Merge pull request #3060 from MicrosoftDocs/FromPrivateRepo

From private repo

windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

@@ -42,6 +42,8 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
 
 [Device names not appearing for Windows 10 devices](#device-names-not-appearing-for-windows-10-devices)
 
+[Custom log queries using the AbnormalShutdownCount field of Device Health show zero or lower than expected results](#custom-log-queries-using-the-abnormalshutdowncount-field-of-device-health-show-zero-or-lower-than-expected-results)
+
 [Disable Upgrade Readiness](#disable-upgrade-readiness)
 
 [Exporting large data sets](#exporting-large-data-sets)
@@ -54,7 +56,7 @@ In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and
 Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
 
 >[!NOTE]
-> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness.
+> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it.
  
 If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues:
 
@@ -201,6 +203,20 @@ Finally, Upgrade Readiness only collects IE site discovery data on devices that
 ### Device names not appearing for Windows 10 devices
 Starting with Windows 10, version 1803, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Allowing device names to be collected can make it easier for you to identify individual devices that report problems. Without the device name, Windows Analytics can only label devices by a GUID that it generates.
 
+### Custom log queries using the AbnormalShutdownCount field of Device Health show zero or lower than expected results
+This issue affects custom queries of the Device Health data by using the **Logs > Search page** or API. It does not impact any of the built-in tiles or reports of the Device Health solution. The **AbnormalShutdownCount** field of the **DHOSReliability** data table represents abnormal shutdowns other than crashes, such as sudden power loss or holding down the power button.
+ 
+We have identified an incompatibility between AbnormalShutdownCount and the Limited Enhanced diagnostic data level on Windows 10, versions 1709, 1803, and 1809. Such devices do not send the abnormal shutdown signal to Microsoft. You should not rely on AbnormalShutdownCount in your custom queries unless you use any one of the following workarounds:
+ 
+
+- Upgrade devices to Windows 10, version 1903 when available. Participants in the Windows Insider program can preview this change using Windows Insider builds.
+- Change the diagnostic data setting from devices running Windows 10, versions 1709, 1803, and 1809 normal Enhanced level instead of Limited Enhanced.
+- Use alternative data from devices to track abnormal shutdowns. For example, you can forward abnormal shutdown events from the Windows Event Log to your Log Analytics workspace by using the Log Analytics agent. Suggested events to forward include:
+    - Log: System, ID: 41, Source: Kernel-Power
+    - Log System, ID: 6008, Source: EventLog
+
+
+
 ### Disable Upgrade Readiness
 
 If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps:

windows/deployment/update/windows-analytics-overview.md

@@ -52,3 +52,6 @@ Use Upgrade Readiness to get:
 - Data export to commonly used software deployment tools, including System Center Configuration Manager 
 
 To get started with any of these solutions, visit the links for instructions to add it to Azure Portal.
+
+>[!NOTE]
+> For details about licensing requirements and costs associated with using Windows Analytics solutions, see [What are the requirements and costs for Windows Analytics solutions?](windows-analytics-FAQ-troubleshooting.md#what-are-the-requirements-and-costs-for-windows-analytics-solutions).

windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md

@@ -63,61 +63,50 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 
 2. The **Welcome** screen will provide some details as to what is about to occur during the set up wizard.
 
-	![Image of Welcome screen for portal set up](images\atp-portal-welcome-screen.png)
+	![Image of Welcome screen for portal set up](images\welcome1.png)
 
 	You will need to set up your preferences for Windows Defender Security Center.
 
-3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
+3. Set up preferences
     
-	> [!WARNING]
-	> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
+    ![Image of geographic location in set up](images\setup-preferences.png)
 
-	![Image of geographic location in set up](images\atp-geographic-location-setup.png)
+   1. **Select data storage location** <br> When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United States, the European Union, or the United Kingdom. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
-4.   Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
+    	> [!WARNING]
+    	> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
 
-	> [!NOTE]
-	> This option can be changed at a later time.
+   2. **Select the data retention policy** <br> Windows Defender ATP will store data up to a period of 6 months in your cloud instance, however, you have the option to set the data retention period for a shorter timeframe during this step of the set up process.
 
-   ![Image of data retention set up](images\atp-data-retention-policy.png)
+    > [!NOTE]
+    > This option can be changed at a later time.
 
-5. You will need to indicate the size of your organization based on an estimate of the number of employees currently employed.
+   3. **Select the size of your organization** <br> You will need to indicate the size of your organization based on an estimate of the number of employees currently employed.
 
-	> [!NOTE]
-	> The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
+    > [!NOTE]
+    > The **organization size** question is not related to how many licenses were purchased for your organization. It is used by the service to optimize the creation of the data cluster for your organization.
 
-	![Image of organization size](images\atp-organization-size.png)
+   4. **Turn on preview features** <br> Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
 
-6. The customer industry information is helpful in collecting data for the Windows Security Team, and while optional, would be useful if completed. 
-
-	> [!NOTE]
-	> This option can be changed at a later time.
-
-	![Image of industry information](images\atp-industry-information.png)
-
-7. Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on **Preview features**.
-
-	You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
+	    You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
 
 	- Toggle the setting between On and Off to choose **Preview features**.
 
-	> [!NOTE]
-	> This option can be changed at a later time.
+      > [!NOTE]
+      > This option can be changed at a later time.
 
-	![Image of preview experience](images\atp-preview-experience.png)
-
-8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
+4. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
 
 	> [!NOTE]
 	> Some of these options can be changed at a later time in Windows Defender Security Center.
 
-	![Image of final preference set up](images\atp-final-preference-setup.png)
+	![Image of final preference set up](images\setup-preferences2.png)
 
-9. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
+5. A dedicated cloud instance of Windows Defender Security Center is being created at this time. This step will take an average of 5 minutes to complete.
 
-	![Image of Windows Defender ATP cloud instance](images\atp-windows-cloud-instance-creation.png)
+	![Image of Windows Defender ATP cloud instance](images\creating-account.png)
 
-10. You are almost done. Before you can start using Windows Defender ATP you'll need to:
+6. You are almost done. Before you can start using Windows Defender ATP you'll need to:
 
 	- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 
@@ -129,7 +118,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 	> If you click **Start using Windows Defender ATP** before onboarding machines you will receive the following notification:
 	>![Image of setup imcomplete](images\atp-setup-incomplete.png)
 
-11. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
+7. After onboarding machines you can click **Start using Windows Defender ATP**. You will now launch Windows Defender ATP for the first time.
 
 	![Image of onboard machines](images\atp-onboard-endpoints-WDATP-portal.png)