From 77d7f402643b360d21eee717b85d19b41ce68272 Mon Sep 17 00:00:00 2001 From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com> Date: Mon, 30 Mar 2020 16:41:45 -0600 Subject: [PATCH 01/50] Update metadata descriptions 3_30 3 --- .../set-up-mdt-for-bitlocker.md | 3 +- ...compatibility-administrator-users-guide.md | 3 +- ...se-management-strategies-and-deployment.md | 9 +- windows/deployment/update/waas-morenews.md | 6 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 12 +- ...ivate-using-key-management-service-vamt.md | 290 +++++++++--------- ...t-to-microsoft-during-activation-client.md | 144 ++++----- .../monitor-activation-client.md | 90 +++--- .../windows-10-deployment-tools-reference.md | 4 +- .../deployment/windows-10-deployment-tools.md | 4 +- 11 files changed, 289 insertions(+), 278 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index d54f06dc77..e68b815828 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -4,7 +4,7 @@ ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy @@ -14,6 +14,7 @@ ms.pagetype: mdt audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Set up MDT for BitLocker diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index afbb20379c..30dcd0de23 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -4,7 +4,7 @@ ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -12,6 +12,7 @@ ms.sitesec: library audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 162ad2c153..18f52b5803 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -13,6 +13,7 @@ audience: itpro author: greg-lindsay ms.date: 04/19/2017 ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Fix Database Management Strategies and Deployment @@ -88,7 +89,7 @@ This approach tends to work best for organizations that have a well-developed de ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** @@ -113,7 +114,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization’s computers. +1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -124,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..28ac9a4c6c 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -11,6 +11,8 @@ ms.reviewer: manager: laurawi ms.localizationpriority: high ms.topic: article +description: Read news articles about Windows as a service, including Windows 10, Windows 10 Enterprise, Windows 10 Pro. +ms.custom: seo-marvel-mar2020 --- # Windows as a service - More news @@ -19,8 +21,8 @@ Here's more news about [Windows as a service](windows-as-a-service.md):

You can either:

    -

  1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    2. -

  2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

    3. +

  3. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    4. +

  4. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

<component context="UserAndSystem" type="Application">
   <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
@@ -3847,7 +3845,7 @@ See the last component in the MigUser.xml file for an example of this element.
 ~~~
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile.
+If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
 
 The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
@@ -4104,12 +4102,12 @@ Syntax:
 
 
name

 
Yes

-
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

+
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify MyComponent.InstallPath.

 
 
 
remap

 
No, default = FALSE

-
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

+
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.

 
 
 
@@ -4228,27 +4226,27 @@ The following functions are for internal USMT use only. Do not use them in an .x
 
 You can use the following version tags with various helper functions:
 
--   “CompanyName”
+-   "CompanyName"
 
--   “FileDescription”
+-   "FileDescription"
 
--   “FileVersion”
+-   "FileVersion"
 
--   “InternalName”
+-   "InternalName"
 
--   “LegalCopyright”
+-   "LegalCopyright"
 
--   “OriginalFilename”
+-   "OriginalFilename"
 
--   “ProductName”
+-   "ProductName"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   “FileVersion”
+-   "FileVersion"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 ## Related topics
 
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 06e514f5b7..e9f8587729 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section contains topics that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 
 
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index e5c224c42c..88176e8e84 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -23,7 +23,7 @@ When you migrate files and settings during a typical PC-refresh migration, the u
 
 -   All of the files being migrated.
 
--   The user’s settings.
+-   The user's settings.
 
 -   A catalog file that contains metadata for all files in the migration store.
 
@@ -37,7 +37,7 @@ When you use the **/verify** option, you can specify what type of information to
 
 -   **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+## In this topic
 
 
 The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d35f96bdc7..b86f415221 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index fe9b3114ee..21bedde961 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 72013798ef..646d92f8a9 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Introduction to VAMT
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
 
 **Note**  
 VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## In this Topic
+## In this topic
 -   [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
 -   [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
 -   [Enterprise Environment](#bkmk-enterpriseenvironment)
@@ -46,7 +46,7 @@ VAMT is commonly implemented in enterprise environments. The following illustrat
 
 ![VAMT in the enterprise](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
 
 ## VAMT User Interface
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index f1f3ce5baf..a2699960b3 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to activate a client computer, by using a variety of activation methods.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 64027a69f0..c363018e6d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Manage Product Keys
 
 This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 889a9d6975..1d0a211e37 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 |Topic |Description |
 |------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 75c2d8b3f0..c203fe7ea5 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -14,7 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Monitor activation
@@ -41,6 +41,6 @@ You can monitor the success of the activation process for a computer running Win
 - See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 - The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+## Related topics
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 61096c7c82..4ce4e78992 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -28,7 +28,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
+## In this topic
 -   [Install and start VAMT on a networked host computer](#bkmk-partone)
 -   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
 -   [Connect to VAMT database](#bkmk-partthree)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index a99e7fd10a..98bc193c4f 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -20,13 +20,13 @@ ms.topic: article
 
 This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related topics
 - [Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index c73cbc4546..23c0a83614 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -13,13 +13,14 @@ audience: itpro
 author: greg-lindsay
 ms.date: 04/25/2017
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Volume Activation Management Tool (VAMT) Technical Reference
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
--   Windows® 7 or above
+-   Windows® 7 or above
 -   Windows Server 2008 R2 or above
 
 
@@ -28,7 +29,7 @@ VAMT is designed to manage volume activation for: Windows 7, Windows 8, Window
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
index 234ae17fcc..02790d704c 100644
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -49,6 +50,6 @@ Note: It is also recommended to set Windows Encryption -> Windows Settings -> En
 
 Windows 10, version 1809 or later.
 
-## See also
+## Related topics
 
 [Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

From 6c8fd18af3a5b910770b227e871ad90f20a68e90 Mon Sep 17 00:00:00 2001
From: jdmartinez36 <62392619+jdmartinez36@users.noreply.github.com>
Date: Mon, 27 Apr 2020 17:00:35 -0600
Subject: [PATCH 14/50] Description and anchorlink text edits

Description and anchorlink text edits.
---
 ...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
 .../upgrade-to-windows-10-with-configuraton-manager.md         | 3 ++-
 windows/deployment/windows-autopilot/autopilot-mbr.md          | 2 +-
 .../windows-autopilot/demonstrate-deployment-on-vm.md          | 2 +-
 windows/deployment/windows-autopilot/registration-auth.md      | 3 ++-
 windows/deployment/windows-autopilot/self-deploying.md         | 3 ++-
 .../windows-autopilot/windows-autopilot-scenarios.md           | 3 ++-
 7 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..772a703dd2 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index 553be3b239..e4b97b8f74 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
index 24cf4eb654..dc01756f7c 100644
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ b/windows/deployment/windows-autopilot/autopilot-mbr.md
@@ -70,7 +70,7 @@ To deregister an Autopilot device from Intune, an IT Admin would:
 
 The deregistration process will take about 15 minutes.  You can accelerate the process by clicking the "Sync" button, then "Refresh" the display until the device is no longer present.
 
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
+More details on deregistering devices from Intune can be found at [Enroll Windows devices in Intune by using the Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
 
 ### Deregister from MPC
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index c2481e9f46..93415f3702 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -571,7 +571,7 @@ Windows Autopilot will now take over to automatically join your device into Azur
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
 
 ### Delete (deregister) Autopilot device
 
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..ff5a02322e 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -45,7 +46,7 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
     ![Request a reseller relationship](images/csp1.png)
     - Select the checkbox indicating whether or not you want delegated admin rights:
     ![Delegated rights](images/csp2.png)
-    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
     - Send the template above to the customer via email.
