Merge branch 'master' into understand-malware

windows/client-management/mdm/oma-dm-protocol-support.md

@@ -314,13 +314,13 @@ For more information about Basic or MD5 client authentication, MD5 server authen
 
 ## User targeted vs. Device targeted configuration
 
-For CSPs and policies that supports per user configuration, MDM server could send user targeted setting values to the device the user that enrolled MDM is actively logged in. The device notifies the server the login status via a device alert (1224) with Alert type = in DM pkg\#1.
+For CSPs and policies that support per user configuration, the MDM server can send user targeted setting values to the device that a MDM-enrolled user is actively logged into. The device notifies the server of the login status via a device alert (1224) with Alert type = in DM pkg\#1.
 
 The data part of this alert could be one of following strings:
 
--   user – the user that enrolled the device is actively login. The MDM server could send user specific configuration for CSPs/policies that support per user configuration
+-   user – the user that enrolled the device is actively logged in. The MDM server could send user specific configuration for CSPs/policies that support per user configuration
 -   others – another user login but that user does not have an MDM account. The server can only apply device wide configuration, e.g. configuration applies to all users in the device.
--   none – no active user login. The server can only apply device wide configuration and available configuration is restricted to the device environment (no active user login
+-   none – no active user login. The server can only apply device wide configuration and available configuration is restricted to the device environment (no active user login).
 
 Below is an alert example:
 

windows/client-management/mdm/policy-csp-deviceinstallation.md

@@ -422,7 +422,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
             <CmdID>$CmdID$</CmdID>
             <Item>
                 <Target>
-                    <LocURI>./Device/Vendor/MSFT/Policy/Config/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</LocURI>
+                    <LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</LocURI>
                 </Target>
                 <Meta>
                     <Format xmlns="syncml:metinf">string</Format>

windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md

@@ -25,14 +25,14 @@ ms.topic: article
 
 You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
 
-After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
+After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application. 
 
 ## Command-Line Options for Deploying Customized Database Files
 
 
 The command-line options use the following conventions.
 
-Sdbinst.exe \[-q\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\] \[-?\]
+Sdbinst.exe \[-q\] \[-?\] \[-u\] \[-g\] \[-p\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
 
 The following table describes the available command-line options.
 
@@ -78,8 +78,14 @@ The following table describes the available command-line options.
 <p>For example,</p>
 <p><code>sdbinst.exe -?</code></p></td>
 </tr>
+<tr class="even">
+<td align="left"><p>-p</p></td>
+<td align="left"><p>Allows SDBs installation with Patches</p>
+<p>For example,</p>
+<p><code>sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb</code></p></td>
+</tr>
 </tbody>
 </table>
 
 ## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

windows/deployment/planning/windows-10-1803-removed-features.md

@@ -51,4 +51,4 @@ If you have feedback about the proposed replacement of any of these features, yo
 |Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.|
 |IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.|
 |[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.|
-|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124\(vs.11\)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.|
+|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.|

windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md

@@ -95,6 +95,7 @@ This policy setting controls whether the elevation request prompt is displayed o
 
 -   **Enabled** (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
 -   **Disabled** All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+
 ## User Account Control: Virtualize file and registry write failures to per-user locations
 
 This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software.

windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md

@@ -15,12 +15,12 @@ ms.topic: conceptual
 ms.date: 04/19/2017
 ---
 
-# Network security: Configure encryption types allowed for Kerberos Win7 only
+# Network security: Configure encryption types allowed for Kerberos
 
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos Win7 only** security policy setting.
+Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos** security policy setting.
 
 ## Reference
 
@@ -67,9 +67,9 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 | Default domain policy| Not defined|
 | Default domain controller policy| Not defined|
 | Stand-alone server default settings | Not defined|
-| Domain controller effective default settings | None of these encryption types that are available in this policy are allowed.|
-| Member server effective default settings | None of these encryption types that are available in this policy are allowed.|
-| Effective GPO default settings on client computers | None of these encryption types that are available in this policy are allowed.|
+| Domain controller effective default settings | The default OS setting applies, DES suites are not supported by default.|
+| Member server effective default settings | The default OS setting applies, DES suites are not supported by default.|
+| Effective GPO default settings on client computers | The default OS setting applies, DES suites are not supported by default.|
  
 ## Security considerations
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md

@@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 30/07/2018
 ---
 
 # Supported Windows Defender ATP query APIs 

windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md

@@ -67,7 +67,15 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
 
-2.  Select **Create a supression rule**.
+2.  Select **Create a suppression rule**.
+
+    You can create a suppression rule based on the following attributes:
+    
+    * File hash 
+    * File name - wild card supported
+    * File path - wild card supported
+    * IP
+    * URL - wild card supported
 
 3. Select the **Trigerring IOC**.
     

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md

@@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 30/07/2018
 ---
 
 # Create custom reports using Power BI (app authentication)

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md

@@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 30/07/2018
 ---
 
 # Create custom reports using Power BI (user authentication)

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md

@@ -14,7 +14,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 30/07/2018
 ---
 
 # Advanced Hunting using Python

windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -37,7 +37,7 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
 
 ## Requirements
 
-Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
+Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection.
 
 Windows 10 version | Windows Defender Antivirus
 - | -

windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md

@@ -36,7 +36,7 @@ There are four steps to troubleshooting these problems:
 Attack surface reduction rules will only work on devices with the following conditions:
 
 >[!div class="checklist"]
-> - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update).
+> - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update).
 > - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 > - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
 > - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).

windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -60,7 +60,7 @@ This section covers requirements for each feature in Windows Defender EG.
 | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
 | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
 | Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
-| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) |
+| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |