Merge pull request #2161 from MicrosoftDocs/master

Publish 2/27/2020 10:33 AM PST

devices/hololens/hololens-commercial-infrastructure.md

@@ -65,8 +65,8 @@ Guides only require network access to download and use the app.
 
 ## Azure Active Directory Guidance
 
->[!NOTE]
->This step is only necessary if your company plans on managing the HoloLens.
+> [!NOTE]
+> This step is only necessary if your company plans on managing the HoloLens.
 
 1. Ensure that you have an Azure AD License.
 Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md) for additional information.
@@ -100,8 +100,9 @@ These steps ensure that your company’s users (or a group of users) can add dev
 
 ### Ongoing device management
 
->[!NOTE]
->This step is only necessary if your company plans to manage the HoloLens.
+> [!NOTE]
+> This step is only necessary if your company plans to manage the HoloLens.
+
 Ongoing device management will depend on your mobile device management infrastructure.  Most have the same general functionality but the user interface may vary widely.
 
 1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. A list of CSPs for HoloLens can be found [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
@@ -151,8 +152,8 @@ Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/cer
 
 ### How to Upgrade to Holographics for Business Commercial Suite
 
->[!NOTE]
->Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.
+> [!NOTE]
+> Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices.
 
 Directions for upgrading to the commercial suite can be found [here](https://docs.microsoft.com/intune/configuration/holographic-upgrade).
 

devices/hololens/hololens-cortana.md

@@ -36,8 +36,8 @@ Get around HoloLens faster with these basic commands. In order to use these you
 
 Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying “select.”
 
->[!NOTE]
->Hand rays are not supported on HoloLens (1st Gen).
+> [!NOTE]
+> Hand rays are not supported on HoloLens (1st Gen).
 
 | Say this | To do this |
 | - | - |

devices/hololens/hololens-encryption.md

@@ -51,22 +51,22 @@ Provisioning packages are files created by the Windows Configuration Designer to
 1. Find the XML license file that was provided when you purchased the Commercial Suite.
 
 1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
-    >[!NOTE]
-    >You can configure [additional settings in the provisioning package](hololens-provisioning.md).
+    > [!NOTE]
+    > You can configure [additional settings in the provisioning package](hololens-provisioning.md).
 
 1. On the **File** menu, click **Save**. 
 
 1. Read the warning explaining that project files may contain sensitive information and click **OK**.
 
-    >[!IMPORTANT]
-    >When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed.
+    > [!IMPORTANT]
+    > When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed.
 
 1. On the **Export** menu, click **Provisioning package**.
 1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next**.
 1. Set a value for **Package Version**.
 
-    >[!TIP]
-    >You can make changes to existing packages and change the version number to update previously applied packages.
+    > [!TIP]
+    > You can make changes to existing packages and change the version number to update previously applied packages.
 
 1. On the **Select security details for the provisioning package**, click **Next**.
 1. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
@@ -87,8 +87,8 @@ Provisioning packages are files created by the Windows Configuration Designer to
 1. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
 1. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
 
->[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
+> [!NOTE]
+> If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
 
 ## Verify device encryption
 

devices/hololens/hololens-enroll-mdm.md

@@ -20,8 +20,8 @@ appliesto:
 
 You can manage multiple Microsoft HoloLens devices simultaneously using solutions like [Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business). You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need. See [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business), the [configuration service providers (CSPs) that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens), and the [policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies).
 
->[!NOTE]
->Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
+> [!NOTE]
+> Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
 
 ## Requirements
 

devices/hololens/hololens-insider.md

@@ -45,8 +45,8 @@ To opt out of Insider builds:
 
 Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem.  Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
 
->[!NOTE]
->Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
+> [!NOTE]
+> Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
 
 ## Note for developers
 

devices/hololens/hololens-kiosk.md

@@ -27,15 +27,15 @@ Kiosk mode | Voice and Bloom commands | Quick actions menu | Camera and video |
 Single-app kiosk | ![no](images/crossmark.png)  |  ![no](images/crossmark.png)    | ![no](images/crossmark.png)     |  ![no](images/crossmark.png)  
 Multi-app kiosk | ![yes](images/checkmark.png)  | ![yes](images/checkmark.png) with **Home** and **Volume** (default)<br><br>Photo and video buttons shown in Quick actions menu if the Camera app is enabled in the kiosk configuration.<br><br>Miracast is shown if the Camera app and device picker app are enabled in the kiosk configuration.    | ![yes](images/checkmark.png) if the Camera app is enabled in the kiosk configuration.   | ![yes](images/checkmark.png) if the Camera app and device picker app are enabled in the kiosk configuration.
 
->[!NOTE]
->Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`.
+> [!NOTE]
+> Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`.
 
 The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. 
 
->[!WARNING]
->The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access.
+> [!WARNING]
+> The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access.
 >
->Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app. 
+> Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app. 
 
 For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
 - You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
@@ -48,15 +48,15 @@ For HoloLens devices running Windows 10, version 1607, you can [use the Windows
 
 If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout. 
 
->[!NOTE]
->Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
+> [!NOTE]
+> Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
 
 ### Start layout file for MDM (Intune and others)
 
 Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
 
->[!NOTE]
->If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
+> [!NOTE]
+> If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
 
 ```xml
 <LayoutModificationTemplate
@@ -181,22 +181,22 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 
 1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
 
-    >[!IMPORTANT]
-    >When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
+    > [!IMPORTANT]
+    > When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
     
 2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb).
 
 3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up.
 
-    >[!TIP]
-    >If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#security_certificate). 
+    > [!TIP]
+    > If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#security_certificate). 
 
 4. In the Windows Device Portal, click **Kiosk Mode**.
 
     ![Kiosk Mode](images/kiosk.png)
 
-    >[!NOTE]
-    >The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
+    > [!NOTE]
+    > The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
 
 5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
 
@@ -210,4 +210,4 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
 ## More information
 
 Watch how to configure a kiosk in a provisioning package.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]

devices/hololens/hololens-known-issues.md

@@ -19,8 +19,8 @@ This is the current list of known issues for HoloLens that affect developers. Ch
 
 ## Unable to connect and deploy to HoloLens through Visual Studio
 
->[!NOTE]
->Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+> [!NOTE]
+> Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
 
 Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
 
@@ -36,14 +36,14 @@ Our team is currently working on a fix. In the meantime, you can use the followi
 1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**.
 1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**):
 
-    ``` CMD
+    ```CMD
     C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll
     C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll
     C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll
     ```
 
-    >[!NOTE]
-    >If you don't have 10.0.18362.0 installed, use the most recent version that you have. 
+    > [!NOTE]
+    > If you don't have 10.0.18362.0 installed, use the most recent version that you have. 
 
 1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**.
 1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**.
@@ -51,14 +51,14 @@ Our team is currently working on a fix. In the meantime, you can use the followi
 1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**.
 1. At the top of the file, add the following to the existing list of `using` statements:
 
-    ``` CMD
+    ```CMD
     using Microsoft.Tools.Deploy;
     using System.Net;
     ```
 
 1. Inside of `static void Main(...)`, add the following code:
 
-    ``` PowerShell
+    ```PowerShell
     RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient();
     client.Connect(new ConnectionOptions()
     {

devices/hololens/hololens-provisioning.md

@@ -31,7 +31,7 @@ The HoloLens wizard helps you configure the following settings in a provisioning
 
 - Upgrade to the enterprise edition
 
-    >[!NOTE]
+    > [!NOTE]
     > This should only be used for HoloLens 1st Gen devices. Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
 
 - Configure the HoloLens first experience (OOBE)
@@ -41,8 +41,8 @@ The HoloLens wizard helps you configure the following settings in a provisioning
 - Enable Developer Mode
 - Configure kiosk mode. (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803)).
 
->[!WARNING]
->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
+> [!WARNING]
+> You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
 
 Provisioning packages can include management instructions and policies, customization of network connections and policies, and more.
 
@@ -88,8 +88,8 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 ### 3. Create a provisioning package for HoloLens using advanced provisioning
 
->[!NOTE]
->Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
+> [!NOTE]
+> Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
 
 1. On the Windows Configuration Designer start page, select **Advanced provisioning**.
 2. In the **Enter project details** window, specify a name for your project and the location for your project. Optionally, enter a brief description to describe your project.
@@ -102,15 +102,15 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 7. Expand **Runtime settings** and customize the package with any of the settings [described below](#what-you-can-configure).
 
-    >[!IMPORTANT]
-    >(For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery).
+    > [!IMPORTANT]
+    > (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery).
 
 8. On the **File** menu, click **Save**.
 
 4. Read the warning that project files may contain sensitive information, and click **OK**.
 
-    >[!IMPORTANT]
-    >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+    > [!IMPORTANT]
+    > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
     
 3. On the **Export** menu, click **Provisioning package**.
 
@@ -118,13 +118,13 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 5. Set a value for **Package Version**.
 
-    >[!TIP]
-    >You can make changes to existing packages and change the version number to update previously applied packages.
+    > [!TIP]
+    > You can make changes to existing packages and change the version number to update previously applied packages.
 
 6. On the **Select security details for the provisioning package**, click **Next**.
 
-    >[!WARNING]
-    >If you encrypt the provisioning package, provisioning the HoloLens device will fail.  
+    > [!WARNING]
+    > If you encrypt the provisioning package, provisioning the HoloLens device will fail.  
 
 7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
 
@@ -154,13 +154,13 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 
 7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
 
->[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
+> [!NOTE]
+> If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
 
 ### 4. Apply a provisioning package to HoloLens after setup
 
->[!NOTE]
->Windows 10, version 1809 only
+> [!NOTE]
+> Windows 10, version 1809 only
 
 On your PC:
 1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md).
@@ -189,7 +189,7 @@ In Windows Configuration Designer, when you create a provisioning package for Wi
 | **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens1-upgrade-enterprise.md)  |
 | **Policies** | Allow or prevent developer mode on HoloLens. [Policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies) |
 
->[!NOTE]
->App installation (**UniversalAppInstall**) using a provisioning package is not currently supported for HoloLens.
+> [!NOTE]
+> App installation (**UniversalAppInstall**) using a provisioning package is not currently supported for HoloLens.
 
 ## Next Step: [Enroll your device](hololens-enroll-mdm.md)

devices/hololens/hololens-recovery.md

@@ -74,8 +74,8 @@ If you’re still having problems, press the power button for 4 seconds, until a
 
 ## Reset to factory settings
 
->[!NOTE]
->The battery needs at least 40 percent charge to reset.
+> [!NOTE]
+> The battery needs at least 40 percent charge to reset.
 
 If your HoloLens is still experiencing issues after restarting, try resetting it to factory state.  Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
 
@@ -106,8 +106,8 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper
 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
 
->[!TIP]
->In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
+> [!TIP]
+> In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
 
 1.	Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed.
 1.	Press and hold the **Volume Up and Power buttons** until the device reboots.  Release the Power button, but continue to hold the Volume Up button until the third LED is lit.

devices/hololens/hololens-updates.md

@@ -67,10 +67,10 @@ To go back to a previous version of HoloLens (1st gen), follow these steps:
 > [!NOTE]
 > If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
 
-# Use policies to manage updates to HoloLens
+## Use policies to manage updates to HoloLens
 
->[!NOTE]
->HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
+> [!NOTE]
+> HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
 
 To configure how and when updates are applied, use the following policies:
 

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -127,11 +127,10 @@ Here is an example:
 <groupmembership>
     <accessgroup desc = "Administrators">
         <member name = "AzureAD\CSPTest@contoso.com" />
-        <member name = "CSPTest22306\administrator" />
         <member name = "AzureAD\patlewis@contoso.com" />
+        <member name = "S-1-15-1233433-23423432423-234234324"/>
     </accessgroup>
     <accessgroup desc = "testcsplocal">
-        <member name = "CSPTEST22306\patlewis" />
         <member name = "AzureAD\CSPTest@contoso.com" />
     </accessgroup>
 </groupmembership>
@@ -157,4 +156,3 @@ Footnotes:
 -   6 - Added in Windows 10, version 1903.
 
 <!--/Policies-->
-

windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md

@@ -8,8 +8,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: dolmont
-author: DulceMontemayor
+ms.author: ellevin
+author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -18,15 +18,19 @@ ms.topic: article
 ---
 
 # Threat & Vulnerability Management scenarios
+
 **Applies to:**
+
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) 
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
 ## Before you begin
+
 Ensure that your machines:
+
 - Are onboarded to Microsoft Defender Advanced Threat Protection
 - Run with Windows 10 1709 (Fall Creators Update) or later
 
@@ -47,15 +51,18 @@ Ensure that your machines:
 - Are tagged or marked as co-managed
 
 ## Reduce your threat and vulnerability exposure
+
 Threat & Vulnerability Management introduces a new exposure score metric, which visually represents how exposed your machines are to imminent threats.
 
 The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
+
 - Weaknesses, such as vulnerabilities discovered on the device
 - External and internal threats such as public exploit code and security alerts
 - Likelihood of the device to get breached given its current security posture
 - Value of the device to the organization given its role and content
 
 The exposure score is broken down into the following levels:
+
 - 0–29: low exposure score
 - 30–69: medium exposure score
 - 70–100: high exposure score
@@ -65,15 +72,19 @@ You can remediate the issues based on prioritized security recommendations to re
 To lower down your threat and vulnerability exposure:
 
 1. Review the **Top security recommendations** from your **Threat & Vulnerability Management dashboard**, and select the first item on the list. The **Security recommendation** page opens.  
-  
-   >>![Top security recommendations](images/tvm_security_recommendations.png)
 
-   >[!NOTE]
-   > There are two types of recommendations: 
-   > - <i>Security update</i> which refers to recommendations that require a package installation
-   > - <i>Configuration</i> change which refers to recommendations that require a registry or GPO modification
-   > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![Threat insight](images/tvm_bug_icon.png) icon and possible active alert ![Possible active alert](images/tvm_alert_icon.png) icon.  
-   
+   There are two types of recommendations:
+
+   - *Security update* which refers to recommendations that require a package installation
+   - *Configuration change* which refers to recommendations that require a registry or GPO modification
+
+   Always prioritize recommendations that are associated with ongoing threats:
+
+   - ![Threat insight](images/tvm_bug_icon.png) Threat insight icon
+   - ![Possible active alert](images/tvm_alert_icon.png) Active alert icon
+  
+   >![Top security recommendations](images/tvm_security_recommendations.png)
+
 2. The **Security recommendations** page shows the list of items to remediate. Select the security recommendation that you need to investigate. When you select a recommendation from the list, a fly-out panel will display a description of what you need to remediate, number of vulnerabilities, associated exploits in machines, number of exposed machines and their machine names, business impact, and a list of CVEs. Click **Open software page** option from the flyout panel.  ![Details in security recommendations page](images/tvm_security_recommendations_page.png)
 
 3. Click **Installed machines** and select the affected machine from the list to open the flyout panel with the relevant machine details, exposure and risk levels, alert and incident activities. ![Details in software page ](images/tvm_software_page_details.png)
@@ -81,13 +92,13 @@ To lower down your threat and vulnerability exposure:
 4. Click **Open machine page** to connect to the machine and apply the selected recommendation. See [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md) for details.  ![Details in machine page](images/tvm_machine_page_details.png)
 
 5. Allow a few hours for the changes to propagate in the system.
-    
+
 6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
 
 ## Improve your security configuration
 
 >[!NOTE]
-> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md).
+> Secure score is now part of Threat & Vulnerability Management as [Configuration score](configuration-score.md).
 
 You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
 
@@ -95,14 +106,15 @@ You can improve your security configuration when you remediate issues from the s
 
    >![Configuration score widget](images/tvm_config_score.png)
 
-2. Select the first item on the list. The flyout panel will open with a description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**. 
+2. Select the first item on the list. The flyout panel will open with a description of the security controls issue, a short description of the potential risk, insights, configuration ID, exposed machines, and business impact. Click **Remediation options**.
+
    ![Security controls related security recommendations](images/tvm_security_controls.png)
 
 3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
 
-   >![Request remediation](images/tvm_request_remediation.png). 
+   >![Request remediation](images/tvm_request_remediation.png).
 
-   >You will see a confirmation message that the remediation task has been created.
+   You will see a confirmation message that the remediation task has been created.
    >![Remediation task creation confirmation](images/tvm_remediation_task_created.png)
 
 4. Save your CSV file.
@@ -113,6 +125,7 @@ You can improve your security configuration when you remediate issues from the s
 6. Review the machine **Configuration score** widget again. The number of the security controls issues will decrease. When you click **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
 
 ## Request a remediation 
+
 >[!NOTE]
 >To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
 
@@ -134,6 +147,7 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT
 >If your request involves remediating more than 10,000 machines, we can only send 10,000 machines for remediation to Intune.
 
 ## File for exception
+
 With Threat & Vulnerability Management, you can create exceptions for recommendations, as an alternative to a remediation request.
 
 There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
@@ -142,7 +156,6 @@ Exceptions can be created for both *Security update* and *Configuration change*
 
 When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
 
-
 1. Navigate to the **Security recommendations** page under the **Threat & Vulnerability Management** section menu.
 
 2. Click the top-most recommendation. A flyout panel opens with the recommendation details.
@@ -157,10 +170,10 @@ When an exception is created for a recommendation, the recommendation is no long
 5. Click **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
 ![Screenshot of exception confirmation message](images/tvm-exception-confirmation.png)
 
-6. Navigate to the **Remediation** page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past). 
-![Screenshot of exception list of exceptions in the Remediation page](images/tvm-exception-list.png) 
+6. Navigate to the **Remediation** page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past).
+![Screenshot of exception list of exceptions in the Remediation page](images/tvm-exception-list.png)
 
-## Use advanced hunting query to search for machines with High active alerts or critical CVE public exploit 
+## Use advanced hunting query to search for machines with High active alerts or critical CVE public exploit
 
 1. Go to **Advanced hunting** from the left-hand navigation pane.
 
@@ -169,38 +182,41 @@ When an exception is created for a recommendation, the recommendation is no long
 3. Enter the following queries:
 
 ```kusto
-// Search for machines with High active alerts or Critical CVE public exploit 
-DeviceTvmSoftwareInventoryVulnerabilities 
-| join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId 
+// Search for machines with High active alerts or Critical CVE public exploit
+DeviceTvmSoftwareInventoryVulnerabilities
+| join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId
 | where IsExploitAvailable == 1 and CvssScore >= 7
-| summarize NumOfVulnerabilities=dcount(CveId), 
-DeviceName=any(DeviceName) by DeviceId 
+| summarize NumOfVulnerabilities=dcount(CveId),
+DeviceName=any(DeviceName) by DeviceId
 | join kind =inner(DeviceAlertEvents) on DeviceId  
-| summarize NumOfVulnerabilities=any(NumOfVulnerabilities), 
-DeviceName=any(DeviceName) by DeviceId, AlertId 
+| summarize NumOfVulnerabilities=any(NumOfVulnerabilities),
+DeviceName=any(DeviceName) by DeviceId, AlertId
 | project DeviceName, NumOfVulnerabilities, AlertId  
-| order by NumOfVulnerabilities desc 
+| order by NumOfVulnerabilities desc
 
 ```
 
-## Conduct an inventory of software or software versions which have reached their end-of-life
-End-of-life for software or software versions means that they will no longer be supported nor serviced. When you use software or software versions which have reached their end-of-life, you're exposing your organization to security vulnerabilities, legal, and financial risks. 
+## Conduct an inventory of software or software versions which have reached end-of-support (EOS)
 
-It is crucial for you as Security and IT Administrators to work together and ensure that your organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. 
+End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
+
+It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem.
+
+To conduct an inventory of software or software versions which have reached end-of-support:
 
-To conduct an inventory of software or software versions which have reached their end of life:
 1. From the Threat & Vulnerability Management menu, navigate to **Security recommendations**.
-2. Go to the **Filters** panel and select **Software uninstall** from **Remediation Type** options if you want to see the list of software recommendations associated with software which have reached their end-of-life (tagged as **EOL software**). Select **Software update** from **Remediation Type** options if you want to see the list of software recommendations associated with software and software versions which have reached their end-of-life (tagged as **EOL versions installed**). 
-3. Select a software that you'd like to investigate. A fly-out screen opens where you can select **Open software page**.
-![Screenshot of Security recommendation for a software that reached its end of life page](images/secrec_flyout.png) 
+2. Go to the **Filters** panel and select **Software uninstall** from **Remediation Type** options to see the list of software recommendations associated with software which have reached end of support (tagged as **EOS software**).
+3. Select **Software update** from **Remediation Type** options to see the list of software recommendations associated with software and software versions which have reached end-of-support (tagged as **EOS versions installed**).
+4. Select software that you'd like to investigate. A fly-out screen opens where you can select **Open software page**.
+![Screenshot of Security recommendation for a software that reached its end of life page](images/secrec_flyout.png)
 
-4. In the **Software page** select the **Version distribution** tab to know which versions of the software have reached their end-of-life, and how many vulnerabilities were discovered in it.
-![Screenshot of software details for a software that reached its end of life](images/secrec_sw_details.png) 
-
-After you have identified which software and software versions are vulnerable due to its end-of-life status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
+5. In the **Software page** select the **Version distribution** tab to know which versions of the software have reached their end-of-support, and how many vulnerabilities were discovered in it.
+![Screenshot of software details for a software that reached its end of support](images/secrec_sw_details.png)
 
+After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
 
 ## Related topics
+
 - [Supported operating systems and platforms](tvm-supported-os.md)
 - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
 - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)

windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md

@@ -81,7 +81,10 @@ Learn more at https://www.cyren.com/products/url-filtering.
 
 ### Signing up for a Cyren License
 
-Cyren is offering a 60-day free trial for all Microsoft Defender ATP customers. To sign up, please follow the steps below from the portal. 
+Cyren is offering a 60-day free trial for all Microsoft Defender ATP customers. To sign up, please follow the steps below from the portal.
+
+>[!NOTE]
+>Make sure to add the URL you get redirected to by the signup process to the list of approved domains. 
 
 >[!NOTE]
 >A user with AAD app admin/global admin permissions is required to complete these steps.