 2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
 
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 4bdb15131d..32a9fc9283 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
+description: Self-deploying mode allows a device to be deployed with little user interaction and deploys Windows 10 as a kiosk, digital signage device, or a shared device.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.reviewer: mniehaus
 manager: laurawi
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Autopilot Self-Deploying mode
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index ab95bacbee..307d43a3b9 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -59,7 +60,7 @@ The key value is a DWORD with  **0** = disabled and **1** = enabled.
 | 1 | Cortana voiceover is enabled |
 | No value | Device will fall back to default behavior of the edition |
 
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+To change this key value, use WCD tool to create as PPKG as documented in [OOBE (Windows Configuration Designer reference)](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
 
 ### Bitlocker encryption
 

From 871309e121b8e97059786a82842d128f64492cc1 Mon Sep 17 00:00:00 2001
From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com>
Date: Wed, 29 Apr 2020 15:01:34 -0600
Subject: [PATCH 15/50] Update metadata seo marvel 4_29

---
 .../deployment/configure-a-pxe-server-to-load-windows-pe.md   | 3 +--
 windows/deployment/mbr-to-gpt.md                              | 2 --
 windows/deployment/update/PSFxWhitepaper.md                   | 3 +--
 windows/deployment/usmt/usmt-configxml-file.md                | 2 +-
 ...-information-sent-to-microsoft-during-activation-client.md | 4 ++--
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..10ca75dcc9 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -15,6 +15,7 @@ audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -23,8 +24,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 069506bda7..63942c3c38 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -23,8 +23,6 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 -   Windows 10
 
-## Summary
-
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 
 
 >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 8f73fcdfd0..4a6d9ab0f1 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -12,6 +12,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Updates using forward and reverse differentials
@@ -37,8 +38,6 @@ The following general terms apply throughout this document:
 - *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
 - *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
 
-## Introduction
-
 In this paper, we introduce a new technique that can produce compact software
 updates optimized for any origin/destination revision pair. It does this by
 calculating forward the differential of a changed file from the base version and
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f8f45b4983..4c13ebf641 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -34,7 +34,7 @@ To exclude a component from the Config.xml file, set the **migrate** value to **
 
  
 
-## In This Topic
+## In this topic
 
 
 In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only.
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 1d78a11ea3..82f515da68 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -15,7 +15,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Appendix: Information sent to Microsoft during activation
@@ -66,7 +66,7 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related topics
 
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
  

From ba1ebe05ae281ada212a7e536e875e559738c0b0 Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 5 May 2020 18:05:34 -0700
Subject: [PATCH 16/50] fixing meta

---
 .../replace-a-windows-7-computer-with-a-windows-10-computer.md  | 2 +-
 windows/deployment/planning/sua-users-guide.md                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 1d0f3af3ab..84daf20005 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e896536b7d..2d34aa8326 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,7 +1,7 @@
 ---
 title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
 ms.reviewer: 
 manager: laurawi

From dda752b272b485db68276ad48a655287ca8ab3e3 Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:26:39 -0700
Subject: [PATCH 17/50] Update
 add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

---
 ...10-deployment-with-windows-pe-using-configuration-manager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ca669792bb..4bb5ffd7a4 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,5 +1,5 @@
 ---
-title: Add drivers to Windows 10 with Windows PE using Configuration Manager
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 

From 02418ae3f8e00014f4f7ed4d42873cf2695385fb Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:30:55 -0700
Subject: [PATCH 18/50] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be5c414b84..e89d1cec9f 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 features lifecycle
-description: In this article, learn about the lifecycle of Windows 10 features, such as what's new and what's been removed.
+description: In this article, learn about the lifecycle of Windows 10 features, such as what's no longer being developed and what's been removed.
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

From f5086843d177647664ff6ac8763cd49e2cda619c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 2 Oct 2020 07:43:23 +0500
Subject: [PATCH 19/50] Update hello-hybrid-key-whfb-provision.md

---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md      | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 73e002c7c2..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -57,9 +57,6 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
-> [!NOTE]
-> Microsoft is actively investigating ways to reduce the synchronization latency and delays.  
-
 


 
 


From afbbff26634cb58c8469dbe02ce5d33fff8b5847 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 4 Oct 2020 11:37:19 +0500
Subject: [PATCH 20/50] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 5a790c046a..f9fef4f777 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 1e194317db2d5aad0b1adab0e47401829a98bfa6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 21 Oct 2020 22:04:44 +0500
Subject: [PATCH 21/50] Updated login user example

The login format was not properly mentioned in the document. Updated this info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1656
---
 windows/client-management/connect-to-remote-aadj-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index f25c37dce5..13ee43e312 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -63,7 +63,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

From 06bf32b6a8ef7fe0ba6acfda163a358a2fc6b397 Mon Sep 17 00:00:00 2001
From: Takeshi Katano 
Date: Thu, 22 Oct 2020 11:48:04 +0900
Subject: [PATCH 22/50] Incorrect WMI property names

SignatureFallbackOrder and SignatureDefinitionUpdateFileSharesSouce properties are for signature source order properties.
---
 ...atch-up-scans-microsoft-defender-antivirus.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index f176529dde..31c00d261d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -100,8 +100,10 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanParameters
+ScanScheduleDay
+ScanScheduleTime
+RandomizeScheduleTaskTimes
 ```
 
 See the following for more information and allowed parameters:
@@ -138,8 +140,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanOnlyIfIdleEnabled
 ```
 
 See the following for more information and allowed parameters:
@@ -173,8 +174,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+RemediationScheduleDay
+RemediationScheduleTime
 ```
 
 See the following for more information and allowed parameters:
@@ -210,8 +211,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanScheduleQuickScanTime
 ```
 
 See the following for more information and allowed parameters:

From f2752581be06136f47f7f01ee8d4248e356cad2e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:25:54 +0500
Subject: [PATCH 23/50] Update mac-jamfpro-policies.md

---
 .../microsoft-defender-atp/mac-jamfpro-policies.md              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index a56afd0ef7..9a095843cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -776,8 +776,6 @@ Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](
 
 8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
-    - Manifest File: Select **Upload Manifest File**. 
-
     **Options tab**
 Keep default values.
 
     **Limitations tab**
 Keep default values.

