From 2737b13352abe9770279a134d2ed1bf03bbfafab Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Mon, 18 Jun 2018 13:31:19 -0700
Subject: [PATCH 1/7] update min onboarding topic to include other windows
 versions

---
 ...ows-defender-advanced-threat-protection.md |  6 ++-
 ...ows-defender-advanced-threat-protection.md | 43 +++++++++++++++++--
 2 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index db4d4d1e03..38e33a95da 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 06/06/2018
+ms.date: 06/18/2018
 ---
 
 # Configure alert notifications in Windows Defender ATP
@@ -50,7 +50,9 @@ You can create rules that determine the machines and alert severities to send em
 2. Click **Add notification rule**.
 
 3.	Specify the General information:
-    - **Rule name**
+    - **Rule name** - Specify a name for the notification rule.
+    - **Show customer display name** - Specify the customer name that appears on the email notification.
+    - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant.
     - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
     - **Alert severity** - Choose the alert severity level
 
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index e5ee209594..56ecea1dca 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -17,14 +17,18 @@ ms.date: 04/24/2018
 
 **Applies to:**
 
+- Windows 7 SP1 Enterprise
+- Windows 7 SP1 Pro
+- Windows 8.1 Enterprise
+- Windows 8.1 Pro
 - Windows 10 Enterprise
 - Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
-- macOS
-- Linux
 - Windows Server 2012 R2
 - Windows Server 2016
+- macOS
+- Linux
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
@@ -44,6 +48,38 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
 
 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
 
+## Hardware and software requirements
+### Supported Windows versions
+- Windows 7 SP1 Enterprise
+- Windows 7 SP1 Pro
+- Windows 8.1 Enterprise
+- Windows 8.1 Pro
+- Windows 10
+  - Windows 10 Enterprise
+  - Windows 10 Education
+  - Windows 10 Pro
+  - Windows 10 Pro Education
+- Windows server
+  - Windows Server 2012 R2
+  - Windows Server 2016
+  - Windows Server, version 1803
+
+Machines on your network must be running one of these editions.
+
+The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
+
+> [!NOTE]
+> Machines that are running mobile versions of Windows are not supported.
+
+
+### Other supported operating systems
+>[!NOTE]
+>You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
+
+-  macOSX
+-  Linux
+
+
 ## Windows Defender Antivirus configuration requirement
 The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
 
@@ -61,7 +97,8 @@ For more information, see [Windows Defender Antivirus compatibility](../windows-
 Topic | Description
 :---|:---
 [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise.
-[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
+[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. 
+[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP. 
 [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
 [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service.
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.

From 5a0168c493a6097ffe388f90dec57ffcd6b45b26 Mon Sep 17 00:00:00 2001
From: Rei Ikei <39797543+Rei-Ikei@users.noreply.github.com>
Date: Tue, 19 Jun 2018 13:56:51 +0900
Subject: [PATCH 2/7] WSUS URL shoud be " " but not "".

In gpedit.msc, WSUS URL cannot be set as "" because it raises error. So it should be set as " " (space).
---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index a948b817ad..45a8d78f26 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1974,7 +1974,7 @@ You can turn off Windows Update by setting the following registry entries:
 
     -and-
 
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** and set the **Set the alternate download server** to "".
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Update** &gt; **Specify intranet Microsoft update service location** and set the **Set the alternate download server** to " ".
 
 
 You can turn off automatic updates by doing one of the following. This is not recommended.

From 0caba8706de6f6619cf9c3f600b25ad9f7460a54 Mon Sep 17 00:00:00 2001
From: John Rajunas <john.rajunas@microsoft.com>
Date: Tue, 19 Jun 2018 11:27:29 -0400
Subject: [PATCH 3/7] Spelling correction

Corrected spelling error
---
 store-for-business/distribute-apps-from-your-private-store.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index 468df4a05e..9f74c6acdd 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -21,7 +21,7 @@ ms.date: 3/19/2018
 -   Windows 10
 -   Windows 10 Mobile
 
-The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Micrsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
+The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
 
 You can make an app available in your private store when you acquire the app, or you can do it later from your inventory. Once the app is in your private store, employees can claim and install the app.
 

From 17f5e80909c661e0e7d7b410bff893422de9adfa Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 19 Jun 2018 08:38:10 -0700
Subject: [PATCH 4/7] revised description for value 5

---
 .../trusted-platform-module-services-group-policy-settings.md    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index bcb246ccb6..fe5000ea4f 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -88,6 +88,7 @@ The following table shows the TPM owner authorization values in the registry.
 | 2          | Delegated |
 | 4          | Full      |
 
+A value of 5 means discard the **Full** TPM owner authorization for TPM 1.2 but keep it for TPM 2.0.
  
 If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
 

From 13dbad1def56cfb3e11c87dd448fa8a1fe2b20f4 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Tue, 19 Jun 2018 08:59:20 -0700
Subject: [PATCH 5/7] revised steps

---
 .../create-wip-policy-using-intune.md         | 24 +++++++------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
index 9a4ff4b1c4..2200e5ac5c 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
@@ -193,18 +193,16 @@ In this example, you'd get the following info:
 Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
 
 ### Add an AppLocker policy file
-Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Publisher rule for packaged apps. The second example shows how to create a Path rule for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).
+Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).
 
-**To create a Publisher rule and xml file for packaged apps using the AppLocker tool**
+**To create a Packaged App rule rule and xml file**
 1.	Open the Local Security Policy snap-in (SecPol.msc).
     
-2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
+2.	In the left pane, click **Application Control Policies** > **AppLocker** > **Packaged App Rules**.
 
     ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
 
-3.	Right-click in the right-hand pane, and then click **Create New Rule**.
-
-    The **Create Packaged app Rules** wizard appears.
+3. Right-click **Packaged App Rules** > **Create New Rule**.
 
 4. On the **Before You Begin** page, click **Next**.
 
@@ -262,15 +260,15 @@ Now we’re going to add an AppLocker XML file to the **App Rules** list. You’
     ```
 12.	After you’ve created your XML file, you need to import it by using Microsoft Intune.
 
-**To create a Path rule and xml file for unsigned apps using the AppLocker tool**
+**To create an Executable rule and xml file for unsigned apps**
 1. Open the Local Security Policy snap-in (SecPol.msc).
     
-2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Executable Rules**.
+2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**.
+
+3. Right-click **Executable Rules** > **Create New Rule**.
 
    ![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png)
 
-3. Right-click in the right-hand pane, and then click **Create New Rule**.
-
 4. On the **Before You Begin** page, click **Next**.
 
 5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
@@ -287,11 +285,7 @@ Now we’re going to add an AppLocker XML file to the **App Rules** list. You’
 
 9. On the **Name** page, type a name and description for the rule and then click **Create**.
 
-10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
-
-    The **Export policy** box opens, letting you export and save your new policy as XML.
-
-    ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
+10.	In the left pane, right-click **AppLocker** > **Export policy**.
 
 11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
 

From 437992edcf4381bebaaf0cca5a5c19c4f3b1e660 Mon Sep 17 00:00:00 2001
From: Jeanie Decker <jdecker@microsoft.com>
Date: Tue, 19 Jun 2018 17:00:19 +0000
Subject: [PATCH 6/7] Merged PR 9171: Add new GP to remove Recently Added from
 Start

---
 .../configuration/change-history-for-configure-windows-10.md  | 3 ++-
 .../windows-10-start-layout-options-and-policies.md           | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 8b3d74ac3b..7318dd20c3 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -10,7 +10,7 @@ ms.localizationpriority: high
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 06/05/2018
+ms.date: 06/19/2018
 ---
 
 # Change history for Configure Windows 10
@@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 New or changed topic | Description
 --- | ---
 [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)  | Updated instructions for using Microsoft Intune to configure a kiosk.
+[Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Added new Group Policy to remove "Recently added" list from Start menu.
 
 ## May 2018
 
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 82f903e308..7d57203710 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -10,7 +10,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: high
-ms.date: 05/24/2018
+ms.date: 06/19/2018
 ---
 
 # Manage Windows 10 Start and taskbar layout
@@ -51,7 +51,7 @@ The following table lists the different parts of Start and any applicable policy
 | User tile | MDM: **Start/HideUserTile**</br>**Start/HideSwitchAccount**</br>**Start/HideSignOut**</br>**Start/HideLock**</br>**Start/HideChangeAccountSettings**</br></br>Group Policy: **Remove Logoff on the Start menu** | none  |
 | Most used | MDM: **Start/HideFrequentlyUsedApps**</br></br>Group Policy: **Remove frequent programs from the Start menu** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show most used apps** |
 | Suggestions</br>-and-</br>Dynamically inserted app tile | MDM: **Allow Windows Consumer Features**</br></br>Group Policy: **Computer Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off Microsoft consumer experiences**</br></br>**Note:** This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu. | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start** |
-| Recently added | MDM: **Start/HideRecentlyAddedApps** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show recently added apps** |
+| Recently added | MDM: **Start/HideRecentlyAddedApps**<br>Group Policy: **Computer configuration**\\**Administrative Template**\\**Start Menu and Taskbar**\\**Remove "Recently Added" list from Start Menu** (for Windows 10, version 1803) | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show recently added apps** |
 | Pinned folders | MDM: **AllowPinnedFolder** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Choose which folders appear on Start** |
 | Power | MDM: **Start/HidePowerButton**</br>**Start/HideHibernate**</br>**Start/HideRestart**</br>**Start/HideShutDown**</br>**Start/HideSleep**</br></br>Group Policy: **Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands** | none |
 | Start layout | MDM: **Start layout**</br>**ImportEdgeAssets**</br></br>Group Policy: **Prevent users from customizing their Start screen**</br></br>**Note:** When a full Start screen layout is imported with Group Policy or MDM, the users cannot pin, unpin, or uninstall apps from the Start screen. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to the Start screen. When a partial Start screen layout is imported, users cannot change the tile groups applied by the partial layout, but can modify other tile groups and create their own.</br></br>**Start layout** policy can be used to pin apps to the taskbar based on an XML File that you provide. Users will be able to change the order of pinned apps, unpin apps, and pin additional apps to the taskbar. | none |

From 430c8f349179c0e7d42fd27993e51027945d1ac8 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 19 Jun 2018 10:24:50 -0700
Subject: [PATCH 7/7] onboarding page update

---
 ...tifications-windows-defender-advanced-threat-protection.md | 4 +---
 ...d-configure-windows-defender-advanced-threat-protection.md | 4 ++--
 ...s-dashboard-windows-defender-advanced-threat-protection.md | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 38e33a95da..a3611df82a 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -50,9 +50,7 @@ You can create rules that determine the machines and alert severities to send em
 2. Click **Add notification rule**.
 
 3.	Specify the General information:
-    - **Rule name** - Specify a name for the notification rule.
-    - **Show customer display name** - Specify the customer name that appears on the email notification.
-    - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant.
+    - **Rule name**
     - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
     - **Alert severity** - Choose the alert severity level
 
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 56ecea1dca..5f43d024b3 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 04/24/2018
+ms.date: 06/19/2018
 ---
 
 # Onboard machines to the Windows Defender ATP service
@@ -76,7 +76,7 @@ The hardware requirements for Windows Defender ATP on machines is the same as th
 >[!NOTE]
 >You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
--  macOSX
+-  macOS X
 -  Linux
 
 
diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
index d3740aa25f..9414dd6e89 100644
--- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
@@ -114,7 +114,7 @@ This tile shows statistics related to automated investigations in the last 30 da
 
 ![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png)
 
-You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Invesgations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
+You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
 
 ## Users at risk
 The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts.