Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client

2025-05-18 16:27:22 +00:00 · 2019-01-22 10:56:21 -08:00 · 2019-01-22 10:56:21 -08:00 · b629fbb409
commit b629fbb409
parent 53be6303dc 303683be18
36 changed files with 778 additions and 147 deletions
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@ -10,7 +10,9 @@
 ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
 #### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
 #### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
 ### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
 ### [Battery Limit setting](battery-limit.md)
 ### [Surface Brightness Control](microsoft-surface-brightness-control.md)
 ## [Surface firmware and driver updates](update.md)
 ### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
 ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
--- a/devices/surface/battery-limit.md
+++ b/devices/surface/battery-limit.md
@ -11,7 +11,7 @@ ms.author: jdecker
 ms.topic: article
 ---
-# Battery Limit settings
+# Battery Limit setting
 Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in  cases  in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions.  
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@ -17,8 +17,11 @@ This topic lists new and updated topics in the Surface documentation library.
 New or changed topic | Description
 --- | ---
 [Surface Brightness Control](microsoft-surface-brightness-control.md) | New
 [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New
 |[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2  |
 ## November 2018
 New or changed topic | Description
--- a/devices/surface/images/powerintrofig1.png
+++ b/devices/surface/images/powerintrofig1.png
--- a/devices/surface/images/powerintrofig1a.png
+++ b/devices/surface/images/powerintrofig1a.png
--- a/devices/surface/images/powerintrofig2.png
+++ b/devices/surface/images/powerintrofig2.png
--- a/devices/surface/images/powerintrofig2a.png
+++ b/devices/surface/images/powerintrofig2a.png
--- a/devices/surface/images/powerintrofig3.png
+++ b/devices/surface/images/powerintrofig3.png
--- a/devices/surface/images/powerintrofig4.png
+++ b/devices/surface/images/powerintrofig4.png
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@ -0,0 +1,155 @@
 ---
 title: Maintain optimal power settings 
 description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. 
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: coveminer
 ms.author: v-jokai
 ms.topic: article
 ms.date: 01/17/2019
 ---
 # Maintain optimal power settings on Surface devices
 Surface devices are designed to take advantage of the latest advances in
 mobile device energy consumption to deliver a streamlined experience
 optimized across workloads. Depending on what you’re doing, Surface
 dynamically fine tunes how power flows to individual hardware
 components, momentarily waking up system components to handle background
 tasks -- such as an incoming email or network traffic -- before returning to a
 low power idle state (S0ix).
 The way Surface implements power management differs significantly from
 the earlier OS standard that gradually reduces and turns off power via a
 series of sleep states (S1, S2, S3).
 Instead, Surface is imaged with a custom power profile that replaces
 legacy sleep and energy consumption functionality with modern standby
 features and dynamic fine tuning. This custom power profile is
 implemented via the Surface Serial Hub Driver and the system aggregator
 module (SAM). The SAM chip functions as the Surface device power-policy
 owner, using algorithms to calculate optimal power requirements. It
 works in conjunction with Windows power manager to allocate or throttle
 only the exact amount of power required for hardware components to
 function.
 ## Modern Standby
 The algorithmically embedded custom power profile enables modern standby
 connectivity for Surface by maintaining a low power state for
 instant on/instant off functionality typical of smartphones. S0ix, also
 known as Deepest Runtime Idle Platform State (DRIPS), is the default
 power mode for Surface devices. Modern standby has two modes:
  - **Connected standby.** The default mode for up-to-the minute
    delivery of emails, messaging, and cloud-synced data, connected
    standby keeps Wi-Fi on and maintains network connectivity.
  - **Disconnected standby.** An optional mode for extended battery
    life, disconnected standby delivers the same instant-on experience
    and saves power by turning off Wi-Fi, Bluetooth, and related network
    connectivity.
 To learn more about modern standby, refer to the [Microsoft Hardware Dev
 Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources).
 ## How Surface streamlines the power management experience 
 Surface integrates the following features designed to help users
 optimize the power management experience:
  - [Singular power plan](#singular-power-plan)
  - [Simplified power settings user
    interface](#simplified-power-settings-user-interface)
  - [Windows performance power
    slider](#windows-performance-power-slider)
 ### Singular power plan
 Surface is designed for a streamlined power management experience that
 eliminates the need to create custom power plans or manually configure
 power settings. Microsoft streamlines the user
 experience by delivering a single power plan (balanced) that replaces
 the multiple power plans from standard Windows builds.
 ### Simplified power settings user interface
 Surface provides a simplified UI in accord with best practice power
 setting recommendations. In general, it's recommended to only adjust settings visible in the default user interface and avoid configuring advanced power settings or Group Policy settings. Using the default screen and sleep timeouts while avoiding maximum
 brightness levels are the most effective ways for users to maintain
 extended battery life.
 ![Figure 1. Simplified power & sleep settings](images/powerintrofig1.png)
 Figure 1. Simplified power and sleep settings
 ### Windows performance power slider
 Surface devices running Windows 10 build 1709 and later include a power
 slider allowing you to prioritize battery life when needed or favor performance if desired. You
 can access the power slider from the taskbar by clicking on the battery
 icon. Slide left for longer battery life (battery saver mode) or slide
 right for faster performance.
 ![Figure 2. Power slider](images/powerintrofig2a.png)
 Figure 2. Power slider
 Power slider enables four states as described in the following table:
 | Slider mode| Description |
 |---|---|
 | Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/battery-saver).|
 | Recommended | Delivers longer battery life than the default settings in earlier versions of Windows. |
 | Better Performance | Slightly favors performance over battery life, functioning as the default slider mode. |
 | Best Performance | Favors performance over power for workloads requiring maximum performance and responsiveness, regardless of battery power consumption.|
 Power slider modes directly control specific hardware components shown
 in the following table.
 | Component | Slider functionality |
 |---|---|
 | Intel Speed Shift (CPU energy registers) and Energy Performance Preference hint. | Selects the best operating frequency and voltage for optimal performance and power. The Energy Performance Preference (PERFEPP) is a global power efficiency hint to the CPU. |
 | Fan speed (RPM)| Where applicable, adjusts for changing conditions such as keeping fan silent in battery saver slider mode.|
 | Processor package power limits (PL1/PL2).| Requires the CPU to manage its frequency choices to accommodate a running average power limit for both steady state (PL1) and turbo (PL2) workloads.|
 | Processor turbo frequency limits (IA turbo limitations). | Adjusts processor and graphics performance allowing processor cores to run faster or slower than the rated operating frequency.                                                |
 >[!NOTE]
 >The power slider is entirely independent of operating system power settings whether configured from Control Panel/ Power Options, Group Policy, or related methods.
 To learn more, see:
 -   [Customize the Windows performance power
    slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider)
 -   [Battery
    saver.](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
 ## Best practices for extended battery life
 | Best practice | Go to | Next steps |
 |---|---|---|                                                                                                                                    
 | Ensure your Surface device is up to date| Windows Update | In the taskbar search box, type **Windows Update** and select **Check for updates**. |
 | Choose the best power setting for what you’re doing | Power slider | In the taskbar, select the battery icon, then choose **Best performance**, **Best battery life**, or somewhere in between.|
 | Conserve battery when it’s low | Battery saver | In the taskbar, select the battery icon and click **Battery settings**. Select **Turn battery saver on automatically if my battery falls below** and then move the slider further to the right for longer battery life. |
 | Configure optimal screen brightness | Battery saver | In the taskbar, select the battery icon and click **Battery settings**, select **Lower screen brightness while in battery saver**. |
 | Conserve power whenever you’re not plugged in | Battery saver| Select **Turn on battery saver status until next charge**.|
 | Investigate problems with your power settings. | Power troubleshooter | In the Taskbar search for troubleshoot, select **Troubleshoot**, and then select **Power** and follow the instructions.|
 | Check app usage | Your apps | Close apps.|
 | Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.|
 # Learn more 
 -   [Modern
    standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources)
 <!-- -->
 -   [Customize the Windows performance power
    slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider)
 -   [Battery
    saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@ -0,0 +1,64 @@
 ---
 title: Surface Brightness Control
 description: This topic describes how you can use the Surface Brightness Control app to manage display brightness in point-of-sale and kiosk scenarios.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: coveminer
 ms.author: jdecker
 ms.topic: article
 ms.date: 1/15/2019
 ---
 # Surface Brightness Control
 When deploying Surface devices in point of sale or other “always-on”
 kiosk scenarios, you can optimize power management using the new Surface
 Brightness Control app.
 Available for download with [Surface Tools for
 IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is
 designed to help reduce thermal load and lower the overall carbon
 footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
 includes the following configuration options:
  - Period of inactivity before dimming the display.
  - Brightness level when dimmed.
  - Maximum brightness level when in use.
 **To run Surface Brightness Control:**
  - Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
    will begin working immediately.
 ## Configuring Surface Brightness Control
 You can adjust the default values via the Windows Registry. For more
 information about using the Windows Registry, refer to the [Registry
 documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
 1.  Run regedit from a command prompt to open the Windows Registry
    Editor.
      - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
        Brightness Control\	
 | Registry Setting | Data| Description  
 |-----------|------------|---------------
 | Brightness Control Enabled  |  Default: 01  <br> Option: 01, 00 |  This setting allows you to turn Surface Brightness Control on or off. To disable Surface Brightness Control, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
 | Brightness Control On Power Enabled| Default: 01 <br> Options: 01, 00 | This setting allows you to turn off Surface Brightness Control when the device is directly connected to power. To disable Surface Brightness Control when power is plugged in, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
 | Dimmed Brightness   | Default: 20  <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer | This setting allows you to manage brightness range during periods of inactivity. If you do not configure this setting, the brightness level will drop to 20 percent of full brightness after 30 seconds of inactivity. |
 Full Brightness   | Default: 100  <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer | This setting allows you to manage the maximum brightness range for the device. If you do not configure this setting, the maximum brightness range is 100 percent.|  
 | Inactivity Timeout| Default: 30 seconds <br>Option: Any numeric value  <br>Data Type: Integer  | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
 | Telemetry  Enabled | Default: 01 <br>Option: 01, 00  | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |
 ## Related topics
 - [Battery limit setting](battery-limit.md)
--- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
@ -13,32 +13,37 @@ ms.date: 2/16/2018
 # Upgrading to MBAM 2.5 SP1 from MBAM 2.5
 This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 and the MBAM Client from 2.5 to MBAM 2.5 SP1.
-### Before you begin, download the September 2017 servicing release
+### Before you begin
-[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126)
+#### Download the July 2018 servicing release
 [Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=57157)
 #### Verify the installation documentaion
 Verify you have a current documentation of your MBAM environment, including all server names, database names, service accounts and their passwords.
 ### Upgrade steps
 #### Steps to upgrade the MBAM Database (SQL Server)
-1. Using the MBAM Configurator; remove the Reports roll from the SQL server, or wherever the SSRS database is housed (Could be on the same server or  different one, depending on your environment)
+1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one.
 Note: You will not see an option to remove the Databases; this is expected.  
 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site:  <https://www.microsoft.com/Licensing/servicecenter/default.aspx>
 3. Do not configure it at this time 
-4. Install the September Rollup: https://www.microsoft.com/en-us/download/details.aspx?id=56126
+4. Install the July 2018 Rollup: https://www.microsoft.com/download/details.aspx?id=57157
-5. Using the MBAM Configurator; re-add the Reports rollup
+5. Using the MBAM Configurator; re-add the Reports role
 6. This will configure the SSRS connection using the latest MBAM code from the rollup 
-7. Using the MBAM Configurator; re-add the SQL Database roll on the SQL Server.
+7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server.
- At the end, you will be warned that the DBs already exist and  weren’t created, but this is  expected.
+- At the end, you will be warned that the DBs already exist and  weren’t created, but this is expected.
 - This process updates the existing databases to the current version  being installed                  
 #### Steps to upgrade the MBAM Server (Running MBAM and IIS)
 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from  the IIS server
 2. Install MBAM 2.5 SP1
 3. Do not configure it at this time  
-4. Install the September 2017 Rollup on the IIS server(https://www.microsoft.com/en-us/download/details.aspx?id=56126)
+4. Install the July 2018 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=57157)
 5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
-6. This will configure the sites using the latest MBAM code from the June  Rollup
+6. This will configure the sites using the latest MBAM code from the July 2018 Rollup
 - Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
 #### Steps to upgrade the MBAM Clients/Endpoints
 1. Uninstall the 2.5 Agent from client endpoints
 2. Install the 2.5 SP1 Agent on the client endpoints
-3. Push out the September Rollup Client update to clients running the 2.5 SP1 Agent 
+3. Push out the July 2018 Rollup Client update to clients running the 2.5 SP1 Agent 
-4. There is no need to uninstall existing client prior to installing the September Rollup.  
+4. There is no need to uninstall the existing client prior to installing the July 2018 Rollup.  
--- a/windows/client-management/images/bugcheck-analysis.png
+++ b/windows/client-management/images/bugcheck-analysis.png
--- a/windows/client-management/images/windbg.png
+++ b/windows/client-management/images/windbg.png
--- a/windows/client-management/troubleshoot-stop-errors.md
+++ b/windows/client-management/troubleshoot-stop-errors.md
@ -8,7 +8,6 @@ ms.topic: troubleshooting
 author: kaushika-msft
 ms.localizationpriority: medium
 ms.author: kaushika
 ms.date: 12/19/2018
 ---
 # Advanced troubleshooting for Stop error or blue screen error issue
@ -43,6 +42,7 @@ To troubleshoot Stop error messages, follow these general steps:
    a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
    - [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
    - [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
    - [Windows 10, version 1709](https://support.microsoft.com/help/4043454)
    - [Windows 10, version 1703](https://support.microsoft.com/help/4018124)
@ -120,21 +120,84 @@ Finding the root cause of the crash may not be easy. Hardware problems are espec
 When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause.
-You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs.
+You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs. The next section discusses how to use this tool.
 ## Advanced troubleshooting steps
 >[!NOTE]
 >Advanced troubleshooting of crash dumps can be very challenging if you are not experienced with programming and internal Windows mechanisms. We have attempted to provide a brief insight here into some of the techniques used, including some examples. However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. For a video overview, see [Advanced Windows Debugging](https://channel9.msdn.com/Blogs/Charles/Advanced-Windows-Debugging-An-Introduction) and [Debugging Kernel Mode Crashes and Hangs](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps). Also see the advanced references listed below.
 ### Advanced debugging references
 [Advanced Windows Debugging](https://www.amazon.com/Advanced-Windows-Debugging-Mario-Hewardt/dp/0321374460)<br>
 [Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)](https://docs.microsoft.com/windows-hardware/drivers/debugger/index)
 ### Debugging steps
 1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps [here](troubleshoot-windows-freeze.md#method-1-memory-dump) for more information. 
 2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
 3. On the other computer, download the [Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
 4. Start the install and choose **Debugging Tools for Windows**. This will install the WinDbg tool.
 5. Open the WinDbg tool and set the symbol path by clicking **File** and then clicking **Symbol File Path**.<br>
    a. If the computer is connected to the Internet, enter the [Microsoft public symbol server](https://docs.microsoft.com/windows-hardware/drivers/debugger/microsoft-public-symbols) (https://msdl.microsoft.com/download/symbols) and click **OK**. This is the recommended method.<br>
    b. If the computer is not connected to the Internet, you must specify a local [symbol path](https://docs.microsoft.com/en-in/windows-hardware/drivers/debugger/symbol-path).
 6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below.
    ![WinDbg](images/windbg.png)
 7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page.
 8. A detailed bugcheck analysis will appear. See the example below.
    ![Bugcheck analysis](images/bugcheck-analysis.png)
 9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
 10. See [Using the !analyze Exension](https://docs.microsoft.com/windows-hardware/drivers/debugger/using-the--analyze-extension) for details about how to interpret the STACK_TEXT output.
 There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:
 (HEX data is removed here and lines are numbered for clarity)
 ```
 1  : nt!KeBugCheckEx
 2  : nt!PspCatchCriticalBreak+0xff
 3  : nt!PspTerminateAllThreads+0x1134cf
 4  : nt!PspTerminateProcess+0xe0
 5  : nt!NtTerminateProcess+0xa9
 6  : nt!KiSystemServiceCopyEnd+0x13
 7  : nt!KiServiceLinkage
 8  : nt!KiDispatchException+0x1107fe
 9  : nt!KiFastFailDispatch+0xe4
 10 : nt!KiRaiseSecurityCheckFailure+0x3d3
 11 : ntdll!RtlpHpFreeWithExceptionProtection$filt$0+0x44
 12 : ntdll!_C_specific_handler+0x96
 13 : ntdll!RtlpExecuteHandlerForException+0xd
 14 : ntdll!RtlDispatchException+0x358
 15 : ntdll!KiUserExceptionDispatch+0x2e
 16 : ntdll!RtlpHpVsContextFree+0x11e
 17 : ntdll!RtlpHpFreeHeap+0x48c
 18 : ntdll!RtlpHpFreeWithExceptionProtection+0xda
 19 : ntdll!RtlFreeHeap+0x24a
 20 : FWPolicyIOMgr!FwBinariesFree+0xa7c2
 21 : mpssvc!FwMoneisDiagEdpPolicyUpdate+0x1584f
 22 : mpssvc!FwEdpMonUpdate+0x6c
 23 : ntdll!RtlpWnfWalkUserSubscriptionList+0x29b
 24 : ntdll!RtlpWnfProcessCurrentDescriptor+0x105
 25 : ntdll!RtlpWnfNotificationThread+0x80
 26 : ntdll!TppExecuteWaitCallback+0xe1
 27 : ntdll!TppWorkerThread+0x8d0
 28 : KERNEL32!BaseThreadInitThunk+0x14
 29 : ntdll!RtlUserThreadStart+0x21
 ```
 The problem here is with **mpssvc** which is a component of the Windows Firewall. The problem was repaired by disabling the firewall temporarily and then resetting firewall policies. 
 Additional examples are provided in the [Debugging examples](#debugging-examples) section at the bottom of this article.
 ## Video resources
-The following videos illustrate various troubleshooting techniques on analyzing dump file.
+The following videos illustrate various troubleshooting techniques for analyzing dump files.
 - [Analyze Dump File](https://www.youtube.com/watch?v=s5Vwnmi_TEY)
 - [Installing Debugging Tool for Windows (x64 and x86)](https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-Building-your-USB-thumbdrive/player#time=22m29s:paused)
 - [Debugging kernel mode crash memory dumps](https://channel9.msdn.com/Shows/Defrag-Tools/DefragTools-137-Debugging-kernel-mode-dumps)
 - [Special Pool](https://www.youtube.com/watch?v=vHXYS9KdU1k)
 ## Advanced troubleshooting using Driver Verifier
 We estimate that about 75 percent of all Stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further.
@ -170,8 +233,343 @@ KMODE_EXCEPTION_NOT_HANDLED <br>Stop error code 0x0000001E | If a driver is iden
 DPC_WATCHDOG_VIOLATION <br>Stop error code 0x00000133 | This Stop error code is caused by a faulty driver that does not complete its work within the allotted time frame in certain conditions. To enable us to help mitigate this error, collect the memory dump file from the system, and then use the Windows Debugger to find the faulty driver. If a driver is identified in the Stop error message, disable the driver to isolate the problem. Check with the manufacturer for driver updates. Check the system log in Event Viewer for additional error messages that might help identify the device or driver that is causing Stop error 0x133. Verify that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications. If Windows Debugger is installed, and you have access to public symbols, you can load the c:\windows\memory.dmp file into the Debugger, and then refer to [Determining the source of Bug Check 0x133 (DPC_WATCHDOG_VIOLATION) errors on Windows Server 2012](https://blogs.msdn.microsoft.com/ntdebugging/2012/12/07/determining-the-source-of-bug-check-0x133-dpc_watchdog_violation-errors-on-windows-server-2012/) to find the problematic driver from the memory dump.  
 USER_MODE_HEALTH_MONITOR <br>Stop error code 0x0000009E		| This Stop error indicates that a user-mode health check failed in a way that prevents graceful shutdown. Therefore, Windows restores critical services by restarting or enabling application failover to other servers. The Clustering Service incorporates a detection mechanism that may detect unresponsiveness in user-mode components.<br>This Stop error usually occurs in a clustered environment, and the indicated faulty driver is RHS.exe.Check the event logs for any storage failures to identify the failing process.Try to update the component or process that is indicated in the event logs. You should see the following event recorded:<br>Event ID: 4870<br>Source: Microsoft-Windows-FailoverClustering<br>Description: User mode health monitoring has detected that the system is not being responsive. The Failover cluster virtual adapter has lost contact with the Cluster Server process with a process ID ‘%1’, for ‘%2’ seconds. Recovery action will be taken. Review the Cluster logs to identify the process and investigate which items might cause the process to hang. <br />For more information, see ["Why is my Failover Clustering node blue screening with a Stop 0x0000009E?"](https://blogs.technet.microsoft.com/askcore/2009/06/12/why-is-my-failover-clustering-node-blue-screening-with-a-stop-0x0000009e) Also, see the following Microsoft video [What to do if a 9E occurs](https://www.youtube.com/watch?v=vOJQEdmdSgw).
 ## Debugging examples
 ### Example 1
 This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver).  The **IMAGE_NAME** will tell you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.
 ```
 2: kd> !analyze -v
 *******************************************************************************
 *                                                                             *
 *                        Bugcheck Analysis                                    *
 *                                                                             *
 *******************************************************************************
 DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
 An attempt was made to access a pageable (or completely invalid) address at an
 interrupt request level (IRQL) that is too high.  This is usually
 caused by drivers using improper addresses.
 If kernel debugger is available get stack backtrace.
 Arguments:
 Arg1: 000000000011092a, memory referenced
 Arg2: 0000000000000002, IRQL
 Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
 Arg4: fffff807aa74f4c4, address which referenced memory
 Debugging Details:
 ------------------
 KEY_VALUES_STRING: 1
 STACKHASH_ANALYSIS: 1
 TIMELINE_ANALYSIS: 1
 DUMP_CLASS: 1
 DUMP_QUALIFIER: 400
 SIMULTANEOUS_TELSVC_INSTANCES:  0
 SIMULTANEOUS_TELWP_INSTANCES:  0
 BUILD_VERSION_STRING:  16299.15.amd64fre.rs3_release.170928-1534
 SYSTEM_MANUFACTURER:  Alienware
 SYSTEM_PRODUCT_NAME:  Alienware 15 R2
 SYSTEM_SKU:  Alienware 15 R2
 SYSTEM_VERSION:  1.2.8
 BIOS_VENDOR:  Alienware
 BIOS_VERSION:  1.2.8
 BIOS_DATE:  01/29/2016
 BASEBOARD_MANUFACTURER:  Alienware
 BASEBOARD_PRODUCT:  Alienware 15 R2
 BASEBOARD_VERSION:  A00
 DUMP_TYPE:  2
 BUGCHECK_P1: 11092a
 BUGCHECK_P2: 2
 BUGCHECK_P3: 1
 BUGCHECK_P4: fffff807aa74f4c4
 WRITE_ADDRESS: fffff80060602380: Unable to get MiVisibleState
 Unable to get NonPagedPoolStart
 Unable to get NonPagedPoolEnd
 Unable to get PagedPoolStart
 Unable to get PagedPoolEnd
 000000000011092a 
 CURRENT_IRQL:  2
 FAULTING_IP: 
 NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
 fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx
 CPU_COUNT: 8
 CPU_MHZ: a20
 CPU_VENDOR:  GenuineIntel
 CPU_FAMILY: 6
 CPU_MODEL: 5e
 CPU_STEPPING: 3
 CPU_MICROCODE: 6,5e,3,0 (F,M,S,R)  SIG: BA'00000000 (cache) BA'00000000 (init)
 BLACKBOXPNP: 1 (!blackboxpnp)
 DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 BUGCHECK_STR:  AV
 PROCESS_NAME:  System
 ANALYSIS_SESSION_HOST:  SHENDRIX-DEV0
 ANALYSIS_SESSION_TIME:  01-17-2019 11:06:05.0653
 ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
 TRAP_FRAME:  ffffa884c0c3f6b0 -- (.trap 0xffffa884c0c3f6b0)
 NOTE: The trap frame does not contain all registers.
 Some register values may be zeroed or incorrect.
 rax=fffff807ad018bf0 rbx=0000000000000000 rcx=000000000011090a
 rdx=fffff807ad018c10 rsi=0000000000000000 rdi=0000000000000000
 rip=fffff807aa74f4c4 rsp=ffffa884c0c3f840 rbp=000000002408fd00
 r8=ffffb30e0e99ea30  r9=0000000001d371c1 r10=0000000020000080
 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
 r14=0000000000000000 r15=0000000000000000
 iopl=0         nv up ei ng nz na pe nc
 NDIS!NdisQueueIoWorkItem+0x4:
 fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx ds:00000000`0011092a=????????????????
 Resetting default scope
 LAST_CONTROL_TRANSFER:  from fffff800603799e9 to fffff8006036e0e0
 STACK_TEXT:  
 ffffa884`c0c3f568 fffff800`603799e9 : 00000000`0000000a 00000000`0011092a 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx [minkernel\ntos\ke\amd64\procstat.asm @ 134] 
 ffffa884`c0c3f570 fffff800`60377d7d : fffff78a`4000a150 ffffb30e`03fba001 ffff8180`f0b5d180 00000000`000000ff : nt!KiBugCheckDispatch+0x69 [minkernel\ntos\ke\amd64\trap.asm @ 2998] 
 ffffa884`c0c3f6b0 fffff807`aa74f4c4 : 00000000`00000002 ffff8180`f0754180 00000000`00269fb1 ffff8180`f0754180 : nt!KiPageFault+0x23d [minkernel\ntos\ke\amd64\trap.asm @ 1248] 
 ffffa884`c0c3f840 fffff800`60256b63 : ffffb30e`0e18f710 ffff8180`f0754180 ffffa884`c0c3fa18 00000000`00000002 : NDIS!NdisQueueIoWorkItem+0x4 [minio\ndis\sys\miniport.c @ 9708] 
 ffffa884`c0c3f870 fffff800`60257bfd : 00000000`00000008 00000000`00000000 00000000`00269fb1 ffff8180`f0754180 : nt!KiProcessExpiredTimerList+0x153 [minkernel\ntos\ke\dpcsup.c @ 2078] 
 ffffa884`c0c3f960 fffff800`6037123a : 00000000`00000000 ffff8180`f0754180 00000000`00000000 ffff8180`f0760cc0 : nt!KiRetireDpcList+0x43d [minkernel\ntos\ke\dpcsup.c @ 1512] 
 ffffa884`c0c3fb60 00000000`00000000 : ffffa884`c0c40000 ffffa884`c0c39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a [minkernel\ntos\ke\amd64\idle.asm @ 166] 
 RETRACER_ANALYSIS_TAG_STATUS:  Failed in getting KPCR for core 2
 THREAD_SHA1_HASH_MOD_FUNC:  5b59a784f22d4b5cbd5a8452fe39914b8fd7961d
 THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  5643383f9cae3ca39073f7721b53f0c633bfb948
 THREAD_SHA1_HASH_MOD:  20edda059578820e64b723e466deea47f59bd675
 FOLLOWUP_IP: 
 NDIS!NdisQueueIoWorkItem+4 [minio\ndis\sys\miniport.c @ 9708]
 fffff807`aa74f4c4 48895120        mov     qword ptr [rcx+20h],rdx
 FAULT_INSTR_CODE:  20518948
 FAULTING_SOURCE_LINE:  minio\ndis\sys\miniport.c
 FAULTING_SOURCE_FILE:  minio\ndis\sys\miniport.c
 FAULTING_SOURCE_LINE_NUMBER:  9708
 FAULTING_SOURCE_CODE:  
  9704:     _In_ _Points_to_data_      PVOID                       WorkItemContext
  9705:     )
  9706: {
  9707: 
 > 9708:     ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->Routine = Routine;
  9709:     ((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->WorkItemContext = WorkItemContext;
  9710: 
  9711:     IoQueueWorkItem(((PNDIS_IO_WORK_ITEM)NdisIoWorkItemHandle)->IoWorkItem,
  9712:                     ndisDispatchIoWorkItem,
  9713:                     CriticalWorkQueue,
 SYMBOL_STACK_INDEX:  3
 SYMBOL_NAME:  NDIS!NdisQueueIoWorkItem+4
 FOLLOWUP_NAME:  ndiscore
 MODULE_NAME: NDIS
 IMAGE_NAME:  NDIS.SYS
 DEBUG_FLR_IMAGE_TIMESTAMP:  0
 IMAGE_VERSION:  10.0.16299.99
 DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR:  Hybrid_FALSE
 DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR:  GPU0_VenId0x1414_DevId0x8d_WDDM1.3_Active;
 STACK_COMMAND:  .thread ; .cxr ; kb
 BUCKET_ID_FUNC_OFFSET:  4
 FAILURE_BUCKET_ID:  AV_NDIS!NdisQueueIoWorkItem
 BUCKET_ID:  AV_NDIS!NdisQueueIoWorkItem
 PRIMARY_PROBLEM_CLASS:  AV_NDIS!NdisQueueIoWorkItem
 TARGET_TIME:  2017-12-10T14:16:08.000Z
 OSBUILD:  16299
 OSSERVICEPACK:  98
 SERVICEPACK_NUMBER: 0
 OS_REVISION: 0
 SUITE_MASK:  784
 PRODUCT_TYPE:  1
 OSPLATFORM_TYPE:  x64
 OSNAME:  Windows 10
 OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal
 OS_LOCALE:  
 USER_LCID:  0
 OSBUILD_TIMESTAMP:  2017-11-26 03:49:20
 BUILDDATESTAMP_STR:  170928-1534
 BUILDLAB_STR:  rs3_release
 BUILDOSVER_STR:  10.0.16299.15.amd64fre.rs3_release.170928-1534
 ANALYSIS_SESSION_ELAPSED_TIME:  8377
 ANALYSIS_SOURCE:  KM
 FAILURE_ID_HASH_STRING:  km:av_ndis!ndisqueueioworkitem
 FAILURE_ID_HASH:  {10686423-afa1-4852-ad1b-9324ac44ac96}
 FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=10686423-afa1-4852-ad1b-9324ac44ac96
 Followup:     ndiscore
 ---------
 ```
 ### Example 2
 In this example, a non-Microsoft driver caused page fault, so we don’t have symbols for this driver.  However, looking at **IMAGE_NAME** and or **MODULE_NAME** indicates it’s **WwanUsbMP.sys** that caused the issue.  Disconnecting the device and retrying the upgrade is a possible solution.
 ```
 1: kd> !analyze -v
 *******************************************************************************
 *                                                                             *
 *                        Bugcheck Analysis                                    *
 *                                                                             *
 *******************************************************************************
 PAGE_FAULT_IN_NONPAGED_AREA (50)
 Invalid system memory was referenced.  This cannot be protected by try-except.
 Typically the address is just plain bad or it is pointing at freed memory.
 Arguments:
 Arg1: 8ba10000, memory referenced.
 Arg2: 00000000, value 0 = read operation, 1 = write operation.
 Arg3: 82154573, If non-zero, the instruction address which referenced the bad memory
                address.
 Arg4: 00000000, (reserved)
 Debugging Details:
 ------------------
 *** WARNING: Unable to verify timestamp for WwanUsbMp.sys
 *** ERROR: Module load completed but symbols could not be loaded for WwanUsbMp.sys
 KEY_VALUES_STRING: 1
 STACKHASH_ANALYSIS: 1
 TIMELINE_ANALYSIS: 1
 DUMP_CLASS: 1
 DUMP_QUALIFIER: 400
 BUILD_VERSION_STRING:  16299.15.x86fre.rs3_release.170928-1534
 MARKER_MODULE_NAME:  IBM_ibmpmdrv
 SYSTEM_MANUFACTURER:  LENOVO
 SYSTEM_PRODUCT_NAME:  20AWS07H00
 SYSTEM_SKU:  LENOVO_MT_20AW_BU_Think_FM_ThinkPad T440p
 SYSTEM_VERSION:  ThinkPad T440p
 BIOS_VENDOR:  LENOVO
 BIOS_VERSION:  GLET85WW (2.39 )
 BIOS_DATE:  09/29/2016
 BASEBOARD_MANUFACTURER:  LENOVO
 BASEBOARD_PRODUCT:  20AWS07H00
 BASEBOARD_VERSION:  Not Defined
 DUMP_TYPE:  2
 BUGCHECK_P1: ffffffff8ba10000
 BUGCHECK_P2: 0
 BUGCHECK_P3: ffffffff82154573
 BUGCHECK_P4: 0
 READ_ADDRESS: 822821d0: Unable to get MiVisibleState
 8ba10000 
 FAULTING_IP: 
 nt!memcpy+33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213
 82154573 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
 MM_INTERNAL_CODE:  0
 CPU_COUNT: 4
 CPU_MHZ: 95a
 CPU_VENDOR:  GenuineIntel
 CPU_FAMILY: 6
 CPU_MODEL: 3c
 CPU_STEPPING: 3
 CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 21'00000000 (cache) 21'00000000 (init)
 BLACKBOXBSD: 1 (!blackboxbsd)
 BLACKBOXPNP: 1 (!blackboxpnp)
 DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 BUGCHECK_STR:  AV
 PROCESS_NAME:  System
 CURRENT_IRQL:  2
 ANALYSIS_SESSION_HOST:  SHENDRIX-DEV0
 ANALYSIS_SESSION_TIME:  01-17-2019 10:54:53.0780
 ANALYSIS_VERSION: 10.0.18248.1001 amd64fre
 TRAP_FRAME:  8ba0efa8 -- (.trap 0xffffffff8ba0efa8)
 ErrCode = 00000000
 eax=8ba1759e ebx=a2bfd314 ecx=00001d67 edx=00000002 esi=8ba10000 edi=a2bfe280
 eip=82154573 esp=8ba0f01c ebp=8ba0f024 iopl=0         nv up ei pl nz ac pe nc
 cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010216
 nt!memcpy+0x33:
 82154573 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]
 Resetting default scope
 LOCK_ADDRESS:  8226c6e0 -- (!locks 8226c6e0)
 Cannot get _ERESOURCE type
 Resource @ nt!PiEngineLock (0x8226c6e0)    Available
 1 total locks
 PNP_TRIAGE_DATA: 
                Lock address  : 0x8226c6e0
                Thread Count  : 0
                Thread address: 0x00000000
                Thread wait   : 0x0
 LAST_CONTROL_TRANSFER:  from 82076708 to 821507e8
 STACK_TEXT:  
 8ba0ede4 82076708 00000050 8ba10000 00000000 nt!KeBugCheckEx [minkernel\ntos\ke\i386\procstat.asm @ 114] 
 8ba0ee40 8207771e 8ba0efa8 8ba10000 8ba0eea0 nt!MiSystemFault+0x13c8 [minkernel\ntos\mm\mmfault.c @ 4755] 
 8ba0ef08 821652ac 00000000 8ba10000 00000000 nt!MmAccessFault+0x83e [minkernel\ntos\mm\mmfault.c @ 6868] 
 8ba0ef08 82154573 00000000 8ba10000 00000000 nt!_KiTrap0E+0xec [minkernel\ntos\ke\i386\trap.asm @ 5153] 
 8ba0f024 86692866 a2bfd314 8ba0f094 0000850a nt!memcpy+0x33 [minkernel\crts\crtw32\string\i386\memcpy.asm @ 213] 
 8ba0f040 866961bc 8ba0f19c a2bfd0e8 00000000 NDIS!ndisMSetPowerManagementCapabilities+0x8a [minio\ndis\sys\miniport.c @ 7969] 
 8ba0f060 866e1f66 866e1caf adfb9000 00000000 NDIS!ndisMSetGeneralAttributes+0x23d [minio\ndis\sys\miniport.c @ 8198] 
 8ba0f078 ac50c15f a2bfd0e8 0000009f 00000001 NDIS!NdisMSetMiniportAttributes+0x2b7 [minio\ndis\sys\miniport.c @ 7184] 
 WARNING: Stack unwind information not available. Following frames may be wrong.
 8ba0f270 ac526f96 adfb9000 a2bfd0e8 8269b9b0 WwanUsbMp+0x1c15f
 8ba0f3cc 866e368a a2bfd0e8 00000000 8ba0f4c0 WwanUsbMp+0x36f96
 8ba0f410 867004b0 a2bfd0e8 a2bfd0e8 a2be2a70 NDIS!ndisMInvokeInitialize+0x60 [minio\ndis\sys\miniport.c @ 13834] 
 8ba0f7ac 866dbc8e a2acf730 866b807c 00000000 NDIS!ndisMInitializeAdapter+0xa23 [minio\ndis\sys\miniport.c @ 601] 
 8ba0f7d8 866e687d a2bfd0e8 00000000 00000000 NDIS!ndisInitializeAdapter+0x4c [minio\ndis\sys\initpnp.c @ 931] 
 8ba0f800 866e90bb adfb64d8 00000000 a2bfd0e8 NDIS!ndisPnPStartDevice+0x118 [minio\ndis\sys\configm.c @ 4235] 
 8ba0f820 866e8a58 adfb64d8 a2bfd0e8 00000000 NDIS!ndisStartDeviceSynchronous+0xbd [minio\ndis\sys\ndispnp.c @ 3096] 
 8ba0f838 866e81df adfb64d8 8ba0f85e 8ba0f85f NDIS!ndisPnPIrpStartDevice+0xb4 [minio\ndis\sys\ndispnp.c @ 1067] 
 8ba0f860 820a7e98 a2bfd030 adfb64d8 8ba0f910 NDIS!ndisPnPDispatch+0x108 [minio\ndis\sys\ndispnp.c @ 2429] 
 8ba0f878 8231f07e 8ba0f8ec adf5d4c8 872e2eb8 nt!IofCallDriver+0x48 [minkernel\ntos\io\iomgr\iosubs.c @ 3149] 
 8ba0f898 820b8569 820c92b8 872e2eb8 8ba0f910 nt!PnpAsynchronousCall+0x9e [minkernel\ntos\io\pnpmgr\irp.c @ 3005] 
 8ba0f8cc 820c9a76 00000000 820c92b8 872e2eb8 nt!PnpSendIrp+0x67 [minkernel\ntos\io\pnpmgr\irp.h @ 286] 
 8ba0f914 8234577b 872e2eb8 adf638b0 adf638b0 nt!PnpStartDevice+0x60 [minkernel\ntos\io\pnpmgr\irp.c @ 3187] 
 8ba0f94c 82346cc7 872e2eb8 adf638b0 adf638b0 nt!PnpStartDeviceNode+0xc3 [minkernel\ntos\io\pnpmgr\start.c @ 1712] 
 8ba0f96c 82343c68 00000000 a2bdb3d8 adf638b0 nt!PipProcessStartPhase1+0x4d [minkernel\ntos\io\pnpmgr\start.c @ 114] 
 8ba0fb5c 824db885 8ba0fb80 00000000 00000000 nt!PipProcessDevNodeTree+0x386 [minkernel\ntos\io\pnpmgr\enum.c @ 6129] 
 8ba0fb88 8219571b 85852520 8c601040 8226ba90 nt!PiRestartDevice+0x91 [minkernel\ntos\io\pnpmgr\enum.c @ 4743] 
 8ba0fbe8 820804af 00000000 00000000 8c601040 nt!PnpDeviceActionWorker+0xdb4b7 [minkernel\ntos\io\pnpmgr\action.c @ 674] 
 8ba0fc38 8211485c 85852520 421de295 00000000 nt!ExpWorkerThread+0xcf [minkernel\ntos\ex\worker.c @ 4270] 
 8ba0fc70 82166785 820803e0 85852520 00000000 nt!PspSystemThreadStartup+0x4a [minkernel\ntos\ps\psexec.c @ 7756] 
 8ba0fc88 82051e07 85943940 8ba0fcd8 82051bb9 nt!KiThreadStartup+0x15 [minkernel\ntos\ke\i386\threadbg.asm @ 82] 
 8ba0fc94 82051bb9 8b9cc600 8ba10000 8ba0d000 nt!KiProcessDeferredReadyList+0x17 [minkernel\ntos\ke\thredsup.c @ 5309] 
 8ba0fcd8 00000000 00000000 00000000 00000000 nt!KeSetPriorityThread+0x249 [minkernel\ntos\ke\thredobj.c @ 3881] 
 RETRACER_ANALYSIS_TAG_STATUS:  Failed in getting KPCR for core 1
 THREAD_SHA1_HASH_MOD_FUNC:  e029276c66aea80ba36903e89947127118d31128
 THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  012389f065d31c8eedd6204846a560146a38099b
 THREAD_SHA1_HASH_MOD:  44dc639eb162a28d47eaeeae4afe6f9eeccced3d
 FOLLOWUP_IP: 
 WwanUsbMp+1c15f
 ac50c15f 8bf0            mov     esi,eax
 FAULT_INSTR_CODE:  f33bf08b
 SYMBOL_STACK_INDEX:  8
 SYMBOL_NAME:  WwanUsbMp+1c15f
 FOLLOWUP_NAME:  MachineOwner
 MODULE_NAME: WwanUsbMp
 IMAGE_NAME:  WwanUsbMp.sys
 DEBUG_FLR_IMAGE_TIMESTAMP:  5211bb0c
 DXGANALYZE_ANALYSIS_TAG_PORT_GLOBAL_INFO_STR:  Hybrid_FALSE
 DXGANALYZE_ANALYSIS_TAG_ADAPTER_INFO_STR:  GPU0_VenId0x1414_DevId0x8d_WDDM1.3_NotActive;GPU1_VenId0x8086_DevId0x416_WDDM1.3_Active_Post;
 STACK_COMMAND:  .thread ; .cxr ; kb
 BUCKET_ID_FUNC_OFFSET:  1c15f
 FAILURE_BUCKET_ID:  AV_R_INVALID_WwanUsbMp!unknown_function
 BUCKET_ID:  AV_R_INVALID_WwanUsbMp!unknown_function
 PRIMARY_PROBLEM_CLASS:  AV_R_INVALID_WwanUsbMp!unknown_function
 TARGET_TIME:  2018-02-12T11:33:51.000Z
 OSBUILD:  16299
 OSSERVICEPACK:  15
 SERVICEPACK_NUMBER: 0
 OS_REVISION: 0
 SUITE_MASK:  272
 PRODUCT_TYPE:  1
 OSPLATFORM_TYPE:  x86
 OSNAME:  Windows 10
 OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
 OS_LOCALE:  
 USER_LCID:  0
 OSBUILD_TIMESTAMP:  2017-09-28 18:32:28
 BUILDDATESTAMP_STR:  170928-1534
 BUILDLAB_STR:  rs3_release
 BUILDOSVER_STR:  10.0.16299.15.x86fre.rs3_release.170928-1534
 ANALYSIS_SESSION_ELAPSED_TIME:  162bd
 ANALYSIS_SOURCE:  KM
 FAILURE_ID_HASH_STRING:  km:av_r_invalid_wwanusbmp!unknown_function
 FAILURE_ID_HASH:  {31e4d053-0758-e43a-06a7-55f69b072cb3}
 FAILURE_ID_REPORT_LINK: http://go.microsoft.com/fwlink/?LinkID=397724&FailureHash=31e4d053-0758-e43a-06a7-55f69b072cb3
 Followup:     MachineOwner
 ---------
 ReadVirtual: 812d1248 not properly sign extended
 ```
 ## References
- [Bug Check Code Reference](https://docs.microsoft.com/windows-hardware/drivers/debugger/bug-check-code-reference2)
+[Bug Check Code Reference](https://docs.microsoft.com/windows-hardware/drivers/debugger/bug-check-code-reference2)
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@ -8,7 +8,6 @@ ms.topic: troubleshooting
 author: kaushika-msft 
 ms.localizationpriority: medium 
 ms.author: kaushika
 ms.date: 11/26/2018 
 --- 
 # Advanced troubleshooting for Windows-based computer freeze issues 
@ -60,9 +59,8 @@ If the physical computer or virtual machine froze but is now running in a good s
 *   Generate a System Diagnostics report by running the perfmon /report command. 
 *   Check history in virtual management monitoring tools. 
 ## More Information 
-### Collect data for the freeze issues 
+## Collect data for the freeze issues 
 To collect data for a server freeze, check the following table, and use one or more of the suggested methods. 
@ -74,7 +72,7 @@ To collect data for a server freeze, check the following table, and use one or m
 |A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.| 
-#### Method 1: Memory dump 
+### Method 1: Memory dump 
 > [!Note] 
 > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
@ -107,7 +105,7 @@ If the computer is no longer frozen and now is running in a good state, use the
        Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008). 
-    6.  Make sure that there's more freed-up space on the hard disk drives than there is physical RAM. 
+    6.  Make sure that there's more available space on the system drive than there is physical RAM. 
 2.  Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps: 
@ -141,7 +139,7 @@ If the computer is no longer frozen and now is running in a good state, use the
    > %SystemRoot%\MEMORY.DMP 
-#### Method 2: Data sanity check 
+### Method 2: Data sanity check 
 Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. 
@ -153,7 +151,7 @@ Learn how to use Dumpchk.exe to check your dump files:
 > [!video https://www.youtube-nocookie.com/embed/xN7tOfgNKag] 
-#### Method 3: Performance Monitor 
+### Method 3: Performance Monitor 
 You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator: 
@ -174,7 +172,7 @@ logman stop LOGNAME_Long / LOGNAME_Short
 The Performance Monitor log is located in the path: C:\PERFLOGS   
-#### Method 4: Microsoft Support Diagnostics 
+### Method 4: Microsoft Support Diagnostics 
 1.  In the search box of the [Microsoft Support Diagnostics Self-Help Portal](https://home.diagnostics.support.microsoft.com/selfhelp), type Windows Performance Diagnostic. 
@ -247,17 +245,17 @@ If the physical computer is still running in a frozen state, follow these steps
    > [!Note] 
    > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP 
-#### Use Pool Monitor to collect data for the physical computer that is no longer frozen 
+### Use Pool Monitor to collect data for the physical computer that is no longer frozen 
 Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.   
 Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx). 
-#### Use memory dump to collect data for the virtual machine that's running in a frozen state 
+### Use memory dump to collect data for the virtual machine that's running in a frozen state 
 Use the one of the following methods for the application on which the virtual machine is running.   
-##### Microsoft Hyper-V 
+#### Microsoft Hyper-V 
 If the virtual machine is running Windows 8, Windows Server 2012, or a later version of Windows on Microsoft Hyper-V Server 2012, you can use the built-in NMI feature through a [Debug-VM](https://docs.microsoft.com/previous-versions/windows/powershell-scripting/dn464280(v=wps.630)) cmdlet to debug and get a memory dump.   
@ -270,11 +268,11 @@ Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname
 > [!Note] 
 > This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.  
-##### VMware 
+#### VMware 
 You can use VMware Snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. By using [Checkpoint To Core Tool (vmss2core)](https://labs.vmware.com/flings/vmss2core), you can convert both suspend (.vmss) and snapshot (.vmsn) state files to a dump file and then analyze the file by using the standard Windows debugging tools.   
-##### Citrix XenServer 
+#### Citrix XenServer 
 The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination that's described in Method 1 and on [the Citrix site](http://support.citrix.com/article/ctx123177).   
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@ -59,7 +59,7 @@ Examples of these two deployment advisors are shown below.
 ## Related Topics
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<br>
-[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
+[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -76,7 +76,7 @@ This section will show you how to populate the MDT deployment share with the Win
 MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
->[!OTE]  
+>[!NOTE]  
 >Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
 ### Add Windows 10 Enterprise x64 (full source)
@ -134,8 +134,8 @@ You also can customize the Office installation using a Config.xml file. But we r
    Figure 5. The Install - Microsoft Office 2013 Pro Plus - x86 application properties.
-    **Note**  
+    >[!NOTE] 
-    If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.
+    >If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.
 3.  In the Office Customization Tool dialog box, select the Create a new Setup customization file for the following product option, select the Microsoft Office Professional Plus 2013 (32-bit) product, and click OK.
 4.  Use the following settings to configure the Office 2013 setup to be fully unattended:
@ -156,8 +156,8 @@ You also can customize the Office installation using a Config.xml file. But we r
        -   In the **Microsoft Office 2013** node, expand **Privacy**, select **Trust Center**, and enable the Disable Opt-in Wizard on first run setting.
 5.  From the **File** menu, select **Save**, and save the configuration as 0\_Office2013ProPlusx86.msp in the **E:\\MDTBuildLab\\Applications\\Install - Microsoft Office 2013 Pro Plus - x86\\Updates** folder.
-    **Note**  
+    >[!NOTE] 
-    The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates, and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.
+    >The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates,          and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.
 6.  Close the Office Customization Tool, click Yes in the dialog box, and in the **Install - Microsoft Office 2013 Pro Plus - x86 Properties** window, click **OK**.
@ -333,8 +333,8 @@ The steps below walk you through the process of editing the Windows 10 referenc
        2.  Select the operating system for which roles are to be installed: Windows 10
        3.  Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
-        **Important**  
+        >[!IMPORTANT]
-        This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
+        >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
        ![figure 7](../images/fig8-cust-tasks.png)
@ -456,8 +456,8 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
    Figure 12. The boot image rules for the MDT Build Lab deployment share.
-    **Note**  
+    >[!NOTE]  
-    For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.
+    >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.
 4.  In the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
 5.  In the **Lite Touch Boot Image Settings** area, configure the following settings:
@ -514,8 +514,8 @@ So, what are these settings?
 -   **DeployRoot.** This is the location of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
 -   **UserDomain, UserID, and UserPassword.** These values are used for automatic log on to the deployment share. Again, if they are not specified, the wizard prompts you.
-    **Note**  
+    >[!WARNING]  
-    Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
+    >Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
 -   **SkipBDDWelcome.** Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@ -8,13 +8,12 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
 ms.date: 01/09/2019
 ms.localizationpriority: medium
 ---
 # Enrolling devices in Windows Analytics
-If you have not already done so, consult the topics for any of the three Windows Analytics solutions (Update Compliance, Upgrade Readiness, and Device Health) you intend to use and follow the steps there to add the solutions to Microsoft Operations Management Suite.
+If you have not already done so, consult the topics for any of the three Windows Analytics solutions (Update Compliance, Upgrade Readiness, and Device Health) you intend to use and follow the steps there to add the solutions to Azure Portal.
 - [Get started with Device Health](device-health-get-started.md)
 - [Get started with Update Compliance](update-compliance-get-started.md)
@ -26,17 +25,20 @@ If you've already done that, you're ready to enroll your devices in Windows Anal
 ## Copy your Commercial ID key
-Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. This should be generated for you automatically. Copy your commercial ID key in OMS and then deploy it to user computers.
+Microsoft uses a unique commercial ID to map information from user computers to your Azure workspace. This should be generated for you automatically. Copy your commercial ID key from any of the Windows Analytics solutions you have added to your Windows Portal, and then deploy it to user computers.
 To find your commercial ID, first navigate to the **Solutions** tab for your workspace, and then select the solution. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
 [![Select WA solution to adjust settings](images/temp-azure-portal-soltn-setting.png)](images/temp-azure-portal-soltn-setting.png)
 From there, select the settings page, where you can find and copy your commercial ID:
 [![Settings page for Upgrade Readiness in Azure portsl](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
 1.  On the **Settings** dashboard, navigate to the **Windows Telemetry** panel under **Connected Sources** .
-    ![Operations Management Suite Settings dialog showing Connected sources and Windows telemetry selected and the commercial ID location marked by a black box in the lower right.](images/WA-device-enrollment.png)
+>**Important**<br> Regenerate a Commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
 2. Copy your Commercial ID (which should already be populated). Save this Commercial ID because you will need it later for use in the deployment scripts and policies.
    >**Important**<br> Regenerate a Commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
 ## Enable data sharing
@ -105,9 +107,9 @@ If you are planning to enable IE Site Discovery in Upgrade Readiness, you will n
 ## Set diagnostic data levels
-You can set the diagnostic data level used by monitored devices either with the Update Readiness deployment script or by policy (by using Group Policy or Mobile Device Management).
+You can set the diagnostic data level used by monitored devices either with the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) or by policy (by using Group Policy or Mobile Device Management).
-The basic functionality of Update Readiness will work at the Basic diagnostic data level, you won't get usage or health data for your updated devices without enabling the Enhanced level. This means you won't get information about health regressions on updated devices. So it is best to enable the Enhanced diagnostic data level, at least on devices running Windows 10, version 1709 (or later) where the Enhanced diagnostic data setting can be paired with "limited enhanced" data level (see [Windows 10 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)). For more information, see [Windows Analytics and privacy](https://docs.microsoft.com/windows/deployment/update/windows-analytics-privacy).
+The basic functionality of Upgrade Readiness will work at the Basic diagnostic data level, you won't get usage or health data for your updated devices without enabling the Enhanced level. This means you won't get information about health regressions on updated devices. So it is best to enable the Enhanced diagnostic data level, at least on devices running Windows 10, version 1709 (or later) where the Enhanced diagnostic data setting can be paired with "limited enhanced" data level (see [Windows 10 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields)). For more information, see [Windows Analytics and privacy](https://docs.microsoft.com/windows/deployment/update/windows-analytics-privacy).
 ## Enroll a few pilot devices
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@ -6,6 +6,7 @@ ms.topic: landing-page
 ms.manager: elizapo
 author: lizap
 ms.author: elizapo  
 ms.date: 01/17/2019
 ms.localizationpriority: high
 ---
 # Windows as a service
@ -16,13 +17,14 @@ Find the tools and resources you need to help deploy and support Windows as a se
 Find the latest and greatest news on Windows 10 deployment and servicing.
-**Windows 10 monthly updates**
+**Working to WIndows updates clear and transparent**
-> [!VIDEO https://www.youtube-nocookie.com/embed/BwB10v55WSk]      
+> [!VIDEO https://www.youtube-nocookie.com/embed/u5P20y39DrA]
-Windows 10 is the most secure version of Windows yet. Learn what updates we release and when we release them, so you understand the efforts we take to keep your digital life safe and secure.
+Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues. 
 The latest news:
 <ul compact style="list-style: none"> 
 <li><a href="https://blogs.windows.com/windowsexperience/2019/01/15/application-compatibility-in-the-windows-ecosystem/#A8urpp1QEp6DHzmP.97">Application compatibility in the Windows ecosystem</a> - January 15, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2018/12/10/windows-monthly-security-and-quality-updates-overview/#UJJpisSpvyLokbHm.97">Windows monthly security and quality updates overview</a> - January 10, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem/#ktuodfovWAMAkssM.97">Driver quality in the Windows ecosystem</a> - December 19, 2018</li>
 <li><a href="http://m365mdp.mpsn.libsynpro.com/001-windows-10-monthly-quality-updates">Modern Desktop Podcast - Episode 001 – Windows 10 Monthly Quality Updates</a> - December 18, 2018</li>
@ -40,6 +42,7 @@ The latest news:
 <li><a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/">Helping customers shift to a modern desktop</a> - September 6, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-amp-Windows-Analytics-a-real-world/ba-p/242417#M228">Windows Update for Business & Windows Analytics: a real-world experience</a> - September 5, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461">What's next for Windows 10 and Windows Server quality updates</a> - August 16, 2018
 <li><a href="https://www.youtube-nocookie.com/watch/BwB10v55WSk">Windows 10 monthly updates</a> - August 1, 2018 (**video**)</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376">Windows 10 update servicing cadence</a> - August 1, 2018
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426">Windows 10 quality updates explained and the end of delta updates</a> - July 11, 2018
 <li><a href="https://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout/#67LrSyWdwgTyciSG.97">AI Powers Windows 10 April 2018 Update Rollout</a> - June 14, 2018
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@ -33,7 +33,7 @@ Advanced users can also refer to the [log](windows-update-logs.md) generated by
 You might encounter the following scenarios when using Windows Update. 
 ## Why am I offered an older update/upgrade?
-The update that is offered to a device depends on several factors. Some of the most common attributes include the following.  
+The update that is offered to a device depends on several factors. Some of the most common attributes include the following:  
 - OS Build 
 - OS Branch 
@ -41,7 +41,7 @@ The update that is offered to a device depends on several factors. Some of the m
 - OS Architecture 
 - Device update management configuration 
-If the update you're offered isn't th emost current available, it might be because your device is being managed by a WSUS server, and your'e being offered the updates available on that server. It's also possible, if your device is part of a Windows as a Service deployment ring, that your admin is intentionally slowing the rollout of updates. Since the WaaS rollout is slow and measured to begin with, all devices will not receive the update on the same day.  
+If the update you're offered isn't the most current available, it might be because your device is being managed by a WSUS server, and you're being offered the updates available on that server. It's also possible, if your device is part of a Windows as a Service deployment ring, that your admin is intentionally slowing the rollout of updates. Since the WaaS rollout is slow and measured to begin with, all devices will not receive the update on the same day.  
 ## My machine is frozen at scan. Why? 
 The Settings UI is talking to the Update Orchestrator service which in turn is talking to Windows Update service. If these services stop unexpectedly then you might see this behavior. In such cases, do the following:  
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@ -148,6 +148,9 @@ By default, the tool will show you up to 1GB or 30 days of data (whichever comes
   >[!IMPORTANT]
   >Modifying the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
   >[!IMPORTANT]
   >If you modify the maximum data history size from a larger value to a lower value, you must turn off data viewing and turn it back on in order to reclaim disk space. 
 You can change the maximum data history size (in megabytes) that you can view. For example, to set the maximum data history size to 2048MB (2GB), you can run the following command. 
 ```powershell
@ -174,6 +177,7 @@ To reset the maximum data history size back to its original 1GB default value, r
 PS C:\> Set-DiagnosticStoreCapacity -Size 1024 -Time 720 
 ```
 When resetting the size of your data history to a lower value, be sure to turn off data viewing and turn it back on in order to reclaim disk space.
 ## Related Links
 - [Module in PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer)
--- a/windows/security/threat-protection/intelligence/TOC.md
+++ b/windows/security/threat-protection/intelligence/TOC.md
@ -36,7 +36,7 @@
 ## [Safety Scanner download](safety-scanner-download.md)
-## [Industry antivirus tests](top-scoring-industry-antivirus-tests.md)
+## [Industry tests](top-scoring-industry-antivirus-tests.md)
 ## [Industry collaboration programs](cybersecurity-industry-partners.md)
--- a/windows/security/threat-protection/intelligence/images/PrevalentMalware.png
+++ b/windows/security/threat-protection/intelligence/images/PrevalentMalware.png
--- a/windows/security/threat-protection/intelligence/images/PrevalentMalware1.png
+++ b/windows/security/threat-protection/intelligence/images/PrevalentMalware1.png
--- a/windows/security/threat-protection/intelligence/images/RealWorld.png
+++ b/windows/security/threat-protection/intelligence/images/RealWorld.png
--- a/windows/security/threat-protection/intelligence/images/RealWorld1.png
+++ b/windows/security/threat-protection/intelligence/images/RealWorld1.png
--- a/windows/security/threat-protection/intelligence/images/av-comparatives-logo-3.png
+++ b/windows/security/threat-protection/intelligence/images/av-comparatives-logo-3.png
--- a/windows/security/threat-protection/intelligence/images/av-test-logo.png
+++ b/windows/security/threat-protection/intelligence/images/av-test-logo.png
--- a/windows/security/threat-protection/intelligence/images/se-labs.png
+++ b/windows/security/threat-protection/intelligence/images/se-labs.png
--- a/windows/security/threat-protection/intelligence/images/se-labs2.PNG
+++ b/windows/security/threat-protection/intelligence/images/se-labs2.PNG
--- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
+++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
@ -1,99 +1,104 @@
 ---
-title: Top scoring in industry antivirus tests
+title: Top scoring in industry tests
-description: Windows Defender Antivirus consistently achieves high scores in independent tests. View the latest scores and analysis.
+description: Windows Defender ATP consistently achieves high scores in independent tests. View the latest scores and analysis.
-keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, defender, scores
+keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, defender, scores, endpoint detection and response, next generation protection, MITRE, WDATP
 ms.prod: w10
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
 ms.author: ellevin
 author: levinec
 ms.date: 11/07/2018
 ---
-# Top scoring in industry antivirus tests
+# Top scoring in industry tests
-[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-docs-avreports) **consistently achieves high scores** in independent tests, displaying how it is a top choice in the antivirus market.
+Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis.
-We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections.
+## Endpoint detection & response
-In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender Antivirus is  part of the  [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
+Windows Defender ATP [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 <br></br><br></br>
 ![AV-TEST logo](./images/av-test-logo.png)
-## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test
+### MITRE: Industry-leading optics and detection capabilities
 MITRE tested the ability of products to detect techniques commonly used by the targeted attack group APT3 (also known as Boron or UPS). To isolate detection capabilities, all protection and prevention features were turned off. Microsoft is happy to be one of the first EDR vendors to sign up for the MITRE evaluation based on the ATT&CK framework, widely regarded today as the most comprehensive catalog of attacker techniques and tactics.