From 911ac4e7705d8f3d08b3a5b4dd140c5877a119bb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:45:14 +0500
Subject: [PATCH 24/50] Update endpoint-detection-response-mac-preview.md

---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..ea1b4c4883 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 3ea0d2cdb21afe1cc379b9fc4796add089ac9ee6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:16 +0500
Subject: [PATCH 25/50] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index ea1b4c4883..0efdd31269 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 1c9db02d6135776326f9752bd11e86aae8bf186e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:29 +0500
Subject: [PATCH 26/50] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0efdd31269..0643c6eff8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf

From 454fbba3d74acb35c7dd64c88415fd638ffa0b0d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:49 +0500
Subject: [PATCH 27/50] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0643c6eff8..5e45dab3cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
->Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 

From d9ded8c49f0659b7791dbf72f144dec8682dd678 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 28 Oct 2020 20:11:03 +0500
Subject: [PATCH 28/50] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index f9fef4f777..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 62287b93c6a6ce65b9abc31f2af2627948cbc2d5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 1 Nov 2020 13:38:51 +0500
Subject: [PATCH 29/50] Update vpn-profile-options.md

---
 windows/security/identity-protection/vpn/vpn-profile-options.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 19df534358..29b5df1daf 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -316,7 +316,7 @@ After you configure the settings that you want using ProfileXML, you can apply i
 
 ## Learn more
 
-- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
+- [Create VPN profiles to connect to VPN servers in Intune](https://docs.microsoft.com/mem/intune/configuration/vpn-settings-configure)
 - [VPNv2 configuration service provider (CSP) reference](https://go.microsoft.com/fwlink/p/?LinkId=617588)
 - [How to Create VPN Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618028)
 

From 4b88769f22db002aafb019c1f111706593d0bee5 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:41:50 -0800
Subject: [PATCH 30/50] localizationpriority metada was messed up

---
 windows/deployment/update/wufb-basics.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md
index 0c8f5c32db..cea6e517ca 100644
--- a/windows/deployment/update/wufb-basics.md
+++ b/windows/deployment/update/wufb-basics.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationprioauthor: jaimeo
+ms.localizationpriority: medium
 ms.audience: itpro
 ms.reviewer: 
 manager: laurawi

From f957d02e0c4a0b3fda85e2343126f0f39f185db9 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:48:53 -0800
Subject: [PATCH 31/50] Update windows-sandbox-configure-using-wsb-file.md

Localization priority metadata value was blank
---
 .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 2ac125c33b..16214a5f59 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -8,7 +8,7 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: 
 ms.topic: article
-ms.localizationpriority: 
+ms.localizationpriority: medium
 ms.date: 
 ms.reviewer: 
 ---

From f74a99748a53c23d89ecf368f77a5b82cb494438 Mon Sep 17 00:00:00 2001
From: Tina McNaboe <53281468+TinaMcN@users.noreply.github.com>
Date: Mon, 2 Nov 2020 14:52:15 -0800
Subject: [PATCH 32/50] Update bitlocker-recovery-loop-break.md

Localization priority value had unwanted "#"
---
 .../bitlocker/bitlocker-recovery-loop-break.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index f06b11a197..9ed6f0f984 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: #medium
+ms.localizationpriority: medium
 ms.author: v-maave
 author: martyav
 manager: dansimp

From bd8796bcf91e7e437733047cf1dd27cb8d136832 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 10:51:28 -0800
Subject: [PATCH 33/50] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 39 ++++++++++---------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 867107aeaa..a5bb42b0b3 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 10/29/2020
+ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -22,8 +22,8 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 
 ## Frequently Asked Questions
 
-### Can I enable Application Guard on machines equipped with 4 GB RAM?
-We recommend 8 GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
+### Can I enable Application Guard on machines equipped with 4-GB RAM?
+We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
 
@@ -101,7 +101,7 @@ Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudRes
 Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
@@ -139,23 +139,26 @@ In the Microsoft Defender Firewall user interface go through the following steps
 
 ### Why can I not launch Application Guard when Exploit Guard is enabled?
 
-There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to Windows Security-> App and Browser control -> Exploit Protection Setting -> switch CFG to the “use default".
+There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**.
 
 
 ### How can I have ICS in enabled state yet still use Application Guard?
 
-This is a two-step process.
+ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly.
 
-Step 1:
+Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
 
-Enable Internet Connection sharing by changing the Group Policy setting *Prohibit use of Internet Connection Sharing on your DNS domain network*, which is part of the MS Security baseline from Enabled to Disabled.
- 
-Step 2:
- 
-1. Disable IpNat.sys from ICS load
-System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
-2. Configure ICS (SharedAccess) to enabled
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
-3. Disabling IPNAT (Optional)
-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
-4. Reboot.
\ No newline at end of file
+The following procedure describes how to edit registry keys to disable ICS in part.
+
+1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
+
+2. Disable IpNat.sys from ICS load as follows: 
 
+`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
+
+3. Configure ICS (SharedAccess) to enabled as follows: 

+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3`
+
+4. (This is optional) Disable IPNAT as follows: 

+`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`
+
+5. Reboot the device.
\ No newline at end of file

From 49cedcb9e1a9516377ec7dcf6ef9736d15e50f75 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 10:57:38 -0800
Subject: [PATCH 34/50] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index a5bb42b0b3..e00216ebde 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -23,7 +23,7 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 ## Frequently Asked Questions
 
 ### Can I enable Application Guard on machines equipped with 4-GB RAM?
-We recommend 8-GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
+We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
 `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
 
@@ -33,7 +33,7 @@ We recommend 8-GB RAM for optimal performance but you may use the following regi
 
 ### Can employees download documents from the Application Guard Edge session onto host devices? 
 
-In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
+In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
 
 In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
 
@@ -71,7 +71,7 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903
 
 ### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? 
 
-This feature is currently experimental only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
+This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
 
 ### What is the WDAGUtilityAccount local account? 
 
@@ -79,11 +79,11 @@ This account is part of Application Guard beginning with Windows 10 version 1709
 
 ### How do I trust a subdomain in my site list?                          
 
-To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` will ensure `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted.
+To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted.
 
 ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? 
 
-When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). 
+When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). 
 
 ### Is there a size limit to the domain lists that I need to configure?
 
@@ -91,27 +91,27 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca
 
 ### Why does my encryption driver break Microsoft Defender Application Guard?
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").  
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`).  
 
 ### Why do the Network Isolation policies in Group Policy and CSP look different?
 
-There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
+There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP.
 
-Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
-Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
+Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources"
+Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
 If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. 
 
-### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")?
+### Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"?
 
-Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
+Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
 
-### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file?
+### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file?
 
 This is a known issue. To mitigate this you need to create two firewall rules.
 For guidance on how to create a firewall rule by using group policy, see:
@@ -129,7 +129,7 @@ This is the same as the first rule, but scoped to local port 68.
 In the Microsoft Defender Firewall user interface go through the following steps:
 1. Right click on inbound rules, create a new rule.
 2. Choose **custom rule**.
-3. Program path: **%SystemRoot%\System32\svchost.exe**.
+3. Program path: `%SystemRoot%\System32\svchost.exe`.
 4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
 5. Any IP addresses.
 6. Allow the connection.

From 3429cf988998da9debaccd929b255d33ef92d65f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 11:51:38 -0800
Subject: [PATCH 35/50] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 0beba73e43..248f41713e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 11/20/2020
+ms.date: 11/02/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines

From 7e6cdd3461fa045a0cf14ce82ca7f7a18739a61b Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 13:16:26 -0800
Subject: [PATCH 36/50] incorporating feedback

---
 windows/deployment/update/fod-and-lang-packs.md               | 4 ++--
 windows/deployment/update/how-windows-update-works.md         | 4 ++--
 windows/deployment/update/update-compliance-need-attention.md | 2 +-
 windows/deployment/update/update-compliance-using.md          | 2 +-
 windows/deployment/update/waas-manage-updates-wufb.md         | 2 +-
 windows/deployment/update/waas-wu-settings.md                 | 2 +-
 windows/deployment/update/wufb-onboard.md                     | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index efa2cd5d97..98579c7905 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,6 +1,6 @@
 ---
-title: Make FoD and language packs available for WSUS/SCCM (Windows 10)
-description: Learn how to make FoD and language packs available when you're using WSUS/SCCM.
+title: Make FoD and language packs available for WSUS/Configuration Manager
+description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: article
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 63cc030b2b..6bab8477a5 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,6 +1,6 @@
 ---
 title: How Windows Update works 
-description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 PC.
+description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 devices.
 ms.prod: w10
 ms.mktglfcycl: 
 audience: itpro
@@ -128,7 +128,7 @@ Common update failure is caused due to network issues. To find the root of the i
 
 Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.  
 
-To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption. 
+To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization technology which downloads updates and reduces bandwidth consumption. 
  
 For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). 
 
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 3032c95790..6a441b08d7 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -1,7 +1,7 @@
 ---
 title: Update Compliance - Need Attention! report
 manager: laurawi
-description: Learn how the Needs attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
+description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
 ms.mktglfcycl: deploy
 ms.pagetype: deploy
 audience: itpro
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 6b40327ebe..92ae610fc5 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -2,7 +2,7 @@
 title: Using Update Compliance (Windows 10)
 ms.reviewer: 
 manager: laurawi
-description: Learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status.
+description: Learn how to use Update Compliance to monitor your device's Windows updates.
 keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
 ms.prod: w10
 ms.mktglfcycl: deploy
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index dbca8afcc2..d1f41bc2bd 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -2,7 +2,7 @@
 title: Windows Update for Business (Windows 10)
 ms.reviewer: 
 manager: laurawi
-description: Learn how Windows Update for Business lets you manage when devices received updates from Windows Update.
+description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
 ms.prod: w10
 ms.mktglfcycl: manage
 author: jaimeo
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 480b47ae26..9e013f0b94 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,6 +1,6 @@
 ---
 title: Manage additional Windows Update settings (Windows 10)
-description: In this article, learn about additional settings to control the behavior of Windows Update (WU) in Windows 10.
+description: In this article, learn about additional settings to control the behavior of Windows Update in Windows 10.
 ms.prod: w10
 ms.mktglfcycl: deploy
 audience: itpro
diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md
index de44721666..78f9b0cf84 100644
--- a/windows/deployment/update/wufb-onboard.md
+++ b/windows/deployment/update/wufb-onboard.md
@@ -1,6 +1,6 @@
 ---
 title: Onboarding to Windows Update for Business (Windows 10)
-description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service.
+description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update.
 ms.prod: w10
 ms.mktglfcycl: manage
 audience: itpro

From e9929d6d8a6b551969d865b2a0d1408e4c08891d Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 14:44:36 -0800
Subject: [PATCH 37/50] fixing warnings

---
 ...-windows-pe-using-configuration-manager.md | 10 +-
 ...e-boot-image-with-configuration-manager.md |  8 +-
 ...f-windows-10-with-configuration-manager.md |  2 +-
 ...-windows-10-using-configuration-manager.md | 24 ++---
 ...-windows-10-using-configuration-manager.md | 20 ++--
 ...to-windows-10-with-configuraton-manager.md | 14 +--
 .../olympia/olympia-enrollment-guidelines.md  |  6 +-
 windows/deployment/update/waas-morenews.md    |  1 +
 windows/deployment/update/waas-wufb-intune.md | 10 +-
 .../deployment/update/windows-update-logs.md  |  2 +-
 .../update/wufb-compliancedeadlines.md        |  8 +-
 windows/deployment/upgrade/setupdiag.md       |  2 +-
 .../windows-10-poc-sc-config-mgr.md           |  1 -
 .../windows-10-subscription-activation.md     |  8 +-
 .../demonstrate-deployment-on-vm.md           | 94 +++++++++----------
 15 files changed, 105 insertions(+), 105 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 4bb5ffd7a4..85dcbc3828 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -52,10 +52,10 @@ On **CM01**:
 6. In the popup window that appears, click **Yes** to automatically update the distribution point.
 7. Click **Next**, wait for the image to be updated, and then click **Close**.
 
-  ![Add drivers to Windows PE](../images/fig21-add-drivers1.png "Add drivers to Windows PE")

-  ![Add drivers to Windows PE](../images/fig21-add-drivers2.png "Add drivers to Windows PE")

-  ![Add drivers to Windows PE](../images/fig21-add-drivers3.png "Add drivers to Windows PE")

-  ![Add drivers to Windows PE](../images/fig21-add-drivers4.png "Add drivers to Windows PE")
+  ![Add drivers to Windows PE step 1](../images/fig21-add-drivers1.png)

+  ![Add drivers to Windows PE step 2](../images/fig21-add-drivers2.png)

+  ![Add drivers to Windows PE step 3](../images/fig21-add-drivers3.png)

+  ![Add drivers to Windows PE step 4](../images/fig21-add-drivers4.png)
 
   Add drivers to Windows PE
 
@@ -65,7 +65,7 @@ This section illustrates how to add drivers for Windows 10 using the HP EliteBoo
 
 For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the **D:\Sources$\OSD\DriverSources\Windows 10 x64\Hewlett-Packard\HP EliteBook 8560w** folder on CM01.
 
-![Drivers](../images/cm01-drivers-windows.png)
+![Drivers in Windows](../images/cm01-drivers-windows.png)
 
 Driver folder structure on CM01
 
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 06e69f257c..e4d235f852 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -72,8 +72,8 @@ On **CM01**:
 8.  In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
 9.  Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
 
-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus1.png "Content status for the Zero Touch WinPE x64 boot image")

-    ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus2.png "Content status for the Zero Touch WinPE x64 boot image")
+    ![Content status for the Zero Touch WinPE x64 boot image step 1](../images/fig16-contentstatus1.png)

+    ![Content status for the Zero Touch WinPE x64 boot image step 2](../images/fig16-contentstatus2.png)
 
     Content status for the Zero Touch WinPE x64 boot image
 
@@ -82,8 +82,8 @@ On **CM01**:
 12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
 13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
 
-    ![PS100009-1](../images/ps100009-1.png)

-    ![PS100009-2](../images/ps100009-2.png)
+    ![PS100009 step 1](../images/ps100009-1.png)

+    ![PS100009 step 2](../images/ps100009-2.png)
 
 >Note: Depending on your infrastructure and the number of packages and boot images present, the Image ID might be a different number than PS100009.
 
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 1df9f6bd3b..7c0441e0ca 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -261,7 +261,7 @@ On **CM01**:
     * Require a password when computers use PXE
     * Password and Confirm password: pass@word1
 
-    ![figure 12](../images/mdt-06-fig13.png)
+    ![figure 13](../images/mdt-06-fig13.png)
 
     Configure the CM01 distribution point for PXE.
 
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 56872d3cfc..7ff3078c04 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -58,9 +58,9 @@ On **PC0003**:
 
 1. Open the Configuration Manager control panel (control smscfgrc).
 2. On the **Site** tab, click **Configure Settings**, then click **Find Site**.
-3. Verify that Configuration Manager has successfullyl found a site to manage this client is displayed. See the following example.
+3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
 
-![pc0003a](../images/pc0003a.png)
+![Found a site to manage this client](../images/pc0003a.png)
 
 ## Create a device collection and add the PC0003 computer
 
@@ -124,16 +124,16 @@ On **PC0003**:
 2.  In the **Software Center** warning dialog box, click **Install Operating System**. 
 3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
 
-![pc0003b](../images/pc0003b.png)

-![pc0003c](../images/pc0003c.png)

-![pc0003d](../images/pc0003d.png)

-![pc0003e](../images/pc0003e.png)

-![pc0003f](../images/pc0003f.png)

-![pc0003g](../images/pc0003g.png)

-![pc0003h](../images/pc0003h.png)

-![pc0003i](../images/pc0003i.png)

-![pc0003j](../images/pc0003j.png)

-![pc0003k](../images/pc0003k.png)
+![Task sequence example 1](../images/pc0003b.png)

+![Task sequence example 2](../images/pc0003c.png)

+![Task sequence example 3](../images/pc0003d.png)

+![Task sequence example 4](../images/pc0003e.png)

+![Task sequence example 5](../images/pc0003f.png)

+![Task sequence example 6](../images/pc0003g.png)

+![Task sequence example 7](../images/pc0003h.png)

+![Task sequence example 8](../images/pc0003i.png)

+![Task sequence example 9](../images/pc0003j.png)

+![Task sequence example 10](../images/pc0003k.png)
 
 Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 629ea3ed27..4c98f861cf 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -160,7 +160,7 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
 
-![pc0004b](../images/pc0004b.png)
+![Task sequence example](../images/pc0004b.png)
 
 Capturing the user state
 
@@ -191,15 +191,15 @@ On **PC0006**:
 
 When the process is complete, you will have a new Windows 10 computer in your domain with user data and settings restored. See the following examples:
 
-![pc0006a](../images/pc0006a.png)

-![pc0006b](../images/pc0006b.png)

-![pc0006c](../images/pc0006c.png)

-![pc0006d](../images/pc0006d.png)

-![pc0006e](../images/pc0006e.png)

-![pc0006f](../images/pc0006f.png)

-![pc0006g](../images/pc0006g.png)

-![pc0006h](../images/pc0006h.png)

-![pc0006i](../images/pc0006i.png)
+![User data and setting restored example 1](../images/pc0006a.png)

+![User data and setting restored example 2](../images/pc0006b.png)

+![User data and setting restored example 3](../images/pc0006c.png)

+![User data and setting restored example 4](../images/pc0006d.png)

+![User data and setting restored example 5](../images/pc0006e.png)

+![User data and setting restored example 6](../images/pc0006f.png)

+![User data and setting restored example 7](../images/pc0006g.png)

+![User data and setting restored example 8](../images/pc0006h.png)

+![User data and setting restored example 9](../images/pc0006i.png)
 
 Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuraton-manager.md).
