and it takes effect at startup time, the kernel assigns a SACL to these objects when they are created.
+Global system objects, also known as "base system objects" or "base named objects", are temporary kernel objects that have had names assigned to them by the application or system component that created them. These objects are most commonly used to synchronize multiple applications or multiple parts of a complex application. Because they have names, these objects are global in scope and, therefore, visible to all processes on the device. These objects all have a security descriptor; but typically, they don't have a NULL SACL. If you enable this policy setting and it takes effect at startup time, the kernel assigns a SACL to these objects when they're created.
-The threat is that a globally visible named object, if incorrectly secured, might be acted on by a malicious program that knows the name of the object. For instance, if a synchronization object such as a mutex has a poorly constructed discretionary access control list (DACL), a malicious program can access that mutex by name and cause the program that created it to malfunction. However, the risk of this occurring is very low.
+The threat is that a globally visible-named object, if incorrectly secured, might be acted on by a malicious program that knows the name of the object. For instance, if a synchronization object such as a mutex has a poorly constructed discretionary access control list (DACL), a malicious program can access that mutex by name and cause the program that created it to malfunction. However, the risk of this occurring is very low.
-Enabling this policy setting can generate a large number of security events, especially on busy domain controllers and application servers. This might cause servers to respond slowly and force the security log to record numerous events of little significance. Auditing for access to global system objects is an all-or-nothing affair; there is no way to filter which events get recorded and which do not. Even if an organization has the resources to analyze events generated when this policy setting is enabled, it is unlikely to have the source code or a description of what each named object is used for; therefore, it is unlikely that many organizations could benefit from enabling this policy setting.
+Enabling this policy setting can generate a large number of security events, especially on busy domain controllers and application servers. This might cause servers to respond slowly and force the security log to record numerous events of little significance. Auditing for access to global system objects is an all-or-nothing affair; there's no way to filter which events get recorded and which don't. Even if an organization has the resources to analyze events generated when this policy setting is enabled, it's unlikely to have the source code or a description of what each named object is used for; therefore, it's unlikely that many organizations could benefit from enabling this policy setting.
 ### Possible values
@ -53,7 +53,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
-| Server type or GPO | Default value |
+| Server type or Group Policy Object (GPO) | Default value |
 | - | - |
 | Default Domain Policy | Not defined | 
 | Default Domain Controller Policy | Not defined | 
@ -76,7 +76,7 @@ All auditing capabilities are integrated in Group Policy. You can configure, dep
 ### Auditing
-To audit attempts to access global system objects, you can use one of two security audit policy settings:
+To audit the attempts to access global system objects, you can use one of the two security audit policy settings:
 -   [Audit Kernel Object](../auditing/audit-kernel-object.md) in Advanced Security Audit Policy Settings\\Object Access
 -   [Audit Object Access](../auditing/basic-audit-object-access.md) under Security Settings\\Local Policies\\Audit Policy
@ -119,7 +119,7 @@ Enable the **Audit: Audit the access of global system objects** setting.
 ### Potential impact
-If you enable the **Audit: Audit the access of global system objects** setting, a large number of security events could be generated, especially on busy domain controllers and application servers. Such an occurrence could cause servers to respond slowly and force the Security log to record numerous events of little significance. This policy setting can only be enabled or disabled, and there is no way to choose which events are recorded from this setting. Even organizations that have the resources to analyze events that are generated by this policy setting are not likely to have the source code or a description of what each named object is used for. Therefore, it is unlikely that most organizations would benefit by enabling this policy setting.
+If you enable the **Audit: Audit the access of global system objects** setting, a large number of security events could be generated, especially on busy domain controllers and application servers. Such an occurrence could cause servers to respond slowly and force the Security log to record numerous events of little significance. This policy setting can only be enabled or disabled, and there's no way to choose which events are recorded from this setting. Even organizations that have the resources to analyze events that are generated by this policy setting aren't likely to have the source code or a description of what each named object is used for. Therefore, it's unlikely that most organizations would benefit by enabling this policy setting.
 To reduce the number of audit events generated, use the advanced audit policy.
 ## Related topics
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
@ -28,7 +28,7 @@ In November 2018, we added functionality in Microsoft Defender for Endpoint that
 Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”. 
 This capability is supported beginning with Windows version 1607.
-Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
+Here's a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
 ```
 DeviceEvents
@ -41,6 +41,6 @@ ActionType startswith "AppControl"
 The query results can be used for several important functions related to managing WDAC including:
 - Assessing the impact of deploying policies in audit mode 
-  Since applications still run in audit mode, it is an ideal way to see the impact and correctness of the rules included in the policy. Integrating the generated events with Advanced hunting makes it much easier to have broad deployments of audit mode policies and see how the included rules would impact those systems in real world usage. This audit mode data will help streamline the transition to using policies in enforced mode.
+  Since applications still run in audit mode, it's an ideal way to see the impact and correctness of the rules included in the policy. Integrating the generated events with Advanced hunting makes it much easier to have broad deployments of audit mode policies and see how the included rules would impact those systems in real-world usage. This audit mode data will help streamline the transition to using policies in enforced mode.
 - Monitoring blocks from policies in enforced mode
  Policies deployed in enforced mode may block executables or scripts that fail to meet any of the included allow rules. Legitimate new applications and updates or potentially unwanted or malicious software could be blocked. In either case, the Advanced hunting queries report the blocks for further investigation. 
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@ -91,54 +91,52 @@ This can only be done in Group Policy.
 > You can use the following registry key and DWORD value to **Hide not-critical notifications**.
 >**[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]**
     **"DisableEnhancedNotifications"=dword:00000001**
 ## Notifications
-| Purpose | Notification text | Toast Identifier | Critical? |
+| Purpose | Notification text | Toast Identifier | Critical? |Notification Toggle|
-|---------|------------------|-------------|-----------|
+|---------|------------------|-------------|-----------|---------|
-| Network isolation | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. | SENSE_ISOLATION | Yes |
+| Network isolation | Your IT administrator has caused Windows Defender to disconnect your device. Contact IT help desk. | SENSE_ISOLATION | Yes |Firewall and network protection notification|
-| Network isolation customized | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_. | SENSE_ISOLATION_CUSTOM (body) | Yes |
+| Network isolation customized | _Company name_ has caused Windows Defender to disconnect your device. Contact IT help desk _phone number_, _email address_, _url_. | SENSE_ISOLATION_CUSTOM (body) | Yes |Firewall and network protection notification|
-| Restricted access | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION | Yes |
+| Restricted access | Your IT administrator has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION | Yes |Firewall and network protection notification|
-| Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes |
+| Restricted access customized | _Company_ has caused Windows Defender to limit actions on this device. Some apps may not function as expected. Contact IT help desk. | SENSE_PROCESS_RESTRICTION_CUSTOM (body) | Yes |Firewall and network protection notification|
-| HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes |
+| HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes |Firewall and network protection notification|
-| HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes |
+| HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes |Firewall and network protection notification|
-| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes |
+| Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes |Virus & threat protection notification|
-| Remediation failure | Microsoft Defender Antivirus couldn’t completely resolve potential threats. | CLEAN_FAILED | Yes |
+| Remediation failure | Microsoft Defender Antivirus couldn’t completely resolve potential threats. | CLEAN_FAILED | Yes |Virus & threat protection notification|
-| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Please restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes |
+| Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Please restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes |Virus & threat protection notification|
-| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Please restart your device. | WDAV_REBOOT | Yes |
+| Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Please restart your device. | WDAV_REBOOT | Yes |Virus & threat protection notification|
-| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Please run a full scan of your device. | FULLSCAN_REQUIRED | Yes |
+| Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Please run a full scan of your device. | FULLSCAN_REQUIRED | Yes |Virus & threat protection notification|
-| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes |
+| Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes |Virus & threat protection notification|
-| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won’t be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |
+| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won’t be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |Virus & threat protection notification|
-| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |
+| OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
-| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |
+| Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
-| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |
+| Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
-| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus did not find any threats since your last summary.  Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |
+| Summary notification, **no** items found, scans performed | Microsoft Defender Antivirus did not find any threats since your last summary.  Your device was scanned _n_ times. | RECAP_NO THREATS_SCANNED | No |Virus & threat protection notification|
-| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus did not find any threats since your last summary. | RECAP_NO_THREATS | No |
+| Summary notification, **no** items found, no scans | Microsoft Defender Antivirus did not find any threats since your last summary. | RECAP_NO_THREATS | No |Virus & threat protection notification|
-| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |
+| Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
-| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_.  No threats were found. | RECENT_SCAN_NO_THREATS | No |
+| Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_.  No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
-| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |
+| Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
-| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device.  You’re also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |
+| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device.  You’re also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
-| Long running BaFS | Your IT administrator  requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS | No |
+| Long running BaFS | Your IT administrator  requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
-| Long running BaFS customized | _Company_ requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |
+| Long running BaFS customized | _Company_ requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
-| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |
+| Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
-| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |
+| Sense detection customized | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
-| Ransomware specific detection | Microsoft Defender Antivirus has detected threats which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |
+| Ransomware specific detection | Microsoft Defender Antivirus has detected threats which may include ransomware. | WDAV_RANSOMWARE_DETECTED | No |Virus & threat protection notification|
-| ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No |
+| ASR (HIPS) block | Your IT administrator caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED | No |Firewall and network protection notification|
-| ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No |
+| ASR (HIPS) block customized | _Company_ caused Windows Defender Security Center to block this action. Contact your IT help desk. | HIPS_ASR_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No |
+| CFA (FolderGuard) block | Controlled folder access blocked _process_ from making changes to the folder _path_ | FOLDERGUARD_BLOCKED | No |Firewall and network protection notification|
-| Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No |
+| Network protect (HIPS) network block customized | _Company_ caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No |
+| Network protection (HIPS) network block | Your IT administrator caused Windows Defender Security Center to block this network connection. Contact your IT help desk. | HIPS_NETWORK_BLOCKED | No |Firewall and network protection notification|
-| PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No |
+| PUA detection, not blocked | Your settings cause the detection of any app that might perform unwanted actions on your computer. | PUA_DETECTED | No |Firewall and network protection notification|
-| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No |
+| PUA notification | Your IT settings caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED | No |Firewall and network protection notification|
-| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No |
+| PUA notification, customized | _Company_ caused Microsoft Defender Antivirus to block an app that may potentially perform unwanted actions on your device. | PUA_BLOCKED_CUSTOM (body) | No |Firewall and network protection notification|
-| Network isolation ended |  |  | No |
+| Network isolation ended |  |  | No |Firewall and network protection notification|
-| Network isolation ended, customized |  |  | No |
+| Network isolation ended, customized |  |  | No |Firewall and network protection notification|
-| Restricted access ended |  |  | No |
+| Restricted access ended |  |  | No |Firewall and network protection notification|
-| Restricted access ended, customized |  |  | No |
+| Restricted access ended, customized |  |  | No |Firewall and network protection notification|
-| Dynamic lock on, but bluetooth off |  |  | No |
+| Dynamic lock on, but bluetooth off |  |  | No |Account protection notification|
-| Dynamic lock on, bluetooth on, but device unpaired |  |  | No |
+| Dynamic lock on, bluetooth on, but device unpaired |  |  | No |Account protection notification|
-| Dynamic lock on, bluetooth on, but unable to detect device |  |  | No |
+| Dynamic lock on, bluetooth on, but unable to detect device |  |  | No |Account protection notification|
-| NoPa or federated no hello |  |  | No |
+| NoPa or federated no hello |  |  | No |Account protection notification|
-| NoPa or federated hello broken |  |  | No |
+| NoPa or federated hello broken |  |  | No |Account protection notification|
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@ -67,7 +67,7 @@ To defend against this, two techniques are used:
 - Paging protection to prevent inappropriate access to code and data
 - SMM hardware supervision and attestation
-Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been assigned. 
+Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that hasn't been assigned. 
 A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to. 
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
@ -78,7 +78,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic
 |For Intel&reg; vPro&trade; processors starting with Intel&reg; Coffeelake, Whiskeylake, or later silicon|Description|
 |--------|-----------|
-|64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
+|64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more information about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more information about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
 |Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs aren't supported, except Intel chips that support Platform Trust Technology (PTT), which is a type of integrated hardware TPM that meets the TPM 2.0 spec.|
 |Windows DMA Protection|Platforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).|
 |SMM communication buffers| All SMM communication buffers must be implemented in EfiRuntimeServicesData, EfiRuntimeServicesCode, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types. |
@ -99,4 +99,4 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic
 |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. |
 > [!NOTE]
-> For more details around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).
+> For more information around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).