 - ATT&CK-based evaluation: [Leading optics and detection capabilities](https://attackevals.mitre.org/) | [Analysis](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/)
    Windows Defender ATP delivered comprehensive coverage of attacker techniques across the entire attack chain. Highlights included the breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring.
 ## Next generation protection
 [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-docs-avreports) consistently performs highly in independent tests, displaying how it is a top choice in the antivirus market. Note that these tests only provide results for antivirus and do not test for additional security protections.
 Windows Defender Antivirus is  part of the  [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Window Defender ATP security stack which addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies.
 ### AV-TEST: Protection score of 6.0/6.0 in the latest test
 The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
 > [!NOTE]
 > [Download our latest analysis: Examining the AV-TEST July-August results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y)
-### July-August 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2018/microsoft-windows-defender-antivirus-4.12--4.18-183212/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y)
+- September - October 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2018/microsoft-windows-defender-antivirus-4.18-184174/) <sup>**Latest**</sup>
- Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 20,022 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 14 of the 16 most recent antivirus tests (combined "Real-World" and "Prevalent malware").
+    Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 21,568 malware samples tested.
-### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) 
+- July - August 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2018/microsoft-windows-defender-antivirus-4.12--4.18-183212/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2IL3Y)
- Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples.
+     Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 20,022 malware samples.
-### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)
+- May - June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports)
- Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate).
+     Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples.
-### January-February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)
+- March - April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)
-Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested.
+     Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate).
 - January - February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports)
    Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested.
 |||
 |---|---|
-|![Graph describing Real-World detection rate](./images/RealWorld.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware.png)|
+|![Graph describing Real-World detection rate](./images/RealWorld1.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware1.png)|
 <br></br>
-![AV-Comparatives Logo](./images/av-comparatives-logo-3.png)
+### AV-Comparatives: Protection rating of 99.6% in the latest test
 ## AV-Comparatives: Protection rating of 99.8% in the latest test
 AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions.
-### Real-World Protection Test August - September (Enterprise): [Protection Rate 99.8%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-september-2018-testresult/) <sup>**Latest**</sup>
+- Real-World Protection Test Enterprise August - November 2018: [Protection Rate 99.6%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-november-2018-testresult/) <sup>**Latest**</sup>
-This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online.
+    This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online. The test set contained 1207 test cases (such as malicious URLs).
 The test set contained 599 test cases (such as malicious URLs).
-### Malware Protection Test August 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-august-2018-testresult/)
+- Malware Protection Test Enterprise August 2018: [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-august-2018-testresult/)
-This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. The results are based on testing against 1,556 malware samples.
+    This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. The results are based on testing against 1,556 malware samples.
-### Real-World Protection Test March - June (Enterprise): [Protection Rate 98.7%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-march-june-2018-testresult/)
+- Real-World Protection Test Enterprise March - June 2018: [Protection Rate 98.7%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-march-june-2018-testresult/)
-The test set contained 1,163 test cases (such as malicious URLs).
+    The test set contained 1,163 test cases (such as malicious URLs).
-### Malware Protection Test March 2018 (Enterprise): [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
+- Malware Protection Test Enterprise March 2018: [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/)
-For this test, 1,470 recent malware samples were used.
+    For this test, 1,470 recent malware samples were used.
 [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)
 <br></br>
 <br></br>
-![SE Labs Logo](./images/se-labs2.png)
+### SE Labs: Total accuracy rating of AAA in the latest test
 ## SE Labs: Total accuracy rating of AAA in the latest test
 SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
-### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) <sup>**pdf**</sup>
+- Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) <sup>**pdf**</sup>
-Microsoft's next-gen protection was named as one of the most effective products, stopping all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly.
+    Microsoft's next-gen protection was named as one of the most effective products, stopping all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly.
-### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
+- Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) <sup>**pdf**</sup>
-Microsoft's next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
+    Microsoft's next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats.
 ## To what extent are tests representative of protection in the real world?
-It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
+It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the evaluations highlighted above. For example, in an average month, we identify over 100 million new threats.  Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
-The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender Antivirus missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world.
+The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Windows Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports)  that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world.
 Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports).
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@ -10,7 +10,6 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 10/03/2018
 ---
 # Onboard non-Windows machines
@ -33,11 +32,11 @@ You'll need to take the following steps to onboard non-Windows machines:
 1. Turn on third-party integration
 2. Run a detection test
-### Turn on third-party integration
+## Turn on third-party integration
 1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed.
-2. 	Select Mac and Linux as the operating system.
+2. 	Select **Linux, macOS, iOS and Android** as the operating system.
 3. Turn on the third-party solution integration.
--- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
@ -17,15 +17,14 @@ ms.date: 09/03/2018
 # Overview of endpoint detection and response
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 Windows Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
-The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
+When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
-
+Inspired by the "assume breach" mindset, Windows Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
 When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
 Inspired by the "assume breach" mindset, Windows Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes and others. This information is stored for six months, enabling an analyst to travel back in time to the  starting point of an attack and pivot in various views and approach an investigation through multiple possible vectors. 
 The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
@ -33,13 +32,8 @@ The response capabilities give you the power to promptly remediate threats by ac
 Topic | Description
 :---|:---
-Security operations dashboard | This is where the endpoint detection and response capabilities are surfaced. It provides a high level overview of where detections were seen and highlights where response actions are needed. 
+[Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) | Explore a high level overview of detections, highlighting where response actions are needed.
-Alerts queue | This dashboard shows all the alerts that were seen on machines. Learn how you can view and organize the queue, or how to manage and investigate alerts.
+[Incidents queue](incidents-queue.md) | View and organize the incidents queue, and manage and investigate alerts.
-Machines list | Shows a list of machines where alerts have been generated. Learn how you can investigate machines, or how to search for specific events in a timeline, and others.
+[Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | View and organize the machine alerts queue, and manage and investigate alerts.
-Take response actions | Learn about the available response actions and how to apply them on machines and files.
+[Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) | Investigate machines with generated alerts and search for specific events over time.
-
+[Take response actions](response-actions-windows-defender-advanced-threat-protection.md) | Learn about the available response actions and apply them to machines and files.
--- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
@ -1,6 +1,6 @@
 ---
 title: Create and manage roles for role-based access control
-description: Create roles and define the permissions assigned to the role as part of the role-based access control implimentation 
+description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation 
 keywords: user roles, roles, access rbac
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@ -11,7 +11,6 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 09/03/2018
 ---
 # Create and manage roles for role-based access control
@ -25,7 +24,7 @@ ms.date: 09/03/2018
 ## Create roles and assign the role to an Azure Active Directory group
 The following steps guide you on how to create roles in Windows Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
-1.	In the navigation pane, select **Settings > Role based access control > Roles**.
+1.	In the navigation pane, select **Settings > Roles**.
 2.	Click **Add role**. 
@ -37,9 +36,8 @@ The following steps guide you on how to create roles in Windows Defender Securit
 	 - **Permissions**
 		  - **View data** - Users can view information in the portal.
-		  - **Investigate alerts** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
+		  - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
-		  - **Approve or take action** - Users can take response actions and approve or dismiss pending remediation actions.
+		  - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions.
 		  - **Manage system settings** - Users can configure settings, SIEM and threat intel API settings, advanced settings, preview features, and automated file uploads.
 		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
 4.	Click **Next** to assign the role to an Azure AD group.
--- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
+++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
@ -11,7 +11,6 @@ ms.pagetype: security
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 ms.date: 01/07/2019
 ---
 # What's new in Windows Defender ATP
@ -21,19 +20,21 @@ ms.date: 01/07/2019
 Here are the new features in the latest release of Windows Defender ATP.
 ## Windows Defender ATP 1809
- [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
+- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<br> Support for iOS and Android devices are now supported.
 - [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<br>
 Controlled folder access is now supported on Windows Server 2019.
- [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
+- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<br>
 All Attack surface reduction rules are now supported on Windows Server 2019.
 For Windows 10, version 1809 there are two new attack surface reduction rules: 
  -	Block Adobe Reader from creating child processes
  -	Block Office communication application from creating child processes. 
- [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
  - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
  - Windows Defender Antivirus can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security.
-  - [Configure CPU priority settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans.
+  - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans.
@ -56,20 +57,20 @@ Onboard supported versions of Windows machines so that they can send sensor data
 Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
 ## Windows Defender ATP 1803
- [Attack surface reduction rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
+- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
 New attack surface reduction rules: 
  -	Use advanced protection against ransomware
  -	Block credential stealing from the Windows local security authority subsystem (lsass.exe)
  - Block process creations originating from PSExec and WMI commands
  - Block untrusted and unsigned processes that run from USB
  - Block executable content from email client and webmail
- [Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
+- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
 You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
- [Windows Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
-Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus).
+Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus).
 - [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <BR>
 Query data using Advanced hunting in Windows Defender ATP
 - [Automated investigation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<br> Use Automated investigations to investigate and remediate threats
- [Conditional access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br>
+- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br>
 Enable conditional access to better protect users, devices, and data