 
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index e4b97b8f74..46a0b5ee09 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -127,13 +127,13 @@ On **PC0004**:
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
 
-![pc0004-a](../images/pc0004-a.png)

-![pc0004-b](../images/pc0004-b.png)

-![pc0004-c](../images/pc0004-c.png)

-![pc0004-d](../images/pc0004-d.png)

-![pc0004-e](../images/pc0004-e.png)

-![pc0004-f](../images/pc0004-f.png)

-![pc0004-g](../images/pc0004-g.png)
+![Upgrade task sequence example 1](../images/pc0004-a.png)

+![Upgrade task sequence example 2](../images/pc0004-b.png)

+![Upgrade task sequence example 3](../images/pc0004-c.png)

+![Upgrade task sequence example 4](../images/pc0004-d.png)

+![Upgrade task sequence example 5](../images/pc0004-e.png)

+![Upgrade task sequence example 6](../images/pc0004-f.png)

+![Upgrade task sequence example 7](../images/pc0004-g.png)
 
 In-place upgrade with Configuration Manager
 
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
index f551888da3..6c713170eb 100644
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
@@ -61,7 +61,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
 
 3. Click **Connect** and enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
 
-    ![Set up a work or school account](images/1-3.png)
+    ![Entering account information when setting up a work or school account](images/1-3.png)
 
 4. Enter the temporary password that was sent to you. Click **Sign in**. Follow the instructions to set a new password.
 
@@ -100,7 +100,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
     
 3. Click **Connect**, then click **Join this device to Azure Active Directory**.
 
-    ![Update your password](images/2-3.png)
+    ![Joining device to Azure AD]](images/2-3.png)
 
 4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.
 
@@ -111,7 +111,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
     > [!NOTE]
     > Passwords should contain 8-16 characters, including at least one special character or number.
 
-    ![Update your password](images/2-5.png)
+    ![Entering temporary password](images/2-5.png)
 
 6. When asked to make sure this is your organization, verify that the information is correct. If so, click **Join**.
 
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
index 9d9557d033..0617e20b00 100644
--- a/windows/deployment/update/waas-morenews.md
+++ b/windows/deployment/update/waas-morenews.md
@@ -1,5 +1,6 @@
 ---
 title: Windows as a service news & resources
+description: The latest news for Windows as a service with resources to help you learn more about them.
 ms.prod: w10
 ms.topic: article
 ms.manager: elizapo
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 20a9228f72..9c3f0668a1 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -69,7 +69,7 @@ In this example, you use two security groups to manage your updates: **Ring 4 Br
     >[!NOTE]
     >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
 
-    ![Settings for this policy](images/waas-wufb-intune-step7a.png)
+    ![Settings for the RequireDeferUpgrade policy](images/waas-wufb-intune-step7a.png)
     
 8. For this deployment ring, you're required to enable only CBB, so click **Save Policy**.
 
@@ -156,7 +156,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
     >[!NOTE]
     >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
 
-    ![Settings for this policy](images/waas-wufb-intune-cb2a.png)
+    ![Settings for the BranchReadinessLevel policy](images/waas-wufb-intune-cb2a.png)
     
 8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 
@@ -164,7 +164,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **28**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-step11a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-step11a.png)
 
 9. Click **Save Policy**.
 
@@ -205,7 +205,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
 
 11. In the **Value** box, type **0**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-cbb1a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb1a.png)
 
 12. Click **Save Policy**.
 
@@ -255,7 +255,7 @@ You have now configured the **Ring 4 Broad business users** deployment ring to r
 
 15. In the **Value** box, type **14**, and then click **OK**.
 
-    ![Settings for this policy](images/waas-wufb-intune-cbb2a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb2a.png)
 
 16. Click **Save Policy**.
 
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index 93506e6f52..1e40aac62e 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -29,7 +29,7 @@ The following table describes the log files created by Windows Update.
 |CBS.log|%systemroot%\Logs\CBS|This logs provides insight on the update installation part in the servicing stack.|To troubleshoot the issues related to WU installation.|
 
 ## Generating WindowsUpdate.log 
-To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps). 
+To merge and convert WU trace files (.etl files) into a single readable WindowsUpdate.log file, see [Get-WindowsUpdateLog](https://docs.microsoft.com/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps&preserve-view=tru). 
 
 >[!NOTE]
 >When you run the **Get-WindowsUpdateLog** cmdlet, an copy of WindowsUpdate.log file is created as a static log file. It does not update as the old WindowsUpate.log unless you run **Get-WindowsUpdateLog** again. 
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 4e63af071d..1fb426d25f 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -152,17 +152,17 @@ Before the deadline the device will be in two states: auto-restart period and en
 
 Notification users get for quality update engaged deadline:
 
-![The notification users get for an impending engaged quality update deadline](images/wufb-quality-engaged-notification.png)
+![The notification users get for an impending engaged quality update deadline example](images/wufb-quality-engaged-notification.png)
 
 Notification users get for a quality update deadline:
 
-![The notification users get for an impending quality update deadline](images/wufb-quality-notification.png)
+![The notification users get for an impending quality update deadline example](images/wufb-quality-notification.png)
 
 Notification users get for a feature update engaged deadline:
 
-![The notification users get for an impending feature update engaged deadline](images/wufb-feature-update-engaged-notification.png)
+![The notification users get for an impending feature update engaged deadline example](images/wufb-feature-update-engaged-notification.png)
 
 Notification users get for a feature update deadline:
 
-![The notification users get for an impending feature update deadline](images/wufb-feature-update-deadline-notification.png)
+![The notification users get for an impending feature update deadline example](images/wufb-feature-update-deadline-notification.png)
 
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index ad4a46aa9f..6abb0eac36 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -553,7 +553,7 @@ Refer to "https://docs.microsoft.com/windows/desktop/Debug/system-error-codes" f
 
 ## Sample registry key
 
-![Addreg](./../images/addreg.png)
+![Example of Addreg](./../images/addreg.png)
 
 ## Related topics
 
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index d7e9e4e416..87baccf225 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,7 +1,6 @@
 ---
 title: Steps to deploy Windows 10 with Microsoft Endpoint Configuration Manager
 description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft endpoint configuration manager.
-ms.custom: seo-marvel-apr2020
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 6f452601fe..fb1755d660 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -40,7 +40,7 @@ Organizations that have an Enterprise agreement can also benefit from the new se
 
 Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
 
-## In this article
+## Summary
 
 - [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
 - [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
@@ -105,9 +105,9 @@ If the device is running Windows 10, version 1809 or later:
 1. Windows 10, version 1809 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
 2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
 
-![Subscription Activation with MFA1](images/sa-mfa1.png)

-![Subscription Activation with MFA2](images/sa-mfa2.png)

-![Subscription Activation with MFA2](images/sa-mfa3.png)
+![Subscription Activation with MFA example 1](images/sa-mfa1.png)

+![Subscription Activation with MFA example 2](images/sa-mfa2.png)

+![Subscription Activation with MFA example 3](images/sa-mfa3.png)
 
 ### Windows 10 Education requirements
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 04ff7554b3..8df89cd9b9 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -220,12 +220,12 @@ PS C:\autopilot>
 
 Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples:
 
-   ![Windows setup](images/winsetup1.png)
-   ![Windows setup](images/winsetup2.png)
-   ![Windows setup](images/winsetup3.png)
-   ![Windows setup](images/winsetup4.png)
-   ![Windows setup](images/winsetup5.png)
-   ![Windows setup](images/winsetup6.png)
+   ![Windows setup example 1](images/winsetup1.png)
+   ![Windows setup example 2](images/winsetup2.png)
+   ![Windows setup example 3](images/winsetup3.png)
+   ![Windows setup example 4](images/winsetup4.png)
+   ![Windows setup example 5](images/winsetup5.png)
+   ![Windows setup example 6](images/winsetup6.png)
 
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
 
@@ -337,7 +337,7 @@ If the configuration blade shown above does not appear, it's likely that you don
 
 To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
-![Reset this PC final prompt](images/aad-lic1.png)
+![License conversion option](images/aad-lic1.png)
 
 ## Configure company branding
 
@@ -411,7 +411,7 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
 
 Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
 
-![Devices](images/msfb-device.png)
+![Microsoft Store for Business Devices](images/msfb-device.png)
 
 ## Create and assign a Windows Autopilot deployment profile
 
@@ -427,7 +427,7 @@ Pick one:
 > [!NOTE]
 > Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list first:
 
-![Devices](images/intune-devices.png)
+![Intune Devices](images/intune-devices.png)
 
 > The example above lists both a physical device and a VM. Your list should only include only one of these.
 
@@ -519,15 +519,15 @@ To CREATE the profile:
 
 Select your device from the **Devices** list:
 
-![MSfB create](images/msfb-create1.png)
+![MSfB create step 1](images/msfb-create1.png)
 
 On the Autopilot deployment dropdown menu, select **Create new profile**:
 
-![MSfB create](images/msfb-create2.png)
+![MSfB create step 2](images/msfb-create2.png)
 
 Name the profile, choose your desired settings, and then click **Create**:
 
-![MSfB create](images/msfb-create3.png)
+![MSfB create step 3](images/msfb-create3.png)
 
 The new profile is added to the Autopilot deployment list.
 
@@ -535,11 +535,11 @@ To ASSIGN the profile:
 
 To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown:
 
-![MSfB assign](images/msfb-assign1.png)
+![MSfB assign step 1](images/msfb-assign1.png)
 
 Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column:
 
-![MSfB assign](images/msfb-assign2.png)
+![MSfB assign step 2](images/msfb-assign2.png)
 
 > [!IMPORTANT]
 > The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
@@ -577,15 +577,15 @@ To use the device (or VM) for other purposes after completion of this lab, you w
 
 You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into your Intune Azure portal, then navigate to **Intune > Devices > All Devices**.  Select the checkbox next to the device you want to delete, then click the Delete button along the top menu.
 
-![Delete device](images/delete-device1.png)
+![Delete device step 1](images/delete-device1.png)
 
 Click **X** when challenged to complete the operation:
 
-![Delete device](images/delete-device2.png)
+![Delete device step 2](images/delete-device2.png)
 
 This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
-![Delete device](images/delete-device3.png)
+![Delete device step 3](images/delete-device3.png)
 
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
 
@@ -594,21 +594,21 @@ The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment
 
 To remove the device from the Autopilot program, select the device and click Delete.
 
-![Delete device](images/delete-device4.png)
+![Delete device step 4](images/delete-device4.png)
 
 A warning message appears reminding you to first remove the device from Intune, which we previously did.
 
-![Delete device](images/delete-device5.png)
+![Delete device step 5](images/delete-device5.png)
 
 At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
 
-![Delete device](images/delete-device6.png)
+![Delete device step 6](images/delete-device6.png)
 
 Once the device no longer appears, you are free to reuse it for other purposes.
 
 If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button:
 
-![Delete device](images/delete-device7.png)
+![Delete device step 7](images/delete-device7.png)
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -668,7 +668,7 @@ Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-ms
 
 Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
 
-![Add app](images/app01.png)
+![Add app example](images/app01.png)
 
 After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps.
 
@@ -678,19 +678,19 @@ Log into the Azure portal and select **Intune**.
 
 Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
-![Add app](images/app02.png)
+![Add app step 1](images/app02.png)
 
 Under **App Type**, select **Windows app (Win32)**:
 
-![Add app](images/app03.png)
+![Add app step 2](images/app03.png)
 
 On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**:
 
-![Add app](images/app04.png)
+![Add app step 3](images/app04.png)
 
 On the **App Information Configure** blade, provide a friendly name, description, and publisher, such as:
 
-![Add app](images/app05.png)
+![Add app step 4](images/app05.png)
 
 On the **Program Configuration** blade, supply the install and uninstall commands:
 
@@ -700,7 +700,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 > [!NOTE]
 > Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
 
-![Add app](images/app06.png)
+![Add app step 5](images/app06.png)
 
 Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
@@ -708,21 +708,21 @@ Click **OK** to save your input and activate the **Requirements** blade.
 
 On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**:
 
-![Add app](images/app07.png)
+![Add app step 6](images/app07.png)
 
 Next, configure the **Detection rules**.  For our purposes, we will select manual format:
 
-![Add app](images/app08.png)
+![Add app step 7](images/app08.png)
 
 Click **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
 
-![Add app](images/app09.png)
+![Add app step 8](images/app09.png)
 
 Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration.
 
 **Return codes**:  For our purposes, leave the return codes at their default values:
 
-![Add app](images/app10.png)
+![Add app step 9](images/app10.png)
 
 Click **OK** to exit.
 
@@ -732,11 +732,11 @@ Click the **Add** button to finalize and save your app package.
 
 Once the indicator message says the addition has completed.
 
-![Add app](images/app11.png)
+![Add app step 10](images/app11.png)
 
 You will be able to find your app in your app list:
 
-![Add app](images/app12.png)
+![Add app step 11](images/app12.png)
 
 #### Assign the app to your Intune profile
 
@@ -745,7 +745,7 @@ You will be able to find your app in your app list:
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
-![Add app](images/app13.png)
+![Assign app step 1](images/app13.png)
 
 Select **Add Group** to open the **Add group** pane that is related to the app.
 
@@ -755,9 +755,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
 
 Select **Included Groups** and assign the groups you previously created that will use this app:
 
-![Add app](images/app14.png)
+![Assign app step 2](images/app14.png)
 
-![Add app](images/app15.png)
+![Assign app step 3](images/app15.png)
 
 In the **Select groups** pane, click the **Select** button.
 
@@ -767,7 +767,7 @@ In the **Add group** pane, select **OK**.
 
 In the app **Assignments** pane, select **Save**.
 
-![Add app](images/app16.png)
+![Assign app step 4](images/app16.png)
 
 At this point, you have completed steps to add a Win32 app to Intune.
 
@@ -781,15 +781,15 @@ Log into the Azure portal and select **Intune**.
 
 Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
-![Add app](images/app17.png)
+![Create app step 1](images/app17.png)
 
 Under **App Type**, select **Office 365 Suite > Windows 10**:
 
-![Add app](images/app18.png)
+![Create app step 2](images/app18.png)
 
 Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this labe we have only selected Excel:
 
-![Add app](images/app19.png)
+![Create app step 3](images/app19.png)
 
 Click **OK**.
 
@@ -797,13 +797,13 @@ In the **App Suite Information** pane, enter a unique suite name, and a s
 
 > Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
 
-![Add app](images/app20.png)
+![Create app step 4](images/app20.png)
 
 Click **OK**.
 
 In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
 
-![Add app](images/app21.png)
+![Create app step 5](images/app21.png)
 
 Click **OK** and then click **Add**.
 
@@ -814,7 +814,7 @@ Click **OK** and then click **Add**.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then click **Assignments** from the menu:
 
-![Add app](images/app22.png)
+![Create app step 6](images/app22.png)
 
 Select **Add Group** to open the **Add group** pane that is related to the app.
 
@@ -824,9 +824,9 @@ For our purposes, select **Required** from the **Assignment type** dropdown menu
 
 Select **Included Groups** and assign the groups you previously created that will use this app:
 
-![Add app](images/app23.png)
+![Create app step 7](images/app23.png)
 
-![Add app](images/app24.png)
+![Create app step 8](images/app24.png)
 
 In the **Select groups** pane, click the **Select** button.
 
@@ -836,7 +836,7 @@ In the **Add group** pane, select **OK**.
 
 In the app **Assignments** pane, select **Save**.
 
-![Add app](images/app25.png)
+![Create app step 9](images/app25.png)
 
 At this point, you have completed steps to add Office to Intune.
 
@@ -844,7 +844,7 @@ For more information on adding Office apps to Intune, see [Assign Office 365 app
 
 If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate:
 
-![Add app](images/app26.png)
+![Create app step 10](images/app26.png)
 
 ## Glossary
 

From c838c702ae460d32086df0309807ef6741a3a36e Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 3 Nov 2020 14:56:03 -0800
Subject: [PATCH 38/50] fixing warnings some more

---
 ...installation-of-windows-10-with-configuration-manager.md | 4 ++--
 windows/deployment/update/waas-wufb-intune.md               | 4 ++--
 .../windows-autopilot/demonstrate-deployment-on-vm.md       | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 7c0441e0ca..4dd8344c5b 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -241,7 +241,7 @@ On **CM01**:
 2.  Right-click **PS1 - Primary Site 1**, point to **Configure Site Components**, and then select **Software Distribution**.
 3.  On the **Network Access Account** tab, select **Specify the account that accesses network locations** and add the *New Account* **CONTOSO\\CM\_NAA** as the Network Access account (password: pass@word1). Use the new **Verify** option to verify that the account can connect to the **\\\\DC01\\sysvol** network share.
 
-![figure 12](../images/mdt-06-fig12.png)
+![figure 11](../images/mdt-06-fig12.png)
 
 Test the connection for the Network Access account.
 
@@ -261,7 +261,7 @@ On **CM01**:
     * Require a password when computers use PXE
     * Password and Confirm password: pass@word1
 
-    ![figure 13](../images/mdt-06-fig13.png)
+    ![figure 12](../images/mdt-06-fig13.png)
 
     Configure the CM01 distribution point for PXE.
 
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 9c3f0668a1..412541f1fd 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -164,7 +164,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
 10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 11. In the **Value** box, type **28**, and then click **OK**.
 
-    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-step11a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy step 11](images/waas-wufb-intune-step11a.png)
 
 9. Click **Save Policy**.
 
@@ -205,7 +205,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
 
 11. In the **Value** box, type **0**, and then click **OK**.
 
-    ![Settings for the DeferFeatureUpdatesPeriodInDays policy](images/waas-wufb-intune-cbb1a.png)
+    ![Settings for the DeferFeatureUpdatesPeriodInDays policy for broad business](images/waas-wufb-intune-cbb1a.png)
 
 12. Click **Save Policy**.
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 8df89cd9b9..6b57a9ab0d 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -229,11 +229,11 @@ Ensure the VM booted from the installation ISO, click **Next** then click **Inst
 
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This will offer the fastest way to the desktop. For example:
 
-   ![Windows setup](images/winsetup7.png)
+   ![Windows setup example 7](images/winsetup7.png)
 
 Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. You will create multiple checkpoints throughout this lab, which can be used later to go through the process again.
 
-   ![Windows setup](images/winsetup8.png)
+   ![Windows setup example 8](images/winsetup8.png)
 
 To create your first checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
 
@@ -497,7 +497,7 @@ Under **Manage**, click **Assignments**, and then with the **Include** tab highl
 
 Click **Select** and then click **Save**.
 
-![Include group](images/include-group2.png)
+![Include group save](images/include-group2.png)
 
 It's also possible to assign specific users to a profile, but we will not cover this scenario in the lab. For more detailed information, see [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot).
 

From 49bdd17e7bc87564d967951d54bb1762d7187909 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 15:48:23 -0800
Subject: [PATCH 39/50] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                                   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index e4de5be2bd..5e54503d98 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -148,9 +148,9 @@ ICS is enabled by default in Windows, and it must be enabled in order for Applic
 
 Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
 
-The following procedure describes how to edit registry keys to disable ICS in part.
+The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy.
 
-1. In the Group Policy setting called **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. 
+1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 
 
 2. Disable IpNat.sys from ICS load as follows: 
 
 `System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
@@ -162,3 +162,7 @@ The following procedure describes how to edit registry keys to disable ICS in pa
 `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`
 
 5. Reboot the device.
+
+## See also
+
+[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
\ No newline at end of file

From 895817b75efe1cbb384103df79ee8347500fddd6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 16:04:42 -0800
Subject: [PATCH 40/50] Update
 scheduled-catch-up-scans-microsoft-defender-antivirus.md

---
 ...h-up-scans-microsoft-defender-antivirus.md | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index 31c00d261d..8f36768d8a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -1,5 +1,5 @@
 ---
-title: Schedule regular quick and full scans with Microsoft Defender AV
+title: Schedule regular quick and full scans with Microsoft Defender Antivirus
 description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans
 keywords: quick scan, full scan, quick vs full, schedule scan, daily, weekly, time, scheduled, recurring, regular
 search.product: eADQiWindows 10XVcnh
@@ -11,7 +11,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/30/2020
+ms.date: 11/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -23,7 +23,7 @@ manager: dansimp
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 > [!NOTE]
 > By default, Microsoft Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) to override this default. 
@@ -44,7 +44,9 @@ This article describes how to configure scheduled scans with Group Policy, Power
 
 5.  Expand the tree to **Windows components > Microsoft Defender Antivirus** and then the **Location** specified in the table below.
 
-6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings.
+6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. 
+
+7. Click **OK**, and repeat for any other settings.
 
 Also see the [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) and [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md) topics.
 
@@ -74,12 +76,12 @@ Scheduled scans will run at the day and time you specify. You can use Group Poli
 
 ### Use Group Policy to schedule scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Specify the scan type to use for a scheduled scan | Quick scan
-Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never
-Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
-Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours. 
In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Specify the scan type to use for a scheduled scan | Quick scan |
+|Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never |
+|Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.). | 2 a.m. |
+|Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours. 
In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled |
 
 ### Use PowerShell cmdlets to schedule scans
 
@@ -121,9 +123,9 @@ You can set the scheduled scan to only occur when the endpoint is turned on but
 
 ### Use Group Policy to schedule scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled |
 
 ### Use PowerShell cmdlets
 
@@ -191,10 +193,10 @@ You can enable a daily quick scan that can be run in addition to your other sche
 
 ### Use Group Policy to schedule daily scans
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never
-Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
+|Location | Setting | Description | Default setting (if not configured) |
+|:---|:---|:---|:---|
+|Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never |
+|Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.) | 2 a.m. |
 
 ### Use PowerShell cmdlets to schedule daily scans
 
@@ -224,9 +226,9 @@ You can force a scan to occur after every [protection update](manage-protection-
 
 ### Use Group Policy to schedule scans after protection updates
 
-Location | Setting | Description | Default setting (if not configured)
----|---|---|---
-Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled
+|Location | Setting | Description | Default setting (if not configured)|
+|:---|:---|:---|:---|
+|Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled |
 
 ## See also
 - [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md)

From 56d62160901ef8aa6764f825d5919a80b8dad92b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Tue, 3 Nov 2020 16:20:39 -0800
Subject: [PATCH 41/50] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                                     | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index 5e54503d98..007fa751d5 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -144,11 +144,7 @@ There is a known issue such that if you change the Exploit Protection settings f
 
 ### How can I have ICS in enabled state yet still use Application Guard?
 
-ICS is enabled by default in Windows, and it must be enabled in order for Application Guard to function correctly.
-
-Some enterprise organizations choose to disable ICS for their own security reasons. However, this is not recommended. If ICS is disabled, Application Guard stops working. 
-
-The following procedure describes how to edit registry keys to disable ICS in part using a Group Policy.
+ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
 
 1. In the Group Policy setting called, *Prohibit use of Internet Connection Sharing on your DNS domain network*, set it to **Disabled**. 
 

From c07930f9de9efb522cddf88ccf71fdd18946be78 Mon Sep 17 00:00:00 2001
From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com>
Date: Wed, 4 Nov 2020 12:14:23 +0530
Subject: [PATCH 42/50] Update index.yml

Spelling mistake on the word Accessibility
---
 windows/hub/index.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 289a9ff9e7..75355791f6 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -42,7 +42,7 @@ landingContent:
         links:
           - text: Configure Windows 10
             url: /windows/configuration/index
-          - text: Accesasibility information for IT Pros
+          - text: Accessibility information for IT Pros
             url: /windows/configuration/windows-10-accessibility-for-itpros
           - text: Configure access to Microsoft Store
             url: /windows/configuration/stop-employees-from-using-microsoft-store

From 98cef83cb8ed3f4bd4916cd75af215e2c1229370 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 4 Nov 2020 12:22:07 +0500
Subject: [PATCH 43/50] minor modification

Made a correction in the statement.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8568
---
 .../threat-protection/microsoft-defender-atp/apis-intro.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index 34f925b4d8..ebf717e331 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 

     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with application context:
+	Steps that needs to be taken to access Microsoft Defender ATP API with user context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.

From bb838bcd8bac05f0af3d0fc2a41b26ee9080ddd1 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 14:52:27 +0500
Subject: [PATCH 44/50] Update password-policy.md

---
 .../security-policy-settings/password-policy.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index daf285e8a4..f4b1f58262 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -26,7 +26,7 @@ An overview of password policies for Windows and links to information for each p
 
 In many operating systems, the most common method to authenticate a user's identity is to use a secret passphrase or password. A secure network environment requires all users to use strong passwords, which have at least eight characters and include a combination of letters, numbers, and symbols. These passwords help prevent the compromise of user accounts and administrative accounts by unauthorized users who use manual methods or automated tools to guess weak passwords. Strong passwords that are changed regularly reduce the likelihood of a successful password attack.
 
-Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups.
+Introduced in Windows Server 2008 R2 and Windows Server 2008, Windows supports fine-grained password policies. This feature provides organizations with a way to define different password and account lockout policies for different sets of users in a domain. Fine-grained password policies apply only to user objects (or inetOrgPerson objects if they are used instead of user objects) and global security groups. For more details, see [AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770842(v=ws.10)).
 
 To apply a fine-grained password policy to users of an OU, you can use a shadow group. A shadow group is a global security group that is logically mapped to an OU to enforce a fine-grained password policy. You add users of the OU as members of the newly created shadow group and then apply the fine-grained password policy to this shadow group. You can create additional shadow groups for other OUs as needed. If you move a user from one OU to another, you must update the membership of the corresponding shadow groups.
 
@@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin
 
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**
 
-If individual groups require distinct password policies, these groups should be separated into another domain or forest, based on additional requirements.
+This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above.
 
 The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting.
 

From f4d1ce167ef544827355e31d17c4b3bddcbdeaa9 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Wed, 4 Nov 2020 16:27:43 +0100
Subject: [PATCH 45/50] Policy CSP/Update: place important blob below list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As reported in issue ticket #8580 (The position of the "Important" section of Update/AllowAutoUpdate is incorrect. (Update/AllowAutoUpdate の「Important」セクションの位置が正しくありません)), the current placement of the important Note blob does not make it clear enough which of the details it is referring to.

Placing the important note blob directly beneath bullet list point 5, which the important blob is referring to, makes it much more clear.

Thanks to 新宅 伸啓 (ShintakuNobuhiro) for reporting this clarification issue.

Closes #8580
---
 windows/client-management/mdm/policy-csp-update.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 5403dbf610..11b7b08a4d 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -461,11 +461,6 @@ Enables the IT admin to manage automatic update behavior to scan, download, and
 
 Supported operations are Get and Replace.
 
-
-> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
- 
-
 If the policy is not configured, end-users get the default behavior (Auto install and restart).
 
 
@@ -488,6 +483,11 @@ The following list shows the supported values:
 -   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
 -   5 – Turn off automatic updates.
 
+
+> [!IMPORTANT]
+> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+
+
 
 
 

From bfce7c598bf97d4bf1f07dd83c691dcd62bb8848 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 4 Nov 2020 21:51:59 +0500
Subject: [PATCH 46/50] Update
 windows/security/threat-protection/microsoft-defender-atp/apis-intro.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../threat-protection/microsoft-defender-atp/apis-intro.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index ebf717e331..ed7b21ccdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 

     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with user context:
+	Steps that need to be taken to access Microsoft Defender ATP API with user context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.

From 2d6bba7c64209ef0ac3cb3ff0dd6ec635b520d90 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 21:58:16 +0500
Subject: [PATCH 47/50] Update
 windows/security/threat-protection/security-policy-settings/password-policy.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../security-policy-settings/password-policy.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index f4b1f58262..4e9a967608 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -38,7 +38,7 @@ You can configure the password policy settings in the following location by usin
 
 **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**
 
-This group policy is applied on domain level. If individual groups require distinct password policies, consider using of fine-grained password policies, as described above.
+This group policy is applied on the domain level. If individual groups require distinct password policies, consider using fine-grained password policies, as described above.
 
 The following topics provide a discussion of password policy implementation and best practices considerations, policy location, default values for the server type or GPO, relevant differences in operating system versions, security considerations (including the possible vulnerabilities of each setting), countermeasures that you can take, and the potential impact for each setting.
 

From 216a2c77341eb58a1eff3fd2954d260606eeeb54 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 4 Nov 2020 22:12:34 +0500
Subject: [PATCH 48/50] Update minimum-requirements.md

---
 .../microsoft-defender-atp/minimum-requirements.md              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index b659b20797..0b66e73431 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -51,7 +51,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 
 Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
 
-- [Azure Security Center Standard plan](https://docs.microsoft.com/azure/security-center/security-center-pricing) (per node)
+- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing)
 - Microsoft Defender ATP for Servers (one per covered Server)
 
 > [!NOTE]

From 872f48fd4f039627377c8edb4f2087951c47ed30 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Wed, 4 Nov 2020 09:58:15 -0800
Subject: [PATCH 49/50] Update minimum-requirements.md

---
 .../microsoft-defender-atp/minimum-requirements.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 0b66e73431..0f05ee52c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -51,8 +51,8 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
 
 Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
 
-- [Azure Security Center with enabled Azure Defender](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Microsoft Defender ATP for Servers (one per covered Server)
+- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
+- Microsoft Defender ATP for Servers (one per covered server)
 
 > [!NOTE]
 > Customers with a combined minimum of 50 licenses for one or more of the following may acquire Server SLs for Microsoft Defender Advanced Threat Protection for Servers (one per covered Server OSE): Microsoft Defender Advanced Threat Protection, Windows E5/A5, Microsoft 365 E5/A5 and Microsoft 365 E5 Security User SLs. This license applies to Microsoft Defender ATP for Linux.

From 5e3fa651980166275c396d6388fddd9bed17b1bd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Wed, 4 Nov 2020 09:59:57 -0800
Subject: [PATCH 50/50] Update policy-csp-update.md

---
 windows/client-management/mdm/policy-csp-update.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 11b7b08a4d..df70a21a7c 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 10/21/2020
+ms.date: 11/03/2020
 ms.reviewer: 
 manager: dansimp
 ---